Proper way to run git version of app outside of nix develop

deep4lpha · January 23, 2026, 2:45pm

Hi,

I rely on netexec in my work. 1.4.0 is broken for one of my usecases and I need 1.5.0, but nix maintainer did not yet provide it. My first approach was to create such override:

environment.systemPackages = [
  (pkgs.netexec.overrideAttrs (oldAttrs: {
    version = "1.5.0";
    src = pkgs.fetchFromGitHub {
      owner = "Pennyw0rth";
      repo = "NetExec";
      rev = "v1.5.0";
      hash = "sha256-...";
    };
  }))
];

Unfortunately this breaks due to the fact original nix package relies on nix supplied version of impacket which it patches and I don’t even want to think what other issues will I run into trying to unravel this. I was able to get around that by using this ugly flake:

{
  description = "NetExec development environment";

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    flake-utils.url = "github:numtide/flake-utils";
  };

  outputs =
    {
      self,
      nixpkgs,
      flake-utils,
    }:
    flake-utils.lib.eachDefaultSystem (
      system:
      let
        pkgs = nixpkgs.legacyPackages.${system};
      in
      {
        devShells.default = pkgs.mkShell {
          packages = with pkgs; [
            python314
            poetry
            pipx
            openssl
          ];

         
        };
      }
    );
}

And running pipx install . inside netexec repo from within nix develop shell. This is OK for desperate patching, when under pressure, but it’s extremely annoying due to the fact nix develop uses vanilla bash. Is there a dead easy way, like a wrapper pkgs.justMakeItWorkFromPipx I could use to make a quick and dirty package? Or at least make the stuff built inside nix develop available as system-wide binary so I can run it in my normal shell configuration as if it was a part of the system (this would be preferable to avoid untangling issues with poetry2reasonablepackagemanagementsystem issues)?

Just to clarify: don’t care even if every single dependency is duplicated or other things are unoptimal. Just want a procedure to follow next time in such situation - preferably if it was agnostic to python

Thanks in advance

NobbZ · January 23, 2026, 2:53pm

The package update to 1.5.0 was merged 2 days ago.

github.com/NixOS/nixpkgs

netexec: 1.4.0 -> 1.5.0

master ← Red-Flake:master

opened 06:37AM - 26 Dec 25 UTC

Mag1cByt3s

+14 -5

Update netexec to 1.5.0. Changelog: https://github.com/Pennyw0rth/NetExec/r…eleases/tag/v1.5.0 ## Things done - Built on platform: - [x] x86_64-linux - [ ] aarch64-linux - [ ] x86_64-darwin - [ ] aarch64-darwin - Tested, as applicable: - [ ] [NixOS tests] in [nixos/tests]. - [ ] [Package tests] at `passthru.tests`. - [ ] Tests in [lib/tests] or [pkgs/test] for functions and "core" functionality. - [ ] Ran `nixpkgs-review` on this PR. See [nixpkgs-review usage]. - [x] Tested basic functionality of all binary files, usually in `./result/bin/`. - Nixpkgs Release Notes - [ ] Package update: when the change is major or breaking. - NixOS Release Notes - [ ] Module addition: when adding a new NixOS module. - [ ] Module update: when the change is significant. - [x] Fits [CONTRIBUTING.md], [pkgs/README.md], [maintainers/README.md] and other READMEs. --- Add a :+1: [reaction] to [pull requests you find important]. [reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/ [pull requests you find important]: https://github.com/NixOS/nixpkgs/pulls?q=is%3Aopen+sort%3Areactions-%2B1-desc

See it’s progress through the channels.

deep4lpha · January 23, 2026, 2:55pm

Thanks @NobbZ ! I’ll just patch is from PR for now.

Still - would be very grateful for hints to make such ad-hoc software run. It still is beneficial for me to keep system clean - it will just get garbage collected

NobbZ · January 23, 2026, 3:01pm

If an override as you did doesn’t work, I am almost always ending up updating nixpkgs directly if no PR exists. If one exists I usually copy the expression until available in the channels.

If it’s about downgrade rather than upgrade, and overrides don’t work, I also copy an older expression from nixpkgs and use that.

If dependencies don’t play well with the situation, then things get hairy. Usually that is when I say to myself that no one will notice that I’m running foo 1.2.3 rather than 1.1.0.