treewide: Fix unsafe concatenation of $LD_LIBRARY_PATH

lol

Naive concatenation of $LD_LIBRARY_PATH can result in an empty
colon-delimited segment; this tells glibc to load libraries from the
current directory, which is definitely wrong, and may be a security
vulnerability if the current directory is untrusted. (See #67234, for
example.) Fix this throughout the tree.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>

authored by

Anders Kaseorg and committed by

Frederik Rietdijk 6 years ago 3cd8ce3b 2e5051e2

+55 -55

48 changed files

expand all

unified split

pkgs

applications

graphics

paraview

default.nix

misc

audio

soxr

default.nix

networking

mailreaders

claws-mail

default.nix

office

gnucash

default.nix

science

math

sage

sage-env.nix

video

avidemux

default.nix

build-support

build-fhs-userenv

env.nix

desktops

deepin

dde-file-manager

default.nix

enlightenment

efl.nix

development

compilers

halide

default.nix

llvm

llvm.nix

mlton

20130715.nix

solc

default.nix

guile-modules

guile-lib

default.nix

interpreters

pure

default.nix

libraries

boxfort

default.nix

caf

default.nix

criterion

default.nix

cutelyst

default.nix

exiv2

default.nix

glib

default.nix

grpc

default.nix

jsoncpp

default.nix

libtins

default.nix

orcania

default.nix

qt-4.x

4.8

default.nix

qt-5

modules

qtbase.nix

science

math

arpack

default.nix

scalapack

default.nix

yder

default.nix

pharo

build-vm.nix

python-modules

pytorch

default.nix

games

dwarf-fortress

dfhack

default.nix

wrapper

dfhack.in

steam

chrootenv.nix

os-specific

linux

ati-drivers

builder.sh

tiscamera

default.nix

servers

plex

default.nix

tools

X11

libstrangle

nixos.patch

primus

default.nix

filesystems

ceph

default.nix

security

neopg

default.nix

text

opencc

default.nix

+1 -1

pkgs/applications/graphics/paraview/default.nix

··· 30 30 # libraries. These reside in build/lib, and are not found by 31 31 # default. 32 32 preBuild = '' 33 - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib:$PWD/VTK/ThirdParty/vtkm/vtk-m/lib 33 + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib:$PWD/VTK/ThirdParty/vtkm/vtk-m/lib 34 34 ''; 35 35 36 36 enableParallelBuilding = true;

+2 -2

pkgs/applications/misc/audio/soxr/default.nix

··· 11 11 outputs = [ "out" "doc" ]; # headers are just two and very small 12 12 13 13 preConfigure = if stdenv.isDarwin then '' 14 - export DYLD_LIBRARY_PATH="$DYLD_LIBRARY_PATH:"`pwd`/build/src 14 + export DYLD_LIBRARY_PATH="$DYLD_LIBRARY_PATH''${DYLD_LIBRARY_PATH:+:}"`pwd`/build/src 15 15 '' else '' 16 - export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:"`pwd`/build/src 16 + export LD_LIBRARY_PATH="$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}"`pwd`/build/src 17 17 ''; 18 18 19 19 nativeBuildInputs = [ cmake ];

+1 -1

pkgs/applications/networking/mailreaders/claws-mail/default.nix

··· 43 43 44 44 preConfigure = '' 45 45 # autotools check tries to dlopen libpython as a requirement for the python plugin 46 - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${python}/lib 46 + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}${python}/lib 47 47 ''; 48 48 49 49 postPatch = ''

+1 -1

pkgs/applications/office/gnucash/default.nix

··· 79 79 # 80 - test-gnc-module-scm-module (Failed) 80 80 # 81 - test-gnc-module-scm-multi (Failed) 81 81 preCheck = '' 82 - export LD_LIBRARY_PATH=$PWD/lib:$PWD/lib/gnucash:$PWD/lib/gnucash/test:$LD_LIBRARY_PATH 82 + export LD_LIBRARY_PATH=$PWD/lib:$PWD/lib/gnucash:$PWD/lib/gnucash/test''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH 83 83 export NIX_CFLAGS_LINK="-lgtest -lgtest_main" 84 84 ''; 85 85 doCheck = false;

+1 -1

pkgs/applications/science/math/sage/sage-env.nix

··· 177 177 export SAGE_EXTCODE='${sagelib.src}/src/ext' 178 178 179 179 # for find_library 180 - export DYLD_LIBRARY_PATH="${lib.makeLibraryPath [stdenv.cc.libc singular]}:$DYLD_LIBRARY_PATH" 180 + export DYLD_LIBRARY_PATH="${lib.makeLibraryPath [stdenv.cc.libc singular]}''${DYLD_LIBRARY_PATH:+:}$DYLD_LIBRARY_PATH" 181 181 ''; 182 182 } // { 183 183 lib = sagelib; # equivalent of `passthru`, which `writeTextFile` doesn't support

+1 -1

pkgs/applications/video/avidemux/default.nix

··· 66 66 cd "$sourceRoot" 67 67 patchPhase 68 68 69 - export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${libXext}/lib" 69 + export LD_LIBRARY_PATH="$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}${libXext}/lib" 70 70 ${stdenv.shell} bootStrap.bash \ 71 71 --with-core \ 72 72 ${if withQT then "--with-qt" else "--without-qt"} \

+1 -1

pkgs/build-support/build-fhs-userenv/env.nix

··· 52 52 etcProfile = writeText "profile" '' 53 53 export PS1='${name}-chrootenv:\u@\h:\w\$ ' 54 54 export LOCALE_ARCHIVE='/usr/lib/locale/locale-archive' 55 - export LD_LIBRARY_PATH="/run/opengl-driver/lib:/run/opengl-driver-32/lib:/usr/lib:/usr/lib32:$LD_LIBRARY_PATH" 55 + export LD_LIBRARY_PATH="/run/opengl-driver/lib:/run/opengl-driver-32/lib:/usr/lib:/usr/lib32''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" 56 56 export PATH="/run/wrappers/bin:/usr/bin:/usr/sbin:$PATH" 57 57 export TZDIR='/etc/zoneinfo' 58 58

+2 -2

pkgs/desktops/deepin/dde-file-manager/default.nix

··· 228 228 ]; 229 229 230 230 preBuild = '' 231 - export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${zlib}/lib"; 232 - export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${libX11}/lib"; 231 + export LD_LIBRARY_PATH="$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}${zlib}/lib"; 232 + export LD_LIBRARY_PATH="$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}${libX11}/lib"; 233 233 ''; 234 234 235 235 dontWrapQtApps = true;

+1 -1

pkgs/desktops/enlightenment/efl.nix

··· 123 123 124 124 preConfigure = '' 125 125 # allow ecore_con to find libcurl.so, which is a runtime dependency (it is dlopened) 126 - export LD_LIBRARY_PATH="${curl.out}/lib:$LD_LIBRARY_PATH" 126 + export LD_LIBRARY_PATH="${curl.out}/lib''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" 127 127 128 128 source "$setupHook" 129 129 '';

+1 -1

pkgs/development/compilers/halide/default.nix

··· 29 29 # To handle the lack of 'local' RPATH; required, as they call one of 30 30 # their built binaries requiring their libs, in the build process. 31 31 preBuild = '' 32 - export LD_LIBRARY_PATH="$(pwd)/lib:$LD_LIBRARY_PATH" 32 + export LD_LIBRARY_PATH="$(pwd)/lib''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" 33 33 ''; 34 34 35 35 enableParallelBuilding = true;

+1 -1

pkgs/development/compilers/llvm/4/llvm.nix

··· 143 143 ''; 144 144 145 145 preCheck = '' 146 - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib 146 + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib 147 147 ''; 148 148 149 149 postInstall = stdenv.lib.optionalString enableSharedLibraries ''

+1 -1

pkgs/development/compilers/llvm/5/llvm.nix

··· 119 119 ''; 120 120 121 121 preCheck = '' 122 - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib 122 + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib 123 123 ''; 124 124 125 125 postInstall = ''

+1 -1

pkgs/development/compilers/llvm/6/llvm.nix

··· 120 120 ''; 121 121 122 122 preCheck = '' 123 - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib 123 + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib 124 124 ''; 125 125 126 126 postInstall = ''

+1 -1

pkgs/development/compilers/llvm/7/llvm.nix

··· 141 141 ''; 142 142 143 143 preCheck = '' 144 - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib 144 + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib 145 145 ''; 146 146 147 147 postInstall = ''

+1 -1

pkgs/development/compilers/llvm/8/llvm.nix

··· 117 117 ''; 118 118 119 119 preCheck = '' 120 - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib 120 + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib 121 121 ''; 122 122 123 123 postInstall = ''

+1 -1

pkgs/development/compilers/llvm/9/llvm.nix

··· 134 134 ''; 135 135 136 136 preCheck = '' 137 - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib 137 + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib 138 138 ''; 139 139 140 140 postInstall = ''

+1 -1

pkgs/development/compilers/mlton/20130715.nix

··· 77 77 chmod u+x $(pwd)/../${usr_prefix}/bin/mlton 78 78 79 79 # So the builder runs the binary compiler with gmp. 80 - export LD_LIBRARY_PATH=${gmp.out}/lib:$LD_LIBRARY_PATH 80 + export LD_LIBRARY_PATH=${gmp.out}/lib''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH 81 81 82 82 '' + stdenv.lib.optionalString stdenv.isLinux '' 83 83 # Patch ELF interpreter.

+1 -1

pkgs/development/compilers/solc/default.nix

··· 49 49 checkPhase = '' 50 50 while IFS= read -r -d ''' dir 51 51 do 52 - LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$(pwd)/$dir 52 + LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$(pwd)/$dir 53 53 export LD_LIBRARY_PATH 54 54 done < <(find . -type d -print0) 55 55

+1 -1

pkgs/development/guile-modules/guile-lib/default.nix

··· 21 21 preCheck = '' 22 22 # Make `libgcc_s.so' visible for `pthread_cancel'. 23 23 export LD_LIBRARY_PATH=\ 24 - "$(dirname $(echo ${stdenv.cc.cc.lib}/lib*/libgcc_s.so)):$LD_LIBRARY_PATH" 24 + "$(dirname $(echo ${stdenv.cc.cc.lib}/lib*/libgcc_s.so))''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" 25 25 ''; 26 26 27 27 meta = with stdenv.lib; {

+1 -1

pkgs/development/interpreters/pure/default.nix

··· 24 24 configureFlags = [ "--enable-release" ]; 25 25 doCheck = true; 26 26 checkPhase = '' 27 - LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${llvm}/lib make check 27 + LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}${llvm}/lib make check 28 28 ''; 29 29 postInstall = '' 30 30 wrapProgram $out/bin/pure --prefix LD_LIBRARY_PATH : ${llvm}/lib

+1 -1

pkgs/development/libraries/boxfort/default.nix

··· 29 29 30 30 doCheck = true; 31 31 preCheck = '' 32 - export LD_LIBRARY_PATH=`pwd`:$LD_LIBRARY_PATH 32 + export LD_LIBRARY_PATH=`pwd`''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH 33 33 ''; 34 34 35 35 outputs = [ "dev" "out" ];

+2 -2

pkgs/development/libraries/caf/default.nix

··· 22 22 doCheck = true; 23 23 checkTarget = "test"; 24 24 preCheck = '' 25 - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib 26 - export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:$PWD/lib 25 + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib 26 + export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH''${DYLD_LIBRARY_PATH:+:}$PWD/lib 27 27 ''; 28 28 29 29 meta = with stdenv.lib; {

+1 -1

pkgs/development/libraries/criterion/default.nix

··· 30 30 cmakeFlags = [ "-DCTESTS=ON" ]; 31 31 doCheck = true; 32 32 preCheck = '' 33 - export LD_LIBRARY_PATH=`pwd`:$LD_LIBRARY_PATH 33 + export LD_LIBRARY_PATH=`pwd`''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH 34 34 ''; 35 35 checkTarget = "criterion_tests test"; 36 36

+1 -1

pkgs/development/libraries/cutelyst/default.nix

··· 24 24 ]; 25 25 26 26 preBuild = '' 27 - export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:`pwd`/Cutelyst:`pwd`/EventLoopEPoll" 27 + export LD_LIBRARY_PATH="$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}`pwd`/Cutelyst:`pwd`/EventLoopEPoll" 28 28 ''; 29 29 30 30 postBuild = ''

+1 -1

pkgs/development/libraries/exiv2/default.nix

··· 69 69 ''} 70 70 71 71 ${stdenv.lib.optionalString stdenv.isDarwin '' 72 - export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:`pwd`/lib 72 + export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH''${DYLD_LIBRARY_PATH:+:}`pwd`/lib 73 73 # Removing tests depending on charset conversion 74 74 substituteInPlace ../test/Makefile --replace "conversions.sh" "" 75 75 rm -f ../tests/bugfixes/redmine/test_issue_460.py

+1 -1

pkgs/development/libraries/glib/default.nix

··· 160 160 checkInputs = [ tzdata libxml2 desktop-file-utils shared-mime-info ]; 161 161 162 162 preCheck = optionalString doCheck '' 163 - export LD_LIBRARY_PATH="$NIX_BUILD_TOP/${pname}-${version}/glib/.libs:$LD_LIBRARY_PATH" 163 + export LD_LIBRARY_PATH="$NIX_BUILD_TOP/${pname}-${version}/glib/.libs''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" 164 164 export TZDIR="${tzdata}/share/zoneinfo" 165 165 export XDG_CACHE_HOME="$TMP" 166 166 export XDG_RUNTIME_HOME="$TMP"

+1 -1

pkgs/development/libraries/grpc/default.nix

··· 38 38 ''; 39 39 40 40 preBuild = '' 41 - export LD_LIBRARY_PATH=$(pwd):$LD_LIBRARY_PATH 41 + export LD_LIBRARY_PATH=$(pwd)''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH 42 42 ''; 43 43 44 44 NIX_CFLAGS_COMPILE = stdenv.lib.optionalString stdenv.cc.isClang "-Wno-error=unknown-warning-option";

+2 -2

pkgs/development/libraries/jsoncpp/default.nix

··· 23 23 # Hack to be able to run the test, broken because we use 24 24 # CMAKE_SKIP_BUILD_RPATH to avoid cmake resetting rpath on install 25 25 preBuild = if stdenv.isDarwin then '' 26 - export DYLD_LIBRARY_PATH="`pwd`/src/lib_json:$DYLD_LIBRARY_PATH" 26 + export DYLD_LIBRARY_PATH="`pwd`/src/lib_json''${DYLD_LIBRARY_PATH:+:}$DYLD_LIBRARY_PATH" 27 27 '' else '' 28 - export LD_LIBRARY_PATH="`pwd`/src/lib_json:$LD_LIBRARY_PATH" 28 + export LD_LIBRARY_PATH="`pwd`/src/lib_json''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" 29 29 ''; 30 30 31 31 nativeBuildInputs = [ cmake python ];

+2 -2

pkgs/development/libraries/libtins/default.nix

··· 32 32 enableParallelBuilding = true; 33 33 doCheck = true; 34 34 preCheck = '' 35 - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD${placeholder "out"}/lib 36 - export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:$PWD${placeholder "out"}/lib 35 + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD${placeholder "out"}/lib 36 + export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH''${DYLD_LIBRARY_PATH:+:}$PWD${placeholder "out"}/lib 37 37 ''; 38 38 checkTarget = "tests test"; 39 39

+1 -1

pkgs/development/libraries/orcania/default.nix

··· 19 19 doCheck = true; 20 20 21 21 preCheck = '' 22 - export LD_LIBRARY_PATH="$(pwd):$LD_LIBRARY_PATH" 22 + export LD_LIBRARY_PATH="$(pwd)''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" 23 23 export DYLD_FALLBACK_LIBRARY_PATH="$(pwd):$DYLD_FALLBACK_LIBRARY_PATH" 24 24 ''; 25 25

+1 -1

pkgs/development/libraries/qt-4.x/4.8/default.nix

··· 125 125 ]; 126 126 127 127 preConfigure = '' 128 - export LD_LIBRARY_PATH="`pwd`/lib:$LD_LIBRARY_PATH" 128 + export LD_LIBRARY_PATH="`pwd`/lib''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" 129 129 configureFlags+=" 130 130 -docdir $out/share/doc/${name} 131 131 -plugindir $out/lib/qt4/plugins

+1 -1

pkgs/development/libraries/qt-5/modules/qtbase.nix

··· 164 164 165 165 setOutputFlags = false; 166 166 preConfigure = '' 167 - export LD_LIBRARY_PATH="$PWD/lib:$PWD/plugins/platforms:$LD_LIBRARY_PATH" 167 + export LD_LIBRARY_PATH="$PWD/lib:$PWD/plugins/platforms''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" 168 168 ${lib.optionalString (compareVersion "5.9.0" < 0) '' 169 169 # We need to set LD to CXX or otherwise we get nasty compile errors 170 170 export LD=$CXX

+2 -2

pkgs/development/libraries/science/math/arpack/default.nix

··· 30 30 ]; 31 31 32 32 preCheck = if stdenv.isDarwin then '' 33 - export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:`pwd`/lib 33 + export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH''${DYLD_LIBRARY_PATH:+:}`pwd`/lib 34 34 '' else '' 35 - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:`pwd`/lib 35 + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}`pwd`/lib 36 36 '' + '' 37 37 # Prevent tests from using all cores 38 38 export OMP_NUM_THREADS=2

+1 -1

pkgs/development/libraries/science/math/scalapack/default.nix

··· 40 40 # Run single threaded 41 41 export OMP_NUM_THREADS=1 42 42 43 - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:`pwd`/lib 43 + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}`pwd`/lib 44 44 ''; 45 45 46 46 meta = with stdenv.lib; {

+1 -1

pkgs/development/libraries/yder/default.nix

··· 32 32 doCheck = true; 33 33 34 34 preCheck = '' 35 - export LD_LIBRARY_PATH="$(pwd):$LD_LIBRARY_PATH" 35 + export LD_LIBRARY_PATH="$(pwd)''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" 36 36 export DYLD_FALLBACK_LIBRARY_PATH="$(pwd):$DYLD_FALLBACK_LIBRARY_PATH" 37 37 ''; 38 38

+1 -1

pkgs/development/pharo/vm/build-vm.nix

··· 117 117 cat > "$out/bin/${cmd}" <<EOF 118 118 #!${runtimeShell} 119 119 set -f 120 - LD_LIBRARY_PATH="\$LD_LIBRARY_PATH:$libs" exec $out/pharo "\$@" 120 + LD_LIBRARY_PATH="\$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$libs" exec $out/pharo "\$@" 121 121 EOF 122 122 chmod +x "$out/bin/${cmd}" 123 123 ln -s ${libgit2}/lib/libgit2.so* "$out/"

+1 -1

pkgs/development/python-modules/pytorch/default.nix

··· 105 105 path = "${cudatoolkit}/lib/stubs/libcuda.so"; 106 106 }]; 107 107 cudaStubEnv = lib.optionalString cudaSupport 108 - "LD_LIBRARY_PATH=${cudaStub}\${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH} "; 108 + "LD_LIBRARY_PATH=${cudaStub}\${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH "; 109 109 110 110 in buildPythonPackage rec { 111 111 version = "1.2.0";

+1 -1

pkgs/games/dwarf-fortress/dfhack/default.nix

··· 109 109 ''; 110 110 111 111 preBuild = '' 112 - export LD_LIBRARY_PATH="$PWD/depends/protobuf:$LD_LIBRARY_PATH" 112 + export LD_LIBRARY_PATH="$PWD/depends/protobuf''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" 113 113 ''; 114 114 115 115 cmakeFlags = [ "-DDFHACK_BUILD_ARCH=${arch}" "-DDOWNLOAD_RUBY=OFF" ]

+1 -1

pkgs/games/dwarf-fortress/wrapper/dfhack.in

··· 7 7 done 8 8 9 9 cd "$DF_DIR" 10 - LD_LIBRARY_PATH="$env_dir/hack/libs:$env_dir/hack:$LD_LIBRARY_PATH" \ 10 + LD_LIBRARY_PATH="$env_dir/hack/libs:$env_dir/hack${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" \ 11 11 LD_PRELOAD="$env_dir/hack/libdfhack.so:$LD_PRELOAD" exec $env_dir/libs/Dwarf_Fortress "$@"

+2 -2

pkgs/games/steam/chrootenv.nix

··· 53 53 echo "$runtime_paths" 54 54 exit 0 55 55 fi 56 - export LD_LIBRARY_PATH="$runtime_paths:$LD_LIBRARY_PATH" 56 + export LD_LIBRARY_PATH="$runtime_paths''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" 57 57 exec "$@" 58 58 ''; 59 59 ··· 260 260 exit 1 261 261 fi 262 262 shift 263 - ${lib.optionalString (!nativeOnly) "export LD_LIBRARY_PATH=/lib32:/lib64:${lib.concatStringsSep ":" ldPath}:$LD_LIBRARY_PATH"} 263 + ${lib.optionalString (!nativeOnly) "export LD_LIBRARY_PATH=/lib32:/lib64:${lib.concatStringsSep ":" ldPath}\${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH"} 264 264 exec -- "$run" "$@" 265 265 ''; 266 266 };

+1 -1

pkgs/os-specific/linux/ati-drivers/builder.sh

··· 285 285 for prog in $BIN/*; do 286 286 cp -f $prog $out/bin && 287 287 patchelf --set-interpreter $(echo $glibcDir/lib/ld-linux*.so.2) $out/bin/$(basename $prog) && 288 - wrapProgram $out/bin/$(basename $prog) --prefix LD_LIBRARY_PATH : $out/lib/:$gcc/lib/:$out/share/ati/:$libXinerama/lib/:$libXrandr/lib/:$libfontconfig/lib/:$libfreetype/lib/:$LD_LIBRARY_PATH 288 + wrapProgram $out/bin/$(basename $prog) --prefix LD_LIBRARY_PATH : $out/lib/:$gcc/lib/:$out/share/ati/:$libXinerama/lib/:$libXrandr/lib/:$libfontconfig/lib/:$libfreetype/lib/${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH 289 289 done 290 290 } 291 291

+1 -1

pkgs/os-specific/linux/tiscamera/default.nix

··· 84 84 # dependency on `libtcam` (which itself is built as part of this build). In order to allow 85 85 # that, we set the dynamic linker's path to point on the build time location of the library. 86 86 preBuild = '' 87 - export LD_LIBRARY_PATH=$PWD/src:$LD_LIBRARY_PATH 87 + export LD_LIBRARY_PATH=$PWD/src''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH 88 88 ''; 89 89 90 90 meta = with lib; {

+1 -1

pkgs/servers/plex/default.nix

··· 97 97 98 98 # Actually run Plex, prepending LD_LIBRARY_PATH with the libraries from 99 99 # the Plex package. 100 - LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$root exec "$root/Plex Media Server" 100 + LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$root exec "$root/Plex Media Server" 101 101 ''; 102 102 }

+1 -1

pkgs/tools/X11/libstrangle/nixos.patch

··· 26 26 -# Execute the strangled program under a clean environment 27 27 # pass through the FPS and overriden LD_PRELOAD environment variables 28 28 -exec env FPS="${FPS}" LD_PRELOAD="${LD_PRELOAD}:libstrangle.so" "$@" 29 - +FPS="${FPS}" LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:@out@/lib/libstrangle/lib64:@out@/lib/libstrangle/lib32" LD_PRELOAD="${LD_PRELOAD}:libstrangle.so" exec "$@" 29 + +FPS="${FPS}" LD_LIBRARY_PATH="${LD_LIBRARY_PATH}${LD_LIBRARY_PATH:+:}@out@/lib/libstrangle/lib64:@out@/lib/libstrangle/lib32" LD_PRELOAD="${LD_PRELOAD}:libstrangle.so" exec "$@"

+1 -1

pkgs/tools/X11/primus/default.nix

··· 27 27 28 28 in writeScriptBin "primusrun" '' 29 29 #!${runtimeShell} 30 - export LD_LIBRARY_PATH=${ldPath}:$LD_LIBRARY_PATH 30 + export LD_LIBRARY_PATH=${ldPath}''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH 31 31 # https://bugs.launchpad.net/ubuntu/+source/bumblebee/+bug/1758243 32 32 export __GLVND_DISALLOW_PATCHING=1 33 33 exec "$@"

+1 -1

pkgs/tools/filesystems/ceph/default.nix

··· 134 134 substituteInPlace src/common/module.c --replace "/sbin/modprobe" "modprobe" 135 135 136 136 # for pybind/rgw to find internal dep 137 - export LD_LIBRARY_PATH="$PWD/build/lib:$LD_LIBRARY_PATH" 137 + export LD_LIBRARY_PATH="$PWD/build/lib''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" 138 138 # install target needs to be in PYTHONPATH for "*.pth support" check to succeed 139 139 140 140 patchShebangs src/script src/spdk src/test src/tools

+1 -1

pkgs/tools/security/neopg/default.nix

··· 31 31 dontUseCmakeBuildDir = true; 32 32 33 33 preCheck = '' 34 - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$(pwd)/3rdparty/googletest/googletest:$(pwd)/neopg 34 + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$(pwd)/3rdparty/googletest/googletest:$(pwd)/neopg 35 35 ''; 36 36 37 37 meta = with stdenv.lib; {

+1 -1

pkgs/tools/text/opencc/default.nix

··· 11 11 12 12 makeFlags = [ 13 13 # let intermediate tools find intermediate library 14 - "LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$(CURDIR)/src" 14 + "LD_LIBRARY_PATH=$LD_LIBRARY_PATH\${LD_LIBRARY_PATH:+:}$(CURDIR)/src" 15 15 ]; 16 16 17 17 # Parallel building occasionaly fails with: Error copying file "/tmp/nix-build-opencc-1.0.5.drv-0/OpenCC-ver.1.0.5/build/src/libopencc.so.1.0.0" to "/tmp/nix-build-opencc-1.0.5.drv-0/OpenCC-ver.1.0.5/build/src/tools".