Skip to content

Commit 6bf3fcb

Browse files
vlacivlaci
committed
feat(nix): eliminate all sources of LD_LIBRARY_PATH poisoning
devenv uses `LD_LIBRARY_PATH` to work-around impurities of non-nix dependencies (the entire virtualenv), like adding missing dependencies for `python-magic`. This solution has a bunch of bleeding edges when nix environment is used on non-nixos systems. For example it will affect pre-commit, as it will use the virtualenv's interpreter, and it will call out to system-installed binaries, where clashes in different glibc versions may cause issues. Devenv is easy-to configure, but we've seen that it also comes with issues, where it will provide a bloated rust environment full with valgrind and gdb, which is just plain unnecessary in most cases. Instead of using an opinionated system, I am transforming back the nix-shell to a more bare-bones and explicit configuration. To get rid of the boilerplate that plagued the pre-devenv dev-shell configuration, I've moved out the helper scipts to a separate repo, allowing them to be reused. I am already experimenting with using them for `pyperscan` and `lzallright` as well. `uvVenvShellHook`: similar to `venvShellHook`[^1] in nixpkgs, but uses uv to create the virtual environment. `patchVenvShellHook`: a simple wrapper around the `patch` utility, allowing patches to be declaratively configured. `autoPatchelfVenvShellHook`: wrapper around `autoPatchelfHook`[^2] in nixpkgs, which tracks changes in the `.venv` directory and runs only when its contents changes. [^1]: https://nixos.org/manual/nixpkgs/stable/#how-to-consume-python-modules-using-pip-in-a-virtual-environment-like-i-am-used-to-on-other-operating-systems [^2]: https://nixos.org/manual/nixpkgs/stable/#setup-hook-autopatchelfhook
1 parent e500571 commit 6bf3fcb

File tree

8 files changed

+50
-322
lines changed

8 files changed

+50
-322
lines changed

.devenv/.gitkeep

Whitespace-only changes.

.github/workflows/build-nix.yml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,4 @@ jobs:
4242
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
4343
extraPullNames: pyperscan
4444
- run: |
45-
nix build -L --option system ${{ matrix.arch }} --extra-platforms ${{ matrix.arch }} .#packages.${{ matrix.arch }}.devenv
46-
- run: |
47-
nix flake check -L --impure --option system ${{ matrix.arch }} --extra-platforms ${{ matrix.arch }}
45+
nix flake check -L --option system ${{ matrix.arch }} --extra-platforms ${{ matrix.arch }}

.gitignore

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,5 +9,4 @@ build/
99
.coverage*
1010
/.venv
1111
unblob.log
12-
/.devenv
1312
/.direnv

devenv.nix

Lines changed: 0 additions & 57 deletions
This file was deleted.

flake.lock

Lines changed: 18 additions & 237 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)