NixOS packages the google-oslogin in nixpkgs. Because our setup is a bit more complicated (as we have to use ns(n)cd), we ship an (isolated) integration test, spinning up a mock metadata server.

We didn't implement the /computeMetadata/v1/oslogin/groups endpoint in there (probably because it didn't exist at the time), and observed a bunch of segfaults in the code that loads the oslogin NSS module (in our case, in the ns(n)cd daemon, without that in all client applications). Adding that endpoint in our mock implementation made the segfaults go away.

While "the real" metadata server(s) in GCP might not return 404 on that endpoint, segfautling seems to be a sign of insufficient error handling.

Can you make sure these paths are properly handled without segfautling? Other paths in the code return a NSS_STATUS_NOTFOUND, maybe that or another bad status code could be used.