steamwebhelper crashloops due to reading /run/current-system/sw/lib/libbeidpkcs11.so from ~/.pki/nssdb/pkcs11.txt on NixOS 24.05.20240323.44d0940 (Uakari) x86_64

[MarkRijckenberg]

Describe the bug

steamwebhelper goes into a launch-crash-launch loop forever. This occurs with both nvidia and nouveau drivers. steam never gets to the startup screen. Sometimes it gets to the login screen and when I type my username and password, the login screen crashes and steam simply opens a new login screen....

libbeidpkcs11.so (part of eid-mw ) causes crash of steamwebhelper on NixOS 24.05.20240323.44d0940 (Uakari) x86_64

See also https://github.com/NixOS/nixpkgs/blob/2735b578a86297de1f030f07a4763669b7ddbeb1/pkgs/tools/security/eid-mw/eid-nssdb.in#L6

Steps To Reproduce

1. install eid-mw (containing libbeidpkcs11.so ) as a system package
2. install steam client via nixpkgs (not using flatpak)
3. use nouveau or nvidia drivers
4. run "eid-nssdb add" -> this command causes the crashloop of steam
5. try to launch steam -> crashloop occurs -> steam keeps restarting endlessly

Expected behavior

steam package and eid-mw package should be able to co-exist on the same NixOS 24.05 system. These are totally unrelated packages. steam should be able to launch fine, even if libbeidpkcs11.so is installed via eid-mw package

steamwebhelper should skip/ignore libbeidpkcs11.so which is used for Belgian eid cards. libbeidpkcs11.so has nothing to do with steam.

Additional context

crashdump of steamwebhelper shows following error:

0x000075bd642dcd40 n/a (libbeidpkcs11.so + 0x22d40)

See more details in logs below, including output of "coredumpctl dump 7511"

Running "eid-nssdb remove" solves crashloop issue, but this should not be necessary. steamwebhelper (part of steam) is trying to do something with libbeidpkcs11.so , but should skip it instead....

Here is my system configuration:

~ took 2m50s ⋉ neofetch
          ▗▄▄▄       ▗▄▄▄▄    ▄▄▄▖            ulysses@ulysses-desktop 
          ▜███▙       ▜███▙  ▟███▛            ----------------------- 
           ▜███▙       ▜███▙▟███▛             OS: NixOS 24.05.20240323.44d0940 (Uakari) x86_64 
            ▜███▙       ▜██████▛              Host: Micro-Star International Co., Ltd. MAG X670E TOMAHAWK WIFI (MS-7E12) 
     ▟█████████████████▙ ▜████▛     ▟▙        Kernel: 6.8.1-cachyos 
    ▟███████████████████▙ ▜███▙    ▟██▙       Uptime: 9 mins 
           ▄▄▄▄▖           ▜███▙  ▟███▛       Packages: 1704 (nix-system), 3877 (nix-user) 
          ▟███▛             ▜██▛ ▟███▛        Shell: bash 5.2.26 
         ▟███▛               ▜▛ ▟███▛         Resolution: 2560x1440 
▟███████████▛                  ▟██████████▙   DE: Cinnamon 6.0.4 
▜██████████▛                  ▟███████████▛   WM: Mutter (Muffin) 
      ▟███▛ ▟▙               ▟███▛            WM Theme: New-Minty (Mint-Y) 
     ▟███▛ ▟██▙             ▟███▛             Theme: Mint-L-Dark [GTK2/3] 
    ▟███▛  ▜███▙           ▝▀▀▀▀              Icons: Numix-Circle-Light [GTK2/3] 
    ▜██▛    ▜███▙ ▜██████████████████▛        Terminal: .gnome-terminal 
     ▜▛     ▟████▙ ▜████████████████▛         CPU: AMD Ryzen 7 7800X3D (16) @ 5.050GHz 
           ▟██████▙       ▜███▙               GPU: NVIDIA GeForce RTX 4070 
          ▟███▛▜███▙       ▜███▙              GPU: AMD ATI Raphael 
         ▟███▛  ▜███▙       ▜███▙             Memory: 3873MiB / 63476MiB 
         ▝▀▀▀    ▀▀▀▀▘       ▀▀▀▘

And here are the logs while using the nouveau drivers:

⋉ steam
steam.sh[3941]: Running Steam on nixos 24.05 64-bit
steam.sh[3941]: STEAM_RUNTIME is enabled automatically
setup.sh[4028]: Steam runtime environment up-to-date!
steam.sh[3941]: Steam client's requirements are satisfied
tid(4086) burning pthread_key_t == 0 so we never use it
[2024-03-24 15:20:43] Startup - updater built Mar  6 2024 20:27:25
[2024-03-24 15:20:43] Startup - Steam Client launched with: '/home/ulysses/.local/share/Steam/ubuntu12_32/steam'
minidumps folder is set to /tmp/dumps
03/24 15:20:43 Init: Installing breakpad exception handler for appid(steam)/version(1709846872)/tid(4086)
[2024-03-24 15:20:43] Loading cached metrics from disk (/home/ulysses/.local/share/Steam/package/steam_client_metrics.bin)
[2024-03-24 15:20:43] Using the following download hosts for Public, Realm steamglobal
[2024-03-24 15:20:43] 1. https://client-update.akamai.steamstatic.com, /, Realm 'steamglobal', weight was 1000, source = 'update_hosts_cached.vdf'
[2024-03-24 15:20:43] 2. https://cdn.cloudflare.steamstatic.com, /client/, Realm 'steamglobal', weight was 1, source = 'update_hosts_cached.vdf'
[2024-03-24 15:20:43] 3. https://cdn.steamstatic.com, /client/, Realm 'steamglobal', weight was 1, source = 'baked in'
[2024-03-24 15:20:43] Verifying installation...
[2024-03-24 15:20:43] Verification complete
UpdateUI: skip show logo
Steam logging initialized: directory: /home/ulysses/.local/share/Steam/logs

XRRGetOutputInfo Workaround: initialized with override: 0 real: 0xdacef7b0
XRRGetCrtcInfo Workaround: initialized with override: 0 real: 0xdacedf90
steamwebhelper.sh[4124]: === Sun Mar 24 03:20:43 PM CET 2024 ===
steamwebhelper.sh[4124]: Starting steamwebhelper under bootstrap sniper steam runtime at /home/ulysses/.local/share/Steam/ubuntu12_64/steam-runtime-sniper
CAppInfoCacheReadFromDiskThread took 26 milliseconds to initialize
Steam Runtime Launch Service: starting steam-runtime-launcher-service
Steam Runtime Launch Service: steam-runtime-launcher-service is running pid 4304
bus_name=com.steampowered.PressureVessel.LaunchAlongsideSteam
WARNING: NVK is not a conformant Vulkan implementation, testing use only.
WARNING: NVK is not a conformant Vulkan implementation, testing use only.
BRefreshApplicationsInLibrary 1: 0ms
WARNING: NVK is not a conformant Vulkan implementation, testing use only.
WARNING: NVK is not a conformant Vulkan implementation, testing use only.
BuildCompleteAppOverviewChange: 264 apps
RegisterForAppOverview 1: 8ms
RegisterForAppOverview 2: 9ms
steamwebhelper.sh[4584]: === Sun Mar 24 03:21:02 PM CET 2024 ===
steamwebhelper.sh[4584]: Starting steamwebhelper under bootstrap sniper steam runtime at /home/ulysses/.local/share/Steam/ubuntu12_64/steam-runtime-sniper
BuildCompleteAppOverviewChange: 276 apps
RegisterForAppOverview 1: 3ms
RegisterForAppOverview 2: 3ms
steamwebhelper.sh[4929]: === Sun Mar 24 03:21:18 PM CET 2024 ===
steamwebhelper.sh[4929]: Starting steamwebhelper under bootstrap sniper steam runtime at /home/ulysses/.local/share/Steam/ubuntu12_64/steam-runtime-sniper
BuildCompleteAppOverviewChange: 276 apps
RegisterForAppOverview 1: 4ms
RegisterForAppOverview 2: 4ms
steamwebhelper.sh[5262]: === Sun Mar 24 03:21:33 PM CET 2024 ===
steamwebhelper.sh[5262]: Starting steamwebhelper under bootstrap sniper steam runtime at /home/ulysses/.local/share/Steam/ubuntu12_64/steam-runtime-sniper
BuildCompleteAppOverviewChange: 276 apps
RegisterForAppOverview 1: 4ms
RegisterForAppOverview 2: 4ms
steamwebhelper.sh[5597]: === Sun Mar 24 03:21:50 PM CET 2024 ===
steamwebhelper.sh[5597]: Starting steamwebhelper under bootstrap sniper steam runtime at /home/ulysses/.local/share/Steam/ubuntu12_64/steam-runtime-sniper
BuildCompleteAppOverviewChange: 276 apps
RegisterForAppOverview 1: 4ms
RegisterForAppOverview 2: 5ms
steamwebhelper.sh[5961]: === Sun Mar 24 03:22:08 PM CET 2024 ===
steamwebhelper.sh[5961]: Starting steamwebhelper under bootstrap sniper steam runtime at /home/ulysses/.local/share/Steam/ubuntu12_64/steam-runtime-sniper
BuildCompleteAppOverviewChange: 276 apps
RegisterForAppOverview 1: 4ms
RegisterForAppOverview 2: 4ms
steamwebhelper.sh[6310]: === Sun Mar 24 03:22:22 PM CET 2024 ===
steamwebhelper.sh[6310]: Starting steamwebhelper under bootstrap sniper steam runtime at /home/ulysses/.local/share/Steam/ubuntu12_64/steam-runtime-sniper
BuildCompleteAppOverviewChange: 276 apps
RegisterForAppOverview 1: 4ms
RegisterForAppOverview 2: 4ms
steamwebhelper.sh[6643]: === Sun Mar 24 03:22:36 PM CET 2024 ===
steamwebhelper.sh[6643]: Starting steamwebhelper under bootstrap sniper steam runtime at /home/ulysses/.local/share/Steam/ubuntu12_64/steam-runtime-sniper
BuildCompleteAppOverviewChange: 276 apps
RegisterForAppOverview 1: 4ms
RegisterForAppOverview 2: 4ms
[2024-03-24 15:22:44] Background update loop checking for update. . .
[2024-03-24 15:22:44] Checking for available updates...
[2024-03-24 15:22:44] Downloading manifest: https://client-update.akamai.steamstatic.com/steam_client_ubuntu12?t=2279710502
[2024-03-24 15:22:44] Manifest download: send request
[2024-03-24 15:22:44] Manifest download: waiting for download to finish
[2024-03-24 15:22:46] Manifest download: finished
[2024-03-24 15:22:46] Download skipped: /steam_client_ubuntu12?t=2279710502 version 1709846872, installed version 1709846872, existing pending version 0
[2024-03-24 15:22:46] Nothing to do
steamwebhelper.sh[6986]: === Sun Mar 24 03:22:50 PM CET 2024 ===
steamwebhelper.sh[6986]: Starting steamwebhelper under bootstrap sniper steam runtime at /home/ulysses/.local/share/Steam/ubuntu12_64/steam-runtime-sniper
BuildCompleteAppOverviewChange: 276 apps
RegisterForAppOverview 1: 4ms
RegisterForAppOverview 2: 4ms
steamwebhelper.sh[7326]: === Sun Mar 24 03:23:05 PM CET 2024 ===
steamwebhelper.sh[7326]: Starting steamwebhelper under bootstrap sniper steam runtime at /home/ulysses/.local/share/Steam/ubuntu12_64/steam-runtime-sniper
BuildCompleteAppOverviewChange: 276 apps
RegisterForAppOverview 1: 4ms
RegisterForAppOverview 2: 4ms
steamwebhelper.sh[7658]: === Sun Mar 24 03:23:19 PM CET 2024 ===
steamwebhelper.sh[7658]: Starting steamwebhelper under bootstrap sniper steam runtime at /home/ulysses/.local/share/Steam/ubuntu12_64/steam-runtime-sniper
BuildCompleteAppOverviewChange: 276 apps
RegisterForAppOverview 1: 3ms
RegisterForAppOverview 2: 3ms
[2024-03-24 15:23:31] Shutdown

⋉ cat steamwebhelper.log
steamwebhelper.sh[7658]: === Sun Mar 24 03:23:19 PM CET 2024 ===
steamwebhelper.sh[7658]: Starting steamwebhelper under bootstrap sniper steam runtime at /home/ulysses/.local/share/Steam/ubuntu12_64/steam-runtime-sniper
pressure-vessel-wrap[7678]: W: "/run/current-system/sw/bin/getent" is unlikely to appear in "/run/host"
pressure-vessel-wrap[7678]: W: Found more than one possible libdrm data directory from provider
exec ./steamwebhelper --no-sandbox -lang=en_US -cachedir=/home/ulysses/.local/share/Steam/config/htmlcache -steampid=4086 -buildid=1709846872 -steamid=76561198071569769 -logdir=/home/ulysses/.local/share/Steam/logs -uimode=7 -startcount=10 -steamuniverse=Public -realm=Global -clientui=/home/ulysses/.local/share/Steam/clientui -steampath=/home/ulysses/.local/share/Steam/ubuntu12_32/steam -launcher=0 -no-restart-on-ui-mode-change --enable-smooth-scrolling --password-store=basic --log-file=/home/ulysses/.local/share/Steam/logs/cef_log.txt --disable-quick-menu --disable-features=DcheckIsFatal
[0324/142320.480437:ERROR:context.cc(100)] The browser_subprocess_path directory (./steamwebhelper) is not an absolute path. Defaulting to empty.
[0324/142320.495003:WARNING:crash_reporting.cc(278)] Failed to set crash key: UserID with value: 0
[0324/142320.495034:WARNING:crash_reporting.cc(278)] Failed to set crash key: BuildID with value: 1709756822
[0324/142320.495037:WARNING:crash_reporting.cc(278)] Failed to set crash key: SteamUniverse with value: Public
[0324/142320.495039:WARNING:crash_reporting.cc(278)] Failed to set crash key: Vendor with value: Valve
[0324/142320.495041:WARNING:crash_reporting.cc(278)] Failed to set crash key: Platform with value: Linux
[0324/142320.495374:INFO:crash_reporting.cc(239)] Crash reporting enabled for process: browser
[0324/142320.496232:WARNING:task_impl.cc(32)] No task runner for threadId 0
[0324/142320.496884:WARNING:task_impl.cc(32)] No task runner for threadId 0
[0324/142320.511221:WARNING:crash_reporting.cc(278)] Failed to set crash key: UserID with value: 76561198071569769
[0324/142320.511256:WARNING:crash_reporting.cc(278)] Failed to set crash key: BuildID with value: 1709846872
[0324/142320.511258:WARNING:crash_reporting.cc(278)] Failed to set crash key: SteamUniverse with value: Public
[0324/142320.511261:WARNING:crash_reporting.cc(278)] Failed to set crash key: Vendor with value: Valve
[0324/142320.511262:WARNING:crash_reporting.cc(278)] Failed to set crash key: Platform with value: Linux
[0324/142320.511250:WARNING:crash_reporting.cc(278)] Failed to set crash key: UserID with value: 76561198071569769
[0324/142320.511282:WARNING:crash_reporting.cc(278)] Failed to set crash key: BuildID with value: 1709846872
[0324/142320.511285:WARNING:crash_reporting.cc(278)] Failed to set crash key: SteamUniverse with value: Public
[0324/142320.511287:WARNING:crash_reporting.cc(278)] Failed to set crash key: Vendor with value: Valve
[0324/142320.511289:WARNING:crash_reporting.cc(278)] Failed to set crash key: Platform with value: Linux
[0324/142320.547676:INFO:crash_reporting.cc(262)] Crash reporting enabled for process: gpu-process
[0324/142320.599209:WARNING:sandbox_linux.cc(385)] InitializeSandbox() called with multiple threads in process gpu-process.
[0324/142320.685718:WARNING:crash_reporting.cc(278)] Failed to set crash key: UserID with value: 76561198071569769
[0324/142320.685757:WARNING:crash_reporting.cc(278)] Failed to set crash key: BuildID with value: 1709846872
[0324/142320.685759:WARNING:crash_reporting.cc(278)] Failed to set crash key: SteamUniverse with value: Public
[0324/142320.685761:WARNING:crash_reporting.cc(278)] Failed to set crash key: Vendor with value: Valve
[0324/142320.685763:WARNING:crash_reporting.cc(278)] Failed to set crash key: Platform with value: Linux
[0324/142320.686278:INFO:crash_reporting.cc(239)] Crash reporting enabled for process: utility
[0324/142321.461127:INFO:crash_reporting.cc(262)] Crash reporting enabled for process: utility
[0324/142321.512986:INFO:crash_reporting.cc(262)] Crash reporting enabled for process: renderer
src/webhelper/html_chrome.cpp (3435) : CefCurrentlyOn( TID_UI )
failed to create drawable
[0324/142329.678665:ERROR:gl_display.cc(508)] EGL Driver message (Error) eglSwapBuffers: Failed to retrieve the size of the parent window.
[0324/142329.678775:ERROR:gpu_service_impl.cc(988)] Exiting GPU process because some drivers can't recover from errors. GPU process will restart shortly.
[0324/142329.690333:ERROR:gpu_process_host.cc(991)] GPU process exited unexpectedly: exit_code=8704
[0324/142329.690348:WARNING:gpu_process_host.cc(1338)] The GPU process has crashed 1 time(s)
[0324/142329.691830:INFO:crash_reporting.cc(262)] Crash reporting enabled for process: gpu-process
[0324/142329.750912:WARNING:sandbox_linux.cc(385)] InitializeSandbox() called with multiple threads in process gpu-process.
[0324/142329.751762:WARNING:gpu_process_host.cc(1014)] Reinitialized the GPU process after a crash. The reported initialization time was 59 ms
[0324/142329.770293:ERROR:gl_surface_egl.cc(480)] eglCreateWindowSurface failed with error EGL_BAD_NATIVE_WINDOW
[0324/142329.770968:ERROR:command_buffer_proxy_impl.cc(325)] GPU state invalid after WaitForGetOffsetInRange.
[0324/142329.771390:ERROR:command_buffer_proxy_impl.cc(128)] ContextResult::kTransientFailure: Failed to send GpuControl.CreateCommandBuffer.
[0324/142329.773456:ERROR:command_buffer_proxy_impl.cc(128)] ContextResult::kTransientFailure: Failed to send GpuControl.CreateCommandBuffer.
[0324/142329.779892:WARNING:frame_impl.cc(699)] SendProcessMessage sent to detached frame 21474836481 [5,1] will be ignored
[0324/142329.779925:WARNING:connection.cc(41)] X error received.  Request: SendEventRequest, Error: WindowError{.sequence = 442, .bad_value = 73400338, .minor_opcode = 0, .major_opcode = 25}
[0324/142329.779939:WARNING:frame_impl.cc(699)] SendProcessMessage sent to detached frame 21474836481 [5,1] will be ignored
[0324/142329.779965:WARNING:frame_impl.cc(699)] SendProcessMessage sent to detached frame 21474836481 [5,1] will be ignored
[0324/142329.779988:WARNING:frame_impl.cc(699)] SendProcessMessage sent to detached frame 21474836481 [5,1] will be ignored
[0324/142329.780018:WARNING:frame_impl.cc(699)] SendProcessMessage sent to detached frame 21474836481 [5,1] will be ignored
[0324/142329.780735:WARNING:connection.cc(41)] X error received.  Request: DestroyWindowRequest, Error: WindowError{.sequence = 450, .bad_value = 73400325, .minor_opcode = 0, .major_opcode = 4}
[0324/142329.780851:ERROR:x11_software_bitmap_presenter.cc(142)] XGetWindowAttributes failed for window 73400340
[0324/142329.780913:WARNING:frame_impl.cc(699)] SendProcessMessage sent to detached frame 21474836484 [5,4] will be ignored
[0324/142329.780950:WARNING:frame_impl.cc(699)] SendProcessMessage sent to detached frame 21474836484 [5,4] will be ignored
[0324/142329.780992:WARNING:connection.cc(41)] X error received.  Request: CreateGCRequest, Error: DrawableError{.sequence = 36, .bad_value = 73400340, .minor_opcode = 0, .major_opcode = 55}
src/webhelper/html_chrome.cpp (3435) : CefCurrentlyOn( TID_UI )
Forced create but already created for SharedObjectEvent

⋉ coredumpctl dump 7511
           PID: 7511 (steamwebhelper)
           UID: 1000 (ulysses)
           GID: 100 (users)
        Signal: 6 (ABRT)
     Timestamp: Sun 2024-03-24 15:23:18 CET (18min ago)
  Command Line: ./steamwebhelper --no-sandbox -lang=en_US -cachedir=/home/ulysses/.local/share/Steam/config/htmlcache -steampid=4086 -buildid=1709846872 -steamid=76561198071569769 -logdir=/home/ulysses/.local/share/Steam/logs -uimode=7 -startcount=9 -steamuniverse=Public -realm=Global -clientui=/home/ulysses/.local/share/Steam/clientui -steampath=/home/ulysses/.local/share/Steam/ubuntu12_32/steam -launcher=0 -no-restart-on-ui-mode-change --enable-smooth-scrolling --password-store=basic --log-file=/home/ulysses/.local/share/Steam/logs/cef_log.txt --disable-quick-menu --disable-features=DcheckIsFatal
    Executable: /home/ulysses/.local/share/Steam/ubuntu12_64/steamwebhelper
 Control Group: /user.slice/user-1000.slice/user@1000.service/app.slice/app-org.gnome.Terminal.slice/vte-spawn-94626b1f-a3b9-44e5-b579-904a7f2d5172.scope
          Unit: user@1000.service
     User Unit: vte-spawn-94626b1f-a3b9-44e5-b579-904a7f2d5172.scope
         Slice: user-1000.slice
     Owner UID: 1000 (ulysses)
       Boot ID: 206b0a40ab1345e59a98b6e1b1b39edf
    Machine ID: 05b8bffe3ee546de92637b08074317db
      Hostname: ulysses-desktop
       Storage: /var/lib/systemd/coredump/core.steamwebhelper.1000.206b0a40ab1345e59a98b6e1b1b39edf.7511.1711290198000000.zst (present)
  Size on Disk: 28.7M
       Message: Process 7511 (steamwebhelper) of user 1000 dumped core.

                Module /nix/store/vwrm7xc2fha9imwzyz4xm5cvdm45l8m6-bzip2-1.0.8/lib/libbz2.so.1.0.8 without build-id.
                Module /nix/store/f64g1pahb9x41b0bh9l3zaxd7av5p6lj-systemd-minimal-libs-255.2/lib/libudev.so.1.7.8 without build-id.
                Module /nix/store/8m69p7c5cjsrhh49mykh62vz8vmp0diw-libX11-1.8.7/lib/libX11-xcb.so.1.0.0 without build-id.
                Module /nix/store/cbg7fz3cd0jbh79fpi72h0zwvvqgjzpd-zstd-1.5.5/lib/libzstd.so.1.5.5 without build-id.
                Module /nix/store/yyqzw7xvsrn3h2zrvincbs1b291yzx8c-xz-5.6.1/lib/liblzma.so.5.6.1 without build-id.
                Module /nix/store/n9sq1bvghs9z0qg6cmwg27y4jmszwgqi-libidn2-2.3.7/lib/libidn2.so.0.4.0 without build-id.
                Module /nix/store/fy2yyv6xji1bkllx2rwvg6hn0p5s4219-libxcb-1.16/lib/libxcb-shm.so.0.0.0 without build-id.
                Module /nix/store/zbaajn0dk65kwvrcglhli1j4xx4vhvvj-zlib-1.3.1/lib/libz.so.1.3.1 without build-id.
                Module /nix/store/6k373ff6rgylb9w6l2qlagb5xdv0fcsf-gcc-13.2.0-libgcc/lib/libgcc_s.so.1 without build-id.
                Module /nix/store/fy2yyv6xji1bkllx2rwvg6hn0p5s4219-libxcb-1.16/lib/libxcb.so.1.1.0 without build-id.
                Module /nix/store/5nx5csrqcra26y520zbxjzjvi9hmkrzv-expat-2.6.0/lib/libexpat.so.1.9.0 without build-id.
                Module /nix/store/6n7r4hfrz7wcfgyyy4wly2dl8wpmgrln-libdrm-2.4.120/lib/libdrm.so.2.4.0 without build-id.
                Module /nix/store/8m69p7c5cjsrhh49mykh62vz8vmp0diw-libX11-1.8.7/lib/libX11.so.6.4.0 without build-id.
                Module /nix/store/vhsc0h999ijdd7yjvyz5hwsm9d10di9q-libXfixes-6.0.1/lib/libXfixes.so.3.1.0 without build-id.
                Module /nix/store/lpqy1z1h8li6h3cp9ax6vifl71dks1ff-libglvnd-1.7.0/lib/libGL.so.1.7.0 without build-id.
                Module /nix/store/9wi57z48m80s40j1bzh2wnpvpi0v4y38-libXext-1.3.6/lib/libXext.so.6.4.0 without build-id.
                Module libpcsclite.so.1 without build-id.
                Module libbeidpkcs11.so without build-id.
                Module libpciaccess.so.0 without build-id.
                Module libxml2.so.2 without build-id.
                Module libncursesw.so.6 without build-id.
                Module libstdc++.so.6 without build-id.
                Module libdrm_intel.so.1 without build-id.
                Module libdrm_nouveau.so.2 without build-id.
                Module libdrm_amdgpu.so.1 without build-id.
                Module libdrm_radeon.so.1 without build-id.
                Module libsensors.so.5 without build-id.
                Module libxcb-xfixes.so.0 without build-id.
                Module libxcb-sync.so.1 without build-id.
                Module libxcb-present.so.0 without build-id.
                Module libxcb-dri3.so.0 without build-id.
                Module libxshmfence.so.1 without build-id.
                Module libXxf86vm.so.1 without build-id.
                Module libxcb-dri2.so.0 without build-id.
                Module libxcb-glx.so.0 without build-id.
                Module libcap.so.2 without build-id.
                Module libunistring.so.5 without build-id.
                Module libffi.so.8 without build-id.
                Module libxcb-randr.so.0 without build-id.
                Module libXdmcp.so.6 without build-id.
                Module libXau.so.6 without build-id.
                Module libGLdispatch.so.0 without build-id.
                Module libGLX.so.0 without build-id.
                Stack trace of thread 7525:
                #0  0x000075bd68ca407c __pthread_kill_implementation (/nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6 + 0x8d07c)
                #1  0x000075bd68c54e06 raise (/nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6 + 0x3de06)
                #2  0x000075bd68c3d8f5 abort (/nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6 + 0x268f5)
                #3  0x0000612f0b22d9ac n/a (/home/ulysses/.local/share/Steam/ubuntu12_64/steamwebhelper + 0x63a9ac)
                #4  0x000075bd509fcf20 n/a (n/a + 0x0)
                #5  0x000075bd642dcd40 n/a (libbeidpkcs11.so + 0x22d40)
                ELF object binary architecture: AMD x86-64
Refusing to dump core to tty (use shell redirection or specify --output).

Notify maintainers

(based on https://github.com/NixOS/nixpkgs/commit/53c527b6945b9e8e440b225bad0e70c2ab9f194e)

Steam maintainers:

@atemu @eclairevoyant @jonringer @k900 @mkg20001

eid-mw maintainers:

@bfortz @chvp

eid-mw contributor: @gytars

Metadata

ulysses-desktop ~ 130 ⋉ nix-shell -p nix-info --run "nix-info -m"
 - system: `"x86_64-linux"`
 - host os: `Linux 6.8.1-cachyos, NixOS, 24.05 (Uakari), 24.05.20240323.44d0940`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.18.2`
 - nixpkgs: `/etc/nix/path/nixpkgs`

⋉ ldd -v  /home/ulysses/.local/share/Steam/ubuntu12_64/steamwebhelper
    linux-vdso.so.1 (0x00007ffc7e1c0000)
    libdl.so.2 => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libdl.so.2 (0x0000759ab9cd2000)
    librt.so.1 => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/librt.so.1 (0x0000759ab9ccd000)
    libcef.so => not found
    libSDL3.so.0 => not found
    libgobject-2.0.so.0 => not found
    libglib-2.0.so.0 => not found
    libgio-2.0.so.0 => not found
    libX11.so.6 => not found
    libXi.so.6 => not found
    libXext.so.6 => not found
    libXrender.so.1 => not found
    libXtst.so.6 => not found
    libXrandr.so.2 => not found
    libXcomposite.so.1 => not found
    libXdamage.so.1 => not found
    libGL.so.1 => not found
    libibus-1.0.so.5 => not found
    libm.so.6 => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libm.so.6 (0x0000759ab951e000)
    libpthread.so.0 => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libpthread.so.0 (0x0000759ab9519000)
    libc.so.6 => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6 (0x0000759ab9330000)
    /lib64/ld-linux-x86-64.so.2 => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib64/ld-linux-x86-64.so.2 (0x0000759ab9cd9000)

    Version information:
    /home/ulysses/.local/share/Steam/ubuntu12_64/steamwebhelper:
        ld-linux-x86-64.so.2 (GLIBC_2.3) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib64/ld-linux-x86-64.so.2
        libSDL3.so.0 (SDL3_0.0.0) => not found
        libc.so.6 (GLIBC_2.2.5) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6
        libc.so.6 (GLIBC_2.3) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6
        libc.so.6 (GLIBC_2.3.2) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6
        libc.so.6 (GLIBC_2.3.4) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6
        libc.so.6 (GLIBC_2.4) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6
        libc.so.6 (GLIBC_2.7) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6
        libc.so.6 (GLIBC_2.10) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6
        libc.so.6 (GLIBC_2.14) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6
        libc.so.6 (GLIBC_2.15) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6
        libc.so.6 (GLIBC_2.17) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6
        libc.so.6 (GLIBC_2.25) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6
        libdl.so.2 (GLIBC_2.2.5) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libdl.so.2
        libdl.so.2 (GLIBC_2.3.4) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libdl.so.2
        libm.so.6 (GLIBC_2.2.5) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libm.so.6
        libm.so.6 (GLIBC_2.27) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libm.so.6
        libm.so.6 (GLIBC_2.29) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libm.so.6
        libpthread.so.0 (GLIBC_2.2.5) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libpthread.so.0
        libpthread.so.0 (GLIBC_2.3.2) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libpthread.so.0
        libpthread.so.0 (GLIBC_2.3.3) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libpthread.so.0
        libpthread.so.0 (GLIBC_2.12) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libpthread.so.0
        librt.so.1 (GLIBC_2.2.5) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/librt.so.1
    /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libdl.so.2:
        libc.so.6 (GLIBC_ABI_DT_RELR) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6
        libc.so.6 (GLIBC_2.2.5) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6
    /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/librt.so.1:
        libc.so.6 (GLIBC_ABI_DT_RELR) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6
        libc.so.6 (GLIBC_2.2.5) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6
        libc.so.6 (GLIBC_PRIVATE) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6
    /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libm.so.6:
        ld-linux-x86-64.so.2 (GLIBC_PRIVATE) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib64/ld-linux-x86-64.so.2
        libc.so.6 (GLIBC_ABI_DT_RELR) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6
        libc.so.6 (GLIBC_2.4) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6
        libc.so.6 (GLIBC_2.2.5) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6
        libc.so.6 (GLIBC_PRIVATE) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6
    /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libpthread.so.0:
        libc.so.6 (GLIBC_ABI_DT_RELR) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6
        libc.so.6 (GLIBC_2.2.5) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6
    /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib/libc.so.6:
        ld-linux-x86-64.so.2 (GLIBC_2.2.5) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib64/ld-linux-x86-64.so.2
        ld-linux-x86-64.so.2 (GLIBC_2.3) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib64/ld-linux-x86-64.so.2
        ld-linux-x86-64.so.2 (GLIBC_PRIVATE) => /nix/store/1rm6sr6ixxzipv5358x0cmaw8rs84g2j-glibc-2.38-44/lib64/ld-linux-x86-64.so.2

Contents of pcscd.nix file containing the whole eid-mw configuration that I am using:

{ config, pkgs, lib, ... }:

{

  environment.systemPackages = with pkgs; [
     chrome-token-signing # Chrome and Firefox extension for signing with your eID on the web
      (pkgs.writeShellScriptBin "eid-card-reader-activation-script" ''
      # See https://nixos.wiki/wiki/Web_eID
      # kill all open browsers:
      killall brave
      killall chromium
      killall firefox
      killall .firefox-wrapped
      NSSDB="''${HOME}/.pki/nssdb"
      mkdir -p ''${NSSDB} 
      eid-nssdb remove  
      # "eid-nssdb add" is crucial step to enable eid card reader:
      # see https://search.nixos.org/packages?channel=23.11&show=eid-mw&from=0&size=50&sort=relevance&type=packages&query=eid-mw
      eid-nssdb add
      eid-viewer
      echo "retest eid card reader on www.cm.be using brave or chromium web browser"
      chromium www.cm.be
    '')

     eid-mw # libbeidpkcs11.so in eid-mw causes coredump and constant restarting of steamwebhelper/steam client
     opensc # Set of libraries and utilities to access smart cards, required for Belgian eid cards
     p11-kit # Library for loading and sharing PKCS#11 modules, required for Belgian eid cards
     pcscliteWithPolkit # Middleware to access a smart card using SCard API (PC/SC), required for Belgian eid cards
     pcsctools # Tools used to test a PC/SC driver, card or reader, required for Belgian eid cards
     web-eid-app # signing and authentication operations with smart cards for the Web eID browser extension
  ];

services.pcscd.enable = true;
services.pcscd.extraArgs = [ "-d" ]; 
services.pcscd.plugins = [ pkgs.acsccid ]; # is right driver for ACR38 AC1038-based Smart Card Reader

# Bus 001 Device 002: ID 072f:9000 Advanced Card Systems, Ltd ACR38 AC1038-based Smart Card Reader
# This ACR38U seems to require use of acsccid plugin for pcscd
services.udev.extraRules = ''
    SUBSYSTEM=="usb", ATTR{idVendor}=="072f", ATTR{idProduct}=="9000", MODE="0660", GROUP="wheel"
  '';

security.polkit.extraConfig = ''
      polkit.addRule(function(action, subject) {
        if ((action.id == "org.debian.pcsc-lite.access_pcsc" ||
          action.id == "org.debian.pcsc-lite.access_card") &&
          subject.isInGroup("wheel")) {
          return polkit.Result.YES;
        }
      });
  '';

}

---

Add a :+1: reaction to issues you find important.

[MarkRijckenberg]

Following bugreport is a duplicate of this one. That other bugreport contains a workaround (uninstalling eid-mw), but I would like this bug to be solved, as I would like to be able to use eid-mw and steam on the same PC at the same time....

https://github.com/ValveSoftware/steam-for-linux/issues/10649

[Atemu]

libfile="/run/current-system/sw/lib/libbeidpkcs11.so"

That's... terrible.

The package appears to be ancient and would not be accepted in its current state were it added today.

It should not rely on any globally-installed shared library; that breaks just about every design decision in Nix.

I can't help you with fixing that but doing it the Nix way would solve the issue.

I do wonder how this global library path that nothing on NixOS should ever use for anything ends up being picked up by steam though; that appears to be the actionable bug here.

[MarkRijckenberg]

@Atemu: thanks for your feedback. Indeed, could you maybe edit the Steam code so that it does not try to use libbeidpkcs11.so during startup? It would be best if Steam also ignores libpcsclite.so.1 (see logs above). Both libraries are used for accessing Belgian electronic ID cards.

[Atemu]

We'll first have to figure out how it even gets discovered by steam because that path is never explicitly passed to it AFAICT.

What's your LD_LIBRARY_PATH in the system and inside steam-run?

[MarkRijckenberg]

⋉ echo $LD_LIBRARY_PATH (no Terminal output -> variable is not set in Terminal)

⋉ env|grep LIB
GI_TYPELIB_PATH=/nix/store/xkn0l37wqjkybqhsqpavmigyafilj77z-gobject-introspection-wrapped-1.78.1/lib/girepository-1.0:/nix/store/8lmh9vnbw1bhlxnxsaspyvbmzdyb3xj4-at-spi2-core-2.50.1/lib/girepository-1.0:/nix/store/hwh2j6sh5626si924l66yddc0y6g0cw4-gdk-pixbuf-2.42.10/lib/girepository-1.0:/nix/store/dww77ywm1zj2q2h2l2xifr40fgsk1k7y-gsettings-desktop-schemas-45.0/lib/girepository-1.0:/nix/store/kdh8lg6amm1z9r79ja4xaj3ci3wxjlkw-harfbuzz-8.3.0/lib/girepository-1.0:/nix/store/b61xcm9qr9mfq2kqanjs9nrldfkpw18m-pango-1.51.0/lib/girepository-1.0:/nix/store/15g7m2yncbawq9kz65plgszxyvp8dlax-gtk+3-3.24.41/lib/girepository-1.0:/nix/store/f2d8d2nnz2fhx7c8zwkmkq42dqk61ysm-librsvg-2.57.1/lib/girepository-1.0:/nix/store/lfq70fl1aqhq3qyqqf7qvkyzz97kh5km-gobject-introspection-1.78.1/lib/girepository-1.0:/nix/store/yjj4wwzs9ysfkzavp1cav1vk3dd5lj05-cinnamon-desktop-6.0.0/lib/girepository-1.0:/nix/store/g0y3s0h3q34s8d39l2b5n28rvyyxs3a0-cinnamon-menus-6.0.0/lib/girepository-1.0:/nix/store/yilblyn3xkp6ljcpa2ky0x8gg611w8hv-libical-3.0.17/lib/girepository-1.0:/nix/store/aq02vq68mqwihwqipa815z6v9bxxzhab-libsoup-3.4.4/lib/girepository-1.0:/nix/store/x8ajfccsp66ypi8jc0389j05g1jgq0lw-json-glib-1.8.0/lib/girepository-1.0:/nix/store/jjyzcqb43hn4mh2fx8xny9k0v9h7n7rn-evolution-data-server-3.50.4/lib/girepository-1.0:/nix/store/a0l4i9yy21b2lkb1zzc7mmm6q4wnjx1x-gsound-1.0.3/lib/girepository-1.0:/nix/store/kmqqvcgfig36i1zycxw6dhm0jhhhvy1y-graphene-1.10.8/lib/girepository-1.0:/nix/store/3smcvkky0inrnw2kdsflxh34in0sn2qp-networkmanager-1.46.0/lib/girepository-1.0:/nix/store/8zp2p97y1qcdg0pv8znfzxyvq2byl20m-polkit-123/lib/girepository-1.0:/nix/store/xibsi840416x1976ik6nb5vs8mf1vrkr-libxklavier-5.4/lib/girepository-1.0:/nix/store/b1jxkwsqk4yfak1q30zcywl8lkfpcnag-libgnomekbd-3.28.1/lib/girepository-1.0:/nix/store/mkm79riwz8s0q96ixwgbghrm71zkqgax-gstreamer-1.22.9/lib/girepository-1.0:/nix/store/vkh36xdl4rga4h6d5bwsbhv8z57mvzh3-caribou-0.4.21/lib/girepository-1.0:/nix/store/pl4r3wrrjf7fsq1rj6yf1rnn6qb0rmr3-libgee-0.20.6/lib/girepository-1.0:/nix/store/n98bcpxv1nkrmf5icgn3j4wjn3ghll4y-keybinder3-0.3.2/lib/girepository-1.0:/nix/store/l3x8q51rn5cqcwjvhiixcxm1mlmvplig-upower-1.90.2/lib/girepository-1.0:/nix/store/8g0f3w58mj67h8sy5yxc64xn5zyblacx-xapp-2.8.2/lib/girepository-1.0:/nix/store/4n0i41br72qlhwsczgrv7cps5nbv17y6-timezonemap-0.4.5.1/lib/girepository-1.0:/nix/store/2rhf5cc7z3fcw9klj2kfvibmdxfdbcz0-nemo-6.0.2/lib/girepository-1.0:/nix/store/8lc2jzdifkslbmz4pk1ym2c4xxjri3z3-libnotify-0.8.3/lib/girepository-1.0:/nix/store/zaqxvczv831bl2ngv8g8p7jwxlqxil0i-accountsservice-23.13.9/lib/girepository-1.0:/nix/store/8qrj8q3ks542z9np5w1hqp49554bzc47-libnma-1.10.6/lib/girepository-1.0:/nix/store/wsxvzmqc12mjlsi4xhg5m0q4v3vd0b8v-gnome-online-accounts-3.48.1/lib/girepository-1.0
LIBEXEC_PATH=/home/ulysses/.nix-profile/libexec:/nix/profile/libexec:/home/ulysses/.local/state/nix/profile/libexec:/etc/profiles/per-user/ulysses/libexec:/nix/var/nix/profiles/default/libexec:/run/current-system/sw/libexec

⋉ echo $LD_LIBRARY_PATH
⋉ cd ~/.steam/
⋉ file * | grep ELF | cut -d: -f1 
⋉ 
⋉ file * | grep ELF | cut -d: -f1 | LD_LIBRARY_PATH=. xargs ldd | grep 'not found' | sort | uniq
ldd: missing file arguments
Try `ldd --help' for more information.
⋉ for i in $(pgrep steam); do sed '/\.local/!d;s/.*  //g' /proc/$i/maps; done | sort | uniq
⋉ 

[Atemu]

steam-run env | grep LIB?

[MarkRijckenberg]

⋉ steam-run env | grep LIB
STEAM_LD_LIBRARY_PATH=/lib64:/lib32:/steamrt/amd64/lib/x86_64-linux-gnu:/steamrt/amd64/lib:/steamrt/amd64/usr/lib/x86_64-linux-gnu:/steamrt/amd64/usr/lib:/steamrt/i386/lib/i386-linux-gnu:/steamrt/i386/lib:/steamrt/i386/usr/lib/i386-linux-gnu:/steamrt/i386/usr/lib:/run/opengl-driver/lib:/run/opengl-driver-32/lib
GI_TYPELIB_PATH=/nix/store/xkn0l37wqjkybqhsqpavmigyafilj77z-gobject-introspection-wrapped-1.78.1/lib/girepository-1.0:/nix/store/8lmh9vnbw1bhlxnxsaspyvbmzdyb3xj4-at-spi2-core-2.50.1/lib/girepository-1.0:/nix/store/hwh2j6sh5626si924l66yddc0y6g0cw4-gdk-pixbuf-2.42.10/lib/girepository-1.0:/nix/store/dww77ywm1zj2q2h2l2xifr40fgsk1k7y-gsettings-desktop-schemas-45.0/lib/girepository-1.0:/nix/store/kdh8lg6amm1z9r79ja4xaj3ci3wxjlkw-harfbuzz-8.3.0/lib/girepository-1.0:/nix/store/b61xcm9qr9mfq2kqanjs9nrldfkpw18m-pango-1.51.0/lib/girepository-1.0:/nix/store/15g7m2yncbawq9kz65plgszxyvp8dlax-gtk+3-3.24.41/lib/girepository-1.0:/nix/store/f2d8d2nnz2fhx7c8zwkmkq42dqk61ysm-librsvg-2.57.1/lib/girepository-1.0:/nix/store/lfq70fl1aqhq3qyqqf7qvkyzz97kh5km-gobject-introspection-1.78.1/lib/girepository-1.0:/nix/store/yjj4wwzs9ysfkzavp1cav1vk3dd5lj05-cinnamon-desktop-6.0.0/lib/girepository-1.0:/nix/store/g0y3s0h3q34s8d39l2b5n28rvyyxs3a0-cinnamon-menus-6.0.0/lib/girepository-1.0:/nix/store/yilblyn3xkp6ljcpa2ky0x8gg611w8hv-libical-3.0.17/lib/girepository-1.0:/nix/store/aq02vq68mqwihwqipa815z6v9bxxzhab-libsoup-3.4.4/lib/girepository-1.0:/nix/store/x8ajfccsp66ypi8jc0389j05g1jgq0lw-json-glib-1.8.0/lib/girepository-1.0:/nix/store/jjyzcqb43hn4mh2fx8xny9k0v9h7n7rn-evolution-data-server-3.50.4/lib/girepository-1.0:/nix/store/a0l4i9yy21b2lkb1zzc7mmm6q4wnjx1x-gsound-1.0.3/lib/girepository-1.0:/nix/store/kmqqvcgfig36i1zycxw6dhm0jhhhvy1y-graphene-1.10.8/lib/girepository-1.0:/nix/store/3smcvkky0inrnw2kdsflxh34in0sn2qp-networkmanager-1.46.0/lib/girepository-1.0:/nix/store/8zp2p97y1qcdg0pv8znfzxyvq2byl20m-polkit-123/lib/girepository-1.0:/nix/store/xibsi840416x1976ik6nb5vs8mf1vrkr-libxklavier-5.4/lib/girepository-1.0:/nix/store/b1jxkwsqk4yfak1q30zcywl8lkfpcnag-libgnomekbd-3.28.1/lib/girepository-1.0:/nix/store/mkm79riwz8s0q96ixwgbghrm71zkqgax-gstreamer-1.22.9/lib/girepository-1.0:/nix/store/vkh36xdl4rga4h6d5bwsbhv8z57mvzh3-caribou-0.4.21/lib/girepository-1.0:/nix/store/pl4r3wrrjf7fsq1rj6yf1rnn6qb0rmr3-libgee-0.20.6/lib/girepository-1.0:/nix/store/n98bcpxv1nkrmf5icgn3j4wjn3ghll4y-keybinder3-0.3.2/lib/girepository-1.0:/nix/store/l3x8q51rn5cqcwjvhiixcxm1mlmvplig-upower-1.90.2/lib/girepository-1.0:/nix/store/8g0f3w58mj67h8sy5yxc64xn5zyblacx-xapp-2.8.2/lib/girepository-1.0:/nix/store/4n0i41br72qlhwsczgrv7cps5nbv17y6-timezonemap-0.4.5.1/lib/girepository-1.0:/nix/store/2rhf5cc7z3fcw9klj2kfvibmdxfdbcz0-nemo-6.0.2/lib/girepository-1.0:/nix/store/8lc2jzdifkslbmz4pk1ym2c4xxjri3z3-libnotify-0.8.3/lib/girepository-1.0:/nix/store/zaqxvczv831bl2ngv8g8p7jwxlqxil0i-accountsservice-23.13.9/lib/girepository-1.0:/nix/store/8qrj8q3ks542z9np5w1hqp49554bzc47-libnma-1.10.6/lib/girepository-1.0:/nix/store/wsxvzmqc12mjlsi4xhg5m0q4v3vd0b8v-gnome-online-accounts-3.48.1/lib/girepository-1.0
LD_LIBRARY_PATH=/lib64:/lib32:/steamrt/amd64/lib/x86_64-linux-gnu:/steamrt/amd64/lib:/steamrt/amd64/usr/lib/x86_64-linux-gnu:/steamrt/amd64/usr/lib:/steamrt/i386/lib/i386-linux-gnu:/steamrt/i386/lib:/steamrt/i386/usr/lib/i386-linux-gnu:/steamrt/i386/usr/lib:/run/opengl-driver/lib:/run/opengl-driver-32/lib
LIBEXEC_PATH=/home/ulysses/.nix-profile/libexec:/nix/profile/libexec:/home/ulysses/.local/state/nix/profile/libexec:/etc/profiles/per-user/ulysses/libexec:/nix/var/nix/profiles/default/libexec:/run/current-system/sw/libexec

[Atemu]

I do not understand how Steam discovers this path then.

A quick hack could be to use an extraBwrapArg to mount a tmpfs at /run/current-system/sw/lib/. Could you try that?

[MarkRijckenberg]

I only started using NixOS in June 2023. So compared to you, I am pretty much a novice :-) I am not sure how to perform that hack.... I think that reproducible builds - one of the many strengths of NixOS - should mean that the bugs should be reproducible as well, on (almost) any PC. If you install the steam package from nixpkgs, and then enable following configuration, you should be able to reproduce my issue on your PC as well.

{ config, pkgs, ... }:

{

  environment.systemPackages = with pkgs; [
     chrome-token-signing # Chrome and Firefox extension for signing with your eID on the web
      (pkgs.writeShellScriptBin "eid-card-reader-activation-script" ''
      # See https://nixos.wiki/wiki/Web_eID
      # kill all open browsers:
      killall brave
      killall chromium
      killall firefox
      killall .firefox-wrapped
      NSSDB="''${HOME}/.pki/nssdb"
      mkdir -p ''${NSSDB} 
      eid-nssdb remove  
      # "eid-nssdb add" is crucial step to enable eid card reader:
      # see https://search.nixos.org/packages?channel=23.11&show=eid-mw&from=0&size=50&sort=relevance&type=packages&query=eid-mw
      eid-nssdb add
      eid-viewer
      echo "retest eid card reader on www.cm.be using brave or chromium web browser"
      chromium www.cm.be
    '')

     eid-mw # libbeidpkcs11.so in eid-mw causes coredump and constant restarting of steamwebhelper/steam client
     opensc # Set of libraries and utilities to access smart cards, required for Belgian eid cards
     p11-kit # Library for loading and sharing PKCS#11 modules, required for Belgian eid cards
     pcscliteWithPolkit # Middleware to access a smart card using SCard API (PC/SC), required for Belgian eid cards
     pcsctools # Tools used to test a PC/SC driver, card or reader, required for Belgian eid cards
     web-eid-app # signing and authentication operations with smart cards for the Web eID browser extension
  ];

services.pcscd.enable = true;
services.pcscd.extraArgs = [ "-d" ]; 
services.pcscd.plugins = [ pkgs.acsccid ]; # is right driver for ACR38 AC1038-based Smart Card Reader

# Bus 001 Device 002: ID 072f:9000 Advanced Card Systems, Ltd ACR38 AC1038-based Smart Card Reader
# This ACR38U seems to require use of acsccid plugin for pcscd
services.udev.extraRules = ''
    SUBSYSTEM=="usb", ATTR{idVendor}=="072f", ATTR{idProduct}=="9000", MODE="0660", GROUP="wheel"
  '';

security.polkit.extraConfig = ''
      polkit.addRule(function(action, subject) {
        if ((action.id == "org.debian.pcsc-lite.access_pcsc" ||
          action.id == "org.debian.pcsc-lite.access_card") &&
          subject.isInGroup("wheel")) {
          return polkit.Result.YES;
        }
      });
  '';

}

[Atemu]

The problem is that I don't have your hardware or state or ability to use eid-mw in any way.

The way to do what I suggested would be to set programs.steam.package = steam.override { extraBwrapArgs = [ "--tmpfs /run/current-system/sw/lib/" ]; };

[MarkRijckenberg]

I configured the following:

 programs.steam = {
      enable = true;
      remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
      dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
          package = pkgs.steam.override { extraBwrapArgs = [ "--tmpfs /run/current-system/sw/lib/" ]; };
     };

When I now try to launch steam, I get:

⋉ steam
bwrap: Can't mkdir parents for /run/current-system/sw/lib/: No such file or directory
ulysses-desktop ~ 1 ⋉ 

Same for steam-run:

⋉ steam-run 
bwrap: Can't mkdir parents for /run/current-system/sw/lib/: No such file or directory
ulysses-desktop ~ 1 ⋉ 

[MarkRijckenberg]

Added following eid-mw specialists into this bug report, as it may be better to get this solved on the eid-mw side, not the steam package side.... :

eid-mw maintainers:

@bfortz @chvp

eid-mw contributor: @gytars

If one of the maintainers above lives in Belgium and has an eid card reader, it would be great if that person tried to recreate this bug on their own PC. But to be honest, you don't even need an eid card reader, nor an eid card; you just need to install eid-mw as system package and install steam too..... Then steam will crashloop...

[chvp]

I use both steam and eid-mw, and do not encounter this issue. One important difference though is that I use Firefox, so I don't do the nssdb step. Presumably steam's web helper is chromium based, which would explain how it picks up eid: through the nssdb.

[MarkRijckenberg]

That leaves 2 options:

1) fix the code behind the command "eid-nssdb add" so that the library libbeidpkcs11.so is never picked up by steam.

2) adapt the instructions in https://search.nixos.org/packages?channel=unstable&show=eid-mw&from=0&size=50&sort=relevance&type=packages&query=eid-mw
and instruct people to only use firefox and never use eid-nssdb add. But then: why include eid-nssdb in the first place?

The instructions state:

"To use eIDs in NSS-compatible browsers like Chrom{e,ium} or Firefox, each user must first execute: ~$ eid-nssdb add (Running the script once as root with the –system option enables eID support for all users, but will not work when using Chrom{e,ium}!) Before uninstalling this package, it is a very good idea to run ~$ eid-nssdb [–system] remove and remove all ~/.pki and/or /etc/pki directories no longer needed."

If the instructions tell me to run eid-nssdb add and this causes a crashloop of steam, there clearly is a problem

[chvp]

Maybe we should first verify that nssdb is the problem here? Can you follow the uninstall instructions and then check that steam starts up correctly?

[seghers]

I added steam to my system and switched. It seems to be working. After an update dialog, I get a login dialog.

  \\  \\ //     myname@mysystem
 ==\\__\\/ //   --------- 
   //   \\//    OS: NixOS x86_64 
==//     //==   Host: LENOVO 21FAS0PU00 
 //\\___//      Kernel: 6.7.10 
// /\\  \\==    Uptime: 1 day, 29 mins 
  // \\  \\     Packages: 1124 (nix-system), 2231 (nix-user) 
                Shell: zsh 5.9 
                Resolution: 3840x2400 
                WM: sway 
                Theme: Breeze [GTK2/3] 
                Icons: Papirus [GTK2/3] 
                Terminal: foot 
                CPU: 13th Gen Intel i9-13950HX (32) @ 5.300GHz 
                GPU: Intel Raptor Lake-S UHD Graphics 
                Memory: 50.38GiB / 125.45GiB (40%) 

I'm currently not using the Nvidia, it's on a specialisation for offload

[MarkRijckenberg]

I tested on both my laptop and desktop PC.

Running "eid-nssdb remove" solved the issue on both PCs, but that means support for chromium and brave browsers is removed.

I would prefer option 1 (fixing the eid-nssdb code), so we don't depend on using just one webbrowser (firefox)

@chvp : can you run "eid-nssdb add" and then launch steam to confirm that this bug is reproducible?

[chvp]

Running eid-nssdb add does break steam for me. I'll investigate further on the weekend or next week, don't really have the time right now.

[MarkRijckenberg]

OK, thanks for confirming the bug.

[MarkRijckenberg]

Can one of the eid-mw maintainers maybe look into this tomorrow or Sunday?

[chvp]

Sorry, forgot about this. I did some more investigating. It seems that eid-mw uses C++ exceptions to handle when things are not found during configuration lookups. What I can't figure out though, is why the exceptions are not getting caught (at least, that's what the stack trace leads me to believe).

[MarkRijckenberg]

I am no coding expert, especially in C++. But maybe it will help to analyze the following 11 code segments in the eid-mw source code that mention libbeidpkcs11.so? This file should get sandboxed/isolated somehow, so it is not picked up anymore by applications not used for web browsing (like steamwebhelper)

https://github.com/search?q=repo%3AFedict%2Feid-mw+libbeidpkcs11.so&type=code

The coredump shows "./steamwebhelper --no-sandbox" So steamwebhelper is not running sandboxed. So I guess it is up to eid-mw to sandbox libbeidpkcs11.so. Of course, all of this could be obvious to you :-)

[chvp]

As far as I could find, there's no way to configure NSS so that libbeidpkcs11.so gets picked up by e.g. chrome but not by steamwebhelper. The sandbox is not really relevant here, NSS runs outside of the sandbox anyway.

[MarkRijckenberg]

Thanks for the feedback, Charlotte.

@Atemu @eclairevoyant @jonringer @K900 @mkg20001

Question for the steam package maintainers: is it possible to create a package override for steam - programmed using the nix language - to force steam and steamwebhelper to skip/ignore any library file starting with libbeidpkcs11* ? I know it sounds like an ugly hack, but then it would solve my issue without having to adapt code in steamwebhelper/steam/eid-mw/eid-nssdb

[Atemu]

Only thing I could think of would be to bind-mount /dev/null atop of the nix store path of that so.

The code of eid-mw/eid-nssdb needs to be changed anyways.

[MarkRijckenberg]

I have written following ugly hack and added it as package to environment.systemPackages
I would prefer to have a more elegant solution, but beggars can't be choosers.... Apparently steamwebhelper crashloops by reading "library=/run/current-system/sw/lib/libbeidpkcs11.so" from ~/.pki/nssdb/pkcs11.txt steamwebhelper should not be reading from ~/.pki/nssdb/ ! After deleting ~/.pki/nssdb/pkcs11.txt , steam launches fine.

(pkgs.writeShellScriptBin "eid-card-reader-activation-script" ''
      # See https://nixos.wiki/wiki/Web_eID
      # kill all open browsers:
      killall brave
      killall chromium
      killall firefox
      killall .firefox-wrapped
      # Following step PREVENTS crashloop of steam/steamwebhelper client:
      rm -rf ~/.pki # delete NSSDB in case it is corrupted by previous operations
      # Enable use of Belgian eid card reader in Chromium:
      eid-nssdb add # this step CAUSES crashloop of steam/steamwebhelper client
      eid-viewer
      echo "retest eid card reader on www.cm.be using brave or chromium web browser"
      brave www.cm.be
      # Following step PREVENTS crashloop of steam/steamwebhelper client:
      rm -rf ~/.pki # delete NSSDB in case it is corrupted by previous operations
      # Launch steam and make sure steamwebhelper does not crashloop anymore:
      steam
    '')

[MarkRijckenberg]

After some more digging, I found the following as part of the steam install:

steam-runtime-heavy.tar.xz
steam-runtime-heavy/installed/libnss3_3.26-1+debu8u11_amd64: -rw-r--r-- root/root       899 2020-06-30 16:19 ./usr/lib/x86_64-linux-gnu/nss/libnssdbm3.chk
steam-runtime-heavy/installed/libnss3_3.26-1+debu8u11_amd64: -rw-r--r-- root/root    179296 2020-06-30 16:19 ./usr/lib/x86_64-linux-gnu/nss/libnssdbm3.so
steam-runtime-heavy/usr/lib/x86_64-linux-gnu/nss/libnssdbm3.chk: [rga: binary data]
steam-runtime-heavy/usr/lib/x86_64-linux-gnu/nss/libnssdbm3.so: [rga: binary data]
steam-runtime-heavy/usr/share/doc/libnss3/changelog.Debian.gz:   * debian/control, debian/libnss3-nssdb.*, debian/pkcs11.txt, debian/rules:
steam-runtime-heavy/usr/share/doc/libnss3/changelog.Debian.gz:   * debian/control, debian/libnss3-nssdb.*, debian/pkcs11.txt, debian/rules:
steam-runtime-heavy/usr/share/doc/libnss3/changelog.Debian.gz:   * debian/rules: Avoid installing freebl, softokn, nssckbi and nssdbm in two
steam-runtime-heavy/usr/share/doc/libnss3/changelog.Debian.gz:     + Sign libnssdbm3.so. Closes: #588806.
steam-runtime-heavy/usr/share/doc/libnss3/changelog.Debian.gz:     + Install libsoftokn3 and the new libnssdbm3 in /usr/lib/nss.

steam-runtime-sniper.tar.xz
SteamLinuxRuntime_sniper/sniper_platform_0.20240307.80401/files/lib/i386-linux-gnu/nss/libnssdbm3.chk: [rga: binary data]
SteamLinuxRuntime_sniper/sniper_platform_0.20240307.80401/files/lib/i386-linux-gnu/nss/libnssdbm3.so: [rga: binary data]
SteamLinuxRuntime_sniper/sniper_platform_0.20240307.80401/files/lib/x86_64-linux-gnu/nss/libnssdbm3.chk: [rga: binary data]
SteamLinuxRuntime_sniper/sniper_platform_0.20240307.80401/files/lib/x86_64-linux-gnu/nss/libnssdbm3.so: [rga: binary data]
SteamLinuxRuntime_sniper/sniper_platform_0.20240307.80401/usr-mtree.txt.gz: ./lib/i386-linux-gnu/nss/libnssdbm3.chk type=file mode=644 time=1676493088.0 size=899 sha256=9761145159b82062c04b8b1bb85b784c2923e0d23c9656e273fbd2dff745a75e
SteamLinuxRuntime_sniper/sniper_platform_0.20240307.80401/usr-mtree.txt.gz: ./lib/i386-linux-gnu/nss/libnssdbm3.so type=file mode=644 time=1676493088.0 size=219024 sha256=417cc005d147a329a5d20ff2cedb88d56db279c2de08ec6d6ad7de3c84897812
SteamLinuxRuntime_sniper/sniper_platform_0.20240307.80401/usr-mtree.txt.gz: ./lib/x86_64-linux-gnu/nss/libnssdbm3.chk type=file mode=644 time=1676493088.0 size=899 sha256=2af2db4c03cd5aada012f38696748eecb69f73a5e56040c45401f74b460cf6ff
SteamLinuxRuntime_sniper/sniper_platform_0.20240307.80401/usr-mtree.txt.gz: ./lib/x86_64-linux-gnu/nss/libnssdbm3.so type=file mode=644 time=1676493088.0 size=183336 sha256=64e8fb6b599c4587bb7addfad5c1148f4f9ebbd1afb93613c4dca7bb1e220572

steam-runtime-heavy.tar.xz and steam-runtime-sniper.tar.xz contain libnss3 (network security service libraries)

Why do the steam-runtimes contain libnss3? libnss3 is useful for web browsers like chromium, but not for gaming clients. I suspect that the libnss3 libraries contained in steam-runtime-heavy.tar.xz and steam-runtime-sniper.tar.xz are responsible for searching for libraries in ~/.pki/nssdb/pkcs11.txt The steam developers should really take a good hard look at the steam-runtime code and rip out any code that is ONLY useful for a webbrowser, but NOT useful for gaming clients like steam.

[MarkRijckenberg]

See steam-runtime-heavy/usr/share/doc/libnss3/changelog.Debian.gz: debian/control, debian/libnss3-nssdb., debian/pkcs11.txt, debian/rules:

which shows a link with pkcs11.txt

[eclairevoyant]

Why do the steam-runtimes contain libnss3? libnss3 is useful for web browsers like chromium, but not for gaming clients.

Steam has a web browser, using Chromium Embedded Framework (CEF)

[MarkRijckenberg]

Yes, I know that Steam has a web browser component, but do steam-runtime-heavy and SteamLinuxRuntime_sniper NEED libnss3 too? I am not saying to remove the web browser (chromium) component. I am asking to remove the web browser functionalities NOT needed for a gaming client. Doing so would have 2 potential benefits:

1. increasing the security of the steam codebase
2. solving the conflict between steamwebhelper and libbeidpkcs11.so due to reading pkcs11.txt

[MarkRijckenberg]

Following documentation confirms that the libnss3 library reads from ~/.pki/nssdb/pkcs11.txt

https://discourse.ubuntu.com/t/network-security-services-nss/35168

So as long as the steam client remains bundled with libnss3 (and related support for PKCS security modules), this bug will probably persist.

[NorfairKing]

@MarkRijckenberg Perhaps we could use libredirect to make either of these look in the nix store instead of the .pki directory in the home dir.

[MarkRijckenberg]

Using libredirect would be a workaround for a security function (PKCS) that should not be supported here in the first place. At least, that is my assumption. And nobody has contradicted me on this yet. If I am wrong in this assumption, please let me know!

I looked at https://github.com/NixOS/nixpkgs/blob/master/pkgs/games/steam/steam.nix Version is still stuck at version 1.0.0.74 which is ancient. I wonder why the version number has not been bumped up to version 1.0.0.79 yet. (see https://repo.steampowered.com/steam/archive/stable/?C=M&O=A )

I would suggest 2 steps: 1) attempt to update the steam source code to upgrade from 1.0.0.74 to 1.0.0.79 2) at the same time: replace libnss3 with openssl in order to keep supporting TLS/SSL connections, but dropping support for PKCS security modules. The eid-mw package already depends on openssl. I checked that using nix-tree, because nix-tree gives a real-time view of the package dependencies on my system.

I support first principles thinking. The best component is no component. Reducing complexity increases the security of the application, reduces software bloat and also follows the principle of least privileges. Only give an application the minimum features it needs to function, nothing more....

[K900]

1) This is just the Steam bootstrapper, it has basically nothing to do with the actual client, it just sets up the environment, then downloads the latest client from Valve 2) No one can do that but Valve

[MarkRijckenberg]

@K900 Thanks for your feedback. Does it mean I should close this issue here and reopen it on https://github.com/ValveSoftware/steam-for-linux/issues ? Or are there Valve employees working here in https://github.com/NixOS/nixpkgs/issues ?

[K900]

The issue should probably be reported to Valve, specifically to make them aware that Steam will load mismatched libraries through this specific escape hatch.

[MarkRijckenberg]

@chvp : could you please implement the solution mentioned here?

https://github.com/ValveSoftware/steam-runtime/issues/667

This means:

Simply replacing libfile="/run/current-system/sw/lib/libbeidpkcs11.so" with libfile="/run/current-system/sw/lib/opensc-pkcs11.so" in the eid-nssdb script Apparently there is a bug in /run/current-system/sw/lib/libbeidpkcs11.so that causes the crashloop of steam, nothing else. Replacing this library with opensc-pkcs11.so circumvents the whole issue, without having to remove PKCS support in libnss3.

This solution means there is no need to adapt the nixpkgs documentation regarding the use of "eid-nssdb add"

[MarkRijckenberg]

I have solved the crashlooping issue by performing a complete reinstall of the steam client on NixOS unstable.

I ran rm -rf ~/.local/share/Steam Then reran steam to force a new install. No more crashlooping of steam, even when libbeidpkcs11.so is loaded via eid-nssdb add