Fix LD_LIBRARY_PATH usage in direnv build environment#1918
Merged
akshaymankar merged 2 commits intodevelopfrom Nov 9, 2021
Merged
Fix LD_LIBRARY_PATH usage in direnv build environment#1918akshaymankar merged 2 commits intodevelopfrom
akshaymankar merged 2 commits intodevelopfrom
Conversation
The .envrc used direnv's load_prefix function to make all the required tools and dependency libraries visible within the development environment, which sets a couple of environment variables in the dev shell including PATH and LD_LIBRARY_PATH. The latter is required so that cabal can find non-Haskell dependencies such as zlib and cryptobox. However, adding paths inside the Nix store to LD_LIBRARY_PATH can interfere with tools in the host system, especially on non-NixOS systems, as the dynamic loader will attempt to load dynamic libraries from the Nix store before those of the host system, which in some cases will cause some programs to fail to run due to dynamic symbol mismatches. This commit refactors the direnv build environment, splitting everything but cabal into a separate environment, and exposing cabal through a wrapper script which sets LD_LIBRARY_PATH appropriately only for cabal. Instead of load_prefix, the .envrc reverts to using PATH_add, to avoid introducing LD_LIBRARY_PATH into dev shell environments.
|
|
akshaymankar
force-pushed
the
sysvinit/fix-direnv-build
branch
from
9d31595 to
ab377c2
Compare
akshaymankar
approved these changes
Nov 9, 2021
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The direnv hook for wire-server uses the
load_prefixfunction, which sets theLD_LIBRARY_PATHenvironment variable in development shells, so that cabal can pick up non-Haskell dependencies like zlib and cryptobox. However, this means that running programs inside the dev shell environment will cause libraries from the Nix store to be loaded, which can interfere with programs from the host system, especially for non-NixOS users. For example, I can't runnix-buildinside a dev shell on Debian, as the dynamic loader tries to load an incompatible shared library from the Nix store instead of system libraries.I've refactored the dev shell environment, and split everything but cabal into its own environment, wrapped cabal in a script which sets
LD_LIBRARY_PATHto point to the everything-but-cabal environment, and made a second environment which encapsulates the everything-but-cabal env and the cabal wrapper. direnv then only exposes thebin/directory of the second environment inPATHinstead of setting all theLD_LIBRARY_PATHenvironment variables.