nixos/nscd: Add release note entry about nscd changes

2018-11-14 13:03:13 +01:00 · 2018-11-14 13:03:13 +01:00 · 335b41b3fb
commit 335b41b3fb
parent 99d3279952
1 changed files with 60 additions and 0 deletions
--- a/nixos/doc/manual/release-notes/rl-1903.xml
+++ b/nixos/doc/manual/release-notes/rl-1903.xml
@ -245,6 +245,66 @@
     options.
   </para>
  </listitem>
  <listitem>
   <para>
     The <literal>nscd</literal> now disables all caching of
     <literal>passwd</literal> and <literal>group</literal> databases by
     default. This was interferring with the correct functioning of the
     <literal>libnss_systemd.so</literal> module which is used by
     <literal>systemd</literal> to manage uids and usernames in the presence
     of <literal>DynamicUser=</literal> in systemd services.
     The was already the default behaviour in presence of
     <literal>services.sssd.enable = true</literal> because nscd caching
     would interfere sssd in unpredictable ways as well.Because we're using nscd
     not for caching, but for convincing glibc to find NSS modules in the
     nix store instead of an absolute path, we have decided to disable
     caching globally now, as it's usually not the behaviour the user wants
     and can lead to surprising behaviour.
     Furthermore, negative caching of host lookups is also disabled now by
     default. This should fix the issue of dns lookups failing in the
     presence of an unreliable network.
   </para>
   <para>
     If the old behaviour is desired, this can be restored by setting
     the <literal>services.nscd.config</literal> option
     with the desired caching parameters.
     <programlisting>
     services.nscd.config =
     ''
     server-user             nscd
     threads                 1
     paranoia                no
     debug-level             0
     enable-cache            passwd          yes
     positive-time-to-live   passwd          600
     negative-time-to-live   passwd          20
     suggested-size          passwd          211
     check-files             passwd          yes
     persistent              passwd          no
     shared                  passwd          yes
     enable-cache            group           yes
     positive-time-to-live   group           3600
     negative-time-to-live   group           60
     suggested-size          group           211
     check-files             group           yes
     persistent              group           no
     shared                  group           yes
     enable-cache            hosts           yes
     positive-time-to-live   hosts           600
     negative-time-to-live   hosts           5
     suggested-size          hosts           211
     check-files             hosts           yes
     persistent              hosts           no
     shared                  hosts           yes
     '';
     </programlisting>
     See <link xlink:href="https://github.com/NixOS/nixpkgs/pull/50316">#50316</link>
     for details.
   </para>
  </listitem>
  <listitem>
   <para>
     GitLab Shell previously used the nix store paths for the