New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
glibc: fix /etc/ld-nix.so.preload sharing #96289
base: master
Are you sure you want to change the base?
Conversation
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: |
environment.etc."ld-nix.so.preload".text = '' | ||
# See comment in pkgs/development/libraries/glibc/common.nix | ||
# for an explanation about the name of this file. | ||
environment.etc."ld-nix.${pkgs.glibc.src.outputHash}.so.preload".text = '' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps just change target, so this attr has a predictable name?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good in principle for this particular use case. I'm not at all sure about others.
If you want to replace (part of) glibc, you may want to do it based on its hash. If you want to replace (part of) some other library, you might want to do it based hash of that library.
Moreover, it depends on the nature of the preload – I've seen many preloads that are just thin API wrappers that are OK to use with basically any version of the library (e.g. any POSIX libc).
I marked this as stale due to inactivity. → More info |
Untested by me yet (require too much rebuilds for my computer), but ready for reviews.
Motivation for this change
Sharing
/etc/ld-nix.so.preload
accross programs requiring different versions ofglibc
can break everything, including upgrading NixOS, as experienced there: https://discourse.nixos.org/t/nixos-rebuild-fails-because-bash-is-broken-dependency-issue-in-libpthread-so-0-undefined-symbol-nanosleep-nocancel/8494For example, when using
environment.memoryAllocator.provider = "scudo"
, as done innixos/modules/profiles/hardened.nix
, one could get a/etc/ld-nix.so.preload
loadingglibc-2.30
:And then a
nixos-rebuild switch
would break when upgrading to a NixOS version using abash
built withglibc-2.31
:Things done
/etc/ld-nix.so.preload
to/etc/ld-nix.${pkgs.glibc.src.outputHash}.so.preload
apparmor
profile in apparmor: fix and improve the service #93457 . This patch being likely to me merged before the broaderapparmor
one, I'll fix it in theapparmor
one if the present one is merged.sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)