Can't update system flake because "electron-27.3.11" is EOL - can't figure out which package uses it

Hi there! I’m using a flake to configure my system. I have nixpkgs as a dependency twice like in this excerpt from my flake.nix:

  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
  inputs.nixpkgs-latest.url = "github:NixOS/nixpkgs";

Once for having a stable version that I’ll upgrade infrequently (nixpkgs) and one for the latest packages (nixpkgs-latest).

Now, I wanted to upgrade my latest packages and after a nix flake lock --update-input nixpkgs-latest I get this error:

sh4pe@sh4peux ~/D/d/n/sh4peux (main)> sudo nixos-rebuild switch
[sudo] password for sh4pe:
warning: Git tree '/home/sh4pe/Documents/devel/nix/sh4peux' is dirty
building the system configuration...
warning: Git tree '/home/sh4pe/Documents/devel/nix/sh4peux' is dirty
# ...
error:
       … while calling the 'head' builtin

         at /nix/store/k251vbbhlk91xwjkxnma7g545i5avhah-source/lib/attrsets.nix:1575:11:

         1574|         || pred here (elemAt values 1) (head values) then
         1575|           head values
             |           ^
         1576|         else

       … while evaluating the attribute 'value'

         at /nix/store/k251vbbhlk91xwjkxnma7g545i5avhah-source/lib/modules.nix:809:9:

          808|     in warnDeprecation opt //
          809|       { value = builtins.addErrorContext "while evaluating the option `${showOption loc}':" value;
             |         ^
          810|         inherit (res.defsFinal') highestPrio;

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: Package ‘electron-27.3.11’ in /nix/store/nqlpj6jmmm96qx0zk9krw191d8wrmp21-source/pkgs/development/tools/electron/binary/generic.nix:36 is marked as insecure, refusing to evaluate.


       Known issues:
        - Electron version 27.3.11 is EOL

       You can install it anyway by allowing this package, using the
       following methods:

       a) To temporarily allow all insecure packages, you can use an environment
          variable for a single invocation of the nix tools:

            $ export NIXPKGS_ALLOW_INSECURE=1

          Note: When using `nix shell`, `nix build`, `nix develop`, etc with a flake,
                then pass `--impure` in order to allow use of environment variables.

       b) for `nixos-rebuild` you can add ‘electron-27.3.11’ to
          `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
          like so:

            {
              nixpkgs.config.permittedInsecurePackages = [
                "electron-27.3.11"
              ];
            }

       c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
          ‘electron-27.3.11’ to `permittedInsecurePackages` in
          ~/.config/nixpkgs/config.nix, like so:

            {
              permittedInsecurePackages = [
                "electron-27.3.11"
              ];
            }

So I probably need to update the package that has the shown Electron version as dependency as well - that would be my strategy of
resolving this issue at least.

But I cannot figure out a way to see whose transitive dependency this electron version is. And I’m a bit stranded here. Can you please point me to the right commands that could help me resolve this issue?

Hi Sh4pe, welcome!

I think this is the same as what was discussed here: How to find which package dependency it is?

In that case it was Logseq, but it could be a different package for you.

Mixing stable & unstable is a common topic discussed. Recently here: Mixing stable and unstable packages on flake-based NixOS system. You might need to use stable for the package that has the electron dependency.

Awesome, thanks! nix-store --query --references helped me find the problem. It was logseq too :smiley:

You want to use "github:NixOS/nixpkgs/nixos-unstable" here, not master directly, so that hydra builds and tests stuff for you.

Thank you for the hint!