From 51d0cd9b3852fe4ebf4b4cd9b251e6493624d022 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Tue, 7 Apr 2015 10:21:36 +0200
Subject: [PATCH] gnu: ld-wrapper: Add '-rpath' flag only for libraries that
 are in the store.

This avoids adding bogus entries to the RUNPATH of installed binaries,
pointing to the build directory or similar.

* gnu/packages/ld-wrapper.scm (store-file-name?): New procedure.
  (rpath-arguments): Add "-rpath" flag on when FILE matches
  'store-file-name?', not when it matches 'pure-file-name?'.
---
 gnu/packages/ld-wrapper.scm | 28 ++++++++++++++++++++--------
 1 file changed, 20 insertions(+), 8 deletions(-)

diff --git a/gnu/packages/ld-wrapper.scm b/gnu/packages/ld-wrapper.scm
index 9d35a7b040d..cd2a2c445eb 100644
--- a/gnu/packages/ld-wrapper.scm
+++ b/gnu/packages/ld-wrapper.scm
@@ -122,6 +122,10 @@ (define (pure-file-name? file)
         (and %build-directory
              (string-prefix? %build-directory file)))))
 
+(define (store-file-name? file)
+  ;; Return #t when FILE is a store file, possibly indirectly.
+  (string-prefix? %store-directory (dereference-symlinks file)))
+
 (define (shared-library? file)
   ;; Return #t when FILE denotes a shared library.
   (or (string-suffix? ".so" file)
@@ -168,14 +172,22 @@ (define (rpath-arguments library-files)
   ;; Return the `-rpath' argument list for each of LIBRARY-FILES, a list of
   ;; absolute file names.
   (fold-right (lambda (file args)
-                (if (or %allow-impurities?
-                        (pure-file-name? file))
-                    (cons* "-rpath" (dirname file) args)
-                    (begin
-                      (format (current-error-port)
-                              "ld-wrapper: error: attempt to use impure library ~s~%"
-                              file)
-                      (exit 1))))
+                ;; Add '-rpath' if and only if FILE is in the store; we don't
+                ;; want to add '-rpath' for files under %BUILD-DIRECTORY or
+                ;; %TEMPORARY-DIRECTORY because that could leak to installed
+                ;; files.
+                (cond ((store-file-name? file)
+                       (cons* "-rpath" (dirname file) args))
+                      ((or %allow-impurities?
+                           (pure-file-name? file))
+                       args)
+                      (else
+                       (begin
+                         (format (current-error-port)
+                                 "ld-wrapper: error: attempt to use \
+impure library ~s~%"
+                                 file)
+                         (exit 1)))))
               '()
               library-files))
 
-- 
GitLab