]> Git — Sourcephile - sourcephile-nix.git/blob - nixpkgs/patches/fix-ld-nix.diff
malloc: disable unstable scudo hardening
[sourcephile-nix.git] / nixpkgs / patches / fix-ld-nix.diff
1 diff --git a/nixos/modules/config/malloc.nix b/nixos/modules/config/malloc.nix
2 index 31a659ee83f..93089c220a2 100644
3 --- a/nixos/modules/config/malloc.nix
4 +++ b/nixos/modules/config/malloc.nix
5 @@ -84,7 +84,9 @@ in
6 };
7
8 config = mkIf (cfg.provider != "libc") {
9 - environment.etc."ld-nix.so.preload".text = ''
10 + # See comment in pkgs/development/libraries/glibc/common.nix
11 + # for an explanation about the name of this file.
12 + environment.etc."ld-nix.${pkgs.glibc.src.outputHash}.so.preload".text = ''
13 ${providerLibPath}
14 '';
15 };
16 diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix
17 index 0b2f34c7b76..e1349c0076b 100644
18 --- a/pkgs/development/libraries/glibc/common.nix
19 +++ b/pkgs/development/libraries/glibc/common.nix
20 @@ -68,9 +68,6 @@ stdenv.mkDerivation ({
21 /* Don't use /etc/ld.so.cache, for non-NixOS systems. */
22 ./dont-use-system-ld-so-cache.patch
23
24 - /* Don't use /etc/ld.so.preload, but /etc/ld-nix.so.preload. */
25 - ./dont-use-system-ld-so-preload.patch
26 -
27 /* The command "getconf CS_PATH" returns the default search path
28 "/bin:/usr/bin", which is inappropriate on NixOS machines. This
29 patch extends the search path by "/run/current-system/sw/bin". */
30 @@ -128,6 +125,18 @@ stdenv.mkDerivation ({
31 # nscd needs libgcc, and we don't want it dynamically linked
32 # because we don't want it to depend on bootstrap-tools libs.
33 echo "LDFLAGS-nscd += -static-libgcc" >> nscd/Makefile
34 +
35 + # Don't use /etc/ld.so.preload, but /etc/ld-nix.${sha256}.so.preload.
36 + # ${sha256} is included in the name
37 + # in order to only share a same .so.preload between the programs
38 + # built with that version of glibc,
39 + # otherwise it could break programs
40 + # requiring symbols from a more recent glibc
41 + # than the one loaded by shared libraries in that file.
42 + # This file may later be generated by a NixOS module,
43 + # using pkgs.glibc.src.outputHash instead of sha256
44 + substituteInPlace elf/rtld.c \
45 + --replace /etc/ld.so.preload /etc/ld-nix.${sha256}.so.preload
46 ''
47 # FIXME: find a solution for infinite recursion in cross builds.
48 # For now it's hopefully acceptable that IDN from libc doesn't reliably work.
49 diff --git a/pkgs/development/libraries/glibc/dont-use-system-ld-so-preload.patch b/pkgs/development/libraries/glibc/dont-use-system-ld-so-preload.patch
50 deleted file mode 100644
51 index 894e2a11cf8..00000000000
52 --- a/pkgs/development/libraries/glibc/dont-use-system-ld-so-preload.patch
53 +++ /dev/null
54 @@ -1,12 +0,0 @@
55 -diff -ru glibc-2.20-orig/elf/rtld.c glibc-2.20/elf/rtld.c
56 ---- glibc-2.20-orig/elf/rtld.c 2014-09-07 10:09:09.000000000 +0200
57 -+++ glibc-2.20/elf/rtld.c 2014-10-27 11:32:25.203043157 +0100
58 -@@ -1513,7 +1513,7 @@
59 - open(). So we do this first. If it succeeds we do almost twice
60 - the work but this does not matter, since it is not for production
61 - use. */
62 -- static const char preload_file[] = "/etc/ld.so.preload";
63 -+ static const char preload_file[] = "/etc/ld-nix.so.preload";
64 - if (__glibc_unlikely (__access (preload_file, R_OK) == 0))
65 - {
66 - /* Read the contents of the file. */