nixos/nscd: Add release note entry about nscd changes

This commit is contained in:
Arian van Putten 2018-11-14 13:03:13 +01:00
parent 99d3279952
commit 335b41b3fb

View File

@ -245,6 +245,66 @@
options.
</para>
</listitem>
<listitem>
<para>
The <literal>nscd</literal> now disables all caching of
<literal>passwd</literal> and <literal>group</literal> databases by
default. This was interferring with the correct functioning of the
<literal>libnss_systemd.so</literal> module which is used by
<literal>systemd</literal> to manage uids and usernames in the presence
of <literal>DynamicUser=</literal> in systemd services.
The was already the default behaviour in presence of
<literal>services.sssd.enable = true</literal> because nscd caching
would interfere sssd in unpredictable ways as well.Because we're using nscd
not for caching, but for convincing glibc to find NSS modules in the
nix store instead of an absolute path, we have decided to disable
caching globally now, as it's usually not the behaviour the user wants
and can lead to surprising behaviour.
Furthermore, negative caching of host lookups is also disabled now by
default. This should fix the issue of dns lookups failing in the
presence of an unreliable network.
</para>
<para>
If the old behaviour is desired, this can be restored by setting
the <literal>services.nscd.config</literal> option
with the desired caching parameters.
<programlisting>
services.nscd.config =
''
server-user nscd
threads 1
paranoia no
debug-level 0
enable-cache passwd yes
positive-time-to-live passwd 600
negative-time-to-live passwd 20
suggested-size passwd 211
check-files passwd yes
persistent passwd no
shared passwd yes
enable-cache group yes
positive-time-to-live group 3600
negative-time-to-live group 60
suggested-size group 211
check-files group yes
persistent group no
shared group yes
enable-cache hosts yes
positive-time-to-live hosts 600
negative-time-to-live hosts 5
suggested-size hosts 211
check-files hosts yes
persistent hosts no
shared hosts yes
'';
</programlisting>
See <link xlink:href="https://github.com/NixOS/nixpkgs/pull/50316">#50316</link>
for details.
</para>
</listitem>
<listitem>
<para>
GitLab Shell previously used the nix store paths for the