{tor,mullvad}-browser: add --no-clobber-old-sections to patchelf to f…

…ix segfault Also switches from manual patchelf usage to autoPatchelf to make this fix work for all binaries. Fixups for obfs & snowflake were removed, as they are no longer required.
NixOS · Oct 12, 2024 · 613e720 · 613e720
1 parent ff3fb94
commit 613e720
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 18 deletions.
diff --git a/pkgs/by-name/mu/mullvad-browser/package.nix b/pkgs/by-name/mu/mullvad-browser/package.nix
@@ -7,6 +7,7 @@
 , writeText
 , wrapGAppsHook3
 , autoPatchelfHook
+, patchelfUnstable # have to use patchelfUnstable to support --no-clobber-old-sections
 , callPackage
 
 , atk
@@ -125,14 +126,23 @@ stdenv.mkDerivation rec {
 
   src = sources.${stdenv.hostPlatform.system} or (throw "unsupported system: ${stdenv.hostPlatform.system}");
 
-  nativeBuildInputs = [ copyDesktopItems makeWrapper wrapGAppsHook3 autoPatchelfHook ];
+  nativeBuildInputs = [
+    autoPatchelfHook
+    patchelfUnstable
+    copyDesktopItems
+    makeWrapper
+    wrapGAppsHook3
+  ];
   buildInputs = [
     gtk3
     alsa-lib
     dbus-glib
     libXtst
   ];
 
+  # Firefox uses "relrhack" to manually process relocations from a fixed offset
+  patchelfFlags = [ "--no-clobber-old-sections" ];
+
   preferLocalBuild = true;
   allowSubstitutes = false;
 
@@ -165,7 +175,8 @@ stdenv.mkDerivation rec {
     tar xf "$src" -C "$MB_IN_STORE" --strip-components=2
     pushd "$MB_IN_STORE"
 
-    patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" "mullvadbrowser.real"
+    # Set ELF interpreter
+    autoPatchelf mullvadbrowser.real
 
     # mullvadbrowser is a wrapper that checks for a more recent libstdc++ & appends it to the ld path
     mv mullvadbrowser.real mullvadbrowser

diff --git a/pkgs/by-name/to/tor-browser/package.nix b/pkgs/by-name/to/tor-browser/package.nix
@@ -6,6 +6,7 @@
 , makeWrapper
 , writeText
 , autoPatchelfHook
+, patchelfUnstable # have to use patchelfUnstable to support --no-clobber-old-sections
 , wrapGAppsHook3
 , callPackage
 
@@ -144,14 +145,23 @@ stdenv.mkDerivation rec {
 
   src = sources.${stdenv.hostPlatform.system} or (throw "unsupported system: ${stdenv.hostPlatform.system}");
 
-  nativeBuildInputs = [ autoPatchelfHook copyDesktopItems makeWrapper wrapGAppsHook3 ];
+  nativeBuildInputs = [
+    autoPatchelfHook
+    patchelfUnstable
+    copyDesktopItems
+    makeWrapper
+    wrapGAppsHook3
+  ];
   buildInputs = [
     gtk3
     alsa-lib
     dbus-glib
     libXtst
   ];
 
+  # Firefox uses "relrhack" to manually process relocations from a fixed offset
+  patchelfFlags = [ "--no-clobber-old-sections" ];
+
   preferLocalBuild = true;
   allowSubstitutes = false;
 
@@ -178,18 +188,14 @@ stdenv.mkDerivation rec {
 
     # For convenience ...
     TBB_IN_STORE=$out/share/tor-browser
-    interp=$(< $NIX_CC/nix-support/dynamic-linker)
 
     # Unpack & enter
     mkdir -p "$TBB_IN_STORE"
     tar xf "$src" -C "$TBB_IN_STORE" --strip-components=2
     pushd "$TBB_IN_STORE"
 
     # Set ELF interpreter
-    for exe in firefox.real TorBrowser/Tor/tor ; do
-      echo "Setting ELF interpreter on $exe ..." >&2
-      patchelf --set-interpreter "$interp" "$exe"
-    done
+    autoPatchelf firefox.real TorBrowser/Tor
 
     # firefox is a wrapper that checks for a more recent libstdc++ & appends it to the ld path
     mv firefox.real firefox
@@ -210,16 +216,6 @@ stdenv.mkDerivation rec {
     substituteInPlace TorBrowser/Data/Tor/torrc-defaults \
       --replace-fail './TorBrowser' "$TBB_IN_STORE/TorBrowser"
 
-    # Fixup obfs transport.  Work around patchelf failing to set
-    # interpreter for pre-compiled Go binaries by invoking the interpreter
-    # directly.
-    sed -i TorBrowser/Data/Tor/torrc-defaults \
-        -e "s|\(ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit\) exec|\1 exec $interp|"
-
-    # Similarly fixup snowflake
-    sed -i TorBrowser/Data/Tor/torrc-defaults \
-        -e "s|\(ClientTransportPlugin snowflake\) exec|\1 exec $interp|"
-
     # Prepare for autoconfig.
     #
     # See https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment