Open ghostbuster91 opened 9 months ago
Also python3.10-cryptography-40.0.1
:
Known issues:
- CVE-2023-2650
- CVE-2023-2975
- CVE-2023-3446
- CVE-2023-3817
- CVE-2023-38325
You can install it anyway by allowing this package, using the
following methods:
a) To temporarily allow all insecure packages, you can use an environment
variable for a single invocation of the nix tools:
$ export NIXPKGS_ALLOW_INSECURE=1
Note: For `nix shell`, `nix build`, `nix develop` or any other Nix 2.4+
(Flake) command, `--impure` must be passed in order to read this
environment variable.
b) for `nixos-rebuild` you can add ‘python3.10-cryptography-40.0.1’ to
`nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
like so:
{
nixpkgs.config.permittedInsecurePackages = [
"python3.10-cryptography-40.0.1"
];
}
c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
‘python3.10-cryptography-40.0.1’ to `permittedInsecurePackages` in
~/.config/nixpkgs/config.nix, like so:
{
permittedInsecurePackages = [
"python3.10-cryptography-40.0.1"
];
}
I'm pretty sure the requests issue is actually an issue in poetry2nix since poetry.lock
already uses 2.31.0 which fixes the CVE.
See https://github.com/nix-community/poetry2nix/issues/1331.
Spent a lot of my weekend on getting openconnect-sso to work with a recent NixOS and happy to say I got it done!
See #152, hopefully that can help any of you :)
Nix refuses to build openconnect-sso with provided flake due to outdated and vulnerable dependency.