about summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
authorYorick van Pelt <yorick@yorickvanpelt.nl>2018-06-12T11·05+0200
committerYorick van Pelt <yorick@yorickvanpelt.nl>2018-06-12T11·05+0200
commit72a78beb34c7ce6cd88d2801f3fcf2d8aa83a5aa (patch)
tree78caa07813b33fc487e9a0d9e3bcf54cec7e6017 /src
parent27d1c052ae4e53328c2909b040e204bb7f57ff96 (diff)
Fix #2162: use getaddrinfo instead of curl to preload NSS
Diffstat (limited to 'src')
-rw-r--r--src/libstore/build.cc12
1 files changed, 8 insertions, 4 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 8eb19205970d..d75ca0be86ef 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -29,7 +29,9 @@
 #include <sys/utsname.h>
 #include <sys/select.h>
 #include <sys/resource.h>
+#include <sys/socket.h>
 #include <fcntl.h>
+#include <netdb.h>
 #include <unistd.h>
 #include <errno.h>
 #include <cstring>
@@ -1777,12 +1779,14 @@ static std::once_flag dns_resolve_flag;
 static void preloadNSS() {
     /* builtin:fetchurl can trigger a DNS lookup, which with glibc can trigger a dynamic library load of
        one of the glibc NSS libraries in a sandboxed child, which will fail unless the library's already
-       been loaded in the parent. So we force a download of an invalid URL to force the NSS machinery to
+       been loaded in the parent. So we force a lookup of an invalid domain to force the NSS machinery to
        load its lookup libraries in the parent before any child gets a chance to. */
     std::call_once(dns_resolve_flag, []() {
-        DownloadRequest request("http://this.pre-initializes.the.dns.resolvers.invalid");
-        request.tries = 1; // We only need to do it once, and this also suppresses an annoying warning
-        try { getDownloader()->download(request); } catch (...) {}
+        struct addrinfo *res = NULL;
+
+        if (getaddrinfo("this.pre-initializes.the.dns.resolvers.invalid.", "http", NULL, &res) != 0) {
+            if (res) freeaddrinfo(res);
+        }
     });
 }