pkgs/os-specific/linux/systemd/0018-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch

   1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
   2 From: Yuri Nesterov <yuriy.nesterov@unikie.com>
   3 Date: Wed, 21 Jun 2023 17:17:38 +0300
   4 Subject: [PATCH] timesyncd: disable NSCD when DNSSEC validation is disabled
   5
   6 Systemd-timesyncd sets SYSTEMD_NSS_RESOLVE_VALIDATE=0 in the unit file
   7 to disable DNSSEC validation but it doesn't work when NSCD is used in
   8 the system. This patch disabes NSCD in systemd-timesyncd when
   9 SYSTEMD_NSS_RESOLVE_VALIDATE is set to 0 so that it uses NSS libraries
  10 directly.
  11 ---
  12  src/timesync/timesyncd.c | 11 +++++++++++
  13  1 file changed, 11 insertions(+)
  14
  15 diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c
  16 index 5c308a04bc..81aa3d3334 100644
  17 --- a/src/timesync/timesyncd.c
  18 +++ b/src/timesync/timesyncd.c
  19 @@ -21,6 +21,11 @@
  20  #include "timesyncd-conf.h"
  21  #include "timesyncd-manager.h"
  22  #include "user-util.h"
  23 +#include "env-util.h"
  24 +
  25 +struct traced_file;
  26 +extern void __nss_disable_nscd(void (*)(size_t, struct traced_file *));
  27 +static void register_traced_file(size_t dbidx, struct traced_file *finfo) {}
  28
  29  static int advance_tstamp(int fd, const struct stat *st) {
  30          assert_se(fd >= 0);
  31 @@ -198,6 +203,12 @@ static int run(int argc, char *argv[]) {
  32          if (r < 0)
  33                  return log_error_errno(r, "Failed to parse fallback server strings: %m");
  34
  35 +        r = secure_getenv_bool("SYSTEMD_NSS_RESOLVE_VALIDATE");
  36 +        if (r == 0) {
  37 +                log_info("Disabling NSCD because DNSSEC validation is turned off");
  38 +                __nss_disable_nscd(register_traced_file);
  39 +        }
  40 +
  41          log_debug("systemd-timesyncd running as pid " PID_FMT, getpid_cached());
  42
  43          notify_message = notify_start("READY=1\n"