Remove networking.hostConf option

[ckauhaus]

Motivation for this change

This PR is part of the networking.* namespace cleanup. We feel that
networking.hostConf is rarely used and provides little value compared to
using environment.etc."host.conf" directly.

Things done

• Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
• Built on platform(s)
  • NixOS
  • macOS
  • other Linux distributions
• Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • nixos/tests/network.nix with networkd=false
• Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
• Tested execution of all binary files (usually in ./result/bin/)
• Determined the impact on package closure size (by running nix path-info -S before and after)
• Ensured that relevant documentation is up to date
  • no appearances outside options.html
• Fits CONTRIBUTING.md.

[Ma27]

Shouldn't we add an /etc/host.conf with this value by default?

[ckauhaus]

Good point. Will update the PR.

[7c6f434c]

Is host.conf honoured in the nsswitch.conf world?

[ckauhaus]

AFAICT yes as long as you use glibc's resolver directly. It might by another story when using dnsmasq or systemd-resolvd .

[flokli]

This should happen inside the file part of nsswitch.conf, so before and regardless of which resolver is used to do DNS lookups.

For context, this was introduced during #19148, and seems to be the default on ArchLinux.

[ckauhaus]

@flokli I've studied the man pages but got still no clue about how this should be expressed in nsswitch.conf. Could you provide an example?

[flokli]

We should add a reference to #19148 here.

[ckauhaus]

Sure. Gonna rework this stuff and test it.

[flokli]

@ckauhaus ping ;-)

[ckauhaus]

@flokli on my way, sorry

[ckauhaus]

Added a test. This is my first Python test, so feel free to comment.

[flokli]

I'm not sure if we need our own getaddrinfo_py script here - Couldn't we just run getent ahosts $hostname in the testScript?

[ckauhaus]

I'll give it a shot.

[flokli]

This seems to be a pretty generic tooling, which we might want to make available in the whole test driver, instead of just here. I'd probably leave it out of scope for this PR, though.

@tfc, WDYT?

[tfc]

The general idea is great, but i am not sure how that should look like, yet. Also, it should maybe not be part of the driver itself but a (possibly by default included) library that can be used by users - maybe an already existing one?

However, that would best be tackled after we split up the driver into individual library parts.

[ckauhaus]

Let's have it 3 times in individual tests and then extract it into a lib.

[flokli]

I'd propose to just wrap the individual test in subtests, we automatically ensure they all need to succeed.

[tfc]

That's true.

Although it works fine in this test format, breaking the first test assumption often makes the next assumption pointless.
I would for example not even test for the dual stack condition if one of ipv4 or ipv6 doesn't even work. That's where the test should stop doing anything and dumping me the reason it failed onto the terminal.

The whole test would better fit the estabished workflow if it looked like this:

start_all()
resolv.wait_for_unit("nscd")

ipv4 = "192.0.2.1 192.0.2.2"
ipv6 = "2001:db8::2:1 2001:db8::2:2"
    
with subtest("IPv4 resolves"):
    assert ipv4 in resolv.succeed("${getaddrinfo} host-ipv4.example.net")

with subtest("IPv6 resolves"):
    assert ipv6 in resolv.succeed("${getaddrinfo} host-ipv6.example.net")

with subtest("Dual stack resolves"):
    assert ipv4 + " " + ipv6 in resolv.succeed("${getaddrinfo} host-dual.example.net")

[tfc]

That's true.

Although it works fine in this test format, breaking the first test assumption often makes the next assumption pointless.
I would for example not even test for the dual stack condition if one of ipv4 or ipv6 doesn't even work. That's where the test should stop doing anything and dumping me the reason it failed onto the terminal.

The whole test would better fit the estabished workflow if it looked like this:

start_all()
resolv.wait_for_unit("nscd")

ipv4 = "192.0.2.1 192.0.2.2"
ipv6 = "2001:db8::2:1 2001:db8::2:2"
    
with subtest("IPv4 resolves"):
    assert ipv4 in resolv.succeed("${getaddrinfo} host-ipv4.example.net")

with subtest("IPv6 resolves"):
    assert ipv6 in resolv.succeed("${getaddrinfo} host-ipv6.example.net")

with subtest("Dual stack resolves"):
    assert ipv4 + " " + ipv6 in resolv.succeed("${getaddrinfo} host-dual.example.net")

[tfc]

How about this generator approach:

result = {gai[4][0] for gai in socket.getaddrinfo(sys.argv[1], 0)}

[ckauhaus]

Rewrote test script based on your first suggestion. Please comment. If this version is fine, I'll squash the PR.

[ckauhaus]

I'll rewrite the test next week.

@flokli To get back to the main matter: how do I get this setting into nsswitch.conf? I wasn't able to figure it out yet.

[flokli]

Sorry, missed replying to #74032 (comment) The nsswitch file is fine as it is in NixOS now (we have a `file` module in there, meaning `/etc/hosts` will be used for lookups and glibc will honor a given `/etc/host.conf`. I still think we should change the test to invoke `getent ahosts $hostname` instead of providing our own python test script.

[flokli]

LGTM!