New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] binutils, build-fhs-userenv: make use of ld fallback #59595
base: staging
Are you sure you want to change the base?
Conversation
This pull request has been mentioned on Nix community. There might be relevant details there: https://discourse.nixos.org/t/how-does-dynamic-linking-in-nix-work/2685/5 |
Can we make |
This ensures the right order. When using LD_LIBRARY_PATH, /usr/lib is checked *first* instead of last (which is normal behaviour on non-nixos systems). This can lead to issues. One example is a self-compiled python, which links to libpython2.7.so. It may have /path/to/custom/compiled/python in its `runpath`, but it will link to /usr/lib/libpython2.7 anyway since /usr/lib is in LD_LIBRARY_PATH. This means the wrong python version will be executed, leading to very confusing behavior.
It turns out this doesn't actually work, since it changes the configuration of the static linker ( The dynamic linker usually reads What do you think about that? |
This is better, thanks! Could you make both files Longer term I would like to build a different dynamic loader for build FHS so the default one can truly use no config files. |
It sounds to me like you want
#31263 (comment)
I still use that patch, it still works. I'm just too lazy to fix ldd and try to upstream it.
|
Yes let's upstream that. Now, I might still want to ban all sorts of ambient authority at build time, be it config files or environment variables, but it just seems inconsistent on upstream's to make one only file controlled when the other isn't. |
Yes, that is exactly what I want! Thanks for linking that thread, very interesting. I was basically experimenting with the |
I have tested your patch and it does fix my issue :) |
Thank you for your contributions.
|
@oxij Your patch seems quite huge and I imagine the longterm costs of maintaining it will be higher compared to the solution proposed in the current PR. Also it introduces a new environment variable which I feel is unnecessary. Am I not seeing something here? Please let me know. I'd like to help and bring this topic to an end. It seems to be around since years, with several different PRs which all are stale. @timokau I rebased this PR onto unstable and the build fails with: |
Unfortunately not, the error doesn't make much sense to me. I don't exactly remember what I did here though, and its not currently a priority for me. So if you want to move this along, please feel free to fork the PR and link to the new one here :) |
Well, I'm using my patch for ~two years with zero maintenance so far...
The point of my patch is to have fallback configurable with an environment variable. True, for Steam and nix-on-non-NixOS normal ld fallback will probably suffice, but I did it for nixGL-like things, i.e. wrappers, not chroots.
|
I marked this as stale due to inactivity. → More info |
I stumbled over this issue when trying to build GrapheneOS in an fhs-userenv. The Android build system removes all environment variables for parts of the build (to make it reproducible) so any patch that uses special
|
I PRed my glibc patch at #248547. |
Motivation for this change
Currently build-fhs-userenv uses
LD_LIBRARY_PATH
to instruct the dynamic linker to look at/usr/lib
. This is necessary since nix explicitly forbids its dynamic linker to look in that default location.This doesn't perfectly emulate the "normal" behaviour however, since
LD_LIBRARY_PATH
has precedence over a binaries ownrunpath
. In contrast, the default directories (/usr/lib
) are normally checked after therunpath
.This can lead to confusing bugs when system libraries are preferred over
runpath
in self compiled binaries.Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nix-review --run "nix-review wip"
./result/bin/
)nix path-info -S
before and after)