search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
17.31k stars 13.54k forks source link

kodiPackages.sendtokodi: requires insecure youtube-dl, breaks stable #326548

Closed Mynacol closed 1 month ago

Mynacol commented 1 month ago

Describe the bug

When trying to update nixos-24.05 from revision 194846768975b7ad2c4988bdb82572c00222c0d7 to 249fbde2a178a2ea2638b65b9ecebd531b338cf9, the check and build fail because youtube-dl is newly marked insecure (unstable PR: https://github.com/NixOS/nixpkgs/pull/325371, backport PR: https://github.com/NixOS/nixpkgs/pull/325506). This breaks users of the kodiPackages.sendtokodi package.

I don't need the youtube-dl functionality and I don't wanna allow this insecure package on my system. Therefore, I'd appreciate an easier method to not depend on youtube-dl. This requires being able to build sendtokodi without youtube-dl altogether (and ensure sendtokodi does not use it). Either by default or as build option. Upstream seems to be mostly inactive, they won't help us here.

Steps To Reproduce

Steps to reproduce the behavior:

  1. Disallow insecure packages (default behavior)
  2. Try to include sendtokodi on recent NixOS 24.05 (249fbde2a178a2ea2638b65b9ecebd531b338cf9 or later) or unstable
  3. Bingo.

Expected behavior

Stable NixOS doesn't break on channel updates. Sendtokodi can be used without allowing any insecure packages.

Notify maintainers

@pks-t @NixOS/kodi

Metadata

(the relevant nixpkgs commits/PRs are already referenced, I cannot build the config on the broken revision)

Add a :+1: reaction to issues you find important.

aanderse commented 1 month ago

sure

youtube-dl code was never even used or executed in the entire life of this package in nixpkgs anyways, so all one has to do is remove youtube-dl from this line and everything will be fine

@Mynacol please go ahead and create a PR and it will be much appreciated :bow:

pks-t commented 1 month ago

youtube-dl code was never even used or executed in the entire life of this package in nixpkgs anyways, so all one has to do is remove youtube-dl from this line and everything will be fine

@aanderse This isn't entirely true, as users can toggle between the two of them via a configuration. But regardless of that I agree that patching out the dependency is the right thing to do, even if it means that we will dishonor that configuration now.

I've created https://github.com/NixOS/nixpkgs/pull/327480 to do so.

aanderse commented 1 month ago

right, i sorta glossed over that part

we should see if upstream wants to drop youtube-dl backend or not i suppose