- Spotify uses `LD_LIBRARY_PATH` environment variable to load dependencies.
- One of those dependencies is `nss_esr`.
- Firefox is linked against `nss_latest`.
- Spotify opens a URL in web browser to log in.
- Firefox process executed as a child will inherit environment variables from Spotify.
- NSS library will be replaced, resulting in missing symbols.
firefox.desktop[2946438]: XPCOMGlueLoad error for file /nix/store/8yc9g32afmgcv1j02y1zh69rhskpkcdc-firefox-112.0.2/lib/firefox/libxul.so:
firefox.desktop[2946438]: /nix/store/br95hq0v4l2akqi1x7474ni3fm6nzp7v-nss-3.79.4/lib/libssl3.so: version `NSS_3.80' not found (required by /nix/store/8yc9g32afmgcv1j02y1zh69rhskpkcdc-firefox-112.0.2/lib/firefox/libxul.so)
firefox.desktop[2946438]: Couldn't load XPCOM.
Ideally, we would not use `LD_LIBRARY_PATH` but switching to the same nss version as Firefox uses is an easy workaround.
At some point, I'd like to make another attempt at
71f1f4884b ("openssl: stop static binaries referencing libs"), which
was reverted in 195c7da07d. One problem with my previous attempt is
that I moved OpenSSL's libraries to a lib output, but many dependent
packages were hardcoding the out output as the location of the
libraries. This patch fixes every such case I could find in the tree.
It won't have any effect immediately, but will mean these packages
will automatically use an OpenSSL lib output if it is reintroduced in
future.
This patch should cause very few rebuilds, because it shouldn't make
any change at all to most packages I'm touching. The few rebuilds
that are introduced come from when I've changed a package builder not
to use variable names like openssl.out in scripts / substitution
patterns, which would be confusing since they don't hardcode the
output any more.
I started by making the following global replacements:
${pkgs.openssl.out}/lib -> ${lib.getLib pkgs.openssl}/lib
${openssl.out}/lib -> ${lib.getLib openssl}/lib
Then I removed the ".out" suffix when part of the argument to
lib.makeLibraryPath, since that function uses lib.getLib internally.
Then I fixed up cases where openssl was part of the -L flag to the
compiler/linker, since that unambigously is referring to libraries.
Then I manually investigated and fixed the following packages:
- pycurl
- citrix-workspace
- ppp
- wraith
- unbound
- gambit
- acl2
I'm reasonably confindent in my fixes for all of them.
For acl2, since the openssl library paths are manually provided above
anyway, I don't think openssl is required separately as a build input
at all. Removing it doesn't make a difference to the output size, the
file list, or the closure.
I've tested evaluation with the OfBorg meta checks, to protect against
introducing evaluation failures.
Add a Spotify wrapper with a `deviceScaleFactor` argument to set the
`--force-device-scale-factor` flag for high-DPI displays. If unset,
nothing is added.
This allows e.g.
spotify.override { deviceScaleFactor = 1.66; }
Uses a separate wrapper derivation as suggested by @Ma27.
Uses `wrapProgram` instead of `makeWrapper` as suggested by @Ma27.
Idea shamelessly stolen from 4e60b0efae.
I realized that I don't really know anymore where I'm listed as maintainer and what
I'm actually (co)-maintaining which means that I can't proactively take
care of packages I officially maintain.
As I don't have the time, energy and motivation to take care of stuff I
was interested in 1 or 2 years ago (or packaged for someone else in the
past), I decided that I make this explicit by removing myself from several
packages and adding myself in some other stuff I'm now interested in.
I've seen it several times now that people remove themselves from a
package without removing the package if it's unmaintained after that
which is why I figured that it's fine in my case as the affected pkgs
are rather low-prio and were pretty easy to maintain.
