Nix: Any way for LD_LIBRARY_PATH to *not* break nix-env's absolute paths for dynamic libs

I'm not even sure what it means when ldd reports <absolute path> => <absolute path> in its output. That's what it does for ld-linux-x86-64.so.

Likewise, here's the ldd printout for bash, this time without any LD_LIBRARY_PATH shenanigans:

   $ ldd /nix/store/d20f169ryps7ds2qak0r5n1f4hhxr80h-bash-4.3-p42/bin/bash
    linux-vdso.so.1 =>  (0x00007fffa6a72000)
    libdl.so.2 => /nix/store/phffgv3pwihmpdyk8xsz3wv8ydysch8w-glibc-2.23/lib/libdl.so.2 (0x00007f0bb1705000)
    libc.so.6 => /nix/store/phffgv3pwihmpdyk8xsz3wv8ydysch8w-glibc-2.23/lib/libc.so.6 (0x00007f0bb1363000)
    /nix/store/phffgv3pwihmpdyk8xsz3wv8ydysch8w-glibc-2.23/lib/ld-linux-x86-64.so.2 => /lib64/ld-linux-x86-64.so.2 (0x00007f0bb1909000)

readelf -d makes it look like libc.so is in fact a bare name, not an absolute path:

Dynamic section at offset 0xb0020 contains 26 entries:
  Tag        Type                         Name/Value
 0x0000000000000001 (NEEDED)             Shared library: [libdl.so.2]
 0x0000000000000001 (NEEDED)             Shared library: [libc.so.6]

What I wanted to see was the nix binary using only its own ld-linux.so and pointing to its own libs exclusively, with absolute paths. Since bash is a core package built from source, it should specify these linker options in the derivation (and not need PatchElf), right?

This belongs to nixpkgs, really, but let's leave it here.

The way we've always done this:

• we set the loader to an absolute path (that's the ld-linux*.so*),
• the usual short so-names are used, e.g. libdl.so.2, and they're searched in a list of absolute RPATHs coded into the ELFs;
• $LD_LIBRARY_PATH can be used to add directories where to search before RPATH (IIRC we use a nixpkgs-specific patch for the loader to change the priority here).

Recently there was a suggestion on ML to use absolute-path so-names instead of RPATH, but I've seen no code yet and I suspect that way might be (significantly) more complicated to implement than what we're doing nowadays.

Ok, so it sounds like it's a known problem that LD_LIBRARY_PATH can break executables in /nix/store.

I spent some time reading about rpath, but I wasn't having luck controlling rpath or the loader directly from my own nix build (where I'm going through gcc-wrapper).

If we're always running a custom load, what the heck does it mean that ld-linux-x86-64.so claims to point to an Ubuntu system version under /lib64? E.g.:

    /nix/store/phffgv3pwihmpdyk8xsz3wv8ydysch8w-glibc-2.23/lib/ld-linux-x86-64.so.2 => /lib64/ld-linux-x86-64.so.2 (0x00007f0bb1909000)

If we're always running a custom load, what the heck does it mean that ld-linux-x86-64.so claims to point to an Ubuntu system version under /lib64?

I'd think that ldd shows this one wrong. IIRC running ldd from a different Linux can show information different from what really happens during running. Best use ldd from nixpkgs.

@rrnewton just because it's known doesn't mean it's good or that we want it to persist. Is there another ticket tracking this issue? If not, I'd just leave it open.

There are some places where we rely on $LD_LIBRARY_PATH. We would have to adapt those.

$ git grep LD_LIBRARY_PATH | wc -l
271

@copumpkin, yes indeed it would be great to fix it. I really want to be able to tell people "run this command; it's nix so I can guarantee it will do the same thing for you as for me". But in a multi-user environment sitting on top of another distro... we just haven't fully been able to realize that dream. This is one the things we trip over.

I don't think distros normally define $LD_LIBRARY_PATH by default. (Well, NixOS does.) On non-NixOS there's also often problem with libGL, which is related.

Really, it's difficult to balance what the user wants there, e.g. we've been arguing whether to use /etc/foo from the host OS – IMHO basically noone wants nix stuff _completely_ disregard config from the host machine (includes also ~/.* and env vars).

Yeah, but on shared machines where people can't install in /usr then users end up with libraries installed in their home directories and then they set their LD_LIBRARY_PATH to make it work. This is probably a terrible thing. But there have to be some non-zero number of people in the world who set an LD_LIBRARY_PATH in their bashrc or profile.

I'm not sure what other people want regarding the isolation of nix on other distros, but whenever we've "mixed" the two worlds, things go south really fast. (E.g. install a compiler via nix and build something outside of nix with it.)

I'm perfectly happy if the manual is just updated to say loudly and clearly "unset LD_LIBRARY_PATH before calling any Nix-built binary".

Yeah, we could document that.

Can I add a post install hook that change all RUNPATH to RPATH? I have customized toolchain that relies on LD_LIBRARY_PATH while I still want to use binaries from nix-env like cmake and ninja.

@amosbird: I think the easiest way for you is to wrap the cmake/ninja executables to unsed that variable for them.

@vcunat Isn't that variable masking going to be inherited by subprocesses like toolchain binaries using LD_LIBRARY_PATH?

I firmly believe that (exported) variables are inherited in the state you have them, so if you unset/change some, they'll be inherited that way.

@vcunat yes, and that will break the toolchain's binaries.

"that way" means _unset_, i.e. the way almost everyone uses the toolchain.

Ah, and you want it the other way, probably. Linkify: https://github.com/NixOS/nixpkgs/issues/16767