<{^_^}>
#55276 (by flokli, 1 year ago, closed): provide nss modules globally instead of hacking them with nscd
<arianvp>
so to me it seems fine to not use nscd. I see more downsides to having nscd than to not having it
<arianvp>
as if you dont have it; you're at least sure you're always going through nss modules
<arianvp>
instead of this vague thing based on timeouts
<arianvp>
nvm i changed my mind; see next comment :)
<flokli>
arianvp: changed your mind again?
<flokli>
Maybe we should meet and think about it, instead of you doing a monologue in the GH thread :-D
<andi->
I've tried to understand the difference between AmbientCapabilities vs BoundingSet from the manpages for a while now.. The only real difference I can see is that the former also "adds" capabilities to non-root users while the later basically applies a mask on existing (root) capabilities.
fpletz has quit [Changing host]
fpletz has joined #nixos-systemd
hmpffff_ has quit [Read error: Connection reset by peer]
hmpffff has joined #nixos-systemd
<arianvp>
openssh now having an accidental dependency on systemd is really annoying
<andi->
I was talking about this yesterday with flokli. Maybe having a `libsystemd` package of some sorts wouldn't be too bad.. At least that might ease some the dependency cycles we are experiencing. It obviously must be built from the same sources etc..
<NinjaTrappeur>
arianvp: I saw that earlier this week, it comes from libfido
<arianvp>
correct
<arianvp>
andi-: yep
<arianvp>
I also saw that both libsystemd and libudev support to be compiled statically
<arianvp>
though not sure if this is of much help
<arianvp>
but separating udev (as a library or even completely) probably helps a lot
<arianvp>
nixos systemd test doesnt compile for me anymore on master; darnit
<NinjaTrappeur>
+1000 to separate UDev (is it even possible tho?)
<arianvp>
NinjaTrappeur: at least libudev is do-able
<andi->
My idea would be to still have (mostly) the same expression but build multiple packages in multiple passes from it. I am not sure how much that helps us as the rebuilds will still be the same..
<arianvp>
how is that different from multiple outputs?
<andi->
It isn't really
<arianvp>
but yeh these things will only save space but not save rebuilds
<andi->
I am trying to think about how we can avoid duplicating details and still get away with a better design..
<arianvp>
it's just annoying that if I change something not-udev related all the things that depend on udev need to rebuild
<arianvp>
but im not sure that can be avoided ....
<andi->
Yeah, we'd have to apply patches/changes in flags to only specific builds and that becomes a huge mess
<arianvp>
better idea to fix for now. fetchgit shouldnt have a dependency on udev through ssh libfido
<arianvp>
(maybe make an sshMinimal package?)
<arianvp>
then at least these cycles with systemd aren't so easy to introduce
<andi->
talking about cycles.. I started building unbound with systemd support and that is one major cycle.. So we will likely have one "libunbound" and an "unbound" package while most consumers just want "libunbound" (I hope)
<arianvp>
i was able to drop a few patches for systemd again btw
<arianvp>
PR incoming... if master would actually not be broken :D
<andi->
did yo bisect master yet?
<andi->
otherwise I might start that while making my lunch
<arianvp>
no i am first nix-build --keep-going to figure out what package actually isnt compiling
<aanderse>
throw that in the mysql module and long standing users of nixos won't default to /var/mysql anymore... they'll be asked to explicitly set a dataDir
<aanderse>
the error message should tell users who already have mysql installed to use /var/mysql and new users to set to /var/lib/mysql