addDriverRunpath: init

2023-11-23 10:15:38 -08:00 · 2023-11-23 10:15:38 -08:00 · c7c1388e82
parent 4b9cbf7591
commit c7c1388e82
3 changed files with 47 additions and 0 deletions
--- a/pkgs/build-support/add-driver-runpath/default.nix
+++ b/pkgs/build-support/add-driver-runpath/default.nix
@ -0,0 +1,14 @@
+{ lib, stdenv }:
+
+stdenv.mkDerivation {
+  name = "add-driver-runpath";
+
+  # Named "opengl-driver" for legacy reasons, but it is the path to
+  # hardware drivers installed by NixOS
+  driverLink = "/run/opengl-driver" + lib.optionalString stdenv.isi686 "-32";
+
+  buildCommand = ''
+    mkdir -p $out/nix-support
+    substituteAll ${./setup-hook.sh} $out/nix-support/setup-hook
+  '';
+}
--- a/pkgs/build-support/add-driver-runpath/setup-hook.sh
+++ b/pkgs/build-support/add-driver-runpath/setup-hook.sh
@ -0,0 +1,29 @@
+# Set RUNPATH so that driver libraries in /run/opengl-driver(-32)/lib can be found.
+# This is needed to not rely on LD_LIBRARY_PATH which does not work with setuid
+# executables. Fixes https://github.com/NixOS/nixpkgs/issues/22760. It must be run
+# in postFixup because RUNPATH stripping in fixup would undo it. Note that patchelf
+# actually sets RUNPATH not RPATH, which applies only to dependencies of the binary
+# it set on (including for dlopen), so the RUNPATH must indeed be set on these
+# libraries and would not work if set only on executables.
+addDriverRunpath() {
+    local forceRpath=
+
+    while [ $# -gt 0 ]; do
+        case "$1" in
+            --) shift; break;;
+            --force-rpath) shift; forceRpath=1;;
+            --*)
+                echo "addDriverRunpath: ERROR: Invalid command line" \
+                     "argument: $1" >&2
+                return 1;;
+            *) break;;
+        esac
+    done
+
+    for file in "$@"; do
+        if ! isELF "$file"; then continue; fi
+        local origRpath="$(patchelf --print-rpath "$file")"
+        patchelf --set-rpath "@driverLink@/lib:$origRpath" ${forceRpath:+--force-rpath} "$file"
+    done
+}
+
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -226,6 +226,10 @@ with pkgs;

  chkservice = callPackage ../tools/admin/chkservice { };

+  # addDriverRunpath is the preferred package name, as this enables
+  # many more scenarios than just opengl now.
+  addDriverRunpath = callPackage ../build-support/add-driver-runpath { };
+
  addOpenGLRunpath = callPackage ../build-support/add-opengl-runpath { };

  quickemu = callPackage ../development/quickemu { };