search

erlyaws / yaws

Yaws webserver
https://erlyaws.github.io
BSD 3-Clause "New" or "Revised" License
1.28k stars 267 forks source link

yaws in NixOS 22.05 for aarch64 gives error during system build #461

Closed mlliarm closed 1 year ago

mlliarm commented 1 year ago

Hello,

When I include yaws in my configuration.nix packages system build fails with the following error:

$ sudo nixos-rebuild test --show-trace
building Nix...
building the system configuration...
error: Package ‘erlang-21.3.8.24’ in /nix/store/ljgz2ax6d4qys85ha6fwlpyv0mfhn7dp-nixos-22.05/nixos/pkgs/development/interpreters/erlang/generic-builder.nix:171 is marked as insecure, refusing to evaluate.

       Known issues:
        - CVE-2022-37026

       You can install it anyway by allowing this package, using the
       following methods:

       a) To temporarily allow all insecure packages, you can use an environment
          variable for a single invocation of the nix tools:

            $ export NIXPKGS_ALLOW_INSECURE=1

        Note: For `nix shell`, `nix build`, `nix develop` or any other Nix 2.4+
        (Flake) command, `--impure` must be passed in order to read this
        environment variable.

       b) for `nixos-rebuild` you can add ‘erlang-21.3.8.24’ to
          `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
          like so:

            {
              nixpkgs.config.permittedInsecurePackages = [
                "erlang-21.3.8.24"
              ];
            }

       c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
          ‘erlang-21.3.8.24’ to `permittedInsecurePackages` in
          ~/.config/nixpkgs/config.nix, like so:

            {
              permittedInsecurePackages = [
                "erlang-21.3.8.24"
              ];
            }

Full error message log here.

Issue is resolved if one adds in the configuration.nix file:

nixpkgs.config.permittedInsecurePackages = [
                "erlang-21.3.8.24"
              ];

but I don't know how safe is using an unsafe erlang version. Another workaround is simply not to use yaws in the current version of my OS.

Thought you'd like to know this.

edit: it could be a NixOS thing, something with the nixpkg that corresponds to yaws. If yes, apologies for this, I'll let the NixOS maintainer of yaws know.

vinoski commented 1 year ago

Thanks, yes, this sounds like a NixOS problem. They should at the very least be using a newer Erlang/OTP, and a newer Yaws version as well.

Yaws doesn't support Erlang/OTP 21 anymore, as it's over 5 years old now and we support only the current Erlang/OTP major release, currently 25, plus the 3 prior major releases.

mlliarm commented 1 year ago

Thanks @vinoski. Closing this issue as it's being handled already from the NixOS team.