Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 637946 - sys-libs/glibc-2.26 makes NIS systems unusable
Summary: sys-libs/glibc-2.26 makes NIS systems unusable
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal critical (vote)
Assignee: Gentoo Toolchain Maintainers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: glibc-2.26
  Show dependency tree
 
Reported: 2017-11-17 17:00 UTC by peteru
Modified: 2017-11-18 18:34 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description peteru 2017-11-17 17:00:44 UTC
sys-libs/glibc-2.26 no longer provides libnss_nis, which in turns causes systems configured for NIS to fail.

As an example, here's what happens when you run whoami after upgrading to glibc-2.26

/etc/nsswitch.conf contents:

passwd:      files nis
shadow:      files nis
group:       files nis

strace on whoami

$ strace whoami                                                                                               
execve("/usr/bin/whoami", ["whoami"], 0x7ffc1cc27a90 /* 82 vars */) = 0                                                              
brk(NULL)                               = 0x1fa3000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd383e87000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=343946, ...}) = 0
mmap(NULL, 343946, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fd383e33000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\21\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1832776, ...}) = 0
mmap(NULL, 3938744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fd3838a3000
mprotect(0x7fd383a5c000, 2093056, PROT_NONE) = 0
mmap(0x7fd383c5b000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b8000) = 0x7fd383c5b000
mmap(0x7fd383c61000, 14776, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fd383c61000
close(3)                                = 0
mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd383e30000
arch_prctl(ARCH_SET_FS, 0x7fd383e30740) = 0
mprotect(0x7fd383c5b000, 16384, PROT_READ) = 0
mprotect(0x606000, 4096, PROT_READ)     = 0
mprotect(0x7fd383e89000, 4096, PROT_READ) = 0
munmap(0x7fd383e33000, 343946)          = 0
open("/usr/lib64/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2006640, ...}) = 0
mmap(NULL, 2006640, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fd3836b9000
close(3)                                = 0
brk(NULL)                               = 0x1fa3000
brk(0x1fc4000)                          = 0x1fc4000
geteuid()                               = 1000
open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=599, ...}) = 0
read(3, "# /etc/nsswitch.conf:\n# $Header:"..., 4096) = 599
read(3, "", 4096)                       = 0
close(3)                                = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=343946, ...}) = 0
mmap(NULL, 343946, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fd383e33000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000#\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=47496, ...}) = 0
mmap(NULL, 2143656, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fd3834ad000
mprotect(0x7fd3834b8000, 2093056, PROT_NONE) = 0
mmap(0x7fd3836b7000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa000) = 0x7fd3836b7000
close(3)                                = 0
mprotect(0x7fd3836b7000, 4096, PROT_READ) = 0
munmap(0x7fd383e33000, 343946)          = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2534, ...}) = 0
read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2534
read(3, "", 4096)                       = 0
close(3)                                = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=343946, ...}) = 0
mmap(NULL, 343946, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fd383e33000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/tls/x86_64/x86_64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/lib64/tls/x86_64/x86_64", 0x7fffff084670) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib64/tls/x86_64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/lib64/tls/x86_64", 0x7fffff084670) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib64/tls/x86_64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/lib64/tls/x86_64", 0x7fffff084670) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib64/tls/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/lib64/tls", 0x7fffff084670)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib64/x86_64/x86_64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/lib64/x86_64/x86_64", 0x7fffff084670) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib64/x86_64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/lib64/x86_64", 0x7fffff084670)   = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib64/x86_64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/lib64/x86_64", 0x7fffff084670)   = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/lib64", {st_mode=S_IFDIR|0755, st_size=12288, ...}) = 0
openat(AT_FDCWD, "/usr/lib64/tls/x86_64/x86_64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/tls/x86_64/x86_64", 0x7fffff084670) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/tls/x86_64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/tls/x86_64", 0x7fffff084670) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/tls/x86_64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/tls/x86_64", 0x7fffff084670) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/tls/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/tls", 0x7fffff084670)  = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/x86_64/x86_64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/x86_64/x86_64", 0x7fffff084670) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/x86_64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/x86_64", 0x7fffff084670) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/x86_64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/x86_64", 0x7fffff084670) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64", {st_mode=S_IFDIR|0755, st_size=159744, ...}) = 0
munmap(0x7fd383e33000, 343946)          = 0
open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2997, ...}) = 0
read(3, "# Locale name alias data base.\n#"..., 4096) = 2997
read(3, "", 4096)                       = 0
close(3)                                = 0
open("/usr/share/locale/en_AU/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "whoami: ", 8whoami: )                 = 8
write(2, "cannot find name for user ID 100"..., 33cannot find name for user ID 1000) = 33
write(2, "\n", 1
)                       = 1
close(1)                                = 0
close(2)                                = 0
exit_group(1)                           = ?
+++ exited with 1 +++
Comment 1 Mike Gilbert gentoo-dev 2017-11-17 17:08:27 UTC
You will probably have to use a third party package, like this one:

https://github.com/thkukuk/libnss_nis
Comment 2 peteru 2017-11-17 17:17:13 UTC
Which is not in portage.

The problem is that this change makes systems unusable without notice and without a clear path forward.

I appreciate that the removal of NIS from glibc is an upstream change, but distributions need to have some form of strategy for rolling out a change that can leave users locked out of the system.

At a minimum, there should be a news item about this, giving plenty of warning and ideally suggest the required packages that should be in portage.

At this stage the only reasonable option for my systems is to do an emergency roll-back of glibc. In the long term, I need to figure out whether Gentoo will maintain NIS support or whether it will be finally killed off. It would be a shame, but it looks like NIS has no maintainers - see ypbind and friends. :-(

I strongly suggest changing the glibc package to do a pre-merge check to check if a system is configured to use NIS maps.
Comment 3 Andreas K. Hüttel archtester gentoo-dev 2017-11-17 17:27:54 UTC
(In reply to peteru from comment #2)
> Which is not in portage.
> 
> The problem is that this change makes systems unusable without notice and
> without a clear path forward.

And that's why you don't run unsupervised ~arch on production systems.

> At a minimum, there should be a news item about this, giving plenty of
> warning and ideally suggest the required packages that should be in portage.

Given that you're the first one to even notice or complain...

> 
> At this stage the only reasonable option for my systems is to do an
> emergency roll-back of glibc. In the long term, I need to figure out whether
> Gentoo will maintain NIS support or whether it will be finally killed off.
> It would be a shame, but it looks like NIS has no maintainers - see ypbind
> and friends. :-(

It will be maintained.

> I strongly suggest changing the glibc package to do a pre-merge check to
> check if a system is configured to use NIS maps.
Comment 4 peteru 2017-11-17 17:35:15 UTC
It's only two systems that are affected. The production systems are not ~arch, so they are safe for now. I've already pushed out a package.mask for glibc-2.26 until I have a better idea how to move forward.

However, I am now stuck with this problem:

 * Sanity check to keep you from breaking your system:
 *  Downgrading glibc is not supported and a sure way to destruction
 * ERROR: sys-libs/glibc-2.25-r9::gentoo failed (pretend phase):
 *   aborting to save your system

Any suggestions on how to proceed?
Comment 5 Mike Gilbert gentoo-dev 2017-11-17 18:04:42 UTC
(In reply to peteru from comment #4)
> Any suggestions on how to proceed?

You can comment out the relevant "die" command in toolchain-glibc.eclass to enable the downgrade.

Not that if you have rebuild any other critical system packages since upgrading to glibc-2.26, downgrading may very likely make the system completely unusable. In that case, you would need to reinstall from a stable stage3 tarball, or reinstall those system packages from binpkgs built against glibc-2.25.
Comment 6 Michael Hofmann 2017-11-17 20:21:44 UTC
peteru,

you could try glibc 2.26 configure option "--enable-obsolete-nsl". Please note that this is only a workaround.

See release notes at: https://savannah.gnu.org/forum/forum.php?forum_id=8921
Comment 7 Larry the Git Cow gentoo-dev 2017-11-17 23:20:52 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7cf52c674ca56d22b039982de815439c0d102bf2

commit 7cf52c674ca56d22b039982de815439c0d102bf2
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2017-11-17 19:13:26 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2017-11-17 23:20:43 +0000

    sys-auth/libnss-nis: new package
    
    (Note added- I've made it install into /usr for the moment. dilfridge)
    
    Bug: https://bugs.gentoo.org/637946
    Closes: https://github.com/gentoo/gentoo/pull/6214
    Package-Manager: Portage-2.3.14_p5, Repoman-2.3.6

 sys-auth/libnss-nis/Manifest                     |   1 +
 sys-auth/libnss-nis/files/map_v4v6_address.patch | 112 +++++++++++++++++++++++
 sys-auth/libnss-nis/libnss-nis-1.3.ebuild        |  49 ++++++++++
 sys-auth/libnss-nis/metadata.xml                 |   7 ++
 4 files changed, 169 insertions(+)}
Comment 8 Andreas K. Hüttel archtester gentoo-dev 2017-11-18 13:30:27 UTC
@peteru, with sys-auth/libnss-nis, is your system working again?
Comment 9 peteru 2017-11-18 17:05:15 UTC
Great work!

Adding sys-auth/libnss-nis to the system brings back the NIS functionality.

I guess glibc should pull sys-auth/libnss-nis in as a dependency when the "nis" USE flag is set. That ought to prevent breakage, on systems that use NIS.

Thanks for the fix. Saved me from rolling back glibc. ;-)
Comment 10 Larry the Git Cow gentoo-dev 2017-11-18 18:34:41 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=468d6930bad211f5744c1e41d99c496923bae677

commit 468d6930bad211f5744c1e41d99c496923bae677
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2017-11-18 18:34:12 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2017-11-18 18:34:30 +0000

    sys-libs/glibc: Output fat warning if NIS is used and sys-auth/libnss-nis is not installed
    
    Closes: https://bugs.gentoo.org/637946
    Package-Manager: Portage-2.3.14, Repoman-2.3.6

 sys-libs/glibc/glibc-2.26-r3.ebuild | 15 +++++++++++++++
 sys-libs/glibc/glibc-9999.ebuild    | 15 +++++++++++++++
 2 files changed, 30 insertions(+)