search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
17.3k stars 13.54k forks source link

network_cmds: depends on insecure libressl-3.4.3 #223977

Closed brianmay closed 1 year ago

brianmay commented 1 year ago

Describe the bug

When I install openssl or openssl_openssl or openssl_unstable I get an error that looks like a dependency is out of date.

The following is from 22.11 but I get the same issue from unstable also.

Steps To Reproduce

Steps to reproduce the behavior:

  1. nix-shell -p openconnect

Expected behavior

It should install without errors.

Screenshots

nix-shell -p openconnect
error: Package ‘libressl-3.4.3’ in /nix/store/w7i4cmni72cmnqp35zs38q9i06nbg5q5-nixpkgs/nixpkgs/pkgs/development/libraries/libressl/default.nix:84 is marked as insecure, refusing to evaluate.

       Known issues:
        - Support ended 2022-10-14.

       You can install it anyway by allowing this package, using the
       following methods:

       a) To temporarily allow all insecure packages, you can use an environment
          variable for a single invocation of the nix tools:

            $ export NIXPKGS_ALLOW_INSECURE=1

        Note: For `nix shell`, `nix build`, `nix develop` or any other Nix 2.4+
        (Flake) command, `--impure` must be passed in order to read this
        environment variable.

       b) for `nixos-rebuild` you can add ‘libressl-3.4.3’ to
          `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
          like so:

            {
              nixpkgs.config.permittedInsecurePackages = [
                "libressl-3.4.3"
              ];
            }

       c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
          ‘libressl-3.4.3’ to `permittedInsecurePackages` in
          ~/.config/nixpkgs/config.nix, like so:

            {
              permittedInsecurePackages = [
                "libressl-3.4.3"
              ];
            }
(use '--show-trace' to show detailed location information)

Additional context

Add any other context about the problem here.

Notify maintainers

Sorry if I get this wrong :-)

@pradeepchhetri @alyaeanyx @tricktron

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.


$ nix-shell -p nix-info --run "nix-info -m"
 - system: `"x86_64-darwin"`
 - host os: `Darwin 22.3.0, macOS 10.16`
 - multi-user?: `yes`
 - sandbox: `no`
 - version: `nix-env (Nix) 2.13.2`
 - channels(root): `"nixpkgs"`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixpkgs````
alyaeanyx commented 1 year ago

I can't reproduce this on the latest unstable, could you try updating your channels (sudo nix-channel --update) and see if this issue persists?

brianmay commented 1 year ago

Upgraded (from about 5days). Same problem.

Hmm. I think this might be OSX specific :-(

alyaeanyx commented 1 year ago

Hm, in this case I can't help you unfortunately because I know close to nothing about Darwin, sorry :(

brianmay commented 1 year ago

I have been told that the problem is actually with network_cmds, see https://github.com/NixOS/nixpkgs/blob/master/pkgs/os-specific/darwin/apple-source-releases/network_cmds/default.nix#L6

I was also told that just replacing this with libressl doesn't work.

CC: @matthewbauer

brianmay commented 1 year ago

On #macos:nixos.org I think we concluded if we drop support for unbound (and Apple has dropped support in latest network_cmds anyway), then it should build with libressl.