[Nix-dev] Impossible to use Nix + fetchgit on any Linux configured with LDAP authentication /libnss_sss
Eelco Dolstra
eelco.dolstra at logicblox.com
Tue Jun 23 12:48:23 CEST 2015
Hi,
On 23/06/15 11:47, Adrien Devresse wrote:
> Ideally, libnss_sss should be part of stdenv.
That's not going to happen because there are any number of NSS modules that we
can't possibly all add to stdenv.
> Do you have any elegant way in Nix to add a "module" / modify the stdenv
> without retriggering a compilation of the entire system ?
Yes, by using nscd.
If possible, you could also enable chroot builds. It might be possible to
override /etc/nsswitch.conf in the chroot by setting the Nix option
"build-chroot-dirs = /etc/nsswitch.conf=/path/to/my-nsswitch.conf" (where
my-nsswitch.conf doesn't contain libnss_nss). However, looking at the code, it
may not be possible to override /etc/nsswitch.conf at the moment, but fixing
that wouldn't be hard.
As a hack, it might also be possible to add LD_LIBRARY_PATH to the impureEnvVars
attribute of fetchgit and other affected fixed-output derivations. (Fixed-output
derivations are allowed to have some "impure" inputs because their output is
guaranteed to be the same regardless of the inputs.) So you could pass in an
LD_LIBRARY_PATH pointing to a directory containing the required NSS modules.
--
Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/
More information about the nix-dev
mailing list