Hello, as systemd-homed[1] got turned on gentoo it would be nice to add a systemd-nss module to the /etc/nsswitch.conf file by default, as it is needed by multiple systemd-services[2]. I would like to have it shipped within glibc itself not to modify the file via pambase's pkg_*. Thanks! [1] - https://www.freedesktop.org/software/systemd/man/systemd-homed.service.html [2] - https://www.freedesktop.org/software/systemd/man/nss-systemd.html
Currently gentoo uses upstream nsswitch.conf as is. We can do some amendments based on glibc's USE flags if needed (or unconditionally enable the feature if feasible). Today config-protected nsswitch.conf owned by glibc package. Users can tweak it but other packages should not touch it.
(In reply to Sergei Trofimovich from comment #1) > Currently gentoo uses upstream nsswitch.conf as is. That is a problem as I see it. >We can do some > amendments based on glibc's USE flags if needed (or unconditionally enable > the feature if feasible). This is possible, but do we really need a USE flag here for changing a single file? It would cause only needless rebuilds. My points are: 1. systemd-homed was designed for "human" accounts (i.e. for accounts with UID/GID >= 1000), "system" services are still managed by the traditional (well, if we can call shadow traditional) approach. 2. nss-systemd lookups are only get activated as soon as you enable somewhat systemd-specific that requires it (systemd-homed/systemd-machined/etc), otherwise it does not bother anyone. 3. even if nss-systemd is present in the lookups chain, shadow users will not be affected, as shodow's search attempts halt exactly at 'files' (which is the first in the chain in anyway). 4. last but not least, in my experience lots of users are able to crash their systems making even trivial changes to basic configurations, so I think we want people to steer clear of nsswitch.conf as much as possible by providing more common defaults. > > Today config-protected nsswitch.conf owned by glibc package. Users can tweak > it but other packages should not touch it.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d446edfec1019a14aa3d2bbdbdfb79845b053b0c commit d446edfec1019a14aa3d2bbdbdfb79845b053b0c Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2021-02-27 19:17:04 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2021-02-27 19:18:01 +0000 sys-libs/glibc: Bump to 2.32 patchlevel 8 Bug: https://bugs.gentoo.org/767718 Bug: https://bugs.gentoo.org/768366 Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> sys-libs/glibc/Manifest | 1 + sys-libs/glibc/glibc-2.32-r8.ebuild | 1513 +++++++++++++++++++++++++++++++++++ 2 files changed, 1514 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5046391eafbd8adbad9a0f9f7c77f0a991efa6d commit e5046391eafbd8adbad9a0f9f7c77f0a991efa6d Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2021-02-27 20:30:09 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2021-02-27 20:30:55 +0000 sys-libs/glibc: Bump to 2.33 patchlevel 2 Bug: https://bugs.gentoo.org/768366 Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> sys-libs/glibc/Manifest | 2 +- sys-libs/glibc/glibc-2.33.ebuild | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
Fixed in 2.32-r8 and later