fhs-userenv-bubblewrap: add ld.so.conf/cache to fhs

2025-04-13 22:37:35 +00:00 · 2020-10-30 19:22:04 +01:00 · 2020-10-30 19:22:04 +01:00 · d5cbb650e1
commit d5cbb650e1
parent df4761d450
2 changed files with 35 additions and 3 deletions
--- a/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix
+++ b/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix
@ -1,4 +1,6 @@
-{ lib, callPackage, runCommandLocal, writeShellScriptBin, coreutils, bubblewrap }:
+{ lib, callPackage, runCommandLocal, writeShellScriptBin, glibc, coreutils, bubblewrap }:
+
+let buildFHSEnv = callPackage ./env.nix { }; in

 args @ {
  name
@ -60,8 +62,27 @@ let
  in concatStringsSep "\n  "
  (map (file: "--ro-bind-try /etc/${file} /etc/${file}") files);

+  # Create this on the fly instead of linking from /nix
+  # The container might have to modify it and re-run ldconfig if there are
+  # issues running some binary with LD_LIBRARY_PATH
+  createLdConfCache = ''
+    cat > /etc/ld.so.conf <<EOF
+    /lib
+    /lib/x86_64-linux-gnu
+    /lib64
+    /usr/lib
+    /usr/lib/x86_64-linux-gnu
+    /usr/lib64
+    /lib/i386-linux-gnu
+    /lib32
+    /usr/lib/i386-linux-gnu
+    /usr/lib32
+    EOF
+    ldconfig &> /dev/null
+  '';
  init = run: writeShellScriptBin "${name}-init" ''
    source /etc/profile
+    ${createLdConfCache}
    exec ${run} "$@"
  '';

@ -117,6 +138,11 @@ let
      ${lib.optionalString unshareCgroup "--unshare-cgroup"}
      --die-with-parent
      --ro-bind /nix /nix
+      --tmpfs ${glibc}/etc \
+      --symlink /etc/ld.so.conf ${glibc}/etc/ld.so.conf \
+      --symlink /etc/ld.so.cache ${glibc}/etc/ld.so.cache \
+      --ro-bind ${glibc}/etc/rpc ${glibc}/etc/rpc \
+      --remount-ro ${glibc}/etc \
      ${etcBindFlags}
      "''${ro_mounts[@]}"
      "''${symlinks[@]}"
--- a/pkgs/build-support/build-fhs-userenv-bubblewrap/env.nix
+++ b/pkgs/build-support/build-fhs-userenv-bubblewrap/env.nix
@ -1,4 +1,4 @@
-{ stdenv, buildEnv, writeText, pkgs, pkgsi686Linux }:
+{ stdenv, buildEnv, writeText, writeScriptBin, pkgs, pkgsi686Linux }:

 { name, profile ? ""
 , targetPkgs ? pkgs: [], multiPkgs ? pkgs: []
@ -49,6 +49,11 @@ let
    [ (toString gcc.cc.lib)
    ];

+  ldconfig = writeScriptBin "ldconfig" ''
+    #!${pkgs.stdenv.shell}
+
+    exec ${pkgs.glibc.bin}/bin/ldconfig -f /etc/ld.so.conf -C /etc/ld.so.cache "$@"
+  '';
  etcProfile = writeText "profile" ''
    export PS1='${name}-chrootenv:\u@\h:\w\$ '
    export LOCALE_ARCHIVE='/usr/lib/locale/locale-archive'
@ -86,7 +91,8 @@ let
  # Composes a /usr-like directory structure
  staticUsrProfileTarget = buildEnv {
    name = "${name}-usr-target";
-    paths = [ etcPkg ] ++ basePkgs ++ targetPaths;
+    # ldconfig wrapper must come first so it overrides the original ldconfig
+    paths = [ etcPkg ldconfig ] ++ basePkgs ++ targetPaths;
    extraOutputsToInstall = [ "out" "lib" "bin" ] ++ extraOutputsToInstall;
    ignoreCollisions = true;
  };