search

NixOS / nix

Nix, the purely functional package manager
https://nixos.org/
GNU Lesser General Public License v2.1
12.07k stars 1.47k forks source link

nixConfig.permittedInsecurePackages should be allowed in flake.nix #7449

Open kjeremy opened 1 year ago

kjeremy commented 1 year ago

Describe the bug

Allow the setting of nixConfig.permittedInsecurePackages in flake.nix similar to how nixConfig.extra-substituters can be set.

Steps To Reproduce

Create a flake that depends on qtwebkit and observe that you get a message similar to the following:

error: Package ‘qtwebkit-5.212.0-alpha4’ in /nix/store/q51smsq548y5y5qrncdqvihhscxfpp47-source/pkgs/development/libraries/qt-5/qtModule.nix:72 is marked as insecure, refusing to evaluate.

   Known issues:
    - QtWebkit upstream is unmaintained and receives no security updates, see https://blogs.gnome.org/mcatanzaro/2022/11/04/stop-using-qtwebkit/

   You can install it anyway by allowing this package, using the
   following methods:

   a) To temporarily allow all insecure packages, you can use an environment
      variable for a single invocation of the nix tools:

        $ export NIXPKGS_ALLOW_INSECURE=1

    Note: For `nix shell`, `nix build`, `nix develop` or any other Nix 2.4+
    (Flake) command, `--impure` must be passed in order to read this
    environment variable.

   b) for `nixos-rebuild` you can add ‘qtwebkit-5.212.0-alpha4’ to
      `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
      like so:

        {
          nixpkgs.config.permittedInsecurePackages = [
            "qtwebkit-5.212.0-alpha4"
          ];
        }

   c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
      ‘qtwebkit-5.212.0-alpha4’ to `permittedInsecurePackages` in
      ~/.config/nixpkgs/config.nix, like so:

        {
          permittedInsecurePackages = [
            "qtwebkit-5.212.0-alpha4"
          ];
        }

Add

nixConfig.permittedInsecurePackages = [ "qtwekbit-5.212.0-alpha4" ];

and rerun nix flake check. Notice it prompts to confirm the value and then you get the same message.

Expected behavior

Since flakes are supposed to provide the complete description of software + dependencies permittedInsecurePackages should be allowed.

nix-env --version output nix-env (Nix) 2.12.0

Additional context

Add any other context about the problem here.

Priorities

Add :+1: to issues you find important.

LunNova commented 1 year ago

This is a nixpkgs config not a nix config so it probably should not go there.