I am trying to activate/install Darktable and got an error:
error:
… while calling the 'derivationStrict' builtin
at <nix/derivation-internal.nix>:37:12:
36|
37| strict = derivationStrict drvAttrs;
| ^
38|
… while evaluating derivation 'shell'
whose name attribute is located at /nix/store/c39q7pww80997lz0fyqxpvsr29q6f7ld-source/pkgs/stdenv/generic/make-derivation.nix:480:13
… while evaluating attribute 'buildInputs' of derivation 'shell'
at /nix/store/c39q7pww80997lz0fyqxpvsr29q6f7ld-source/pkgs/stdenv/generic/make-derivation.nix:534:13:
533| depsHostHost = elemAt (elemAt dependencies 1) 0;
534| buildInputs = elemAt (elemAt dependencies 1) 1;
| ^
535| depsTargetTarget = elemAt (elemAt dependencies 2) 0;
(stack trace truncated; use '--show-trace' to show the full, detailed trace)
error: Package ‘libsoup-2.74.3’ in /nix/store/c39q7pww80997lz0fyqxpvsr29q6f7ld-source/pkgs/development/libraries/libsoup/default.nix:134 is marked as insecure, refusing to evaluate.
Known issues:
- libsoup 2 is EOL, with many known unfixed CVEs.
The last release happened 2023-10-11,
with few security backports since and no stable release.
Vulnerabilities likely include (incomplete list):
- CVE-2025-4948: https://gitlab.gnome.org/GNOME/libsoup/-/issues/449
- CVE-2025-46421: https://gitlab.gnome.org/GNOME/libsoup/-/issues/439
- CVE-2025-32914: https://gitlab.gnome.org/GNOME/libsoup/-/issues/436
- CVE-2025-32913: https://gitlab.gnome.org/GNOME/libsoup/-/issues/435
- CVE-2025-32912: https://gitlab.gnome.org/GNOME/libsoup/-/issues/434
- CVE-2025-32911: https://gitlab.gnome.org/GNOME/libsoup/-/issues/433
- CVE-2025-32910: https://gitlab.gnome.org/GNOME/libsoup/-/issues/432
- CVE-2025-32909: https://gitlab.gnome.org/GNOME/libsoup/-/issues/431
- CVE-2025-32907: https://gitlab.gnome.org/GNOME/libsoup/-/issues/428
- CVE-2025-32053: https://gitlab.gnome.org/GNOME/libsoup/-/issues/426
- CVE-2025-32052: https://gitlab.gnome.org/GNOME/libsoup/-/issues/425
- CVE-2025-32050: https://gitlab.gnome.org/GNOME/libsoup/-/issues/424
- CVE-2024-52531: https://gitlab.gnome.org/GNOME/libsoup/-/issues/423
- CVE-2025-2784: https://gitlab.gnome.org/GNOME/libsoup/-/issues/422
These vulnerabilities were fixed in libsoup 3,
with the vulnerable code present in libsoup 2 versions.
You can install it anyway by allowing this package, using the
following methods:
a) To temporarily allow all insecure packages, you can use an environment
variable for a single invocation of the nix tools:
$ export NIXPKGS_ALLOW_INSECURE=1
Note: When using `nix shell`, `nix build`, `nix develop`, etc with a flake,
then pass `--impure` in order to allow use of environment variables.
b) for `nixos-rebuild` you can add ‘libsoup-2.74.3’ to
`nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
like so:
{
nixpkgs.config.permittedInsecurePackages = [
"libsoup-2.74.3"
];
}
c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
‘libsoup-2.74.3’ to `permittedInsecurePackages` in
~/.config/nixpkgs/config.nix, like so:
{
permittedInsecurePackages = [
"libsoup-2.74.3"
];
}