libglvnd, ocl-icd, vulkan-loader: Add driver library paths to RUNPATH.

Previously we were relying on LD_LIBRARY_PATH to discover driver libraries (libGL, ligGLX, libEGL, OpenCL and Vulkan). This has the problem that setuid programs (in particular VirtualBox) ignore LD_LIBRARY_PATH. Fix it by setting RUNPATH in various dispatch libraries.

This is not needed for libvdpau because it is already configured to look for libraries in the driver paths.

Fixes https://github.com/NixOS/nixpkgs/issues/22760.
This commit is contained in:
Ambroz Bizjak 2019-05-22 18:30:05 +02:00
parent 2874e849d9
commit 1860e506e7
3 changed files with 29 additions and 13 deletions

View File

@ -1,8 +1,6 @@
{ stdenv, lib, fetchFromGitHub, fetchpatch, autoreconfHook, python2, pkgconfig, libX11, libXext, xorgproto }: { stdenv, lib, fetchFromGitHub, fetchpatch, autoreconfHook, python2, pkgconfig, libX11, libXext, xorgproto, addOpenGLRunpath }:
let stdenv.mkDerivation rec {
driverLink = "/run/opengl-driver" + lib.optionalString stdenv.isi686 "-32";
in stdenv.mkDerivation rec {
name = "libglvnd-${version}"; name = "libglvnd-${version}";
version = "1.0.0"; version = "1.0.0";
@ -13,7 +11,7 @@ in stdenv.mkDerivation rec {
sha256 = "1a126lzhd2f04zr3rvdl6814lfl0j077spi5dsf2alghgykn5iif"; sha256 = "1a126lzhd2f04zr3rvdl6814lfl0j077spi5dsf2alghgykn5iif";
}; };
nativeBuildInputs = [ autoreconfHook pkgconfig python2 ]; nativeBuildInputs = [ autoreconfHook pkgconfig python2 addOpenGLRunpath ];
buildInputs = [ libX11 libXext xorgproto ]; buildInputs = [ libX11 libXext xorgproto ];
postPatch = lib.optionalString stdenv.isDarwin '' postPatch = lib.optionalString stdenv.isDarwin ''
@ -26,7 +24,7 @@ in stdenv.mkDerivation rec {
NIX_CFLAGS_COMPILE = [ NIX_CFLAGS_COMPILE = [
"-UDEFAULT_EGL_VENDOR_CONFIG_DIRS" "-UDEFAULT_EGL_VENDOR_CONFIG_DIRS"
# FHS paths are added so that non-NixOS applications can find vendor files. # FHS paths are added so that non-NixOS applications can find vendor files.
"-DDEFAULT_EGL_VENDOR_CONFIG_DIRS=\"${driverLink}/share/glvnd/egl_vendor.d:/etc/glvnd/egl_vendor.d:/usr/share/glvnd/egl_vendor.d\"" "-DDEFAULT_EGL_VENDOR_CONFIG_DIRS=\"${addOpenGLRunpath.driverLink}/share/glvnd/egl_vendor.d:/etc/glvnd/egl_vendor.d:/usr/share/glvnd/egl_vendor.d\""
] ++ lib.optional stdenv.cc.isClang "-Wno-error"; ] ++ lib.optional stdenv.cc.isClang "-Wno-error";
# Indirectly: https://bugs.freedesktop.org/show_bug.cgi?id=35268 # Indirectly: https://bugs.freedesktop.org/show_bug.cgi?id=35268
@ -45,7 +43,13 @@ in stdenv.mkDerivation rec {
}); });
outputs = [ "out" "dev" ]; outputs = [ "out" "dev" ];
passthru = { inherit driverLink; }; # Set RUNPATH so that driver libraries in /run/opengl-driver(-32)/lib can be found.
# See the explanation in addOpenGLRunpath.
postFixup = ''
addOpenGLRunpath $out/lib/libGLX.so $out/lib/libEGL.so
'';
passthru = { inherit (addOpenGLRunpath) driverLink; };
meta = with stdenv.lib; { meta = with stdenv.lib; {
description = "The GL Vendor-Neutral Dispatch library"; description = "The GL Vendor-Neutral Dispatch library";

View File

@ -1,4 +1,4 @@
{stdenv, fetchurl, ruby, opencl-headers, libGL_driver }: {stdenv, fetchurl, ruby, opencl-headers, addOpenGLRunpath }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "ocl-icd-${version}"; name = "ocl-icd-${version}";
@ -9,12 +9,18 @@ stdenv.mkDerivation rec {
sha256 = "0f14gpa13sdm0kzqv5yycp4pschbmi6n5fj7wl4ilspzsrqcgqr2"; sha256 = "0f14gpa13sdm0kzqv5yycp4pschbmi6n5fj7wl4ilspzsrqcgqr2";
}; };
nativeBuildInputs = [ ruby ]; nativeBuildInputs = [ ruby addOpenGLRunpath ];
buildInputs = [ opencl-headers ]; buildInputs = [ opencl-headers ];
postPatch = '' postPatch = ''
sed -i 's,"/etc/OpenCL/vendors","${libGL_driver.driverLink}/etc/OpenCL/vendors",g' ocl_icd_loader.c sed -i 's,"/etc/OpenCL/vendors","${addOpenGLRunpath.driverLink}/etc/OpenCL/vendors",g' ocl_icd_loader.c
'';
# Set RUNPATH so that driver libraries in /run/opengl-driver(-32)/lib can be found.
# See the explanation in addOpenGLRunpath.
postFixup = ''
addOpenGLRunpath $out/lib/libOpenCL.so
''; '';
meta = with stdenv.lib; { meta = with stdenv.lib; {

View File

@ -1,5 +1,5 @@
{ stdenv, fetchFromGitHub, cmake, python3, vulkan-headers, pkgconfig { stdenv, fetchFromGitHub, cmake, python3, vulkan-headers, pkgconfig
, xlibsWrapper, libxcb, libXrandr, libXext, wayland, libGL_driver }: , xlibsWrapper, libxcb, libXrandr, libXext, wayland, addOpenGLRunpath }:
let let
version = "1.1.106"; version = "1.1.106";
@ -17,17 +17,23 @@ stdenv.mkDerivation rec {
sha256 = "0zhrwj1gi90x2w8gaaaw5h4b969a8gfy244kn0drrplhhb1nqz3b"; sha256 = "0zhrwj1gi90x2w8gaaaw5h4b969a8gfy244kn0drrplhhb1nqz3b";
}; };
nativeBuildInputs = [ pkgconfig ]; nativeBuildInputs = [ pkgconfig addOpenGLRunpath ];
buildInputs = [ cmake python3 xlibsWrapper libxcb libXrandr libXext wayland ]; buildInputs = [ cmake python3 xlibsWrapper libxcb libXrandr libXext wayland ];
enableParallelBuilding = true; enableParallelBuilding = true;
cmakeFlags = [ cmakeFlags = [
"-DFALLBACK_DATA_DIRS=${libGL_driver.driverLink}/share:/usr/local/share:/usr/share" "-DFALLBACK_DATA_DIRS=${addOpenGLRunpath.driverLink}/share:/usr/local/share:/usr/share"
"-DVULKAN_HEADERS_INSTALL_DIR=${vulkan-headers}" "-DVULKAN_HEADERS_INSTALL_DIR=${vulkan-headers}"
]; ];
outputs = [ "out" "dev" ]; outputs = [ "out" "dev" ];
# Set RUNPATH so that driver libraries in /run/opengl-driver(-32)/lib can be found.
# See the explanation in addOpenGLRunpath.
postFixup = ''
addOpenGLRunpath $out/lib/libvulkan.so
'';
meta = with stdenv.lib; { meta = with stdenv.lib; {
description = "LunarG Vulkan loader"; description = "LunarG Vulkan loader";
homepage = https://www.lunarg.com; homepage = https://www.lunarg.com;