diff options
author | Yorick van Pelt <yorick@yorickvanpelt.nl> | 2018-06-12 13:05:14 +0200 |
---|---|---|
committer | Yorick van Pelt <yorick@yorickvanpelt.nl> | 2018-06-12 13:05:14 +0200 |
commit | 72a78beb34c7ce6cd88d2801f3fcf2d8aa83a5aa (patch) | |
tree | 78caa07813b33fc487e9a0d9e3bcf54cec7e6017 /src | |
parent | 27d1c052ae4e53328c2909b040e204bb7f57ff96 (diff) |
Fix #2162: use getaddrinfo instead of curl to preload NSS
Diffstat (limited to 'src')
-rw-r--r-- | src/libstore/build.cc | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 8eb192059..d75ca0be8 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -29,7 +29,9 @@ #include <sys/utsname.h> #include <sys/select.h> #include <sys/resource.h> +#include <sys/socket.h> #include <fcntl.h> +#include <netdb.h> #include <unistd.h> #include <errno.h> #include <cstring> @@ -1777,12 +1779,14 @@ static std::once_flag dns_resolve_flag; static void preloadNSS() { /* builtin:fetchurl can trigger a DNS lookup, which with glibc can trigger a dynamic library load of one of the glibc NSS libraries in a sandboxed child, which will fail unless the library's already - been loaded in the parent. So we force a download of an invalid URL to force the NSS machinery to + been loaded in the parent. So we force a lookup of an invalid domain to force the NSS machinery to load its lookup libraries in the parent before any child gets a chance to. */ std::call_once(dns_resolve_flag, []() { - DownloadRequest request("http://this.pre-initializes.the.dns.resolvers.invalid"); - request.tries = 1; // We only need to do it once, and this also suppresses an annoying warning - try { getDownloader()->download(request); } catch (...) {} + struct addrinfo *res = NULL; + + if (getaddrinfo("this.pre-initializes.the.dns.resolvers.invalid.", "http", NULL, &res) != 0) { + if (res) freeaddrinfo(res); + } }); } |