Error evaluating Electron package version 25.9.0: Marked as insecure due to EOL status

This error occurs while attempting to evaluate the Electron package version 25.9.0, indicating that it’s marked as insecure due to being End-of-Life (EOL). I get this error when I try to download youtube music or obsidian;

   … while calling the 'head' builtin

         at /nix/store/7m4g91qi56yyfmdx71gzna9rij42yb80-nixos-23.11/nixos/lib/attrsets.nix:922:11:

          921|         || pred here (elemAt values 1) (head values) then
          922|           head values
             |           ^
          923|         else

       … while evaluating the attribute 'value'

         at /nix/store/7m4g91qi56yyfmdx71gzna9rij42yb80-nixos-23.11/nixos/lib/modules.nix:807:9:

          806|     in warnDeprecation opt //
          807|       { value = builtins.addErrorContext "while evaluating the option `${showOption loc}':" value;
             |         ^
          808|         inherit (res.defsFinal') highestPrio;

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: Package ‘electron-25.9.0’ in /nix/store/7m4g91qi56yyfmdx71gzna9rij42yb80-nixos-23.11/nixos/pkgs/development/tools/electron/binary/generic.nix:35 is marked as insecure, refusing to evaluate.


       Known issues:
        - Electron version 25.9.0 is EOL

       You can install it anyway by allowing this package, using the
       following methods:

       a) To temporarily allow all insecure packages, you can use an environment
          variable for a single invocation of the nix tools:

            $ export NIXPKGS_ALLOW_INSECURE=1

          Note: When using `nix shell`, `nix build`, `nix develop`, etc with a flake,
                then pass `--impure` in order to allow use of environment variables.

       b) for `nixos-rebuild` you can add ‘electron-25.9.0’ to
          `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
          like so:

            {
              nixpkgs.config.permittedInsecurePackages = [
                "electron-25.9.0"
              ];
            }

       c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
          ‘electron-25.9.0’ to `permittedInsecurePackages` in
          ~/.config/nixpkgs/config.nix, like so:

            {
              permittedInsecurePackages = [
                "electron-25.9.0"
              ];
            }

My nix config file:

{ config, pkgs, ... }:

{
  imports =
    [
      ./hardware-configuration.nix
    ];
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  networking.hostName = "nixos"; # Define your hostname.
  networking.networkmanager.enable = true;
  time.timeZone = "Europe/Istanbul";
  i18n.defaultLocale = "en_US.UTF-8";
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "tr_TR.UTF-8";
    LC_IDENTIFICATION = "tr_TR.UTF-8";
    LC_MEASUREMENT = "tr_TR.UTF-8";
    LC_MONETARY = "tr_TR.UTF-8";
    LC_NAME = "tr_TR.UTF-8";
    LC_NUMERIC = "tr_TR.UTF-8";
    LC_PAPER = "tr_TR.UTF-8";
    LC_TELEPHONE = "tr_TR.UTF-8";
    LC_TIME = "tr_TR.UTF-8";
  };

  services.xserver.enable = true;
  services.xserver.displayManager.sddm.enable = true;
  services.xserver.desktopManager.plasma5.enable = true;

  services.xserver = {
    layout = "us";
    xkbVariant = "";
  };
  services.printing.enable = true;
  sound.enable = true;
  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };
  users.users.ramzo = {
    isNormalUser = true;
    description = "ramazan";
    extraGroups = [ "networkmanager" "wheel" "docker"];
    packages = with pkgs; [
      kate
    ];
  };
  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;
  nixpkgs.config.allowUnfreePredicate = _: true;
    #  For Docker
  virtualisation.docker.enable = true;
  virtualisation.docker.storageDriver = "btrfs";
  virtualisation.docker.rootless = {
    enable = true;
    setSocketVariable = true;
  };
  
  environment.systemPackages = with pkgs; [
  deno
  helix
  gcc
  gnumake
  firefox
  wget
  watchman
  git
  brave
  xournalpp
  rustup
  rustc
  bitwarden
  nodejs_21
  figma-linux
  nodePackages."pnpm"
  nodePackages."yarn"
  nodePackages."nodemon"
  htop
  anytype
  cassandra
  ruby_3_2
  android-tools
  go
  curl
  libyaml
  vips
  openssl_3
  gnutls
  glib-networking
  glib
  scrcpy
  libxml2
  ruby.gems.nokogiri
  ruby.gems.pry 
  mongodb-compass  
  docker-client 
  mongodb-compass
  amdvlk  
  sqlite
  rubyPackages_3_3.sqlite3
  rubyPackages_3_3.railties
  obs-studio
  docker-compose_1
  electron
  vscode
  openal
  rocmPackages.migraphx  
  # lang servers start
  terraform-ls
  nodePackages_latest.bash-language-server
  yaml-language-server
  ansible-language-server
  nodePackages.typescript
  nodePackages.typescript-language-server
  nodePackages.vscode-langservers-extracted
  gopls
  nodePackages_latest.vls
 # end
  rbenv
  supabase-cli
  github-desktop
  natron
  anki 
  youtube-music
];
}

Both youtube-music and obsidian have been updated to use a current Electron in nixos-unstable; you can either take those packages from that channel, or permit electron-25.9.0 as described in the error message for now (in the 24.05 release it will no longer be necessary).

1 Like

thanks bro, how can I do this?

For option 1, see this FAQ entry. For option 2, see the error message, specifically the snippet labeled b) for packages you’re adding to your configuration.nix.

1 Like

This is unfortunately not the first time that Obsidian suddenly failed on the stable channel. Feels like this is something that shouldn’t happen on a semi-regular basis.

1 Like