about summary refs log tree commit diff
path: root/nixpkgs/pkgs/os-specific/linux/systemd/0020-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch
diff options
context:
space:
mode:
authorAlyssa Ross <hi@alyssa.is>2024-01-20 12:31:50 +0100
committerAlyssa Ross <hi@alyssa.is>2024-01-20 12:32:25 +0100
commitb7baf40e099b4215181fe7b0c63083b12ef2c7fb (patch)
treea6efabd31d05b6d0a36624729e80377bbbfb0149 /nixpkgs/pkgs/os-specific/linux/systemd/0020-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch
parent710028664e26e85cb831a869b3da9f6993902255 (diff)
parent0799f514b1cd74878174939df79ac60ca5036673 (diff)
downloadnixlib-b7baf40e099b4215181fe7b0c63083b12ef2c7fb.tar
nixlib-b7baf40e099b4215181fe7b0c63083b12ef2c7fb.tar.gz
nixlib-b7baf40e099b4215181fe7b0c63083b12ef2c7fb.tar.bz2
nixlib-b7baf40e099b4215181fe7b0c63083b12ef2c7fb.tar.lz
nixlib-b7baf40e099b4215181fe7b0c63083b12ef2c7fb.tar.xz
nixlib-b7baf40e099b4215181fe7b0c63083b12ef2c7fb.tar.zst
nixlib-b7baf40e099b4215181fe7b0c63083b12ef2c7fb.zip
Merge branch 'nixos-unstable-small' of https://github.com/NixOS/nixpkgs
Conflicts:
	nixpkgs/pkgs/build-support/rust/build-rust-package/default.nix
Diffstat (limited to 'nixpkgs/pkgs/os-specific/linux/systemd/0020-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch')
-rw-r--r--nixpkgs/pkgs/os-specific/linux/systemd/0020-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch46
1 files changed, 46 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0020-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0020-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch
new file mode 100644
index 000000000000..68ae22644835
--- /dev/null
+++ b/nixpkgs/pkgs/os-specific/linux/systemd/0020-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch
@@ -0,0 +1,46 @@
+From 7a27556920fe1feefd17096841c8f3ca1294a1b3 Mon Sep 17 00:00:00 2001
+From: Yuri Nesterov <yuriy.nesterov@unikie.com>
+Date: Wed, 21 Jun 2023 17:17:38 +0300
+Subject: [PATCH] timesyncd: disable NSCD when DNSSEC validation is disabled
+
+Systemd-timesyncd sets SYSTEMD_NSS_RESOLVE_VALIDATE=0 in the unit file
+to disable DNSSEC validation but it doesn't work when NSCD is used in
+the system. This patch disabes NSCD in systemd-timesyncd when
+SYSTEMD_NSS_RESOLVE_VALIDATE is set to 0 so that it uses NSS libraries
+directly.
+---
+ src/timesync/timesyncd.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c
+index 1d8ebecc91..2b0ae361ff 100644
+--- a/src/timesync/timesyncd.c
++++ b/src/timesync/timesyncd.c
+@@ -21,6 +21,11 @@
+ #include "timesyncd-conf.h"
+ #include "timesyncd-manager.h"
+ #include "user-util.h"
++#include "env-util.h"
++
++struct traced_file;
++extern void __nss_disable_nscd(void (*)(size_t, struct traced_file *));
++static void register_traced_file(size_t dbidx, struct traced_file *finfo) {}
+ 
+ static int advance_tstamp(int fd, const struct stat *st) {
+         assert_se(fd >= 0);
+@@ -198,6 +203,12 @@ static int run(int argc, char *argv[]) {
+         if (r < 0)
+                 return log_error_errno(r, "Failed to parse fallback server strings: %m");
+ 
++        r = getenv_bool_secure("SYSTEMD_NSS_RESOLVE_VALIDATE");
++        if (r == 0) {
++                log_info("Disabling NSCD because DNSSEC validation is turned off");
++                __nss_disable_nscd(register_traced_file);
++        }
++
+         log_debug("systemd-timesyncd running as pid " PID_FMT, getpid_cached());
+ 
+         notify_message = notify_start("READY=1\n"
+-- 
+2.34.1
+
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-12 04:35:33 +0000