When I run nix develop
, I get the following error:
nix develop
warning: Git tree '/home/pamplemousse/Workspace/machines' is dirty
error: Package ‘python3.10-poetry-1.2.2’ in /nix/store/3xv8f25jlgypwzyjqw2h2iixnlb8981j-source/pkgs/development/tools/poetry2nix/poetry2nix/pkgs/poetry/default.nix:50 is marked as insecure, refusing to evaluate.
Known issues:
- CVE-2022-42966
You can install it anyway by allowing this package, using the
following methods:
a) To temporarily allow all insecure packages, you can use an environment
variable for a single invocation of the nix tools:
$ export NIXPKGS_ALLOW_INSECURE=1
Note: For `nix shell`, `nix build`, `nix develop` or any other Nix 2.4+
(Flake) command, `--impure` must be passed in order to read this
environment variable.
b) for `nixos-rebuild` you can add ‘python3.10-poetry-1.2.2’ to
`nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
like so:
{
nixpkgs.config.permittedInsecurePackages = [
"python3.10-poetry-1.2.2"
];
}
c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
‘python3.10-poetry-1.2.2’ to `permittedInsecurePackages` in
~/.config/nixpkgs/config.nix, like so:
{
permittedInsecurePackages = [
"python3.10-poetry-1.2.2"
];
}
(use '--show-trace' to show detailed location information)
I am assuming that one of the devShell
's buildInputs
is dependent on python3.10-poetry-1.2.2
.
Solution a) works, but is rather inelegant: the caller has to run NIXPKGS_ALLOW_INSECURE=1 nix develop --impure
.
Not sure how solution b) could be applied in my flake.nix
.
Is there a way to write directly in the flake.nix
that I want to permit this insecure dependency for my devShell
?