diff --git a/pkgs/build-support/add-driver-runpath/default.nix b/pkgs/build-support/add-driver-runpath/default.nix new file mode 100644 index 000000000000..08547a4453c5 --- /dev/null +++ b/pkgs/build-support/add-driver-runpath/default.nix @@ -0,0 +1,14 @@ +{ lib, stdenv }: + +stdenv.mkDerivation { + name = "add-driver-runpath"; + + # Named "opengl-driver" for legacy reasons, but it is the path to + # hardware drivers installed by NixOS + driverLink = "/run/opengl-driver" + lib.optionalString stdenv.isi686 "-32"; + + buildCommand = '' + mkdir -p $out/nix-support + substituteAll ${./setup-hook.sh} $out/nix-support/setup-hook + ''; +} diff --git a/pkgs/build-support/add-driver-runpath/setup-hook.sh b/pkgs/build-support/add-driver-runpath/setup-hook.sh new file mode 100644 index 000000000000..86a41a7e2519 --- /dev/null +++ b/pkgs/build-support/add-driver-runpath/setup-hook.sh @@ -0,0 +1,29 @@ +# Set RUNPATH so that driver libraries in /run/opengl-driver(-32)/lib can be found. +# This is needed to not rely on LD_LIBRARY_PATH which does not work with setuid +# executables. Fixes https://github.com/NixOS/nixpkgs/issues/22760. It must be run +# in postFixup because RUNPATH stripping in fixup would undo it. Note that patchelf +# actually sets RUNPATH not RPATH, which applies only to dependencies of the binary +# it set on (including for dlopen), so the RUNPATH must indeed be set on these +# libraries and would not work if set only on executables. +addDriverRunpath() { + local forceRpath= + + while [ $# -gt 0 ]; do + case "$1" in + --) shift; break;; + --force-rpath) shift; forceRpath=1;; + --*) + echo "addDriverRunpath: ERROR: Invalid command line" \ + "argument: $1" >&2 + return 1;; + *) break;; + esac + done + + for file in "$@"; do + if ! isELF "$file"; then continue; fi + local origRpath="$(patchelf --print-rpath "$file")" + patchelf --set-rpath "@driverLink@/lib:$origRpath" ${forceRpath:+--force-rpath} "$file" + done +} + diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index b55bb7b37463..f3d4c26ec2ec 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -226,6 +226,10 @@ with pkgs; chkservice = callPackage ../tools/admin/chkservice { }; + # addDriverRunpath is the preferred package name, as this enables + # many more scenarios than just opengl now. + addDriverRunpath = callPackage ../build-support/add-driver-runpath { }; + addOpenGLRunpath = callPackage ../build-support/add-opengl-runpath { }; quickemu = callPackage ../development/quickemu { };