Run unpatched dynamic binaries on NixOS

Overview

nix-ld-rs

Run unpatched dynamic binaries on NixOS. This is a rewrite of nix-ld in Rust, with extra functionalities. It's intended to be upstreamed at some point.

Usage

nix-ld-rs is a drop-in replacement for nix-ld.

It honors the following environment variables:

  • NIX_LD
  • NIX_LD_{system}
  • NIX_LD_LIBRARY_PATH
  • NIX_LD_LIBRARY_PATH_{system}
  • NIX_LD_LOG (error, warn, info, debug, trace)

Here {system} is the value of the Nix system with dashes replaced with underscores, like x86_64_linux. You can also run nix-ld-rs directly for a list.

Extra functionalities

  • NIX_LD_LIBRARY_PATH doesn't affect child processes (on x86_64-linux and aarch64-linux)
    • For example, shell environments spawned by the binary VSCode Server no longer get polluted

Development

The included devShell provides all dependencies required to build the project. It's recommended to set up transparent emulation using binfmt-misc so you can run tests on all supported platforms:

{
  # x86_64-linux, i686-linux, aarch64-linux
  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
}

Run cargo test or cargo nextest run to run the integration tests, and just test to run them on all supported platforms (binfmt required).

Current behavior

Launch Seen by ld.so Seen by getenv() and children (a)
NIX_LD_LIBRARY_PATH LD_LIBRARY_PATH NIX_LD_LIBRARY_PATH LD_LIBRARY_PATH NIX_LD_LIBRARY_PATH LD_LIBRARY_PATH
1 (unset) (unset) (unset) "/run/current-system/sw/share/nix-ld/lib" (unset) "" (b)
2 (unset) "/some/lib" (unset) "/some/lib:/run/current-system/sw/share/nix-ld/lib" (unset) "/some/lib"
3 "/some/nix/ld/lib" (unset) (unset) "/some/nix/ld/lib" "/some/nix/ld/lib" (unset)
4 "/some/nix/ld/lib" "/some/lib" "/some/nix/ld/lib" "/some/lib:/some/nix/ld/lib" "/some/nix/ld/lib" "/some/lib"

(a) On X86-64 and AArch64 only (see src/arch.rs). On other platforms, the "Seen by ld.so" state will persist.
(b) The variable will be present but set to an empty string.

You might also like...
Inspect dynamic dependencies of Mach-O binaries recursively

dylibtree dylibtree is a tool for inspecting the dynamic dependencies of a Mach-O binary recursively. It can be useful to understand what library load

GaiaX dynamic template engine is a lightweight cross-platform solution for pure native dynamic card.
GaiaX dynamic template engine is a lightweight cross-platform solution for pure native dynamic card.

GaiaX dynamic template engine is a lightweight cross-platform solution for pure native dynamic card, developed by Alibaba YouKu technology team GaiaX

age-encrypted secrets for NixOS; drop-in replacement for agenix

ragenix ragenix provides age-encrypted secrets for NixOS systems which live in the Nix store and are decrypted on system activation. Using ragenix to

Make any NixOS system netbootable with 10s cycle times.

nix-netboot-serve Dynamically generate netboot images for arbitrary NixOS system closures, profiles, or configurations with 10s iteration times. Usage

A libadwaita/gtk4 app for editing NixOS configurations
A libadwaita/gtk4 app for editing NixOS configurations

NixOS Configuration Editor A simple NixOS configuration editor application built with libadwaita, GTK4, and Relm4. The goal of this project is to prov

WIP GUI for NixOS documentation + configuration
WIP GUI for NixOS documentation + configuration

nixos-druid Highly experimental GUI for NixOS. For now I expect to frequently make large changes and break stuff whenever I'm working on this. Screens

Secure Boot for NixOS [maintainers=@blitz @raitobezarius @nikstur]

Lanzaboote: Secure Boot for NixOS This repository contains tooling for UEFI Secure Boot on NixOS. The goal is to make Secure Boot available from nixpk

Show details about outdated packages in your NixOS system.

nix-olde is a tool to show details about outdated packages in your NixOS system using https://repology.org/ database. It can use both default nixpkgs

An anyrun plugin that lets you search NixOS options.

anyrun-nixos-options An anyrun plugin that lets you search NixOS options. how 2 build? nix build ... or cargo build optionally :) Configuration This p

Microscopic fetch tool in Rust, for NixOS systems, with special emphasis on speed
Microscopic fetch tool in Rust, for NixOS systems, with special emphasis on speed

Microfetch Stupidly simple, laughably fast fetch tool. Written in Rust for speed and ease of maintainability. Runs in a fraction of a millisecond and

Unified directories for different use cases of an application, providing standard directories for local development, when run as service or when run by a user.

UniDirs Unified directories for different use cases of an application, providing standard directories for local development, when run as service or wh

like ~~grep~~ UBER, but for binaries
like ~~grep~~ UBER, but for binaries

bingrep Greps through binaries from various OSs and architectures, and colors them. Current backends: ELF 32/64, arm, x86, openrisc - all others will

Docker images for compiling static Rust binaries using musl-libc and musl-gcc, with static versions of useful C libraries. Supports openssl and diesel crates.

rust-musl-builder: Docker container for easily building static Rust binaries Source on GitHub Changelog UPDATED: Major updates in this release which m

Docker images for compiling static Rust binaries using musl-cross

rust-musl-cross Docker images for compiling static Rust binaries using musl-cross-make, inspired by rust-musl-builder Prebuilt images Currently we hav

A Github Actions based CI release template for Rust binaries
A Github Actions based CI release template for Rust binaries

Rust CI Release Template A Github Actions based CI release template. This repo serves as a live template, and reference for building your own CI power

elfshaker is a low-footprint, high-performance version control system fine-tuned for binaries.

elfshaker is a low-footprint, high-performance version control system fine-tuned for binaries.

Display linked packages for compiled rust binaries

cargo-linked Display the packages a rust binary is linked against. As cargo subcommand! Easy said: run cargo linked to find out which packages you mus

Make production Rust binaries auditable

rust-audit Know the exact crate versions used to build your Rust executable. Audit binaries for known bugs or security vulnerabilities in production,

Rust crate for embedding, manipulating and retrieving data embedded in binaries using linker sections

linkstore is a library that allows you to define global variables in your final compiled binary that can be modified post-compilation.

Owner
Nix community projects
A project incubator that works in parallel of the @NixOS org
Nix community projects
Show details about outdated packages in your NixOS system.

nix-olde is a tool to show details about outdated packages in your NixOS system using https://repology.org/ database. It can use both default <nixpkgs

Sergei Trofimovich 14 Jan 24, 2023
Unified directories for different use cases of an application, providing standard directories for local development, when run as service or when run by a user.

UniDirs Unified directories for different use cases of an application, providing standard directories for local development, when run as service or wh

Dominik Nakamura 3 Sep 30, 2022
A Substrate-based PoA node supporting dynamic addition/removal of authorities.

Substrate PoA A sample Substrate runtime for a PoA blockchain that allows: Dynamically add/remove authorities. Automatically remove authorities when t

Gautam Dhameja 10 Jun 16, 2022
A mdbook preprocessor that allows the re-usability of template files with dynamic arguments

mdbook-template A mdbook preprocessor that allows the re-usability of template files with dynamic arguments Table of Contents Author Notes Installatio

Hamothy 7 Dec 22, 2022
This is a template to build secret contracts in Rust to run in Secret Network

Secret Contracts Starter Pack This is a template to build secret contracts in Rust to run in Secret Network. To understand the framework better, pleas

Ethan Gallucci 1 Jan 8, 2022
A template to build smart contracts in Rust to run inside a Cosmos SDK module on all chains that enable it.

CosmWasm Starter Pack This is a template to build smart contracts in Rust to run inside a Cosmos SDK module on all chains that enable it. To understan

null 1 Mar 7, 2022
Smart Contract built in Rust to run inside Cosmos SDK module on all chains that enable it

CoinSwap is a Smart Contract that is built on the terra blockchain and can be used to swap cryptocurrencies such as LUNA, UST, TerraUSD, Anchor, Mirror Protocol, LUNI and other CW20 tokens. The Project also contains a smart contract which works as a analysis tool for the gas fees on the Terra Blockchain.

Prajjwal Chittori 9 Oct 11, 2022
run commands when a file is modified or upon receiving TCP/UDP packets

Witness Command line utility which lets you execute arbitrary commands in response to: File changes UDP packets and TCP connections Installation Using

Christofer Nolander 3 May 23, 2022
An experimental fork of a16z's Helios Ethereum client which can run its network traffic over the Nym mixnet

Helios (Nym mixnet fork) Helios is a fully trustless, efficient, and portable Ethereum light client written in Rust. This fork of Helios includes nasc

Nym 4 Mar 3, 2023
⚙️ A curated list of dynamic analysis tools for all programming languages, binaries, and more.

This repository lists dynamic analysis tools for all programming languages, build tools, config files and more. The official website, analysis-tools.d

Analysis Tools 650 Jan 4, 2023