On Wed, Jun 10, 2015 at 04:44:17PM +0000, Joakim Tjernlund wrote:
> I wonder if it would be possible to use the script from
> sys-apps/getent(included below)
> to impl. getent in user.eclass instead of using glibc's getent? I
> cannot see any downside, is there one?
>
> This would help a lot(just seed your groups/users is in
> ROOT/etc/{passwd,group ...} first)
> when cross building or ROOT != / as it would be trivial for the script to
> respect ROOT/EPREFIX
This would totally break when those services come from an NSS provider
other than files or compat.
There was a non-upstream patch to support NSS on non-root filesystems,
which would probably help a lot more; I haven't seen that original patch
in a while, so here's a very quick and completely untested
re-implementation of it.
In your case, you probably should MAKE sure that regardless of the
system nsswitch settings, the NSS file provider gets used.
Usage: NSS_FILES_ROOT=$ROOT/etc getent -s files passwd ...
--
Robin Hugh Johnson
Gentoo Linux: Developer, Infrastructure Lead
E-Mail : [email protected]
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
nss_files: non-/ root support via env
In building systems eg cross-compile, it can be very useful to run getent on a
different root path.
This is a very rough, completely untested patch to implement it, based on a
patch I recall seeing many years ago, but can't find anywhere not.
Untested-By: Robin H. Johnson <[email protected]>
Original-Author: Robin H. Johnson <[email protected]>
Not-Signed-Off-By: Robin H. Johnson <[email protected]>
diff -Nuar glibc-2.21.orig/nss/nss_files/files-XXX.c glibc-2.21/nss/nss_files/files-XXX.c
--- glibc-2.21.orig/nss/nss_files/files-XXX.c 2015-06-10 11:16:59.282269957 -0700
+++ glibc-2.21/nss/nss_files/files-XXX.c 2015-06-10 11:43:55.582631857 -0700
@@ -38,7 +38,8 @@
#define ENTNAME_r CONCAT(ENTNAME,_r)
-#define DATAFILE "/etc/" DATABASE
+#define NSS_FILES_ROOT "/etc/"
+#define DATAFILE NSS_FILES_ROOT DATABASE
#ifdef NEED_H_ERRNO
# include <netdb.h>
@@ -75,7 +76,19 @@
if (stream == NULL)
{
- stream = fopen (DATAFILE, "rce");
+ char* datafile = DATAFILE;
+ const char* datafile_root;
+ if(datafile_root = secure_getenv("NSS_FILES_ROOT")) {
+#define merged_datafile_len 1024
+ char merged_datafile[merged_datafile_len];
+ strncpy(merged_datafile, datafile_root, merged_datafile_len);
+ strncat(merged_datafile, DATABASE, merged_datafile_len - strlen(merged_datafile));
+ datafile = &merged_datafile;
+ /* If we are using a different root to the files, do not cache */
+ keep_stream = 0;
+ stayopen = 0;
+ }
+ stream = fopen (datafile, "rce");
if (stream == NULL)
status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
