-
-
Notifications
You must be signed in to change notification settings - Fork 14.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Any way for LD_LIBRARY_PATH to *not* break nix-env's absolute paths for dynamic libs #327854
Comments
I'm not even sure what it means when Likewise, here's the ldd printout for bash, this time without any LD_LIBRARY_PATH shenanigans:
What I wanted to see was the nix binary using only its own ld-linux.so and pointing to its own libs exclusively, with absolute paths. Since bash is a core package built from source, it should specify these linker options in the derivation (and not need PatchElf), right? |
This belongs to nixpkgs, really, but let's leave it here. The way we've always done this:
Recently there was a suggestion on ML to use absolute-path so-names instead of RPATH, but I've seen no code yet and I suspect that way might be (significantly) more complicated to implement than what we're doing nowadays. |
Ok, so it sounds like it's a known problem that LD_LIBRARY_PATH can break executables in /nix/store. I spent some time reading about rpath, but I wasn't having luck controlling rpath or the loader directly from my own nix build (where I'm going through If we're always running a custom load, what the heck does it mean that
|
I'd think that |
@rrnewton just because it's known doesn't mean it's good or that we want it to persist. Is there another ticket tracking this issue? If not, I'd just leave it open. |
There are some places where we rely on
|
@copumpkin, yes indeed it would be great to fix it. I really want to be able to tell people "run this command; it's nix so I can guarantee it will do the same thing for you as for me". But in a multi-user environment sitting on top of another distro... we just haven't fully been able to realize that dream. This is one the things we trip over. |
I don't think distros normally define Really, it's difficult to balance what the user wants there, e.g. we've been arguing whether to use |
Yeah, but on shared machines where people can't install in I'm not sure what other people want regarding the isolation of nix on other distros, but whenever we've "mixed" the two worlds, things go south really fast. (E.g. install a compiler via nix and build something outside of nix with it.) |
I'm perfectly happy if the manual is just updated to say loudly and clearly "unset LD_LIBRARY_PATH before calling any Nix-built binary". |
Yeah, we could document that. |
Can I add a post install hook that change all RUNPATH to RPATH? I have customized toolchain that relies on |
@amosbird: I think the easiest way for you is to wrap the cmake/ninja executables to unsed that variable for them. |
@vcunat Isn't that variable masking going to be inherited by subprocesses like toolchain binaries using |
I firmly believe that (exported) variables are inherited in the state you have them, so if you unset/change some, they'll be inherited that way. |
@vcunat yes, and that will break the toolchain's binaries. |
|
Ah, and you want it the other way, probably. Linkify: #16767 |
I marked this as stale due to inactivity. → More info |
I closed this issue due to inactivity. → More info |
This issue has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/glibc-2-33-not-found-although-it-is-installed/14516/3 |
I think it's harmless to patch |
I don't think anything that extreme is necessary. The rpath already takes priority over the LD_LIBRARY_PATH and the runpath. If nix binaries patch their rpath with the correct paths using patchelf, then AFAIK they wouldn't be effected by LD_LIBRARY_PATH changes. Alternatively, nix binaries could easily be wrapped in a shell script that clears, or allows setting a binary-specific LD_LIBRARY_PATH. For reproductibility I think it's really important that nix binaries find the shared objects they were built with FIRST and then let something like the LD_LIBRARY_PATH be a fallback option. I'm not sure why it seems neither of these options are used. |
Setting |
Wrapper script is not an ideal solution. |
Agreed, for exactly the reason you mentioned (subprocess) I just meant it's still better than the suggested "solution" above to manually unset LD_LIBRARY_PATH before calling a nix binary. That^ solution could, at minimum, be automated with wrappers.
I mean I don't disagree but setting the rpath means nix won't need/care about the LD_LIBRARY_PATH. We could have:
Nix can't really control the Ubuntu binaries, so it seems like the rpath solution is still the way to go. |
#248547 would fix this issue |
I don't think so, if we want reproducable behavior then the linked-libraries can't be part of my-machines coincidentally what-env-vars-I-have-at-the-moment. Adding another ENV var just makes runtime behavior even more complex and difficult reproduce. |
This issue has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/envfs-fix-shebangs-on-nixos/11234/2 |
This issue has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/envfs-fix-shebangs-on-nixos/11234/4 |
Only partially, I believe. There's something fundamentally problematic with DT_RUNPATH's priority, and we'd still suffer e.g. from #287764, because apparently some distributions do set
Is deprecated upstream. We should collect and summarize all of the issues we've been having with
Just for future readers: at least in year 2023 (the quote is from 2016 and idk how it was back then) NixOS does not set |
This issue has been mentioned on NixOS Discourse. There might be relevant details there: |
This issue has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/library-not-found-with-libc-so-6-version-glibc-2-34-not-found/45339/1 |
FWIW, I took the idea of using LD_AUDIT modules mentioned in #248547 (comment) and wrote an audit module to force ld.so to search DT_RUNPATH before LD_LIBRARY_PATH https://github.com/DDoSolitary/ld-audit-prefer-runpath |
Maybe this is naive of me, but I thought there was some way on linux to link a dynamic library with an absolute path which would not be affected by LD_LIBRARY_PATH.
I'm on an ubuntu 14.04 system on a shared account where, for whatever reason, LD_LIBRARY was set to include some extra directories. That causes
nix-env
to segfault:Whereas simply unsetting LD_LIBRARY_PATH makes nix-env run fine:
That's an easy fix, sure. But shouldn't nix-env be robust against LD_LIBRARY_PATH if possible?
The text was updated successfully, but these errors were encountered: