Under glibc, various networking and user/group lookup functions cause /etc/nsswitch.conf to be read. Once it is read, the necessary libs are dynamically loaded. This causes a couple problems for our current chroot-based implementation of --sysroot. First, because we chroot almost immediately, pacman is likely to use the sysroot's nsswitch.conf and related files which may or may not be configured appropriately if they even exist. Second, glibc will try to load the libraries inside the sysroot rather than the host's copies, which may not match pacman's copy of glibc, not exist, or be broken.
I've never dealt with NSS before, so maybe I'm missing something, but it doesn't really look like there's a right way for pacman to deal with a sysroot at all. I think that ideally we would use the host's networking configuration and the sysroot's user/group database configuration, but there doesn't appear to be a way to do that within a single process.
Does anybody have any ideas for improving this situation before we release --sysroot into the wild?