`allowUnfreePredicate` is not respected with the `burpsuite` package

nikitawootten commented 1 year ago

Describe the bug

When attempting to add burpsuite to my home-manager configuration I noticed that the unfree license check was tripping even when burpsuite was explicitly added to nixpkgs.config.allowUnfreePredicate. This issue happens both in nixos and home-manager flake modules.

The unfree license check will not run even if the nixpkgs.config.allowUnfreePredicate = (pkg: true); workaround is used.

Steps To Reproduce

Steps to reproduce the behavior:

Add burpsuite to a nixos or home-manager

...
environment.systemPackages = with pkgs; [ burpsuite ];
...

Observe the expected output:

       error: Package ‘burpsuite-2023.5.3’ in /nix/store/3mxad6ak2lm8iajjjlk58pfq2fzzzzag-source/pkgs/tools/networking/burpsuite/default.nix:64 has an unfree license (‘unfree’), refusing to evaluate.

       a) To temporarily allow unfree packages, you can use an environment variable
          for a single invocation of the nix tools.

            $ export NIXPKGS_ALLOW_UNFREE=1

        Note: For `nix shell`, `nix build`, `nix develop` or any other Nix 2.4+
        (Flake) command, `--impure` must be passed in order to read this
        environment variable.

       b) For `nixos-rebuild` you can set
         { nixpkgs.config.allowUnfree = true; }
       in configuration.nix to override this.

       Alternatively you can configure a predicate to allow specific packages:
         { nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
             "burpsuite"
           ];
         }

       c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
         { allowUnfree = true; }
       to ~/.config/nixpkgs/config.nix.

Amend the module with the suggested allowUnfreePredicate setting:

...
environment.systemPackages = with pkgs; [ burpsuite ];
# Also add the package name for good measure:
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"burpsuite"
"burpsuite-2023.5.3"
];
# This has also been tried:
#  nixpkgs.config.allowUnfreePredicate = (pkg: true);
...

Observe the same error as above.

Expected behavior

When burpsuite is added to the allowUnfreePredicate using the method suggested by the license check, the module should evaluate without errors.

Screenshots

N/A

Additional context

Setting the allowUnfreePredicate to always return true (nixpkgs.config.allowUnfreePredicate = (pkg: true);) does not fix the issue
Skipping the license check entirely with nixpkgs.config.allowUnfree = true; does fix the issue
I am using the nixpkgs unstable branch ("github:NixOS/nixpkgs/nixos-unstable") which is currently pointing at 3ad64d9e2d5bf80c877286102355b1625891ae9a

Notify maintainers

@stepech @bennofs

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

[user@system:~]$ nix-shell -p nix-info --run "nix-info -m"
 - system: `"x86_64-linux"`
 - host os: `Linux 6.1.32, NixOS, 23.11 (Tapir), 23.11.20230615.7c67f00`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.15.1`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`

Majiir commented 1 year ago

Have you set allowUnfreePredicate in another module? Multiple predicates do not merge as you might expect. See https://github.com/NixOS/nixpkgs/issues/197325.

nikitawootten commented 1 year ago

Have you set allowUnfreePredicate in another module? Multiple predicates do not merge as you might expect. See #197325.

Even with the solution described in that issue (creating a module that manages the allowUnfreePredicate) I still receive the unfree error output.

eclairevoyant commented 3 months ago

lib.getName pkgs.burpsuite results in "burpsuite", so that's the string to use in the predicate.

If it's still not working, then you either have multiple predicates, or the nixpkgs instance is configured in such a way to ignore the config you provided.

matt-bartels commented 3 weeks ago

I ran into this issue today when I switched my home desktop from nixos-24.05 to nixos-unstable. I needed to add "aspell-dict-en-science" to the allowUnfreePredicate, so I did so in my configuration.nix. This caused my steampowered.nix's allowUnfreePredicate to break. They don't merge properly, but I know that module options do...

unfree.nix = '' / unfree.nix nixpkgs.config.allowUnfreePredicate breaks if you attempt to use it in multiple configs Guess I'll make a module that merges them? / {config, lib, pkgs, utils, ... }: { config.nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.unfree.allow; options.unfree = with lib; { allow = mkOption { type = types.listOf types.str; default = [ ]; example = [ "aspell-dict-en-science" "steam" ]; description = mdDoc '' Declaring "nixpkgs.config.allowUnfreePredicate" in multiple files is broken. Use "unfree.allow" instead, and this module collects them so they'll work. ''; }; }; } ''

So now in my configuration.nix I have ./unfree.nix in imports, and 'unfree.allow=["aspell-dict-en-science"];'. I can also have unfree.allow assignments in other modules I've included from configuration.nix, and they merge as expected.

NixOS / nixpkgs