Hi! With the recent update to NixOS 22.05 a packaged Java application of mine broke.
This is using nixpkgs rev: 08950a6e29cf7bddee466592eb790a417550f7f9
This is the package in question:
{ lib, stdenv, fetchurl, unzip, makeDesktopItem, makeWrapper, jre }:
stdenv.mkDerivation rec {
pname = "conan";
version = "1.0";
src = fetchurl {
url = "https://github.com/nonilole/Conan/files/1042290/Conan.zip";
sha256 = "c2151bdd0643b04ec3065986a424135ab93d552fc2d2f23883712fe036436dbd";
};
# Workaround for "unpacker appears to have produced no directories"
setSourceRoot = "sourceRoot=$PWD";
nativeBuildInputs = [ unzip makeWrapper ];
installPhase = ''
mkdir -pv $out/{bin,lib,share/applications}
install -m644 Conan.jar $out/lib
makeWrapper ${jre}/bin/java $out/bin/${pname} \
--add-flags "-jar $out/lib/Conan.jar"
cp -av $desktopItem/share/applications/* $out/share/applications/
'';
desktopItem = makeDesktopItem {
name = pname;
exec = pname;
icon = fetchurl {
url = "https://raw.githubusercontent.com/nonilole/Conan/master/src/icon.png";
sha256 = "c340cd0554f917a1d1c16d1cdfe151bad4d294b31601f2a6a91d44ba4aa8000e";
};
desktopName = "Conan";
genericName = "Proof Editor";
comment = meta.description;
categories = [ "Education" ];
};
meta = with lib; {
description = "A proof editor for first order logic";
homepage = "https://github.com/nonilole/Conan";
license = licenses.mit;
platforms = platforms.all;
};
}
imported with conan = pkgs.callPackage ./packages/conan.nix { jre = pkgs.openjdk17; };.
(For extended context this is my entire flake repository, without the fix for makeDesktopItem in the package above: GitHub - axelf4/nixos-config at aec5d95261aa9a7031ac985bb6b6c53f4a219d7f)
This is the error message I am getting with nix flake check --show-trace:
warning: Git tree '/home/axel/vc/nixos-config' is dirty
evaluating flake...
error: Package ‘openjdk-headless-16+36’ in /nix/store/apz5b280q5nrjm5lvbmcr3zkw6n59amf-source/pkgs/development/compilers/openjdk/meta.nix:4 is marked as insecure, refusing to evaluate.
Known issues:
- This OpenJDK version has reached its end of life.
You can install it anyway by allowing this package, using the
following methods:
a) To temporarily allow all insecure packages, you can use an environment
variable for a single invocation of the nix tools:
$ export NIXPKGS_ALLOW_INSECURE=1
Note: For `nix shell`, `nix build`, `nix develop` or any other Nix 2.4+
(Flake) command, `--impure` must be passed in order to read this
environment variable.
b) for `nixos-rebuild` you can add ‘openjdk-headless-16+36’ to
`nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
like so:
{
nixpkgs.config.permittedInsecurePackages = [
"openjdk-headless-16+36"
];
}
c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
‘openjdk-headless-16+36’ to `permittedInsecurePackages` in
~/.config/nixpkgs/config.nix, like so:
{
permittedInsecurePackages = [
"openjdk-headless-16+36"
];
}
… while evaluating 'handleEvalIssue'
at /nix/store/apz5b280q5nrjm5lvbmcr3zkw6n59amf-source/pkgs/stdenv/generic/check-meta.nix:196:38:
195|
196| handleEvalIssue = { meta, attrs }: { reason , errormsg ? "" }:
| ^
197| let
… from call site
at /nix/store/apz5b280q5nrjm5lvbmcr3zkw6n59amf-source/pkgs/stdenv/generic/check-meta.nix:323:16:
322| {
323| no = handleEvalIssue { inherit meta attrs; } { inherit (validity) reason errormsg; };
| ^
324| warn = handleEvalWarning { inherit meta attrs; } { inherit (validity) reason errormsg; };
… while evaluating the attribute 'no'
at /nix/store/apz5b280q5nrjm5lvbmcr3zkw6n59amf-source/pkgs/stdenv/generic/check-meta.nix:323:11:
322| {
323| no = handleEvalIssue { inherit meta attrs; } { inherit (validity) reason errormsg; };
| ^
324| warn = handleEvalWarning { inherit meta attrs; } { inherit (validity) reason errormsg; };
… while evaluating the attribute 'handled'
at /nix/store/apz5b280q5nrjm5lvbmcr3zkw6n59amf-source/pkgs/stdenv/generic/check-meta.nix:321:7:
320| # or, alternatively, just output a warning message.
321| handled =
| ^
322| {
… while evaluating the attribute 'buildInputs' of the derivation 'openjdk-17.0.3+7'
at /nix/store/apz5b280q5nrjm5lvbmcr3zkw6n59amf-source/pkgs/stdenv/generic/make-derivation.nix:278:7:
277| // (lib.optionalAttrs (attrs ? name || (attrs ? pname && attrs ? version)) {
278| name =
| ^
279| let
… while evaluating the attribute 'installPhase' of the derivation 'conan-1.0'
at /nix/store/apz5b280q5nrjm5lvbmcr3zkw6n59amf-source/pkgs/stdenv/generic/make-derivation.nix:278:7:
277| // (lib.optionalAttrs (attrs ? name || (attrs ? pname && attrs ? version)) {
278| name =
| ^
279| let
… while checking the derivation 'packages.i686-linux.conan'
at /nix/store/majradkr84j5abddy6ya7sm2wf2ffid2-source/flake.nix:43:7:
42| gfm-preview = pkgs.callPackage ./packages/gfm-preview {};
43| conan = pkgs.callPackage ./packages/conan.nix { jre = pkgs.openjdk17; };
| ^
44| };
… while checking flake output 'packages'
at /nix/store/56phnjmz0f3wgaw1fx2z9r5dfyxsdr04-source/default.nix:137:17:
136| {
137| ${key} = (attrs.${key} or { })
| ^
138| // (appendSystem key system ret);
Since I explicitly tell it to use OpenJDK 17 and the package makes no reference to OpenJDK 16, I am surprised that the error stems from OpenJDK 16 being end of life.
Does anyone know what is going on here?
Edit: I could not even build the package when allowing insecurities with NIXPKGS_ALLOW_INSECURE=1 nix build .#packages.i686-linux.conan --impure due to the Gradle version used for nixpkgs#jre being incompatible with i686-linux. At this point since I do not even have a physical 32-bit x86 system I chose to just restrict the flake outputs to only include amd64 and aarch64 Linux systems. But still, the command
nix build nixpkgs#legacyPackages.i686-linux.jre
fails for me, and I would be very interested to know how Hydra was able to successfully build it.