DLL hell in NixOS


Disclaimer: the example is synthetic in order to make it short (so please do not advise how to work around, it is both obvious (as on any non-NixOS) and useless)

I want to support curl --sslv2 to connect some legacy devices.
So I write an overlay:

nixpkgs.overlays = [
  (self: super: {
    curl = super.curl.override {
      openssl = self.openssl.override { enableSSL2 = true; };

Then curl will be linked against its own openssl which does support SSL2.
And so libcurl too.

The programs witch use both libcurl and openssl-not-via-libcurl will be linked against two openssls.
Which have different paths in nix store but the same names of .so files
Pathes of both openssl are concatenated in rpath then only one of the openssl libraries will be loaded (and it is difficult to predict which one, with enableSSL2 = true or enableSSL2 = false).

This latest manifestation of DLL hell could be addressed by adding hashes to the names of .so (like in Rust libraries), but it might bring more problems than solve.

So I just left it here to keep track of the problem arised from using “hash only in the path and not in the name” together with Linux concept of “rpath”.
Perhaps someone has a better generic solution than to add hashes to the .so names.


I don’t think fixing RPATHs is really enough, but it might solve some cases. The thing is that standard dynamic loader (on glibc platforms at least) normally puts all C symbols into a single namespace, so you still can’t directly get two versions of the same library in a single process.


That doesn’t mean the problem is unsolvable, and we already have the need for this for libGL, for example, due to impure composition. Those issues happen even on NixOS, though not as often as on non-NixOS.


This is actually solved for Nixpkgs on Darwin but not on Linux! There is an issue to use full paths instead of rpaths but i can’t find it anywhere. I think it was abandoned when we realized there was a huge startup cost in linux to do this. Maybe Linux has improved this recently though? Can’t find the issue but I would bet someone has it…


You mean some other than that issue+PR I linked above? (in my first post)


Oops missed that but yeah that was what I was looking for.