diff options
| author | Anders Kaseorg <andersk@mit.edu> | 2020-01-01 16:29:34 -0800 |
|---|---|---|
| committer | Frederik Rietdijk <freddyrietdijk@fridh.nl> | 2020-01-15 09:47:03 +0100 |
| commit | 3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba (patch) | |
| tree | 7a1f1889004dce271903d69dce5c1f5a2cf92b07 | |
| parent | 2e5051e2235f93829f0d6531ace21e87f2a486a4 (diff) | |
| download | nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.gz nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.bz2 nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.lz nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.xz nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.zst nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.zip | |
treewide: Fix unsafe concatenation of $LD_LIBRARY_PATH
Naive concatenation of $LD_LIBRARY_PATH can result in an empty colon-delimited segment; this tells glibc to load libraries from the current directory, which is definitely wrong, and may be a security vulnerability if the current directory is untrusted. (See #67234, for example.) Fix this throughout the tree. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
48 files changed, 55 insertions, 55 deletions
diff --git a/pkgs/applications/graphics/paraview/default.nix b/pkgs/applications/graphics/paraview/default.nix index 1a47a355749..ddf7c537062 100644 --- a/pkgs/applications/graphics/paraview/default.nix +++ b/pkgs/applications/graphics/paraview/default.nix @@ -30,7 +30,7 @@ mkDerivation rec { # libraries. These reside in build/lib, and are not found by # default. preBuild = '' - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib:$PWD/VTK/ThirdParty/vtkm/vtk-m/lib + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib:$PWD/VTK/ThirdParty/vtkm/vtk-m/lib ''; enableParallelBuilding = true; diff --git a/pkgs/applications/misc/audio/soxr/default.nix b/pkgs/applications/misc/audio/soxr/default.nix index 7c4e6ff8c3d..20a754ba98a 100644 --- a/pkgs/applications/misc/audio/soxr/default.nix +++ b/pkgs/applications/misc/audio/soxr/default.nix @@ -11,9 +11,9 @@ stdenv.mkDerivation rec { outputs = [ "out" "doc" ]; # headers are just two and very small preConfigure = if stdenv.isDarwin then '' - export DYLD_LIBRARY_PATH="$DYLD_LIBRARY_PATH:"`pwd`/build/src + export DYLD_LIBRARY_PATH="$DYLD_LIBRARY_PATH''${DYLD_LIBRARY_PATH:+:}"`pwd`/build/src '' else '' - export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:"`pwd`/build/src + export LD_LIBRARY_PATH="$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}"`pwd`/build/src ''; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/applications/networking/mailreaders/claws-mail/default.nix b/pkgs/applications/networking/mailreaders/claws-mail/default.nix index e89a36eade0..f62ab292d66 100644 --- a/pkgs/applications/networking/mailreaders/claws-mail/default.nix +++ b/pkgs/applications/networking/mailreaders/claws-mail/default.nix @@ -43,7 +43,7 @@ stdenv.mkDerivation rec { preConfigure = '' # autotools check tries to dlopen libpython as a requirement for the python plugin - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${python}/lib + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}${python}/lib ''; postPatch = '' diff --git a/pkgs/applications/office/gnucash/default.nix b/pkgs/applications/office/gnucash/default.nix index 963a896dd51..476b1128b94 100644 --- a/pkgs/applications/office/gnucash/default.nix +++ b/pkgs/applications/office/gnucash/default.nix @@ -79,7 +79,7 @@ stdenv.mkDerivation rec { # 80 - test-gnc-module-scm-module (Failed) # 81 - test-gnc-module-scm-multi (Failed) preCheck = '' - export LD_LIBRARY_PATH=$PWD/lib:$PWD/lib/gnucash:$PWD/lib/gnucash/test:$LD_LIBRARY_PATH + export LD_LIBRARY_PATH=$PWD/lib:$PWD/lib/gnucash:$PWD/lib/gnucash/test''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH export NIX_CFLAGS_LINK="-lgtest -lgtest_main" ''; doCheck = false; diff --git a/pkgs/applications/science/math/sage/sage-env.nix b/pkgs/applications/science/math/sage/sage-env.nix index 00397239876..68e0d134ace 100644 --- a/pkgs/applications/science/math/sage/sage-env.nix +++ b/pkgs/applications/science/math/sage/sage-env.nix @@ -177,7 +177,7 @@ writeTextFile rec { export SAGE_EXTCODE='${sagelib.src}/src/ext' # for find_library - export DYLD_LIBRARY_PATH="${lib.makeLibraryPath [stdenv.cc.libc singular]}:$DYLD_LIBRARY_PATH" + export DYLD_LIBRARY_PATH="${lib.makeLibraryPath [stdenv.cc.libc singular]}''${DYLD_LIBRARY_PATH:+:}$DYLD_LIBRARY_PATH" ''; } // { lib = sagelib; # equivalent of `passthru`, which `writeTextFile` doesn't support diff --git a/pkgs/applications/video/avidemux/default.nix b/pkgs/applications/video/avidemux/default.nix index c28d900dd9f..00bdb370aae 100644 --- a/pkgs/applications/video/avidemux/default.nix +++ b/pkgs/applications/video/avidemux/default.nix @@ -66,7 +66,7 @@ stdenv.mkDerivation rec { cd "$sourceRoot" patchPhase - export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${libXext}/lib" + export LD_LIBRARY_PATH="$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}${libXext}/lib" ${stdenv.shell} bootStrap.bash \ --with-core \ ${if withQT then "--with-qt" else "--without-qt"} \ diff --git a/pkgs/build-support/build-fhs-userenv/env.nix b/pkgs/build-support/build-fhs-userenv/env.nix index 295b17eec67..8de43d5a919 100644 --- a/pkgs/build-support/build-fhs-userenv/env.nix +++ b/pkgs/build-support/build-fhs-userenv/env.nix @@ -52,7 +52,7 @@ let etcProfile = writeText "profile" '' export PS1='${name}-chrootenv:\u@\h:\w\$ ' export LOCALE_ARCHIVE='/usr/lib/locale/locale-archive' - export LD_LIBRARY_PATH="/run/opengl-driver/lib:/run/opengl-driver-32/lib:/usr/lib:/usr/lib32:$LD_LIBRARY_PATH" + export LD_LIBRARY_PATH="/run/opengl-driver/lib:/run/opengl-driver-32/lib:/usr/lib:/usr/lib32''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" export PATH="/run/wrappers/bin:/usr/bin:/usr/sbin:$PATH" export TZDIR='/etc/zoneinfo' diff --git a/pkgs/desktops/deepin/dde-file-manager/default.nix b/pkgs/desktops/deepin/dde-file-manager/default.nix index 5d0d04bfb76..62931dfcd81 100644 --- a/pkgs/desktops/deepin/dde-file-manager/default.nix +++ b/pkgs/desktops/deepin/dde-file-manager/default.nix @@ -228,8 +228,8 @@ mkDerivation rec { ]; preBuild = '' - export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${zlib}/lib"; - export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${libX11}/lib"; + export LD_LIBRARY_PATH="$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}${zlib}/lib"; + export LD_LIBRARY_PATH="$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}${libX11}/lib"; ''; dontWrapQtApps = true; diff --git a/pkgs/desktops/enlightenment/efl.nix b/pkgs/desktops/enlightenment/efl.nix index 183e72565d3..b4b271fb38f 100644 --- a/pkgs/desktops/enlightenment/efl.nix +++ b/pkgs/desktops/enlightenment/efl.nix @@ -123,7 +123,7 @@ stdenv.mkDerivation rec { preConfigure = '' # allow ecore_con to find libcurl.so, which is a runtime dependency (it is dlopened) - export LD_LIBRARY_PATH="${curl.out}/lib:$LD_LIBRARY_PATH" + export LD_LIBRARY_PATH="${curl.out}/lib''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" source "$setupHook" ''; diff --git a/pkgs/development/compilers/halide/default.nix b/pkgs/development/compilers/halide/default.nix index 0b28b61a27b..44c079af926 100644 --- a/pkgs/development/compilers/halide/default.nix +++ b/pkgs/development/compilers/halide/default.nix @@ -29,7 +29,7 @@ in llvmPackages.stdenv.mkDerivation { # To handle the lack of 'local' RPATH; required, as they call one of # their built binaries requiring their libs, in the build process. preBuild = '' - export LD_LIBRARY_PATH="$(pwd)/lib:$LD_LIBRARY_PATH" + export LD_LIBRARY_PATH="$(pwd)/lib''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" ''; enableParallelBuilding = true; diff --git a/pkgs/development/compilers/llvm/4/llvm.nix b/pkgs/development/compilers/llvm/4/llvm.nix index d5f64041486..0d3ce1614de 100644 --- a/pkgs/development/compilers/llvm/4/llvm.nix +++ b/pkgs/development/compilers/llvm/4/llvm.nix @@ -143,7 +143,7 @@ stdenv.mkDerivation ({ ''; preCheck = '' - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib ''; postInstall = stdenv.lib.optionalString enableSharedLibraries '' diff --git a/pkgs/development/compilers/llvm/5/llvm.nix b/pkgs/development/compilers/llvm/5/llvm.nix index cd26b7d17a9..2ce17765d63 100644 --- a/pkgs/development/compilers/llvm/5/llvm.nix +++ b/pkgs/development/compilers/llvm/5/llvm.nix @@ -119,7 +119,7 @@ stdenv.mkDerivation ({ ''; preCheck = '' - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib ''; postInstall = '' diff --git a/pkgs/development/compilers/llvm/6/llvm.nix b/pkgs/development/compilers/llvm/6/llvm.nix index 8faab6b94a9..80acd3fa2fe 100644 --- a/pkgs/development/compilers/llvm/6/llvm.nix +++ b/pkgs/development/compilers/llvm/6/llvm.nix @@ -120,7 +120,7 @@ stdenv.mkDerivation ({ ''; preCheck = '' - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib ''; postInstall = '' diff --git a/pkgs/development/compilers/llvm/7/llvm.nix b/pkgs/development/compilers/llvm/7/llvm.nix index 62be8bbedab..d7fb1fe4b93 100644 --- a/pkgs/development/compilers/llvm/7/llvm.nix +++ b/pkgs/development/compilers/llvm/7/llvm.nix @@ -141,7 +141,7 @@ in stdenv.mkDerivation ({ ''; preCheck = '' - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib ''; postInstall = '' diff --git a/pkgs/development/compilers/llvm/8/llvm.nix b/pkgs/development/compilers/llvm/8/llvm.nix index 18946f5d640..a9c4a6b0ba2 100644 --- a/pkgs/development/compilers/llvm/8/llvm.nix +++ b/pkgs/development/compilers/llvm/8/llvm.nix @@ -117,7 +117,7 @@ in stdenv.mkDerivation ({ ''; preCheck = '' - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib ''; postInstall = '' diff --git a/pkgs/development/compilers/llvm/9/llvm.nix b/pkgs/development/compilers/llvm/9/llvm.nix index c0e750dc31c..2cdc5a5fd06 100644 --- a/pkgs/development/compilers/llvm/9/llvm.nix +++ b/pkgs/development/compilers/llvm/9/llvm.nix @@ -134,7 +134,7 @@ in stdenv.mkDerivation (rec { ''; preCheck = '' - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib ''; postInstall = '' diff --git a/pkgs/development/compilers/mlton/20130715.nix b/pkgs/development/compilers/mlton/20130715.nix index 207ed8f29bc..52bb0a0775c 100644 --- a/pkgs/development/compilers/mlton/20130715.nix +++ b/pkgs/development/compilers/mlton/20130715.nix @@ -77,7 +77,7 @@ stdenv.mkDerivation rec { chmod u+x $(pwd)/../${usr_prefix}/bin/mlton # So the builder runs the binary compiler with gmp. - export LD_LIBRARY_PATH=${gmp.out}/lib:$LD_LIBRARY_PATH + export LD_LIBRARY_PATH=${gmp.out}/lib''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH '' + stdenv.lib.optionalString stdenv.isLinux '' # Patch ELF interpreter. diff --git a/pkgs/development/compilers/solc/default.nix b/pkgs/development/compilers/solc/default.nix index 23e6c64f3ff..0f71ed79e7e 100644 --- a/pkgs/development/compilers/solc/default.nix +++ b/pkgs/development/compilers/solc/default.nix @@ -49,7 +49,7 @@ stdenv.mkDerivation rec { checkPhase = '' while IFS= read -r -d ''' dir do - LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$(pwd)/$dir + LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$(pwd)/$dir export LD_LIBRARY_PATH done < <(find . -type d -print0) diff --git a/pkgs/development/guile-modules/guile-lib/default.nix b/pkgs/development/guile-modules/guile-lib/default.nix index cea464ad5d2..97f501f41db 100644 --- a/pkgs/development/guile-modules/guile-lib/default.nix +++ b/pkgs/development/guile-modules/guile-lib/default.nix @@ -21,7 +21,7 @@ in stdenv.mkDerivation { preCheck = '' # Make `libgcc_s.so' visible for `pthread_cancel'. export LD_LIBRARY_PATH=\ - "$(dirname $(echo ${stdenv.cc.cc.lib}/lib*/libgcc_s.so)):$LD_LIBRARY_PATH" + "$(dirname $(echo ${stdenv.cc.cc.lib}/lib*/libgcc_s.so))''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" ''; meta = with stdenv.lib; { diff --git a/pkgs/development/interpreters/pure/default.nix b/pkgs/development/interpreters/pure/default.nix index 9c35fc35497..764ee241aff 100644 --- a/pkgs/development/interpreters/pure/default.nix +++ b/pkgs/development/interpreters/pure/default.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { configureFlags = [ "--enable-release" ]; doCheck = true; checkPhase = '' - LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${llvm}/lib make check + LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}${llvm}/lib make check ''; postInstall = '' wrapProgram $out/bin/pure --prefix LD_LIBRARY_PATH : ${llvm}/lib diff --git a/pkgs/development/libraries/boxfort/default.nix b/pkgs/development/libraries/boxfort/default.nix index 95c1afd090f..fb6e735c46e 100644 --- a/pkgs/development/libraries/boxfort/default.nix +++ b/pkgs/development/libraries/boxfort/default.nix @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { doCheck = true; preCheck = '' - export LD_LIBRARY_PATH=`pwd`:$LD_LIBRARY_PATH + export LD_LIBRARY_PATH=`pwd`''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH ''; outputs = [ "dev" "out" ]; diff --git a/pkgs/development/libraries/caf/default.nix b/pkgs/development/libraries/caf/default.nix index ecf991cb59c..e32ec169579 100644 --- a/pkgs/development/libraries/caf/default.nix +++ b/pkgs/development/libraries/caf/default.nix @@ -22,8 +22,8 @@ stdenv.mkDerivation rec { doCheck = true; checkTarget = "test"; preCheck = '' - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib - export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:$PWD/lib + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib + export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH''${DYLD_LIBRARY_PATH:+:}$PWD/lib ''; meta = with stdenv.lib; { diff --git a/pkgs/development/libraries/criterion/default.nix b/pkgs/development/libraries/criterion/default.nix index c2721d3839a..3dc4b462404 100644 --- a/pkgs/development/libraries/criterion/default.nix +++ b/pkgs/development/libraries/criterion/default.nix @@ -30,7 +30,7 @@ stdenv.mkDerivation rec { cmakeFlags = [ "-DCTESTS=ON" ]; doCheck = true; preCheck = '' - export LD_LIBRARY_PATH=`pwd`:$LD_LIBRARY_PATH + export LD_LIBRARY_PATH=`pwd`''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH ''; checkTarget = "criterion_tests test"; diff --git a/pkgs/development/libraries/cutelyst/default.nix b/pkgs/development/libraries/cutelyst/default.nix index 6cd464e5539..2cf611eed27 100644 --- a/pkgs/development/libraries/cutelyst/default.nix +++ b/pkgs/development/libraries/cutelyst/default.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { ]; preBuild = '' - export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:`pwd`/Cutelyst:`pwd`/EventLoopEPoll" + export LD_LIBRARY_PATH="$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}`pwd`/Cutelyst:`pwd`/EventLoopEPoll" ''; postBuild = '' diff --git a/pkgs/development/libraries/exiv2/default.nix b/pkgs/development/libraries/exiv2/default.nix index 21f63e07335..425346df816 100644 --- a/pkgs/development/libraries/exiv2/default.nix +++ b/pkgs/development/libraries/exiv2/default.nix @@ -69,7 +69,7 @@ stdenv.mkDerivation rec { ''} ${stdenv.lib.optionalString stdenv.isDarwin '' - export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:`pwd`/lib + export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH''${DYLD_LIBRARY_PATH:+:}`pwd`/lib # Removing tests depending on charset conversion substituteInPlace ../test/Makefile --replace "conversions.sh" "" rm -f ../tests/bugfixes/redmine/test_issue_460.py diff --git a/pkgs/development/libraries/glib/default.nix b/pkgs/development/libraries/glib/default.nix index 4a7d6cce90b..18756213230 100644 --- a/pkgs/development/libraries/glib/default.nix +++ b/pkgs/development/libraries/glib/default.nix @@ -160,7 +160,7 @@ stdenv.mkDerivation rec { checkInputs = [ tzdata libxml2 desktop-file-utils shared-mime-info ]; preCheck = optionalString doCheck '' - export LD_LIBRARY_PATH="$NIX_BUILD_TOP/${pname}-${version}/glib/.libs:$LD_LIBRARY_PATH" + export LD_LIBRARY_PATH="$NIX_BUILD_TOP/${pname}-${version}/glib/.libs''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" export TZDIR="${tzdata}/share/zoneinfo" export XDG_CACHE_HOME="$TMP" export XDG_RUNTIME_HOME="$TMP" diff --git a/pkgs/development/libraries/grpc/default.nix b/pkgs/development/libraries/grpc/default.nix index abcd3abaf30..dfec171f1db 100644 --- a/pkgs/development/libraries/grpc/default.nix +++ b/pkgs/development/libraries/grpc/default.nix @@ -38,7 +38,7 @@ stdenv.mkDerivation rec { ''; preBuild = '' - export LD_LIBRARY_PATH=$(pwd):$LD_LIBRARY_PATH + export LD_LIBRARY_PATH=$(pwd)''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH ''; NIX_CFLAGS_COMPILE = stdenv.lib.optionalString stdenv.cc.isClang "-Wno-error=unknown-warning-option"; diff --git a/pkgs/development/libraries/jsoncpp/default.nix b/pkgs/development/libraries/jsoncpp/default.nix index 72158e186ac..7b06cc8ad4e 100644 --- a/pkgs/development/libraries/jsoncpp/default.nix +++ b/pkgs/development/libraries/jsoncpp/default.nix @@ -23,9 +23,9 @@ stdenv.mkDerivation rec { # Hack to be able to run the test, broken because we use # CMAKE_SKIP_BUILD_RPATH to avoid cmake resetting rpath on install preBuild = if stdenv.isDarwin then '' - export DYLD_LIBRARY_PATH="`pwd`/src/lib_json:$DYLD_LIBRARY_PATH" + export DYLD_LIBRARY_PATH="`pwd`/src/lib_json''${DYLD_LIBRARY_PATH:+:}$DYLD_LIBRARY_PATH" '' else '' - export LD_LIBRARY_PATH="`pwd`/src/lib_json:$LD_LIBRARY_PATH" + export LD_LIBRARY_PATH="`pwd`/src/lib_json''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" ''; nativeBuildInputs = [ cmake python ]; diff --git a/pkgs/development/libraries/libtins/default.nix b/pkgs/development/libraries/libtins/default.nix index c90cff31677..60bb092c6fa 100644 --- a/pkgs/development/libraries/libtins/default.nix +++ b/pkgs/development/libraries/libtins/default.nix @@ -32,8 +32,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; doCheck = true; preCheck = '' - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD${placeholder "out"}/lib - export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:$PWD${placeholder "out"}/lib + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD${placeholder "out"}/lib + export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH''${DYLD_LIBRARY_PATH:+:}$PWD${placeholder "out"}/lib ''; checkTarget = "tests test"; diff --git a/pkgs/development/libraries/orcania/default.nix b/pkgs/development/libraries/orcania/default.nix index bc27011c588..2f8765f9a72 100644 --- a/pkgs/development/libraries/orcania/default.nix +++ b/pkgs/development/libraries/orcania/default.nix @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { doCheck = true; preCheck = '' - export LD_LIBRARY_PATH="$(pwd):$LD_LIBRARY_PATH" + export LD_LIBRARY_PATH="$(pwd)''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" export DYLD_FALLBACK_LIBRARY_PATH="$(pwd):$DYLD_FALLBACK_LIBRARY_PATH" ''; diff --git a/pkgs/development/libraries/qt-4.x/4.8/default.nix b/pkgs/development/libraries/qt-4.x/4.8/default.nix index 25953949eb7..379f5b3d80e 100644 --- a/pkgs/development/libraries/qt-4.x/4.8/default.nix +++ b/pkgs/development/libraries/qt-4.x/4.8/default.nix @@ -125,7 +125,7 @@ stdenv.mkDerivation rec { ]; preConfigure = '' - export LD_LIBRARY_PATH="`pwd`/lib:$LD_LIBRARY_PATH" + export LD_LIBRARY_PATH="`pwd`/lib''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" configureFlags+=" -docdir $out/share/doc/${name} -plugindir $out/lib/qt4/plugins diff --git a/pkgs/development/libraries/qt-5/modules/qtbase.nix b/pkgs/development/libraries/qt-5/modules/qtbase.nix index bc23d0f9caf..930c59d347b 100644 --- a/pkgs/development/libraries/qt-5/modules/qtbase.nix +++ b/pkgs/development/libraries/qt-5/modules/qtbase.nix @@ -164,7 +164,7 @@ stdenv.mkDerivation { setOutputFlags = false; preConfigure = '' - export LD_LIBRARY_PATH="$PWD/lib:$PWD/plugins/platforms:$LD_LIBRARY_PATH" + export LD_LIBRARY_PATH="$PWD/lib:$PWD/plugins/platforms''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" ${lib.optionalString (compareVersion "5.9.0" < 0) '' # We need to set LD to CXX or otherwise we get nasty compile errors export LD=$CXX diff --git a/pkgs/development/libraries/science/math/arpack/default.nix b/pkgs/development/libraries/science/math/arpack/default.nix index 36576de0563..89f3aa94247 100644 --- a/pkgs/development/libraries/science/math/arpack/default.nix +++ b/pkgs/development/libraries/science/math/arpack/default.nix @@ -30,9 +30,9 @@ stdenv.mkDerivation { ]; preCheck = if stdenv.isDarwin then '' - export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:`pwd`/lib + export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH''${DYLD_LIBRARY_PATH:+:}`pwd`/lib '' else '' - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:`pwd`/lib + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}`pwd`/lib '' + '' # Prevent tests from using all cores export OMP_NUM_THREADS=2 diff --git a/pkgs/development/libraries/science/math/scalapack/default.nix b/pkgs/development/libraries/science/math/scalapack/default.nix index bff0d9a85fa..fda902f320c 100644 --- a/pkgs/development/libraries/science/math/scalapack/default.nix +++ b/pkgs/development/libraries/science/math/scalapack/default.nix @@ -40,7 +40,7 @@ stdenv.mkDerivation rec { # Run single threaded export OMP_NUM_THREADS=1 - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:`pwd`/lib + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}`pwd`/lib ''; meta = with stdenv.lib; { diff --git a/pkgs/development/libraries/yder/default.nix b/pkgs/development/libraries/yder/default.nix index 7025fd2eb1c..5ddb1d1a131 100644 --- a/pkgs/development/libraries/yder/default.nix +++ b/pkgs/development/libraries/yder/default.nix @@ -32,7 +32,7 @@ stdenv.mkDerivation rec { doCheck = true; preCheck = '' - export LD_LIBRARY_PATH="$(pwd):$LD_LIBRARY_PATH" + export LD_LIBRARY_PATH="$(pwd)''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" export DYLD_FALLBACK_LIBRARY_PATH="$(pwd):$DYLD_FALLBACK_LIBRARY_PATH" ''; diff --git a/pkgs/development/pharo/vm/build-vm.nix b/pkgs/development/pharo/vm/build-vm.nix index 5fc747cbc8c..38516cc1914 100644 --- a/pkgs/development/pharo/vm/build-vm.nix +++ b/pkgs/development/pharo/vm/build-vm.nix @@ -117,7 +117,7 @@ stdenv.mkDerivation rec { cat > "$out/bin/${cmd}" <<EOF #!${runtimeShell} set -f - LD_LIBRARY_PATH="\$LD_LIBRARY_PATH:$libs" exec $out/pharo "\$@" + LD_LIBRARY_PATH="\$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$libs" exec $out/pharo "\$@" EOF chmod +x "$out/bin/${cmd}" ln -s ${libgit2}/lib/libgit2.so* "$out/" diff --git a/pkgs/development/python-modules/pytorch/default.nix b/pkgs/development/python-modules/pytorch/default.nix index d55be70ae49..0556ff93c13 100644 --- a/pkgs/development/python-modules/pytorch/default.nix +++ b/pkgs/development/python-modules/pytorch/default.nix @@ -105,7 +105,7 @@ let path = "${cudatoolkit}/lib/stubs/libcuda.so"; }]; cudaStubEnv = lib.optionalString cudaSupport - "LD_LIBRARY_PATH=${cudaStub}\${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH} "; + "LD_LIBRARY_PATH=${cudaStub}\${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH "; in buildPythonPackage rec { version = "1.2.0"; diff --git a/pkgs/games/dwarf-fortress/dfhack/default.nix b/pkgs/games/dwarf-fortress/dfhack/default.nix index 544fa26b21c..5706337dffd 100644 --- a/pkgs/games/dwarf-fortress/dfhack/default.nix +++ b/pkgs/games/dwarf-fortress/dfhack/default.nix @@ -109,7 +109,7 @@ let ''; preBuild = '' - export LD_LIBRARY_PATH="$PWD/depends/protobuf:$LD_LIBRARY_PATH" + export LD_LIBRARY_PATH="$PWD/depends/protobuf''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" ''; cmakeFlags = [ "-DDFHACK_BUILD_ARCH=${arch}" "-DDOWNLOAD_RUBY=OFF" ] diff --git a/pkgs/games/dwarf-fortress/wrapper/dfhack.in b/pkgs/games/dwarf-fortress/wrapper/dfhack.in index 4cf884ebed2..026b33ab87b 100644 --- a/pkgs/games/dwarf-fortress/wrapper/dfhack.in +++ b/pkgs/games/dwarf-fortress/wrapper/dfhack.in @@ -7,5 +7,5 @@ for i in dfhack.init-example dfhack-config/default hack/* stonesense/*; do done cd "$DF_DIR" -LD_LIBRARY_PATH="$env_dir/hack/libs:$env_dir/hack:$LD_LIBRARY_PATH" \ +LD_LIBRARY_PATH="$env_dir/hack/libs:$env_dir/hack${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" \ LD_PRELOAD="$env_dir/hack/libdfhack.so:$LD_PRELOAD" exec $env_dir/libs/Dwarf_Fortress "$@" diff --git a/pkgs/games/steam/chrootenv.nix b/pkgs/games/steam/chrootenv.nix index 9229f4fbc93..4245704575c 100644 --- a/pkgs/games/steam/chrootenv.nix +++ b/pkgs/games/steam/chrootenv.nix @@ -53,7 +53,7 @@ let echo "$runtime_paths" exit 0 fi - export LD_LIBRARY_PATH="$runtime_paths:$LD_LIBRARY_PATH" + export LD_LIBRARY_PATH="$runtime_paths''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" exec "$@" ''; @@ -260,7 +260,7 @@ in buildFHSUserEnv rec { exit 1 fi shift - ${lib.optionalString (!nativeOnly) "export LD_LIBRARY_PATH=/lib32:/lib64:${lib.concatStringsSep ":" ldPath}:$LD_LIBRARY_PATH"} + ${lib.optionalString (!nativeOnly) "export LD_LIBRARY_PATH=/lib32:/lib64:${lib.concatStringsSep ":" ldPath}\${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH"} exec -- "$run" "$@" ''; }; diff --git a/pkgs/os-specific/linux/ati-drivers/builder.sh b/pkgs/os-specific/linux/ati-drivers/builder.sh index 09d218e8745..a9e5aaef397 100644 --- a/pkgs/os-specific/linux/ati-drivers/builder.sh +++ b/pkgs/os-specific/linux/ati-drivers/builder.sh @@ -285,7 +285,7 @@ if test -z "$libsOnly"; then for prog in $BIN/*; do cp -f $prog $out/bin && patchelf --set-interpreter $(echo $glibcDir/lib/ld-linux*.so.2) $out/bin/$(basename $prog) && - wrapProgram $out/bin/$(basename $prog) --prefix LD_LIBRARY_PATH : $out/lib/:$gcc/lib/:$out/share/ati/:$libXinerama/lib/:$libXrandr/lib/:$libfontconfig/lib/:$libfreetype/lib/:$LD_LIBRARY_PATH + wrapProgram $out/bin/$(basename $prog) --prefix LD_LIBRARY_PATH : $out/lib/:$gcc/lib/:$out/share/ati/:$libXinerama/lib/:$libXrandr/lib/:$libfontconfig/lib/:$libfreetype/lib/${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH done } diff --git a/pkgs/os-specific/linux/tiscamera/default.nix b/pkgs/os-specific/linux/tiscamera/default.nix index dfcf4c9937b..387a3bcf2c6 100644 --- a/pkgs/os-specific/linux/tiscamera/default.nix +++ b/pkgs/os-specific/linux/tiscamera/default.nix @@ -84,7 +84,7 @@ stdenv.mkDerivation rec { # dependency on `libtcam` (which itself is built as part of this build). In order to allow # that, we set the dynamic linker's path to point on the build time location of the library. preBuild = '' - export LD_LIBRARY_PATH=$PWD/src:$LD_LIBRARY_PATH + export LD_LIBRARY_PATH=$PWD/src''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH ''; meta = with lib; { diff --git a/pkgs/servers/plex/default.nix b/pkgs/servers/plex/default.nix index 267bd4c2600..3d69d219780 100644 --- a/pkgs/servers/plex/default.nix +++ b/pkgs/servers/plex/default.nix @@ -97,6 +97,6 @@ buildFHSUserEnv { # Actually run Plex, prepending LD_LIBRARY_PATH with the libraries from # the Plex package. - LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$root exec "$root/Plex Media Server" + LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$root exec "$root/Plex Media Server" ''; } diff --git a/pkgs/tools/X11/libstrangle/nixos.patch b/pkgs/tools/X11/libstrangle/nixos.patch index 912bdded6da..03c8c19b54c 100644 --- a/pkgs/tools/X11/libstrangle/nixos.patch +++ b/pkgs/tools/X11/libstrangle/nixos.patch @@ -26,4 +26,4 @@ index e280e86..b2dd42b 100755 -# Execute the strangled program under a clean environment # pass through the FPS and overriden LD_PRELOAD environment variables -exec env FPS="${FPS}" LD_PRELOAD="${LD_PRELOAD}:libstrangle.so" "$@" -+FPS="${FPS}" LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:@out@/lib/libstrangle/lib64:@out@/lib/libstrangle/lib32" LD_PRELOAD="${LD_PRELOAD}:libstrangle.so" exec "$@" ++FPS="${FPS}" LD_LIBRARY_PATH="${LD_LIBRARY_PATH}${LD_LIBRARY_PATH:+:}@out@/lib/libstrangle/lib64:@out@/lib/libstrangle/lib32" LD_PRELOAD="${LD_PRELOAD}:libstrangle.so" exec "$@" diff --git a/pkgs/tools/X11/primus/default.nix b/pkgs/tools/X11/primus/default.nix index a70b619a6b4..eb8aa042e7b 100644 --- a/pkgs/tools/X11/primus/default.nix +++ b/pkgs/tools/X11/primus/default.nix @@ -27,7 +27,7 @@ let in writeScriptBin "primusrun" '' #!${runtimeShell} - export LD_LIBRARY_PATH=${ldPath}:$LD_LIBRARY_PATH + export LD_LIBRARY_PATH=${ldPath}''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH # https://bugs.launchpad.net/ubuntu/+source/bumblebee/+bug/1758243 export __GLVND_DISALLOW_PATCHING=1 exec "$@" diff --git a/pkgs/tools/filesystems/ceph/default.nix b/pkgs/tools/filesystems/ceph/default.nix index 9c770441025..34f8ff8f447 100644 --- a/pkgs/tools/filesystems/ceph/default.nix +++ b/pkgs/tools/filesystems/ceph/default.nix @@ -134,7 +134,7 @@ in rec { substituteInPlace src/common/module.c --replace "/sbin/modprobe" "modprobe" # for pybind/rgw to find internal dep - export LD_LIBRARY_PATH="$PWD/build/lib:$LD_LIBRARY_PATH" + export LD_LIBRARY_PATH="$PWD/build/lib''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" # install target needs to be in PYTHONPATH for "*.pth support" check to succeed patchShebangs src/script src/spdk src/test src/tools diff --git a/pkgs/tools/security/neopg/default.nix b/pkgs/tools/security/neopg/default.nix index 5e26bcf6759..c58772346ee 100644 --- a/pkgs/tools/security/neopg/default.nix +++ b/pkgs/tools/security/neopg/default.nix @@ -31,7 +31,7 @@ stdenv.mkDerivation rec { dontUseCmakeBuildDir = true; preCheck = '' - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$(pwd)/3rdparty/googletest/googletest:$(pwd)/neopg + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$(pwd)/3rdparty/googletest/googletest:$(pwd)/neopg ''; meta = with stdenv.lib; { diff --git a/pkgs/tools/text/opencc/default.nix b/pkgs/tools/text/opencc/default.nix index a2a02049d26..01b16908fb7 100644 --- a/pkgs/tools/text/opencc/default.nix +++ b/pkgs/tools/text/opencc/default.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation { makeFlags = [ # let intermediate tools find intermediate library - "LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$(CURDIR)/src" + "LD_LIBRARY_PATH=$LD_LIBRARY_PATH\${LD_LIBRARY_PATH:+:}$(CURDIR)/src" ]; # Parallel building occasionaly fails with: Error copying file "/tmp/nix-build-opencc-1.0.5.drv-0/OpenCC-ver.1.0.5/build/src/libopencc.so.1.0.0" to "/tmp/nix-build-opencc-1.0.5.drv-0/OpenCC-ver.1.0.5/build/src/tools". |