Commit 8cd6c9ec48 deprecated nscd in Fedora 34:
https://fedoraproject.org/wiki/Changes/DeprecateNSCD

This commit removes nscd in preparation for Fedora 36:
https://fedoraproject.org/wiki/Changes/RemoveNSCD

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
This commit is contained in:
Arjun Shankar 2021-12-13 13:41:58 +01:00
parent cadee80b13
commit a7319f3316
5 changed files with 23 additions and 177 deletions

View File

@ -1,17 +0,0 @@
This patch works around deprecated libselinux features used by nscd.
diff --git a/nscd/selinux.c b/nscd/selinux.c
index a4ea8008e201b939..0acca4639202a75a 100644
--- a/nscd/selinux.c
+++ b/nscd/selinux.c
@@ -17,6 +17,10 @@
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
+/* This file uses deprecated declarations from libselinux. */
+#include <libc-diag.h>
+DIAG_IGNORE_NEEDS_COMMENT (4.9, "-Wdeprecated-declarations");
+
#include "config.h"
#include <error.h>
#include <errno.h>

View File

@ -1,20 +0,0 @@
Short description: NSCD must use nscd user.
Author(s): Fedora glibc team <glibc@lists.fedoraproject.org>
Origin: PATCH
Upstream status: not-needed
Fedora-specific configuration adjustment to introduce the nscd user.
(Upstream does not assume this user exists.)
diff -Nrup a/nscd/nscd.conf b/nscd/nscd.conf
--- a/nscd/nscd.conf 2012-06-05 07:42:49.000000000 -0600
+++ b/nscd/nscd.conf 2012-06-07 12:15:21.818318670 -0600
@@ -33,7 +33,7 @@
# logfile /var/log/nscd.log
# threads 4
# max-threads 32
-# server-user nobody
+ server-user nscd
# stat-user somebody
debug-level 0
# reload-count 5

View File

@ -1,21 +0,0 @@
Short description: Provide options to nscd startup.
Author(s): Fedora glibc team <glibc@lists.fedoraproject.org>
Origin: PATCH
Upstream status: not-needed
Fedora-specific nscd startup configuration file.
diff --git a/nscd/nscd.service b/nscd/nscd.service
index b7428a3..19ba185 100644
--- a/nscd/nscd.service
+++ b/nscd/nscd.service
@@ -5,7 +5,8 @@ Description=Name Service Cache Daemon
[Service]
Type=forking
-ExecStart=/usr/sbin/nscd
+EnvironmentFile=-/etc/sysconfig/nscd
+ExecStart=/usr/sbin/nscd $NSCD_OPTIONS
ExecStop=/usr/sbin/nscd --shutdown
ExecReload=/usr/sbin/nscd -i passwd
ExecReload=/usr/sbin/nscd -i group

View File

@ -151,7 +151,7 @@ end \
Summary: The GNU libc libraries Summary: The GNU libc libraries
Name: glibc Name: glibc
Version: %{glibcversion} Version: %{glibcversion}
Release: 28%{?dist} Release: 29%{?dist}
# In general, GPLv2+ is used by programs, LGPLv2+ is used for # In general, GPLv2+ is used by programs, LGPLv2+ is used for
# libraries. # libraries.
@ -182,11 +182,10 @@ License: LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptio
URL: http://www.gnu.org/software/glibc/ URL: http://www.gnu.org/software/glibc/
Source0: %{?glibc_release_url}%{glibcsrcdir}.tar.xz Source0: %{?glibc_release_url}%{glibcsrcdir}.tar.xz
Source1: nscd.conf Source1: bench.mk
Source2: bench.mk Source2: glibc-bench-compare
Source3: glibc-bench-compare Source3: glibc.req.in
Source4: glibc.req.in Source4: glibc.attr
Source5: glibc.attr
Source10: wrap-find-debuginfo.sh Source10: wrap-find-debuginfo.sh
Source11: parse-SUPPORTED.py Source11: parse-SUPPORTED.py
# Include in the source RPM for reference. # Include in the source RPM for reference.
@ -216,23 +215,21 @@ rpm.define("__debug_install_post bash " .. wrapper
# - See each individual patch file for origin and upstream status. # - See each individual patch file for origin and upstream status.
# - For new patches follow template.patch format. # - For new patches follow template.patch format.
############################################################################## ##############################################################################
Patch1: glibc-fedora-nscd.patch
Patch4: glibc-fedora-linux-tcsetattr.patch Patch4: glibc-fedora-linux-tcsetattr.patch
Patch6: glibc-fedora-localedef.patch Patch6: glibc-fedora-localedef.patch
Patch8: glibc-fedora-manual-dircategory.patch Patch8: glibc-fedora-manual-dircategory.patch
Patch9: glibc-rh827510.patch Patch9: glibc-rh827510.patch
Patch13: glibc-fedora-localedata-rh61908.patch Patch13: glibc-fedora-localedata-rh61908.patch
Patch15: glibc-rh1070416.patch Patch15: glibc-rh1070416.patch
Patch16: glibc-nscd-sysconfig.patch
Patch17: glibc-cs-path.patch Patch17: glibc-cs-path.patch
Patch23: glibc-python3.patch Patch23: glibc-python3.patch
Patch30: glibc-deprecated-selinux-makedb.patch Patch30: glibc-deprecated-selinux-makedb.patch
Patch31: glibc-deprecated-selinux-nscd.patch
############################################################################## ##############################################################################
# Continued list of core "glibc" package information: # Continued list of core "glibc" package information:
############################################################################## ##############################################################################
Obsoletes: glibc-profile < 2.4 Obsoletes: glibc-profile < 2.4
Obsoletes: nscd < 2.35
Provides: ldconfig Provides: ldconfig
# The dynamic linker supports DT_GNU_HASH # The dynamic linker supports DT_GNU_HASH
@ -257,7 +254,7 @@ Recommends: (nss_db(x86-32) if nss_db(x86-64))
Recommends: (nss_hesiod(x86-32) if nss_hesiod(x86-64)) Recommends: (nss_hesiod(x86-32) if nss_hesiod(x86-64))
%endif %endif
# This is for building auxiliary programs like memusage, nscd # This is for building auxiliary programs like memusage
# For initial glibc bootstraps it can be commented out # For initial glibc bootstraps it can be commented out
%if %{without bootstrap} %if %{without bootstrap}
BuildRequires: gd-devel libpng-devel zlib-devel BuildRequires: gd-devel libpng-devel zlib-devel
@ -283,9 +280,6 @@ BuildRequires: systemtap-sdt-devel
BuildRequires: valgrind BuildRequires: valgrind
%endif %endif
# We use systemd rpm macros for nscd
BuildRequires: systemd
# We use python for the microbenchmarks and locale data regeneration # We use python for the microbenchmarks and locale data regeneration
# from unicode sources (carried out manually). We choose python3 # from unicode sources (carried out manually). We choose python3
# explicitly because it supports both use cases. On some # explicitly because it supports both use cases. On some
@ -904,38 +898,6 @@ Requires: %{name}-common = %{version}-%{release}
%description gconv-extra %description gconv-extra
This package contains all iconv converter modules built in %{name}. This package contains all iconv converter modules built in %{name}.
##############################################################################
# glibc "nscd" sub-package
#
# Deprecated in Fedora 34 and planned for removal in Fedora 35.
#
# systemd-resolved is now enabled by default for DNS caching in Fedora, and
# sssd is capable of caching the remaining named services that nscd handles.
# It is therefore time to retire nscd in Fedora and move to more modern named
# services caches.
#
# For details, see:
# bug 1905135: https://fedoraproject.org/wiki/Changes/DeprecateNSCD
# bug 1905142: https://fedoraproject.org/wiki/Changes/RemoveNSCD
##############################################################################
%package -n nscd
Summary: A Name Service Caching Daemon (nscd).
# Fedora 35 is planned for release on Oct 26 2021, with nscd removed
Provides: deprecated() = 20211026
Requires: %{name} = %{version}-%{release}
%if %{without bootstrap}
Requires: libselinux >= 1.17.10-1
%endif
Requires: audit-libs >= 1.1.3
Requires(pre): /usr/sbin/useradd, coreutils
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd, /usr/sbin/userdel
%description -n nscd
The nscd daemon caches name service lookups and can improve
performance with LDAP, and may help with DNS as well.
############################################################################## ##############################################################################
# Subpackages for NSS modules except nss_files, nss_compat, nss_dns # Subpackages for NSS modules except nss_files, nss_compat, nss_dns
############################################################################## ##############################################################################
@ -1211,7 +1173,9 @@ build()
%ifarch aarch64 %ifarch aarch64
--enable-memory-tagging \ --enable-memory-tagging \
%endif %endif
--disable-crypt || --disable-crypt \
--disable-build-nscd \
--disable-nscd ||
{ cat config.log; false; } { cat config.log; false; }
%make_build -r %{glibc_make_flags} %make_build -r %{glibc_make_flags}
@ -1404,20 +1368,11 @@ mv %{glibc_sysroot}%{_prefix}/lib/locale/*.filelist .
# Install configuration files for services # Install configuration files for services
############################################################################## ##############################################################################
# This is for ncsd - in glibc 2.2
install -m 644 nscd/nscd.conf %{glibc_sysroot}/etc
mkdir -p %{glibc_sysroot}%{_tmpfilesdir}
install -m 644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}
mkdir -p %{glibc_sysroot}/lib/systemd/system
install -m 644 nscd/nscd.service nscd/nscd.socket %{glibc_sysroot}/lib/systemd/system
# Include ld.so.conf # Include ld.so.conf
echo 'include ld.so.conf.d/*.conf' > %{glibc_sysroot}/etc/ld.so.conf echo 'include ld.so.conf.d/*.conf' > %{glibc_sysroot}/etc/ld.so.conf
truncate -s 0 %{glibc_sysroot}/etc/ld.so.cache truncate -s 0 %{glibc_sysroot}/etc/ld.so.cache
chmod 644 %{glibc_sysroot}/etc/ld.so.conf chmod 644 %{glibc_sysroot}/etc/ld.so.conf
mkdir -p %{glibc_sysroot}/etc/ld.so.conf.d mkdir -p %{glibc_sysroot}/etc/ld.so.conf.d
mkdir -p %{glibc_sysroot}/etc/sysconfig
truncate -s 0 %{glibc_sysroot}/etc/sysconfig/nscd
truncate -s 0 %{glibc_sysroot}/etc/gai.conf truncate -s 0 %{glibc_sysroot}/etc/gai.conf
# Include %{_libdir}/gconv/gconv-modules.cache # Include %{_libdir}/gconv/gconv-modules.cache
@ -1446,7 +1401,7 @@ popd
mkdir -p %{glibc_sysroot}%{_prefix}/libexec/glibc-benchtests mkdir -p %{glibc_sysroot}%{_prefix}/libexec/glibc-benchtests
cp $(find build-%{target}/benchtests -type f -executable) %{glibc_sysroot}%{_prefix}/libexec/glibc-benchtests/ cp $(find build-%{target}/benchtests -type f -executable) %{glibc_sysroot}%{_prefix}/libexec/glibc-benchtests/
# ... and the makefile. # ... and the makefile.
for b in %{SOURCE2} %{SOURCE3}; do for b in %{SOURCE1} %{SOURCE2}; do
cp $b %{glibc_sysroot}%{_prefix}/libexec/glibc-benchtests/ cp $b %{glibc_sysroot}%{_prefix}/libexec/glibc-benchtests/
done done
# .. and finally, the comparison scripts. # .. and finally, the comparison scripts.
@ -1471,10 +1426,6 @@ popd
rm -f %{glibc_sysroot}%{_infodir}/dir rm -f %{glibc_sysroot}%{_infodir}/dir
%endif %endif
mkdir -p %{glibc_sysroot}/var/{db,run}/nscd
touch %{glibc_sysroot}/var/{db,run}/nscd/{passwd,group,hosts,services}
touch %{glibc_sysroot}/var/run/nscd/{socket,nscd.pid}
# Move libpcprofile.so and libmemusage.so into the proper library directory. # Move libpcprofile.so and libmemusage.so into the proper library directory.
# They can be moved without any real consequences because users would not use # They can be moved without any real consequences because users would not use
# them directly. # them directly.
@ -1527,8 +1478,6 @@ ar cr %{glibc_sysroot}%{_prefix}/%{_lib}/libpthread_nonshared.a
# - Flies for the common subpackage. # - Flies for the common subpackage.
# * utils.filelist # * utils.filelist
# - Files for the utils subpackage. # - Files for the utils subpackage.
# * nscd.filelist
# - Files for the nscd subpackage.
# * devel.filelist # * devel.filelist
# - Files for the devel subpackage. # - Files for the devel subpackage.
# * doc.filelist # * doc.filelist
@ -1555,7 +1504,6 @@ touch glibc.filelist
touch common.filelist touch common.filelist
touch utils.filelist touch utils.filelist
touch gconv.filelist touch gconv.filelist
touch nscd.filelist
touch devel.filelist touch devel.filelist
touch doc.filelist touch doc.filelist
touch headers.filelist touch headers.filelist
@ -1622,7 +1570,7 @@ chmod 0444 master.filelist
# Add all files with the following exceptions: # Add all files with the following exceptions:
# - The info files '%{_infodir}/dir' # - The info files '%{_infodir}/dir'
# - The partial (lib*_p.a) static libraries, include files. # - The partial (lib*_p.a) static libraries, include files.
# - The static files, objects, unversioned DSOs, and nscd. # - The static files, objects, and unversioned DSOs.
# - The bin, locale, some sbin, and share. # - The bin, locale, some sbin, and share.
# - We want iconvconfig in the main package and we do this by using # - We want iconvconfig in the main package and we do this by using
# a double negation of -v and [^i] so it removes all files in # a double negation of -v and [^i] so it removes all files in
@ -1641,7 +1589,6 @@ cat master.filelist \
-e '%{_libdir}/lib.*\.so' \ -e '%{_libdir}/lib.*\.so' \
-e '%{_libdir}/gconv/.*\.so$' \ -e '%{_libdir}/gconv/.*\.so$' \
-e '%{_libdir}/gconv/gconv-modules.d/gconv-modules-extra\.conf$' \ -e '%{_libdir}/gconv/gconv-modules.d/gconv-modules-extra\.conf$' \
-e 'nscd' \
-e '%{_prefix}/bin' \ -e '%{_prefix}/bin' \
-e '%{_prefix}/lib/locale' \ -e '%{_prefix}/lib/locale' \
-e '%{_prefix}/sbin/[^i]' \ -e '%{_prefix}/sbin/[^i]' \
@ -1719,12 +1666,12 @@ sed -i -e '\,libmemusage.so,d' \
%if %{glibc_autorequires} %if %{glibc_autorequires}
mkdir -p %{glibc_sysroot}/%{_rpmconfigdir} %{glibc_sysroot}/%{_fileattrsdir} mkdir -p %{glibc_sysroot}/%{_rpmconfigdir} %{glibc_sysroot}/%{_fileattrsdir}
sed < %{SOURCE4} \ sed < %{SOURCE3} \
-e s/@VERSION@/%{version}/ \ -e s/@VERSION@/%{version}/ \
-e s/@RELEASE@/%{release}/ \ -e s/@RELEASE@/%{release}/ \
-e s/@SYMVER@/%{glibc_autorequires_symver}/ \ -e s/@SYMVER@/%{glibc_autorequires_symver}/ \
> %{glibc_sysroot}/%{_rpmconfigdir}/glibc.req > %{glibc_sysroot}/%{_rpmconfigdir}/glibc.req
cp %{SOURCE5} %{glibc_sysroot}/%{_fileattrsdir}/glibc.attr cp %{SOURCE4} %{glibc_sysroot}/%{_fileattrsdir}/glibc.attr
%endif %endif
############################################################################### ###############################################################################
@ -1774,16 +1721,14 @@ grep '%{_libdir}/lib.*\.a' < master.filelist \
############################################################################### ###############################################################################
# All of the bin and certain sbin files go into the common package except # All of the bin and certain sbin files go into the common package except
# iconvconfig which needs to go in glibc. Likewise nscd is excluded because # iconvconfig which needs to go in glibc. The iconvconfig binary is kept in
# it goes in nscd. The iconvconfig binary is kept in the main glibc package # the main glibc package because we use it in the post-install scriptlet to
# because we use it in the post-install scriptlet to rebuild the # rebuild the gconv-modules.cache. The makedb binary is in nss_db.
# gconv-modules.cache. The makedb binary is in nss_db.
grep '%{_prefix}/bin' master.filelist \ grep '%{_prefix}/bin' master.filelist \
| grep -v '%{_prefix}/bin/makedb' \ | grep -v '%{_prefix}/bin/makedb' \
>> common.filelist >> common.filelist
grep '%{_prefix}/sbin' master.filelist \ grep '%{_prefix}/sbin' master.filelist \
| grep -v '%{_prefix}/sbin/iconvconfig' \ | grep -v '%{_prefix}/sbin/iconvconfig' >> common.filelist
| grep -v 'nscd' >> common.filelist
# All of the files under share go into the common package since they should be # All of the files under share go into the common package since they should be
# multilib-independent. # multilib-independent.
# Exceptions: # Exceptions:
@ -1798,13 +1743,6 @@ grep '%{_prefix}/share' master.filelist \
-e '%{_docdir}' \ -e '%{_docdir}' \
>> common.filelist >> common.filelist
###############################################################################
# nscd
###############################################################################
# The nscd binary must go into the nscd subpackage.
echo '%{_prefix}/sbin/nscd' > nscd.filelist
############################################################################### ###############################################################################
# glibc-utils # glibc-utils
############################################################################### ###############################################################################
@ -1858,7 +1796,7 @@ find build-%{target}/benchtests -type f -executable | while read b; do
echo "%{_prefix}/libexec/glibc-benchtests/$(basename $b)" echo "%{_prefix}/libexec/glibc-benchtests/$(basename $b)"
done >> benchtests.filelist done >> benchtests.filelist
# ... and the makefile. # ... and the makefile.
for b in %{SOURCE2} %{SOURCE3}; do for b in %{SOURCE1} %{SOURCE2}; do
echo "%{_prefix}/libexec/glibc-benchtests/$(basename $b)" >> benchtests.filelist echo "%{_prefix}/libexec/glibc-benchtests/$(basename $b)" >> benchtests.filelist
done done
# ... and finally, the comparison scripts. # ... and finally, the comparison scripts.
@ -2153,24 +2091,6 @@ update_gconv_modules_cache ()
%glibc_post_funcs %glibc_post_funcs
update_gconv_modules_cache () update_gconv_modules_cache ()
%pre -n nscd
getent group nscd >/dev/null || /usr/sbin/groupadd -g 28 -r nscd
getent passwd nscd >/dev/null ||
/usr/sbin/useradd -M -o -r -d / -s /sbin/nologin \
-c "NSCD Daemon" -u 28 -g nscd nscd
%post -n nscd
%systemd_post nscd.service
%preun -n nscd
%systemd_preun nscd.service
%postun -n nscd
if test $1 = 0; then
/usr/sbin/userdel nscd > /dev/null 2>&1 || :
fi
%systemd_postun_with_restart nscd.service
%files -f glibc.filelist %files -f glibc.filelist
%dir %{_prefix}/%{_lib}/audit %dir %{_prefix}/%{_lib}/audit
%verify(not md5 size mtime) %config(noreplace) /etc/ld.so.conf %verify(not md5 size mtime) %config(noreplace) /etc/ld.so.conf
@ -2223,25 +2143,6 @@ fi
%files -f gconv.filelist gconv-extra %files -f gconv.filelist gconv-extra
%files -f nscd.filelist -n nscd
%config(noreplace) /etc/nscd.conf
%dir %attr(0755,root,root) /var/run/nscd
%dir %attr(0755,root,root) /var/db/nscd
/lib/systemd/system/nscd.service
/lib/systemd/system/nscd.socket
%{_tmpfilesdir}/nscd.conf
%attr(0644,root,root) %verify(not md5 size mtime) %ghost %config(missingok,noreplace) /var/run/nscd/nscd.pid
%attr(0666,root,root) %verify(not md5 size mtime) %ghost %config(missingok,noreplace) /var/run/nscd/socket
%attr(0600,root,root) %verify(not md5 size mtime) %ghost %config(missingok,noreplace) /var/run/nscd/passwd
%attr(0600,root,root) %verify(not md5 size mtime) %ghost %config(missingok,noreplace) /var/run/nscd/group
%attr(0600,root,root) %verify(not md5 size mtime) %ghost %config(missingok,noreplace) /var/run/nscd/hosts
%attr(0600,root,root) %verify(not md5 size mtime) %ghost %config(missingok,noreplace) /var/run/nscd/services
%attr(0600,root,root) %verify(not md5 size mtime) %ghost %config(missingok,noreplace) /var/db/nscd/passwd
%attr(0600,root,root) %verify(not md5 size mtime) %ghost %config(missingok,noreplace) /var/db/nscd/group
%attr(0600,root,root) %verify(not md5 size mtime) %ghost %config(missingok,noreplace) /var/db/nscd/hosts
%attr(0600,root,root) %verify(not md5 size mtime) %ghost %config(missingok,noreplace) /var/db/nscd/services
%ghost %config(missingok,noreplace) /etc/sysconfig/nscd
%files -f nss_db.filelist -n nss_db %files -f nss_db.filelist -n nss_db
/var/db/Makefile /var/db/Makefile
%files -f nss_hesiod.filelist -n nss_hesiod %files -f nss_hesiod.filelist -n nss_hesiod
@ -2258,6 +2159,10 @@ fi
%files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared %files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared
%changelog %changelog
* Mon Dec 13 2021 Arjun Shankar <arjun@redhat.com> - 2.34.9000-29
- Remove nscd (#1905142)
https://fedoraproject.org/wiki/Changes/RemoveNSCD
* Fri Dec 10 2021 Pavel Březina <pbrezina@redhat.com> - 2.34.9000-28 * Fri Dec 10 2021 Pavel Březina <pbrezina@redhat.com> - 2.34.9000-28
- /etc/nsswitch.conf is now owned by authselect (rhbz#2023741) - /etc/nsswitch.conf is now owned by authselect (rhbz#2023741)

View File

@ -1 +0,0 @@
d /run/nscd 0755 root root