nsswitch.conf: Avoid modification after installation
ClosedPublic
Actions

Authored by markj on Mar 10 2025, 5:10 AM.

Details

Reviewers

emaste
brooks
bnovkov
kevans

Commits

rG49bc071f4088: nsswitch.conf: Avoid modification after installation

Summary

To implement WITHOUT_NIS, we have a hack in the build which modifies the
installed nsswitch.conf to remove NIS compat providers and databases.
This hack operates on the installed nsswitch.conf, which means that the
installed file size won't match that listed in the metalog.

One option would be to maintain two copies of nsswitch.conf, one for
each configuration, but that would result in duplication and I don't see
a clear way around that.

Instead, stage a copy of nsswitch.conf in the libc objdir, and modify
that one before installing, so that the version recorded in the metalog
matches what actually gets installed.

PR: 209718
Sponsored by: Klara, Inc.
Sponsored by: The FreeBSD Foundation

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

markj created this revision.Mar 10 2025, 5:10 AM

Herald added a subscriber: imp. · View Herald TranscriptMar 10 2025, 5:10 AM

markj requested review of this revision.Mar 10 2025, 5:10 AM

Harbormaster completed remote builds in B62846: Diff 152073.Mar 10 2025, 5:10 AM

kevans added inline comments.Mar 10 2025, 2:33 PM

lib/libc/net/Makefile.inc
183	I somewhat wonder if this should actually be .PHONY -- we don't have a good way to record dependencies on build options, so toggling between WITH and WITHOUT won't regenerate this without manual intervention, presumably

kevans added inline comments.Mar 10 2025, 3:02 PM

lib/libc/net/Makefile.inc
183	(Realizing that this is a more general problem, but for this speciifc case it could be considered a regression since it previously only mattered the value of the knob at install time)

I think this is a fine short term approach (IMO it's no worse than the existing modify-nsswitch-conf target).

That said maybe we can accommodate @kevans comment with something like

.if ${MK_NIS} != "no"
CONFS+=net/nsswitch.conf
.else
${.OBJDIR}/nsswitch.conf

all: ${.OBJDIR}/nsswitch.conf
...

i.e., if NIS is not turned off we add the unmodified conf file, and if it is turned off we use the extra build stuff?

This revision is now accepted and ready to land.Mar 10 2025, 6:31 PM

Try to avoid breaking incremental rebuilds if WITHOUT_NIS flips in between
successive builds.

This revision now requires review to proceed.Mar 11 2025, 11:20 AM

Harbormaster completed remote builds in B62866: Diff 152129.Mar 11 2025, 11:20 AM

markj marked 2 inline comments as done.Mar 11 2025, 11:21 AM

markj added inline comments.

lib/libc/net/Makefile.inc
183	I took Ed's suggestion since it lets us avoid doing unnecessary work during incremental builds, which seems like good practice even though it's quite negligible in this case.