search

NixOS / nixops

NixOps is a tool for deploying to NixOS machines in a network or cloud.
https://nixos.org/nixops
GNU Lesser General Public License v3.0
1.86k stars 365 forks source link

README instructions not working #1556

Open danjujan opened 1 year ago

danjujan commented 1 year ago

When I try to use nixopsUnstable I get the following error. The cryptography dependency seems outdated and should be updated.

sudo nix-shell -p nixopsUnstable
error:
       … while calling the 'derivationStrict' builtin

         at //builtin/derivation.nix:9:12: (source not available)

       … while evaluating derivation 'shell'
         whose name attribute is located at /nix/store/virimzadkb3s059g232x23gdc2n1074k-nixpkgs/nixpkgs/pkgs/stdenv/generic/make-derivation.nix:302:7

       … while evaluating attribute 'buildInputs' of derivation 'shell'

         at /nix/store/virimzadkb3s059g232x23gdc2n1074k-nixpkgs/nixpkgs/pkgs/stdenv/generic/make-derivation.nix:349:7:

          348|       depsHostHost                = lib.elemAt (lib.elemAt dependencies 1) 0;
          349|       buildInputs                 = lib.elemAt (lib.elemAt dependencies 1) 1;
             |       ^
          350|       depsTargetTarget            = lib.elemAt (lib.elemAt dependencies 2) 0;

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: Package ‘python3.10-cryptography-3.4.8’ in /nix/store/virimzadkb3s059g232x23gdc2n1074k-nixpkgs/nixpkgs/pkgs/applications/networking/cluster/nixops/poetry.lock:0 is marked as insecure, refusing to evaluate.

       Known issues:
        - CVE-2022-4304
        - CVE-2023-0215
        - CVE-2023-0216
        - CVE-2023-0217
        - CVE-2023-0401
        - CVE-2022-4203
        - CVE-2022-4450
        - CVE-2023-23931

       You can install it anyway by allowing this package, using the
       following methods:

       a) To temporarily allow all insecure packages, you can use an environment
          variable for a single invocation of the nix tools:

            $ export NIXPKGS_ALLOW_INSECURE=1

        Note: For `nix shell`, `nix build`, `nix develop` or any other Nix 2.4+
        (Flake) command, `--impure` must be passed in order to read this
        environment variable.

       b) for `nixos-rebuild` you can add ‘python3.10-cryptography-3.4.8’ to
          `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
          like so:

            {
              nixpkgs.config.permittedInsecurePackages = [
                "python3.10-cryptography-3.4.8"
              ];
            }

       c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
          ‘python3.10-cryptography-3.4.8’ to `permittedInsecurePackages` in
          ~/.config/nixpkgs/config.nix, like so:

            {
              permittedInsecurePackages = [
                "python3.10-cryptography-3.4.8"
              ];
            }
jzbor commented 1 year ago

I do still run into the same issue