From 1860e506e7f2fd66982929cfb75ec83b0a586acb Mon Sep 17 00:00:00 2001
From: Ambroz Bizjak <abizjak.pro@gmail.com>
Date: Wed, 22 May 2019 18:30:05 +0200
Subject: [PATCH] libglvnd, ocl-icd, vulkan-loader: Add driver library paths to
 RUNPATH.

Previously we were relying on LD_LIBRARY_PATH to discover driver libraries (libGL, ligGLX, libEGL, OpenCL and Vulkan). This has the problem that setuid programs (in particular VirtualBox) ignore LD_LIBRARY_PATH. Fix it by setting RUNPATH in various dispatch libraries.

This is not needed for libvdpau because it is already configured to look for libraries in the driver paths.

Fixes https://github.com/NixOS/nixpkgs/issues/22760.
---
 .../development/libraries/libglvnd/default.nix | 18 +++++++++++-------
 pkgs/development/libraries/ocl-icd/default.nix | 12 +++++++++---
 .../libraries/vulkan-loader/default.nix        | 12 +++++++++---
 3 files changed, 29 insertions(+), 13 deletions(-)

diff --git a/pkgs/development/libraries/libglvnd/default.nix b/pkgs/development/libraries/libglvnd/default.nix
index c7b76497fa8c..62c6b45c5d45 100644
--- a/pkgs/development/libraries/libglvnd/default.nix
+++ b/pkgs/development/libraries/libglvnd/default.nix
@@ -1,8 +1,6 @@
-{ stdenv, lib, fetchFromGitHub, fetchpatch, autoreconfHook, python2, pkgconfig, libX11, libXext, xorgproto }:
+{ stdenv, lib, fetchFromGitHub, fetchpatch, autoreconfHook, python2, pkgconfig, libX11, libXext, xorgproto, addOpenGLRunpath }:
 
-let
-  driverLink = "/run/opengl-driver" + lib.optionalString stdenv.isi686 "-32";
-in stdenv.mkDerivation rec {
+stdenv.mkDerivation rec {
   name = "libglvnd-${version}";
   version = "1.0.0";
 
@@ -13,7 +11,7 @@ in stdenv.mkDerivation rec {
     sha256 = "1a126lzhd2f04zr3rvdl6814lfl0j077spi5dsf2alghgykn5iif";
   };
 
-  nativeBuildInputs = [ autoreconfHook pkgconfig python2 ];
+  nativeBuildInputs = [ autoreconfHook pkgconfig python2 addOpenGLRunpath ];
   buildInputs = [ libX11 libXext xorgproto ];
 
   postPatch = lib.optionalString stdenv.isDarwin ''
@@ -26,7 +24,7 @@ in stdenv.mkDerivation rec {
   NIX_CFLAGS_COMPILE = [
     "-UDEFAULT_EGL_VENDOR_CONFIG_DIRS"
     # FHS paths are added so that non-NixOS applications can find vendor files.
-    "-DDEFAULT_EGL_VENDOR_CONFIG_DIRS=\"${driverLink}/share/glvnd/egl_vendor.d:/etc/glvnd/egl_vendor.d:/usr/share/glvnd/egl_vendor.d\""
+    "-DDEFAULT_EGL_VENDOR_CONFIG_DIRS=\"${addOpenGLRunpath.driverLink}/share/glvnd/egl_vendor.d:/etc/glvnd/egl_vendor.d:/usr/share/glvnd/egl_vendor.d\""
   ] ++ lib.optional stdenv.cc.isClang "-Wno-error";
 
   # Indirectly: https://bugs.freedesktop.org/show_bug.cgi?id=35268
@@ -45,7 +43,13 @@ in stdenv.mkDerivation rec {
     });
   outputs = [ "out" "dev" ];
 
-  passthru = { inherit driverLink; };
+  # Set RUNPATH so that driver libraries in /run/opengl-driver(-32)/lib can be found.
+  # See the explanation in addOpenGLRunpath.
+  postFixup = ''
+    addOpenGLRunpath $out/lib/libGLX.so $out/lib/libEGL.so
+  '';
+
+  passthru = { inherit (addOpenGLRunpath) driverLink; };
 
   meta = with stdenv.lib; {
     description = "The GL Vendor-Neutral Dispatch library";
diff --git a/pkgs/development/libraries/ocl-icd/default.nix b/pkgs/development/libraries/ocl-icd/default.nix
index ec6dc5f90528..abdc7502052b 100644
--- a/pkgs/development/libraries/ocl-icd/default.nix
+++ b/pkgs/development/libraries/ocl-icd/default.nix
@@ -1,4 +1,4 @@
-{stdenv, fetchurl, ruby, opencl-headers, libGL_driver }:
+{stdenv, fetchurl, ruby, opencl-headers, addOpenGLRunpath }:
 
 stdenv.mkDerivation rec {
   name = "ocl-icd-${version}";
@@ -9,12 +9,18 @@ stdenv.mkDerivation rec {
     sha256 = "0f14gpa13sdm0kzqv5yycp4pschbmi6n5fj7wl4ilspzsrqcgqr2";
   };
 
-  nativeBuildInputs = [ ruby ];
+  nativeBuildInputs = [ ruby addOpenGLRunpath ];
 
   buildInputs = [ opencl-headers ];
 
   postPatch = ''
-    sed -i 's,"/etc/OpenCL/vendors","${libGL_driver.driverLink}/etc/OpenCL/vendors",g' ocl_icd_loader.c
+    sed -i 's,"/etc/OpenCL/vendors","${addOpenGLRunpath.driverLink}/etc/OpenCL/vendors",g' ocl_icd_loader.c
+  '';
+
+  # Set RUNPATH so that driver libraries in /run/opengl-driver(-32)/lib can be found.
+  # See the explanation in addOpenGLRunpath.
+  postFixup = ''
+    addOpenGLRunpath $out/lib/libOpenCL.so
   '';
 
   meta = with stdenv.lib; {
diff --git a/pkgs/development/libraries/vulkan-loader/default.nix b/pkgs/development/libraries/vulkan-loader/default.nix
index 7d53065ba324..891ad373e027 100644
--- a/pkgs/development/libraries/vulkan-loader/default.nix
+++ b/pkgs/development/libraries/vulkan-loader/default.nix
@@ -1,5 +1,5 @@
 { stdenv, fetchFromGitHub, cmake, python3, vulkan-headers, pkgconfig
-, xlibsWrapper, libxcb, libXrandr, libXext, wayland, libGL_driver }:
+, xlibsWrapper, libxcb, libXrandr, libXext, wayland, addOpenGLRunpath }:
 
 let
   version = "1.1.106";
@@ -17,17 +17,23 @@ stdenv.mkDerivation rec {
     sha256 = "0zhrwj1gi90x2w8gaaaw5h4b969a8gfy244kn0drrplhhb1nqz3b";
   };
 
-  nativeBuildInputs = [ pkgconfig ];
+  nativeBuildInputs = [ pkgconfig addOpenGLRunpath ];
   buildInputs = [ cmake python3 xlibsWrapper libxcb libXrandr libXext wayland ];
   enableParallelBuilding = true;
 
   cmakeFlags = [
-    "-DFALLBACK_DATA_DIRS=${libGL_driver.driverLink}/share:/usr/local/share:/usr/share"
+    "-DFALLBACK_DATA_DIRS=${addOpenGLRunpath.driverLink}/share:/usr/local/share:/usr/share"
     "-DVULKAN_HEADERS_INSTALL_DIR=${vulkan-headers}"
   ];
 
   outputs = [ "out" "dev" ];
 
+  # Set RUNPATH so that driver libraries in /run/opengl-driver(-32)/lib can be found.
+  # See the explanation in addOpenGLRunpath.
+  postFixup = ''
+    addOpenGLRunpath $out/lib/libvulkan.so
+  '';
+
   meta = with stdenv.lib; {
     description = "LunarG Vulkan loader";
     homepage    = https://www.lunarg.com;