As an optimization, it provides transparent binary deployment -- if a package that has been built from the same inputs exists elsewhere, it can be downloaded from that location instead of being built from source improving the efficiency of deployment processes.
Because Nix is a source based package manager, the documentation mainly describes how to build packages from source code. Moreover, the Nix expressions are written in such a way that they can be included in the Nixpkgs collection, a repository containing build recipes for more than 2500 packages.
Although the manual contains some basic packaging instructions, I noticed that there a few practical bits were missing. For example, how to package software privately outside the Nixpkgs tree is not clearly described, which makes experimentation a bit less convenient, in particular for newbies.
Despite being a source package manager, Nix can also be used to deploy binary software packages (i.e. software for which no source code and build scripts have been provided). Unfortunately, getting prebuilt binaries to run properly is quite tricky. Furthermore, apart from some references, there are no examples in the manual describing how to do this either.
Since I am receiving too many questions about this lately, I have decided to write a blog post about it covering two examples that should be relatively simple to repeat.
Why prebuilt binaries will typically not work
Prebuilt binaries deployed by Nix typically do not work out of the box. For example, if we want to deploy a simple binary package such as pngout (only containing a set of ELF executables) we may initially think that copying the executable into the Nix store suffices:
with import <nixpkgs> {};
stdenv.mkDerivation {
name = "pngout-20130221";
src = fetchurl {
url = http://static.jonof.id.au/dl/kenutils/pngout-20130221-linux.tar.gz;
sha256 = "1qdzmgx7si9zr7wjdj8fgf5dqmmqw4zg19ypg0pdz7521ns5xbvi";
};
installPhase = ''
mkdir -p $out/bin
cp x86_64/pngout $out/bin
'';
}
However, when we build the above package:
$ nix-build pngout.nix
and attempt to run the executable, we stumble upon the following error:
$ ./result/bin/pngout bash: ./result/bin/pngout: No such file or directory
The above error is quite strange -- the corresponding file resides in exactly the specified location yet it appears that it cannot be found!
The actual problem is not that the executable is missing, but one of its dependencies. Every ELF executable that uses shared libraries consults the dynamic linker/loader (that typically resides in /lib/ld-linux.so.2 (on x86 Linux platforms) and /lib/ld-linux-x86-64.so.2 on (x86-64 Linux platforms)) to provide the shared libraries it needs. This path is hardwired into the ELF executable, as can be observed by running:
$ readelf -l ./result/bin/pngout
Elf file type is EXEC (Executable file)
Entry point 0x401160
There are 8 program headers, starting at offset 64
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
PHDR 0x0000000000000040 0x0000000000400040 0x0000000000400040
0x00000000000001c0 0x00000000000001c0 R E 8
INTERP 0x0000000000000200 0x0000000000400200 0x0000000000400200
0x000000000000001c 0x000000000000001c R 1
[Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
LOAD 0x0000000000000000 0x0000000000400000 0x0000000000400000
0x000000000001593c 0x000000000001593c R E 200000
LOAD 0x0000000000015940 0x0000000000615940 0x0000000000615940
0x00000000000005b4 0x00000000014f9018 RW 200000
DYNAMIC 0x0000000000015968 0x0000000000615968 0x0000000000615968
0x00000000000001b0 0x00000000000001b0 RW 8
NOTE 0x000000000000021c 0x000000000040021c 0x000000000040021c
0x0000000000000044 0x0000000000000044 R 4
GNU_EH_FRAME 0x0000000000014e5c 0x0000000000414e5c 0x0000000000414e5c
0x00000000000001fc 0x00000000000001fc R 4
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 RW 8
In NixOS, most parts of the system are stored in a special purpose directory called the Nix store (i.e. /nix/store) including the dynamic linker. As a consequence, the dynamic linker cannot be found because it resides elsewhere.
Another reason why most binaries will not work is because they must know where to find its required shared libraries. In most conventional Linux distributions these reside in global directories (e.g. /lib and /usr/lib). In NixOS, these folders do not exist. Instead, every package is stored in isolation in separate folders in the Nix store.
Why compilation from source works
In contrast to prebuilt ELF binaries, binaries produced by a source build in a Nix build environment work out of the box typically without problems (i.e. they often do not require any special modifications in the build procedure). So why is that?
The "secret" is that the linker (that gets invoked by the compiler) has been wrapped in the Nix build environment -- if we invoke ld, then we actually end up using a wrapper: ld-wrapper that does a number of additional things besides the tasks the linker normally carries out.
Whenever we supply a library to link to, the wrapper appends an -rpath parameter providing its location. Furthermore, it appends the path to the dynamic linker/loader (-dynamic-linker) so that the resulting executable can load the shared libraries on startup.
For example, when producing an executable, the compiler may invoke the following command that links a library to a piece of object code:
$ ld test.o -lz -o test
in reality, ld has been wrapped and executes something like this:
$ ld test.o -lz \
-rpath /nix/store/31w31mc8i...-zlib-1.2.8/lib \
-dynamic-linker \
/nix/store/hd6km3hscb...-glibc-2.21/lib/ld-linux-x86-64.so.2 \
...
-o test
As may be observed, the wrapper transparently appends the path to zlib as an RPATH parameter and provides the path to the dynamic linker.
The RPATH attribute is basically a colon separated string of paths in which the dynamic linker looks for its shared dependencies. The RPATH is hardwired into an ELF binary.
Consider the following simple C program (test.c) that displays the version of the zlib library that it links against:
#include <stdio.h>
#include <zlib.h>
int main()
{
printf("zlib version is: %s\n", ZLIB_VERSION);
return 0;
}
With the following Nix expression we can compile an executable from it and link it against the zlib library:
with import <nixpkgs> {};
stdenv.mkDerivation {
name = "test";
buildInputs = [ zlib ];
buildCommand = ''
gcc ${./test.c} -lz -o test
mkdir -p $out/bin
cp test $out/bin
'';
}
When we build the above package:
nix-build test.nix
and inspect the program headers of the ELF binary, we can observe that the dynamic linker (program interpreter) corresponds to an instance residing in the Nix store:
$ readelf -l ./result/bin/test
Elf file type is EXEC (Executable file)
Entry point 0x400680
There are 9 program headers, starting at offset 64
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
PHDR 0x0000000000000040 0x0000000000400040 0x0000000000400040
0x00000000000001f8 0x00000000000001f8 R E 8
INTERP 0x0000000000000238 0x0000000000400238 0x0000000000400238
0x0000000000000050 0x0000000000000050 R 1
[Requesting program interpreter: /nix/store/hd6km3hs...-glibc-2.21/lib/ld-linux-x86-64.so.2]
LOAD 0x0000000000000000 0x0000000000400000 0x0000000000400000
0x000000000000096c 0x000000000000096c R E 200000
LOAD 0x0000000000000970 0x0000000000600970 0x0000000000600970
0x0000000000000260 0x0000000000000268 RW 200000
DYNAMIC 0x0000000000000988 0x0000000000600988 0x0000000000600988
0x0000000000000200 0x0000000000000200 RW 8
NOTE 0x0000000000000288 0x0000000000400288 0x0000000000400288
0x0000000000000020 0x0000000000000020 R 4
GNU_EH_FRAME 0x0000000000000840 0x0000000000400840 0x0000000000400840
0x0000000000000034 0x0000000000000034 R 4
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 RW 8
PAX_FLAGS 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 8
Furthermore, if we inspect the dynamic section of the binary, we will see that an RPATH attribute has been hardwired into it providing a collection of library paths (including the path to zlib):
$ readelf -d ./result/bin/test Dynamic section at offset 0x988 contains 27 entries: Tag Type Name/Value 0x0000000000000001 (NEEDED) Shared library: [libz.so.1] 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] 0x000000000000000f (RPATH) Library rpath: [ /nix/store/8w39iz6sp...-test/lib64: /nix/store/8w39iz6sp...-test/lib: /nix/store/i9nn1fkcy...-gcc-4.9.3/libexec/gcc/x86_64-unknown-linux-gnu/4.9.3: /nix/store/31w31mc8i...-zlib-1.2.8/lib: /nix/store/hd6km3hsc...-glibc-2.21/lib: /nix/store/i9nn1fkcy...-gcc-4.9.3/lib] 0x000000000000001d (RUNPATH) Library runpath: [ /nix/store/8w39iz6sp...-test/lib64: /nix/store/8w39iz6sp...-test/lib: /nix/store/i9nn1fkcy...-gcc-4.9.3/libexec/gcc/x86_64-unknown-linux-gnu/4.9.3: /nix/store/31w31mc8i...-zlib-1.2.8/lib: /nix/store/hd6km3hsc...-glibc-2.21/lib: /nix/store/i9nn1fkcy...-gcc-4.9.3/lib] 0x000000000000000c (INIT) 0x400620 0x000000000000000d (FINI) 0x400814 0x0000000000000019 (INIT_ARRAY) 0x600970 0x000000000000001b (INIT_ARRAYSZ) 8 (bytes) 0x000000000000001a (FINI_ARRAY) 0x600978 0x000000000000001c (FINI_ARRAYSZ) 8 (bytes) 0x0000000000000004 (HASH) 0x4002a8 0x0000000000000005 (STRTAB) 0x400380 0x0000000000000006 (SYMTAB) 0x4002d8 0x000000000000000a (STRSZ) 528 (bytes) 0x000000000000000b (SYMENT) 24 (bytes) 0x0000000000000015 (DEBUG) 0x0 0x0000000000000003 (PLTGOT) 0x600b90 0x0000000000000002 (PLTRELSZ) 72 (bytes) 0x0000000000000014 (PLTREL) RELA 0x0000000000000017 (JMPREL) 0x4005d8 0x0000000000000007 (RELA) 0x4005c0 0x0000000000000008 (RELASZ) 24 (bytes) 0x0000000000000009 (RELAENT) 24 (bytes) 0x000000006ffffffe (VERNEED) 0x4005a0 0x000000006fffffff (VERNEEDNUM) 1 0x000000006ffffff0 (VERSYM) 0x400590 0x0000000000000000 (NULL) 0x0
As a result, the program works as expected:
$ ./result/bin/test zlib version is: 1.2.8
Patching existing ELF binaries
To summarize, the reason why ELF binaries produced in a Nix build environment work is because they refer to the correct path of the dynamic linker and have an RPATH value that refers to the paths of the shared libraries that it needs.
Fortunately, we can accomplish the same thing with prebuilt binaries by using the PatchELF tool. With PatchELF we can patch existing ELF binaries to have a different dynamic linker and RPATH.
Running the following instruction in a Nix expression allows us to change the dynamic linker of the pngout executable shown earlier:
$ patchelf --set-interpreter \
${stdenv.glibc}/lib/ld-linux-x86-64.so.2 $out/bin/pngout
By inspecting the dynamic section of a binary, we can find out what shared libraries it requires:
$ readelf -d ./result/bin/pngout Dynamic section at offset 0x15968 contains 22 entries: Tag Type Name/Value 0x0000000000000001 (NEEDED) Shared library: [libm.so.6] 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] 0x000000000000000c (INIT) 0x400ea8 0x000000000000000d (FINI) 0x413a78 0x0000000000000004 (HASH) 0x400260 0x000000006ffffef5 (GNU_HASH) 0x4003b8 0x0000000000000005 (STRTAB) 0x400850 0x0000000000000006 (SYMTAB) 0x4003e8 0x000000000000000a (STRSZ) 379 (bytes) 0x000000000000000b (SYMENT) 24 (bytes) 0x0000000000000015 (DEBUG) 0x0 0x0000000000000003 (PLTGOT) 0x615b20 0x0000000000000002 (PLTRELSZ) 984 (bytes) 0x0000000000000014 (PLTREL) RELA 0x0000000000000017 (JMPREL) 0x400ad0 0x0000000000000007 (RELA) 0x400a70 0x0000000000000008 (RELASZ) 96 (bytes) 0x0000000000000009 (RELAENT) 24 (bytes) 0x000000006ffffffe (VERNEED) 0x400a30 0x000000006fffffff (VERNEEDNUM) 2 0x000000006ffffff0 (VERSYM) 0x4009cc 0x0000000000000000 (NULL) 0x0
According to the information listed above, two libraries are required (libm.so.6 and libc.so.6) which can be provided by the glibc package. We can change the executable's RPATH in the Nix expression as follows:
$ patchelf --set-rpath ${stdenv.glibc}/lib $out/bin/pngout
We can write a revised Nix expression for pngout (taking patching into account) that looks as follows:
with import <nixpkgs> {};
stdenv.mkDerivation {
name = "pngout-20130221";
src = fetchurl {
url = http://static.jonof.id.au/dl/kenutils/pngout-20130221-linux.tar.gz;
sha256 = "1qdzmgx7si9zr7wjdj8fgf5dqmmqw4zg19ypg0pdz7521ns5xbvi";
};
installPhase = ''
mkdir -p $out/bin
cp x86_64/pngout $out/bin
patchelf --set-interpreter \
${stdenv.glibc}/lib/ld-linux-x86-64.so.2 $out/bin/pngout
patchelf --set-rpath ${stdenv.glibc}/lib $out/bin/pngout
'';
}
When we build the expression:
$ nix-build pngout.nix
and try to run the executable:
$ ./result/bin/pngout
PNGOUT [In:{PNG,JPG,GIF,TGA,PCX,BMP}] (Out:PNG) (options...)
by Ken Silverman (http://advsys.net/ken)
Linux port by Jonathon Fowler (http://www.jonof.id.au/pngout)
We will see that the executable works as expected!
A more complex example: Quake 4 demo
The pngout example shown earlier is quite simple as it is only a tarball with only one executable that must be installed and patched. Now that we are familiar with some basic concepts -- how should we a approach a more complex prebuilt package, such as a computer game like the Quake 4 demo?
When we download the Quake 4 demo installer for Linux, we actually get a Loki setup tools based installer that is a self-extracting shell script executing an installer program.
Unfortunately, we cannot use this installer program in NixOS for two reasons. First, the installer executes (prebuilt) executables that will not work. Second, to use the full potential of NixOS, it is better to deploy packages with Nix in isolation in the Nix store.
Fortunately, running the installer with the --help parameter reveals that it is also possible to extract its contents without running the installer:
$ bash ./quake4-linux-1.0-demo.x86.run --noexec --keep
After executing the above command-line instruction, we can find the extracted files in the ./quake4-linux-1.0-demo in the current working directory.
The next step is figuring out where the game files reside and which binaries need to be patched. A rough inspection of the extracted folder:
$ cd quake4-linux-1.0-demo $ ls bin Docs License.txt openurl.sh q4base q4icon.bmp README setup.data setup.sh version.info
reveals to me that we have both files of installer (./setup.data) and the game intermixed with each other. Some files seem to be required to run the game, but the some others, such as the setup files (e.g. the ones residing in setup.data/) are unnecessary.
Running the following command helps me to figure out which ELF binaries we may have to patch:
$ file $(find . -type f) ./Docs/QUAKE4_demo_readme.txt: Little-endian UTF-16 Unicode text, with CRLF line terminators ./bin/Linux/x86/libstdc++.so.5: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, not stripped ./bin/Linux/x86/quake4-demo: POSIX shell script, ASCII text executable ./bin/Linux/x86/quake4.x86: ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.0.30, stripped ./bin/Linux/x86/quake4-demoded: POSIX shell script, ASCII text executable ./bin/Linux/x86/libgcc_s.so.1: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, not stripped ./bin/Linux/x86/q4ded.x86: ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.0.30, stripped ./README: ASCII text ./version.info: ASCII text ./q4base/game100.pk4: Zip archive data, at least v2.0 to extract ./q4base/mapcycle.scriptcfg: ASCII text, with CRLF line terminators ./q4base/game000.pk4: Zip archive data, at least v1.0 to extract ./License.txt: ISO-8859 text, with very long lines ./openurl.sh: POSIX shell script, ASCII text executable ./q4icon.bmp: PC bitmap, Windows 3.x format, 48 x 48 x 24 ...
As we can see in the output, the ./bin/Linux/x86 sub folder contains a number of ELF executables and shared libraries that most likely require patching.
As with the previous example (pngout), we can use readelf to inspect what libraries the ELF executables require. The first executable q4ded.x86 has the following dynamic section:
$ cd ./bin/Linux/x86 $ readelf -d q4ded.x86 Dynamic section at offset 0x366220 contains 25 entries: Tag Type Name/Value 0x00000001 (NEEDED) Shared library: [libpthread.so.0] 0x00000001 (NEEDED) Shared library: [libdl.so.2] 0x00000001 (NEEDED) Shared library: [libstdc++.so.5] 0x00000001 (NEEDED) Shared library: [libm.so.6] 0x00000001 (NEEDED) Shared library: [libgcc_s.so.1] 0x00000001 (NEEDED) Shared library: [libc.so.6] ...
According to the above information, the executable requires a couple of libraries that seem to be stored in the same package (in the same folder to be precise): libstdc++.so.5 and libgcc_s.so.1.
Furthermore, it also requires a number of libraries that are not in the same folder. These missing libraries must be provided by external packages. I know from experience that the remaining libraries: libpthread.so.0, libdl.so.2, libm.so.6, libc.so.6, are provided by the glibc package.
The other ELF executable has the following library references:
$ readelf -d ./quake4.x86 Dynamic section at offset 0x3779ec contains 29 entries: Tag Type Name/Value 0x00000001 (NEEDED) Shared library: [libSDL-1.2.so.0] 0x00000001 (NEEDED) Shared library: [libpthread.so.0] 0x00000001 (NEEDED) Shared library: [libdl.so.2] 0x00000001 (NEEDED) Shared library: [libstdc++.so.5] 0x00000001 (NEEDED) Shared library: [libm.so.6] 0x00000001 (NEEDED) Shared library: [libgcc_s.so.1] 0x00000001 (NEEDED) Shared library: [libc.so.6] 0x00000001 (NEEDED) Shared library: [libX11.so.6] 0x00000001 (NEEDED) Shared library: [libXext.so.6] ...
This executable has a number dependencies that are identical to the previous executable. Additionally, it requires: libSDL-1.2.so.0 that can be provided by SDL, libX11.so.6 by libX11 and libXext.so.6 by libXext
Besides the executables, the shared libraries bundled with the package may also have dependencies on shared libraries. We need to inspect and fix these as well.
Inspecting the dynamic section of libgcc_s.so.1 reveals the following:
$ readelf -d ./libgcc_s.so.1 Dynamic section at offset 0x7190 contains 23 entries: Tag Type Name/Value 0x00000001 (NEEDED) Shared library: [libc.so.6] ...
The above library has a dependency on libc.so.6 which can be provided by glibc
The remaining library (libstdc++.so.5) has the following dependencies:
$ readelf -d ./libstdc++.so.5 Dynamic section at offset 0xadd8c contains 25 entries: Tag Type Name/Value 0x00000001 (NEEDED) Shared library: [libm.so.6] 0x00000001 (NEEDED) Shared library: [libgcc_s.so.1] 0x00000001 (NEEDED) Shared library: [libc.so.6] ...
It seems to depend on libgcc_s.so.1 residing in the same folder. Similar to the previous binaries, libm.so.6, libc.so.6 provided can be provided by glibc.
With the gathered information so far, we can write the following Nix expression that we can use as a first attempt to run the game:
with import <nixpkgs> { system = "i686-linux"; };
stdenv.mkDerivation {
name = "quake4-demo-1.0";
src = fetchurl {
url = ftp://ftp.idsoftware.com/idstuff/quake4/demo/quake4-linux-1.0-demo.x86.run;
sha256 = "0wxw2iw84x92qxjbl2kp5rn52p6k8kr67p4qrimlkl9dna69xrk9";
};
buildCommand = ''
# Extract files from the installer
cp $src quake4-linux-1.0-demo.x86.run
bash ./quake4-linux-1.0-demo.x86.run --noexec --keep
# Move extracted files into the Nix store
mkdir -p $out/libexec
mv quake4-linux-1.0-demo $out/libexec
cd $out/libexec/quake4-linux-1.0-demo
# Remove obsolete setup files
rm -rf setup.data
# Patch ELF binaries
cd bin/Linux/x86
patchelf --set-interpreter ${stdenv.cc.libc}/lib/ld-linux.so.2 ./quake4.x86
patchelf --set-rpath $(pwd):${stdenv.cc.libc}/lib:${SDL}/lib:${xlibs.libX11}/lib:${xlibs.libXext}/lib ./quake4.x86
chmod +x ./quake4.x86
patchelf --set-interpreter ${stdenv.cc.libc}/lib/ld-linux.so.2 ./q4ded.x86
patchelf --set-rpath $(pwd):${stdenv.cc.libc}/lib ./q4ded.x86
chmod +x ./q4ded.x86
patchelf --set-rpath ${stdenv.cc.libc}/lib ./libgcc_s.so.1
patchelf --set-rpath $(pwd):${stdenv.cc.libc}/lib ./libstdc++.so.5
'';
}
In the above Nix expression, we do the following:
- We import the Nixpkgs collection so that we can provide the external dependencies that the package needs. Because the executables are 32-bit x86 binaries, we need to refer to packages built for the i686-linux architecture.
- We download the Quake 4 demo installer from Id software's FTP server.
- We automate the steps we have done earlier -- we extract the files from the installer, move them into Nix store, prune the obsolete setup files, and finally we patch the ELF executables and libraries with the paths to the dependencies that we have discovered in our investigation.
We should now be able to build the package:
$ nix-build quake4demo.nix
and investigate whether the executables can be started:
./result/libexec/quake4-linux-1.0-demo/bin/Linux/x86/quake4.x86
Unfortunately, it does not seem to work:
... no 'q4base' directory in executable path /nix/store/0kfgsjryycsk5kfv97phj8ypv66n6caz-quake4-demo-1.0/libexec/quake4-linux-1.0-demo/bin/Linux/x86, skipping no 'q4base' directory in current durectory /home/sander/quake4, skipping
According to the output, it cannot find the q4base/ folder. Running the same command with strace reveals why:
$ strace -f ./result/libexec/quake4-linux-1.0-demo/bin/Linux/x86/quake4.x86
...
stat64("/nix/store/0kfgsjryycsk5kfv97phj8ypv66n6caz-quake4-demo-1.0/libexec/quake4-linux-1.0-demo/bin/Linux/x86/q4base", 0xffd7b230) = -1 ENOENT (No such file or directory)
write(1, "no 'q4base' directory in executa"..., 155no 'q4base' directory in executable path /nix/store/0kfgsjryycsk5kfv97phj8ypv66n6caz-quake4-demo-1.0/libexec/quake4-linux-1.0-demo/bin/Linux/x86, skipping
) = 155
...
It seems that the program searches relative to the current working directory. The missing q4base/ folder apparently resides in the base directory of the extracted folder.
By changing the current working directory and invoking the executable again, the q4base/ directory can be found:
$ cd result/libexec/quake4-linux-1.0-demo $ ./bin/Linux/x86/quake4.x86 ... --------------- R_InitOpenGL ---------------- Initializing SDL subsystem Loading GL driver 'libGL.so.1' through SDL libGL error: unable to load driver: i965_dri.so libGL error: driver pointer missing libGL error: failed to load driver: i965 libGL error: unable to load driver: swrast_dri.so libGL error: failed to load driver: swrast X Error of failed request: BadValue (integer parameter out of range for operation) Major opcode of failed request: 154 (GLX) Minor opcode of failed request: 3 (X_GLXCreateContext) Value in failed request: 0x0 Serial number of failed request: 33 Current serial number in output stream: 34
Despite fixing the problem, we have run into another one! Apparently the OpenGL driver cannot be loaded. Running the same command again with the following environment variable (source):
$ export LIBGL_DEBUG=verbose
shows us what is causing it:
--------------- R_InitOpenGL ---------------- Initializing SDL subsystem Loading GL driver 'libGL.so.1' through SDL libGL: OpenDriver: trying /run/opengl-driver-32/lib/dri/tls/i965_dri.so libGL: OpenDriver: trying /run/opengl-driver-32/lib/dri/i965_dri.so libGL: dlopen /run/opengl-driver-32/lib/dri/i965_dri.so failed (/nix/store/0kfgsjryycsk5kfv97phj8ypv66n6caz-quake4-demo-1.0/libexec/quake4-linux-1.0-demo/bin/Linux/x86/libgcc_s.so.1: version `GCC_3.4' not found (required by /run/opengl-driver-32/lib/dri/i965_dri.so)) libGL error: unable to load driver: i965_dri.so libGL error: driver pointer missing libGL error: failed to load driver: i965 libGL: OpenDriver: trying /run/opengl-driver-32/lib/dri/tls/swrast_dri.so libGL: OpenDriver: trying /run/opengl-driver-32/lib/dri/swrast_dri.so libGL: dlopen /run/opengl-driver-32/lib/dri/swrast_dri.so failed (/nix/store/0kfgsjryycsk5kfv97phj8ypv66n6caz-quake4-demo-1.0/libexec/quake4-linux-1.0-demo/bin/Linux/x86/libgcc_s.so.1: version `GCC_3.4' not found (required by /run/opengl-driver-32/lib/dri/swrast_dri.so)) libGL error: unable to load driver: swrast_dri.so libGL error: failed to load driver: swrast X Error of failed request: BadValue (integer parameter out of range for operation) Major opcode of failed request: 154 (GLX) Minor opcode of failed request: 3 (X_GLXCreateContext) Value in failed request: 0x0 Serial number of failed request: 33 Current serial number in output stream: 34
Apparently, the libgcc_so.1 library bundled with the game is conflicting with Mesa3D. According to this GitHub issue, replacing the conflicting version with the host system's GCC's version fixes it.
In our situation, we can accomplish this by appending the path to the host system's GCC library folder to the RPATH of the binaries referring to it and by removing the conflicting library from the package.
Moreover, we can address the annoying issue with the missing q4base/ folder by creating wrapper scripts that change the current working folder and invoke the executable.
The revised expression taking these aspects into account will be as follows:
with import <nixpkgs> { system = "i686-linux"; };
stdenv.mkDerivation {
name = "quake4-demo-1.0";
src = fetchurl {
url = ftp://ftp.idsoftware.com/idstuff/quake4/demo/quake4-linux-1.0-demo.x86.run;
sha256 = "0wxw2iw84x92qxjbl2kp5rn52p6k8kr67p4qrimlkl9dna69xrk9";
};
buildCommand = ''
# Extract files from the installer
cp $src quake4-linux-1.0-demo.x86.run
bash ./quake4-linux-1.0-demo.x86.run --noexec --keep
# Move extracted files into the Nix store
mkdir -p $out/libexec
mv quake4-linux-1.0-demo $out/libexec
cd $out/libexec/quake4-linux-1.0-demo
# Remove obsolete setup files
rm -rf setup.data
# Patch ELF binaries
cd bin/Linux/x86
patchelf --set-interpreter ${stdenv.cc.libc}/lib/ld-linux.so.2 ./quake4.x86
patchelf --set-rpath $(pwd):${stdenv.cc.cc}/lib:${stdenv.cc.libc}/lib:${SDL}/lib:${xlibs.libX11}/lib:${xlibs.libXext}/lib ./quake4.x86
chmod +x ./quake4.x86
patchelf --set-interpreter ${stdenv.cc.libc}/lib/ld-linux.so.2 ./q4ded.x86
patchelf --set-rpath $(pwd):${stdenv.cc.cc}/lib:${stdenv.cc.libc}/lib ./q4ded.x86
chmod +x ./q4ded.x86
patchelf --set-rpath $(pwd):${stdenv.cc.libc}/lib ./libstdc++.so.5
# Remove libgcc_s.so.1 that conflicts with Mesa3D's libGL.so
rm ./libgcc_s.so.1
# Create wrappers for the executables
mkdir -p $out/bin
cat > $out/bin/q4ded <<EOF
#! ${stdenv.shell} -e
cd $out/libexec/quake4-linux-1.0-demo
./bin/Linux/x86/q4ded.x86 "\$@"
EOF
chmod +x $out/bin/q4ded
cat > $out/bin/quake4 <<EOF
#! ${stdenv.shell} -e
cd $out/libexec/quake4-linux-1.0-demo
./bin/Linux/x86/quake4.x86 "\$@"
EOF
chmod +x $out/bin/quake4
'';
}
We can install the revised package in our Nix profile as follows:
$ nix-env -f quake4demo.nix -i quake4-demo
and conveniently run it from the command-line:
$ quake4
Happy playing!
(As a sidenote: besides creating a wrapper script, it is also possible to create a Freedesktop compliant .desktop entry file, so that it can be launched from the KDE/GNOME applications menu, but I leave this an open exercise to the reader!)
Conclusion
In this blog post, I have explained that prebuilt binaries do not work out of the box in NixOS. The main reason is that they cannot find their dependencies in their "usual locations", because these do not exist in NixOS. As a solution, it is possible to patch binaries with a tool called PatchELF to provide them the correct location to the dynamic linker and the paths to the libraries they need.
Moreover, I have shown two example packaging approaches (a simple and complex one) that should be relatively easy to repeat as an exercise.
Although source deployments typically work out of the box with few or no modifications, getting prebuilt binaries to work is often a journey that requires patching, wrapping, and experimentation. In this blog post I have described a few tricks that can be applied to make prebuilt packages work.
The approach described in this blog post is not the only solution to get prebuilt binaries to work in NixOS. An alternative approach is composing FHS-compatible chroot environments from Nix packages. This solution simulates an environment in which dependencies can be found in their common FHS locations. As a result, we do not require any modifications to a binary.
Although FHS chroot environments are conceptually nice, I would still prefer the patching approach described in this blog post unless there is no other way to make a package work properly -- it has less overhead, does not require any special privileges (e.g. super user rights), we can use the distribution mechanisms of Nix in its full extent, and we can also install a package as an unprivileged user.
Steam is a notable exception for using FHS compatible choot environments, because it is a deployment tool that conflicts with Nix's deployment properties.
As a final practical note: if you want to repeat the Quake 4 demo packing process, please check the following:
- To enable hardware accelerated OpenGL for 32-bit applications in a 64-bit NixOS, add the following property to /etc/nixos/configuration.nix:
hardware.opengl.driSupport32Bit = true;
- Id sofware's FTP server seems to be quite slow to download from. You can also obtain the demo from a different download site (e.g. Fileplanet) and run the following command to get it imported into the Nix store:
$ nix-prefetch-url file:///home/sander/quake4-linux-1.0-demo.x86.run
