New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nscd: disable by default #50042
nscd: disable by default #50042
Conversation
We don't have many services enabled by default, so turning one off probably requires some explanation about why it was on, and if the trade-offs of turning it off make sense. |
@GrahamcOfBorg test networking nsd avahi |
Success on x86_64-linux (full log) Attempted: tests.networking, tests.nsd The following builds were skipped because they don't evaluate on x86_64-linux: tests.avahi Partial log (click to expand)
|
Agreed, I figure this isn't a trivial merge and would appreciate if we could understand why it's been enabled by default up to now. Git archaeology has revealed that its existence goes way way back to 2007 (9963b26) and it wasn't even possible to disable it until 2009 (3f6ca96). Also cc @fpletz who gave me the idea that it might not actually be necessary. |
Timed out, unknown build status on aarch64-linux (full log) Attempted: tests.networking, tests.nsd The following builds were skipped because they don't evaluate on aarch64-linux: tests.avahi Partial log (click to expand)
|
No, A possible replacement might be |
An alternative to nscd would be great. Sometimes it will increase startup times slightly due to this hack blocking: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/system/nscd.nix#L79-L86 |
If anyone wants to try out unscd, they can use this patch: Needs more testing before opening a PR though. |
I'm running with
NSS modules seem to work properly without nscd:
where
If I replace
|
@matthewbauer the hack could be replaced by a nicer hack using inotifywait? :D |
@orivej That only works for NSS modules built into Glibc. It won't be able to find e.g. |
unscd seems to bind the socket before it forks itself, making the hack unnecessary. |
@matthewbauer if you would make unscd an option we could test this a bit before switching to it by default. |
I applied several fixes to unscd here: Mic92@8ff2c10 |
@Mic92 feel free to take this up. I'm a little too busy to work on it further. |
#50316 is an alternative approach. Disabling negative caches for host lookups could solve some issues we currently have with nscd. |
I think we've concluded that we don't want to do this, but at least it's spawned some other approaches with their respective discussions :) |
Motivation for this change
nscd seems to cause occasional spurious errors, in the vein of
Could not resolve <hostname>: System Error
. I propose to disable it by default.Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)nix path-info -S
before and after)