I just updated my nixpkgs input and now thenodejs-20.20.2 package (prolly used by another package and idk why) is flagged as insecure, no big deal i just gotta add it to nixpkgs.config.permittedInsecurePackages, which I do:
nixpkgs.config.permittedInsecurePackages = [
"nodejs-20.20.2"
"electron-38.8.4"
];
Execpt that it STILL doesn’t rebuild and tells me the same error message as when I didn’t have added it to the permitted insecure packages
error: Refusing to evaluate package 'nodejs-20.20.2' in /nix/store/1hb1glkkpl6vjjpfrwzmvjyvhcyqfxfk-source/pkgs/development/web/nodejs/nodejs.nix:689 because it is marked as insecure
Known issues:
- This NodeJS release has reached its end of life. See https://nodejs.org/en/about/releases/.
You can install it anyway by allowing this package, using the
following methods:
a) To temporarily allow all insecure packages, you can use an environment
variable for a single invocation of the nix tools:
$ export NIXPKGS_ALLOW_INSECURE=1
Note: When using `nix shell`, `nix build`, `nix develop`, etc with a flake,
then pass `--impure` in order to allow use of environment variables.
b) for `nixos-rebuild` you can add ‘nodejs-20.20.2’ to
`nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
like so:
{
nixpkgs.config.permittedInsecurePackages = [
"nodejs-20.20.2"
];
}
c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
‘nodejs-20.20.2’ to `permittedInsecurePackages` in
~/.config/nixpkgs/config.nix, like so:
{
permittedInsecurePackages = [
"nodejs-20.20.2"
];
}
not sure what to do when the option to allow insecure packages does not allow insecure packages, weirdly enough tho it works just fine with
Several things come to mind. First, I think that you followed the instructions correctly; it doesn’t look like you did anything wrong, and I’m guessing that this previously worked for Electron. Second, I would consider hunting down the insecure packages and fixing them; my main tool for this would be nix-tree. Try
nix run nixpkgs#nix-tree, using the ‘/’ key to find “nodejs” packages. Third, if you have one insecure network-facing package than you might as well consider marking the entire system as temporarily insecure and exportingNIXPKGS_ALLOW_INSECUREto the environment; this is overkill but it will tell you whether there are other extistential issues with your configuration.Yea I’m pretty sure I’ve also did this correctly since it in fact worked just fine with this electron package I’ve had in here for a little while now. Looking in nix-tree and searching for
nodejsbut the only nodejs versions I’m finding are24.14.1and no sign of the insecure version. Tried exporting the env and rebuilding my config but it didn’t work either