RPATHs pointing to `/tmp/nix-build-foo` combined with `--shrink-rpath` in Nixpkgs fixupPhase break once the build is done

[dezgeg]

For instance, openldap in current Nixpkgs is built with dontPatchELF because the binaries are broken otherwise. The reason seems to be that the RPATH generated by the compiler is:

/tmp/nix-build-openldap-2.4.44.drv-0/openldap-2.4.44/libraries/libldap_r/.libs
/tmp/nix-build-openldap-2.4.44.drv-0/openldap-2.4.44/libraries/liblber/.libs
/nix/store/bfkmdxmv3a3f0g3d2q8jkdz2wam93c5z-openldap-2.4.44/lib
/nix/store/bfkmdxmv3a3f0g3d2q8jkdz2wam93c5z-openldap-2.4.44/lib64
/nix/store/bxn5llxrp47cxws5zj20nrwig28g6qw6-gcc-5.3.0/libexec/gcc/x86_64-unknown-linux-gnu/5.3.0
/nix/store/vs3npwi7g9jj0yc1w2v1jn5gzjqfx93x-openssl-1.0.2h/lib
/nix/store/1d5cp4rbicw2j1kh6ycblcz8sswgsd32-cyrus-sasl-2.1.26/lib
/nix/store/1ircr6963cs7kqb2j1d1k349p445q48l-db-5.3.28/lib
/nix/store/68gvzfvm4886b4ni6wfl1j5n9di69zid-glibc-2.23/lib
/nix/store/r05qai37rzrlp4szhwbs993w4xl66vbr-gcc-5.3.0-lib/lib

... which then patchelf --shrink-rpath shrinks to:

/tmp/nix-build-openldap-2.4.44.drv-0/openldap-2.4.44/libraries/libldap_r/.libs
/tmp/nix-build-openldap-2.4.44.drv-0/openldap-2.4.44/libraries/liblber/.libs
/nix/store/vs3npwi7g9jj0yc1w2v1jn5gzjqfx93x-openssl-1.0.2h/lib
/nix/store/1d5cp4rbicw2j1kh6ycblcz8sswgsd32-cyrus-sasl-2.1.26/lib
/nix/store/1ircr6963cs7kqb2j1d1k349p445q48l-db-5.3.28/lib
/nix/store/68gvzfvm4886b4ni6wfl1j5n9di69zid-glibc-2.23/lib

... since presumably the /tmp/nix-build-openldap* contain the same libraries as /nix/store/bfkmdxmv3a3f0g3d2q8jkdz2wam93c5z-openldap-2.4.44/lib and is just (semi-)arbitrarily picked first.

Maybe it would be worth to have e.g. a flag --rpath-filter /nix/store to only allow RPATHs to the given path prefix during --shrink-rpath.