Deprecate nscd

Summary

This proposal intends to deprecate the nscd cache for named services. Fedora already uses systemd-resolved by default for caching the hosts database, while the sssd daemon provides caching for the other named services.

Owner

Name: Arjun Shankar
Email: arjun@redhat.com

Current status

Targeted release: Fedora 34
Last updated: 2020-12-07
FESCo issue: #2501
Tracker bug: #1905135
Release notes tracker: #609

Detailed Description

nscd is a daemon that provides caching for accesses of the passwd, group, hosts, services, and netgroup databases through standard libc interfaces (such as getpwnam, getpwuid, getgrnam, getgrgid, gethostbyname, etc.). This proposal intends to deprecate nscd in Fedora. nscd has serious technical debt but no real upstream interest in fixing them. Also, currently systemd-resolved is enabled by default for DNS caching in Fedora, and sssd is capable of caching the remaining named services that nscd handles. nscd has thus become less relevant. Accordingly, the nscd sub-package of glibc will be marked deprecated().

Benefit to Fedora

While still maintained within the glibc source tree, nscd has received less than forty commits in the past three years and has gathered significant technical debt, and has bugs which are hard to fix. There are concurrency bugs in the shared mappings, cache unification (IPv4 vs. IPv6 vs. AF_UNSPEC) issues, and more which would require significant investment to fix in nscd. Such an investment seems unlikely to come upstream, and even if it did, seems like duplicate effort among our communities given the quality and state of sssd, and systemd-resolved which is already enabled by default from Fedora 33 onwards.

At a high level, sssd and systemd-resolved together provide a caching solution that has feature parity with nscd, with systemd-resolved covering the hosts cache and sssd the rest. The deprecation of nscd from Fedora signals our plan to stop providing is glibc sub-package in a future Fedora release and thus helps:

move the user base over to a more modern solution for named services caching, and
reduce maintenance work on the Fedora glibc package and the duplication of effort on nscd upstream.

Scope

Proposal owners:

The volume of work required is minimal, with the only change being the marking of the nscd sub-package offered by glibc with a Provides: deprecated() and a comment explaining it in the spec file. Since nscd is not installed by default, even in the future with nscd possibly removed, the affect on the distribution is going to be minimal. Users who have installed nscd in an earlier release of Fedora will not be affected.

Other developers:

None.

In the future, when nscd will (possibly) be removed, two dependent packages will be affected: nss-pam-ldapd has a weak dependency on nscd that will need to be removed. libuser has a build dependency on nscd that will also need to be removed. Both changes appear to be easy, only involving a spec file edit.

Release engineering:

This change does not require coordination with or have impact on release engineering and does not require a mass rebuild.

Policies and guidelines: N/A (not a System Wide Change)

Trademark approval: N/A (not needed for this Change)

Alignment with Objectives:

While this proposal does not match any of the current objectives, it is not opposed to any.

Upgrade/compatibility impact

Since the change is purely a deprecation, it will have no upgrade/compatibility impact.

How To Test

N/A (not a System Wide Change)

User Experience

This change will not enforce any change in user experience. However, upon upgrade to Fedora 34, system administrators who want to proactively respond to the deprecation might choose to configure sssd to cache named services if they were using nscd to do so in the past and want to be prepared for its possible removal/obsoletion in a future release.

Dependencies