sys-libs/glibc: guard against rendering system unusable, bug #627338

For cases like FEATURES=config-protect-if-modified
or custom /etc/nsswitch.conf with only 'compat' resolver
and external providers glibc upgrade will break local
user resolution when switching from older glibc.

Bad /etc/nsswitch.conf:
    passwd:      compat
    shadow:      compat
    group:       compat

Good /etc/nsswitch.conf:
    passwd:      files
    shadow:      files
    group:       files

Ok /etc/nsswitch.conf:
    passwd:     compat files
    shadow:     compat files
    group:      compat files

More up-to-date doc:
    https://wiki.gentoo.org/wiki/Project:Toolchain/nsswitch.conf_in_glibc-2.26

Bug: https://bugs.gentoo.org/627338
Package-Manager: Portage-2.3.13, Repoman-2.3.4

1 files changed, 15 insertions, 0 deletions

diff --git a/sys-libs/glibc/glibc-2.26-r3.ebuild b/sys-libs/glibc/glibc-2.26-r3.ebuild
index 2234b26a0844..98ab050e12fb 100644
--- a/sys-libs/glibc/glibc-2.26-r3.ebuild
+++ b/sys-libs/glibc/glibc-2.26-r3.ebuild
@@ -189,6 +189,21 @@ pkg_pretend() {
 			die "old __guard detected"
 		fi
 	fi
+
+	# Check for sanity of /etc/nsswitch.conf
+	if [[ -e ${EROOT}/etc/nsswitch.conf ]] ; then
+		local entry
+		for entry in passwd group shadow; do
+			if ! egrep -q "[ \t]*${entry}:.*files" "${EROOT}"/etc/nsswitch.conf; then
+				eerror "Your ${EROOT}/etc/nsswitch.conf is out of date."
+				eerror "Please make sure you have 'files' entries for"
+				eerror "'passwd:', 'group:' and 'shadow:' databases."
+				eerror "For more details see:"
+				eerror "  https://wiki.gentoo.org/wiki/Project:Toolchain/nsswitch.conf_in_glibc-2.26"
+				die "nsswitch.conf has no 'files' provider in '${entry}'."
+			fi
+		done
+	fi
 }
 
 src_unpack() {