Hello! I’m trying to use the Guix package manager on a foreign musl distro - Chimera Linux.
I have a successful unprivileged installation, even successful guix build hello, but with the warning user with UID 1000 not found. I want to understand how critical this is, given the importance of nscd service according to the manual section “Application-Setup”
I have a running nscd service as root.. /var/run/nscd/socket with root:root srw-rw-rw-
The Chimera distribution provides the following implementation:
cat /etc/nsswitch.conf
#musl itself does not support NSS, however, some third-party DNS
#
#implementations use the nsswitch.conf file to determine what
#
#policy to follow.
#
#Editing this file is not recommended.
hosts: files dns
The error/warning occurs for both the root user and the guix-daemon (unprivileged) running the guix-daemon process.
The manual section also mentions an alternative: nsncd
But I couldn’t compile it. The error is due to missing dependencies, very similar to the following:
I don’t quite understand the discussion about this issue. Perhaps the difficulty is definitely due to the use of musl.
1. Has anyone encountered the error/warning: user with UID not found? Is this critical?
2. Can anyone share their experience using Guix on a musl distro? Have you encountered a similar problem? Perhaps nsswitch.conf needs to be configured in a special way?
idk anything other than surface-level details, but musl may be problematic. guix search musl doesn’t return much.
NSCD and NSS are hugely important though. every glib-linked binary will talk to nss for authoritative information from various low-level databases:
- permissions, users/groups
- a ton of authorization
- DNS caching
There’s more info on it here.
try running some packages in guix shell using programs that looks up dns which is either cached or not. if it’s broken on a foreign distro, you’d /maybe/ know pretty quickly. IDFK.
also, try running stuff using strace like
cmd="ssh notyou@localhost:22" # or something that tests group membership
strace -e all -o cmd.strace $cmd
# strace -e all -o spi/rkbin/udev5.sudo.strace rkdeveloptool db $loader
also, i’m fairly sure that it’s difficult to get a Linux distro to run more than one NSS and that pretty much every distro already needs it.
the glibc-linked binaries in guix will run glib.so
for guix installed onto nixos:
guix shell hwloc
ldd `which lstopo`
/gnu/store/11aa22bb-glibc-2.41/lib/ld-linux-x86-64.so.2
=> /nix/store/43cc21bb-glibc-2.42-61/lib64/ld-linux-x86-64.so.2 (0x00007a6e751b0000)
… and i’ve just discovered glibc-2.41 gets linked to 2.42. hey at least i can still read text in my GTK apps
musl-nscd is an implementation of the NSCD protocol. It makes use of NSS modules, just like with glibc.
Yes, but idk how those NSS modules are compiled. That services config & it’s software is difficult to update.
This permits alternative backends for the user and group databases for musl libc.
But how does musl libc normally lookup user/group? The glibc-compiled programs will find the NSS service. This is like the domain of savant-level C/Linux experts.
The protocol it uses is a subset of that used by glibc.
Things will break. Unless the “contract” assumed by client & server are actually executed according to the logic they expect – e.g. glibc program gets error for unimplemented behavior (or worse, no error) and needs to react accordingly
I never tried it myself, but running Guix/Nix on a musl system shouldn’t cause any issues, and i’ve heard people who used Nix on musl systems successfully, because Guix/Nix doesn’t depend on host system packages and it will use its own glibc dependencies. I’m not sure what’s causing that error though. Is there actually a user with UID 1000 on your system at all?
Yeh but libnss does system calls to check permissions, resolve names from cache, etc. Libmusl does something else.
These services are difficult to manage. Solving these problems at scale early on is what made Google a Google.
Like imagine using LDAP with Linux on distributed systems. The NSS cache needs to sync very fast, but this makes updates to various parts of the systems problematic.