Re: On the removal of nscd from Fedora, and the future of nscd.

public inbox for libc-alpha@sourceware.org
 help / color / mirror / Atom feed

From: Florian Klink <flokli@flokli.de>
To: libc-alpha@sourceware.org
Cc: ludo@gnu.org, felix@alternativebit.fr,
	John Ericson <list@johnericson.me>,
	Siddhesh Poyarekar <siddhesh@sourceware.org>
Subject: Re: On the removal of nscd from Fedora, and the future of nscd.
Date: Sun, 20 Nov 2022 18:34:43 +0000	[thread overview]
Message-ID: <20221120183443.7ox53zxaqanm37da@tp> (raw)
In-Reply-To: <f2490e06-39b1-6291-0361-0ca54efb96a9@JohnEricson.me>

>>> NSCD certainly could act as that gateway, but I'd hate to rely on it
>>> without an RFC defining the protocol, and such an RFC would enable it to
>>> solve the problem in a wider context too.
>>>
>
>Stepping back, we can ask: "What makes a de facto standard?"
>
>I would say a) stability and b) multiple implementations.
>
>> Yes.  In practice, I haven?t seen nscd protocol changes in 10 years of
>> Guix.
>
>That's one, and a quick search turned up:
>
>https://github.com/pikhq/musl-nscd
>
>whose read-me says:
>
>> musl-nscd is an implementation of the NSCD protocol. It makes use of NSS
>> modules, just like with glibc. This permits alternative backends for the user
>> and group databases for musl libc. The protocol it uses is a subset of that
>> used by glibc.
>
>That's the other. Both criteria for "de facto standard" met!
>
>>> Doing so, however, means that nscd (or some other equivalent) MUST be
>>> present and running on all systems...
>>>
>> Yes, exactly.
>
>If I may push back on this slightly, a libc could should ship with the sssd and
>systemd-resolved clients too. For sake of argument, one could imagine they are
>even statically linked, so there is no dlopen to be suspicious of. The binary could
>try those protocols first before falling back on the nscd protocol.
>
>The goal here, I think, is to support the existing NSCD protocol as the "lingua
>franca" we have *today*. It's not to hinder the uptake of anything else, or even a
>value judgement on whether the NSCD protocol is "good" in any deep sense,
>just acknowledging its what we've got.

I recently took a closer look at the protocol, while adding host lookup
support to [nsncd][nsncd-pr], so there's plenty of implementations of
this protocol.

[nsncd-blog] describes the reasons why Nix/GUIX needs this *as a pure
request dispatcher* in a bit more detail, too.

There's currently some scary request types to pass around FDs to
internal nscd cache structures (GETFD*). But client code already falls
back gracefully to querying records manually, if you don't actually hand
over a FD.

If there's plans to drop nscd from glibc codebase, what about keeping
the client code, but simplified, without all client-side cache peeking?

That way, Nix, GUIX and other peoples usecases would still keep working,
while the amount of code in glibc on that can be reduced.

Regards,
flokli

[nsncd-pr]: https://github.com/twosigma/nsncd/pull/49
[nsncd-blog]: https://flokli.de/posts/2022-11-18-nsncd/

     prev parent reply	other threads:[~2022-11-20 18:34 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-02-28 20:55 Carlos O'Donell
2022-02-28 23:02 ` DJ Delorie
2022-02-28 23:09   ` Joseph Myers
2022-03-01  1:02     ` DJ Delorie
2022-03-01  9:10   ` Ludovic Courtès
2022-03-01 16:54     ` DJ Delorie
2022-03-01 17:44       ` Ludovic Courtès
2022-03-01 18:31         ` DJ Delorie
2022-03-03 13:40           ` Ludovic Courtès
2022-03-06 22:05             ` John Ericson
2022-11-20 18:34               ` Florian Klink [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221120183443.7ox53zxaqanm37da@tp \
    --to=flokli@flokli.de \
    --cc=felix@alternativebit.fr \
    --cc=libc-alpha@sourceware.org \
    --cc=list@johnericson.me \
    --cc=ludo@gnu.org \
    --cc=siddhesh@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).