sys-libs/glibc-2.26 no longer provides libnss_nis, which in turns causes systems configured for NIS to fail. As an example, here's what happens when you run whoami after upgrading to glibc-2.26 /etc/nsswitch.conf contents: passwd: files nis shadow: files nis group: files nis strace on whoami $ strace whoami execve("/usr/bin/whoami", ["whoami"], 0x7ffc1cc27a90 /* 82 vars */) = 0 brk(NULL) = 0x1fa3000 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd383e87000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=343946, ...}) = 0 mmap(NULL, 343946, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fd383e33000 close(3) = 0 openat(AT_FDCWD, "/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\21\2\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=1832776, ...}) = 0 mmap(NULL, 3938744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fd3838a3000 mprotect(0x7fd383a5c000, 2093056, PROT_NONE) = 0 mmap(0x7fd383c5b000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b8000) = 0x7fd383c5b000 mmap(0x7fd383c61000, 14776, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fd383c61000 close(3) = 0 mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd383e30000 arch_prctl(ARCH_SET_FS, 0x7fd383e30740) = 0 mprotect(0x7fd383c5b000, 16384, PROT_READ) = 0 mprotect(0x606000, 4096, PROT_READ) = 0 mprotect(0x7fd383e89000, 4096, PROT_READ) = 0 munmap(0x7fd383e33000, 343946) = 0 open("/usr/lib64/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=2006640, ...}) = 0 mmap(NULL, 2006640, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fd3836b9000 close(3) = 0 brk(NULL) = 0x1fa3000 brk(0x1fc4000) = 0x1fc4000 geteuid() = 1000 open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=599, ...}) = 0 read(3, "# /etc/nsswitch.conf:\n# $Header:"..., 4096) = 599 read(3, "", 4096) = 0 close(3) = 0 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=343946, ...}) = 0 mmap(NULL, 343946, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fd383e33000 close(3) = 0 openat(AT_FDCWD, "/lib64/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000#\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=47496, ...}) = 0 mmap(NULL, 2143656, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fd3834ad000 mprotect(0x7fd3834b8000, 2093056, PROT_NONE) = 0 mmap(0x7fd3836b7000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa000) = 0x7fd3836b7000 close(3) = 0 mprotect(0x7fd3836b7000, 4096, PROT_READ) = 0 munmap(0x7fd383e33000, 343946) = 0 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=2534, ...}) = 0 read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2534 read(3, "", 4096) = 0 close(3) = 0 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=343946, ...}) = 0 mmap(NULL, 343946, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fd383e33000 close(3) = 0 openat(AT_FDCWD, "/lib64/tls/x86_64/x86_64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/lib64/tls/x86_64/x86_64", 0x7fffff084670) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/tls/x86_64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/lib64/tls/x86_64", 0x7fffff084670) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/tls/x86_64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/lib64/tls/x86_64", 0x7fffff084670) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/tls/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/lib64/tls", 0x7fffff084670) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/x86_64/x86_64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/lib64/x86_64/x86_64", 0x7fffff084670) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/x86_64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/lib64/x86_64", 0x7fffff084670) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/x86_64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/lib64/x86_64", 0x7fffff084670) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/lib64", {st_mode=S_IFDIR|0755, st_size=12288, ...}) = 0 openat(AT_FDCWD, "/usr/lib64/tls/x86_64/x86_64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/usr/lib64/tls/x86_64/x86_64", 0x7fffff084670) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib64/tls/x86_64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/usr/lib64/tls/x86_64", 0x7fffff084670) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib64/tls/x86_64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/usr/lib64/tls/x86_64", 0x7fffff084670) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib64/tls/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/usr/lib64/tls", 0x7fffff084670) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib64/x86_64/x86_64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/usr/lib64/x86_64/x86_64", 0x7fffff084670) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib64/x86_64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/usr/lib64/x86_64", 0x7fffff084670) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib64/x86_64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/usr/lib64/x86_64", 0x7fffff084670) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/usr/lib64", {st_mode=S_IFDIR|0755, st_size=159744, ...}) = 0 munmap(0x7fd383e33000, 343946) = 0 open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=2997, ...}) = 0 read(3, "# Locale name alias data base.\n#"..., 4096) = 2997 read(3, "", 4096) = 0 close(3) = 0 open("/usr/share/locale/en_AU/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory) write(2, "whoami: ", 8whoami: ) = 8 write(2, "cannot find name for user ID 100"..., 33cannot find name for user ID 1000) = 33 write(2, "\n", 1 ) = 1 close(1) = 0 close(2) = 0 exit_group(1) = ? +++ exited with 1 +++
You will probably have to use a third party package, like this one: https://github.com/thkukuk/libnss_nis
Which is not in portage. The problem is that this change makes systems unusable without notice and without a clear path forward. I appreciate that the removal of NIS from glibc is an upstream change, but distributions need to have some form of strategy for rolling out a change that can leave users locked out of the system. At a minimum, there should be a news item about this, giving plenty of warning and ideally suggest the required packages that should be in portage. At this stage the only reasonable option for my systems is to do an emergency roll-back of glibc. In the long term, I need to figure out whether Gentoo will maintain NIS support or whether it will be finally killed off. It would be a shame, but it looks like NIS has no maintainers - see ypbind and friends. :-( I strongly suggest changing the glibc package to do a pre-merge check to check if a system is configured to use NIS maps.
(In reply to peteru from comment #2) > Which is not in portage. > > The problem is that this change makes systems unusable without notice and > without a clear path forward. And that's why you don't run unsupervised ~arch on production systems. > At a minimum, there should be a news item about this, giving plenty of > warning and ideally suggest the required packages that should be in portage. Given that you're the first one to even notice or complain... > > At this stage the only reasonable option for my systems is to do an > emergency roll-back of glibc. In the long term, I need to figure out whether > Gentoo will maintain NIS support or whether it will be finally killed off. > It would be a shame, but it looks like NIS has no maintainers - see ypbind > and friends. :-( It will be maintained. > I strongly suggest changing the glibc package to do a pre-merge check to > check if a system is configured to use NIS maps.
It's only two systems that are affected. The production systems are not ~arch, so they are safe for now. I've already pushed out a package.mask for glibc-2.26 until I have a better idea how to move forward. However, I am now stuck with this problem: * Sanity check to keep you from breaking your system: * Downgrading glibc is not supported and a sure way to destruction * ERROR: sys-libs/glibc-2.25-r9::gentoo failed (pretend phase): * aborting to save your system Any suggestions on how to proceed?
(In reply to peteru from comment #4) > Any suggestions on how to proceed? You can comment out the relevant "die" command in toolchain-glibc.eclass to enable the downgrade. Not that if you have rebuild any other critical system packages since upgrading to glibc-2.26, downgrading may very likely make the system completely unusable. In that case, you would need to reinstall from a stable stage3 tarball, or reinstall those system packages from binpkgs built against glibc-2.25.
peteru, you could try glibc 2.26 configure option "--enable-obsolete-nsl". Please note that this is only a workaround. See release notes at: https://savannah.gnu.org/forum/forum.php?forum_id=8921
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7cf52c674ca56d22b039982de815439c0d102bf2 commit 7cf52c674ca56d22b039982de815439c0d102bf2 Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2017-11-17 19:13:26 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2017-11-17 23:20:43 +0000 sys-auth/libnss-nis: new package (Note added- I've made it install into /usr for the moment. dilfridge) Bug: https://bugs.gentoo.org/637946 Closes: https://github.com/gentoo/gentoo/pull/6214 Package-Manager: Portage-2.3.14_p5, Repoman-2.3.6 sys-auth/libnss-nis/Manifest | 1 + sys-auth/libnss-nis/files/map_v4v6_address.patch | 112 +++++++++++++++++++++++ sys-auth/libnss-nis/libnss-nis-1.3.ebuild | 49 ++++++++++ sys-auth/libnss-nis/metadata.xml | 7 ++ 4 files changed, 169 insertions(+)}
@peteru, with sys-auth/libnss-nis, is your system working again?
Great work! Adding sys-auth/libnss-nis to the system brings back the NIS functionality. I guess glibc should pull sys-auth/libnss-nis in as a dependency when the "nis" USE flag is set. That ought to prevent breakage, on systems that use NIS. Thanks for the fix. Saved me from rolling back glibc. ;-)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=468d6930bad211f5744c1e41d99c496923bae677 commit 468d6930bad211f5744c1e41d99c496923bae677 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2017-11-18 18:34:12 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2017-11-18 18:34:30 +0000 sys-libs/glibc: Output fat warning if NIS is used and sys-auth/libnss-nis is not installed Closes: https://bugs.gentoo.org/637946 Package-Manager: Portage-2.3.14, Repoman-2.3.6 sys-libs/glibc/glibc-2.26-r3.ebuild | 15 +++++++++++++++ sys-libs/glibc/glibc-9999.ebuild | 15 +++++++++++++++ 2 files changed, 30 insertions(+)