[Nix-dev] Impossible to use Nix + fetchgit on any Linux configured with LDAP authentication /libnss_sss

Adrien Devresse Adev at adev.name
Tue Jun 23 11:47:03 CEST 2015


(back on this problem)

> Ah, sorry, I'm not really familiar with nss. Does the libnss_sss
> version have to match what's installed system-wide, rather than e.g.
> being a build input?
I would say no.
It need to be verified but it is very likely that any libnss_sss version
able to connect on the sss unix socket would be ok.


Ideally, libnss_sss should be part of stdenv.
Without it, some syscall like "getpwuid" would simply do not work.

Making it a build-input of git would just provide a workaround for git
only... any other apps using a group/shadow related function (getpwuid,
getpwnam, etc.. ) would trigger the bug again.

However, making it part of stdenv would trigger a recompilation of the
integrality of the packages....

Do you have any elegant way in Nix to add a "module" / modify the stdenv
without retriggering a compilation of the entire system ?


Adrien




Le 07/06/2015 02:15, James Cook a écrit :
> Ah, sorry, I'm not really familiar with nss. Does the libnss_sss
> version have to match what's installed system-wide, rather than e.g.
> being a build input?
>
> Also, doesn't fetchgit produce fixed-output derivations*, meaning
> purity depends only on the sh256 hash of the output matching, and not
> on how the output was produced?
>
> James
>
> *Not sure if it's really fixed-output when leaveDotGit = true.
>
>
> On 6 June 2015 at 14:38, Adrien Devresse <Adev at adev.name> wrote:
>> I would say, it does not solve the problem.
>>
>> If adding the system libnss_sss path to the LD_LIBRARY_PATH can be an
>> acceptable solution for firefox, I think it is not for fetchgit/git.
>> Adding libnss_sss to the LD_PATH as requirement for any invocation of
>> igt would make any build using fetchgit "impure".
>>
>> Adrien
>>
>>
>>
>> Le 06/06/2015 22:16, James Cook a écrit :
>>> e get re-opened? Was that never implemented, or does it not
>>> solve the problem?
>>>
>>> James
>>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
Url : http://lists.science.uu.nl/pipermail/nix-dev/attachments/20150623/7e7b30d7/attachment.bin 


More information about the nix-dev mailing list