A small ode to linkers

  # This is a story of a war. A war so fierce and fiery, so pointless and dumb,
  # that sides forgotten out of spite why they are even fighting.
  # (okay they probably didn't)
  # Pinning side wants to link the world and every binary within directly with
  # its dependencies, so there could never ever be a single environment where
  # incorrect behavior happens. Each binary knows the exact path to each shared
  # library it's using, dlopens are patched, pre-built binaries are patchelf-ed
  # and everything is pure and is under control.
  # Dynamic linking side wants to use binaries as they are, without the need to
  # pin everything you've downloaded — thus introducing default linker —
  # impurity and a way to get binaries to behave inpredictably in otherwise
  # pristine system. You get to update your openssl without rebuilding anything
  # — reminding us of older, barbaric times you've had `/usr/lib`.
  # Nix involves you in this war on the purist pinning side by default, leaving
  # you no obvious choice. After all, it was created for this cause.
  # You can have both! Nix-ld shims in, and provides a usable ld binary, thus
  # enabling dynamically linked programs from the Old World to operate on NixOS.
  # Of course, you lose purity in libraries in any program you've downloaded
  # from the internet without patching — but you've made your choice after
  # clicking it's link. After all, we already did that to cacerts.

  programs.nix-ld.enable = true;
  environment.variables = {
    NIX_LD = pkgs.stdenv.cc.bintools.dynamicLinker;


So - this means building all binaries yourself right? And how does the linker know what libraries to use?

No, this only makes it so when an application has /lib/ld-linux.so as its interpreter it doesn’t fail on NixOS. All packages in nixpkgs still work as normal, and are just as reproducible as they always are.

The downside is that you don’t know when they aren’t, and when you accidentally use something from your system, so now there’s a pretty good chance when you work on something someone else using NixOS won’t be able to build it. It’s a trade off, and it can be worthwhile.

The project lives here if you’re curious about the details: GitHub - Mic92/nix-ld: Run unpatched dynamic binaries on NixOS

Personally I just make sure all these binaries are properly repackaged when I run into them, or I cheat with a VM so I don’t have to poison my whole system. This might actually be a good way to still use NixOS in said VM, though I typically use ubuntu because most projects too inflexible to make work expect a 10 year old version of ubuntu.

1 Like
Hosted by Flying Circus.