I’ve recently switched from the nixos-20.09
channel to the nixos-21.05
channel. I’m running Nix on a Fedora 33 system.
$ nix-channel --list
home-manager https://github.com/nix-community/home-manager/archive/release-21.05.tar.gz
nixpkgs https://nixos.org/channels/nixos-21.05
nixpkgs-unstable https://nixos.org/channels/nixpkgs-unstable
But when I try to update my packages I get an error message
$ nix-channel --update
unpacking channels...
$ home-manager switch --show-trace
error: Package ‘python2.7-Pillow-6.2.2’ in /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/pkgs/development/python-modules/pillow/6.nix:19 is marked as insecure, refusing to evaluate.
Known issues:
- CVE-2020-10177
- CVE-2020-10378
- CVE-2020-10379
- CVE-2020-10994
- CVE-2020-11538
- CVE-2020-35653
- CVE-2020-35654
- CVE-2020-35655
- CVE-2021-25289
- CVE-2021-25290
- CVE-2021-25291
- CVE-2021-25292
- CVE-2021-25293
- CVE-2021-27921
- CVE-2021-27922
- CVE-2021-27923
You can install it anyway by allowing this package, using the
following methods:
a) To temporarily allow all insecure packages, you can use an environment
variable for a single invocation of the nix tools:
$ export NIXPKGS_ALLOW_INSECURE=1
b) for `nixos-rebuild` you can add ‘python2.7-Pillow-6.2.2’ to
`nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
like so:
{
nixpkgs.config.permittedInsecurePackages = [
"python2.7-Pillow-6.2.2"
];
}
c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
‘python2.7-Pillow-6.2.2’ to `permittedInsecurePackages` in
~/.config/nixpkgs/config.nix, like so:
{
permittedInsecurePackages = [
"python2.7-Pillow-6.2.2"
];
}
… while evaluating 'handleEvalIssue'
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/pkgs/stdenv/generic/check-meta.nix:188:38:
187|
188| handleEvalIssue = { meta, attrs }: { reason , errormsg ? "" }:
| ^
189| let
… from call site
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/pkgs/stdenv/generic/check-meta.nix:302:14:
301| handled = if !validity.valid
302| then handleEvalIssue { inherit meta attrs; } { inherit (validity) reason errormsg; }
| ^
303| else true;
… while evaluating the attribute 'handled'
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/pkgs/stdenv/generic/check-meta.nix:301:7:
300| # Throw an error if trying to evaluate an non-valid derivation
301| handled = if !validity.valid
| ^
302| then handleEvalIssue { inherit meta attrs; } { inherit (validity) reason errormsg; }
… while evaluating the attribute 'outPath'
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/lib/customisation.nix:164:7:
163| drvPath = assert condition; drv.drvPath;
164| outPath = assert condition; drv.outPath;
| ^
165| };
… while evaluating anonymous lambda
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/lib/lists.nix:645:24:
644| */
645| unique = foldl' (acc: e: if elem e acc then acc else acc ++ [ e ]) [];
| ^
646|
… from call site
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/pkgs/top-level/python-packages.nix:67:6:
66| modules = filter hasPythonModule drvs;
67| in unique ([python] ++ modules ++ concatLists (catAttrs "requiredPythonModules" modules));
| ^
68|
… while evaluating 'requiredPythonModules'
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/pkgs/top-level/python-packages.nix:65:27:
64| # Get list of required Python modules given a list of derivations.
65| requiredPythonModules = drvs: let
| ^
66| modules = filter hasPythonModule drvs;
… from call site
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/pkgs/development/interpreters/python/wrapper.nix:20:13:
19| env = let
20| paths = requiredPythonModules (extraLibs ++ [ python ] ) ;
| ^
21| pythonPath = "${placeholder "out"}/${python.sitePackages}";
… while evaluating the attribute 'passAsFile'
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/pkgs/build-support/buildenv/default.nix:77:5:
76| # XXX: The size is somewhat arbitrary
77| passAsFile = if builtins.stringLength pkgs >= 128*1024 then [ "pkgs" ] else [ ];
| ^
78| }
… while evaluating the attribute 'passAsFile' of the derivation 'python-2.7.18-env'
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/pkgs/stdenv/generic/make-derivation.nix:201:11:
200| // (lib.optionalAttrs (attrs ? name || (attrs ? pname && attrs ? version)) {
201| name =
| ^
202| let
… while evaluating the attribute 'buildInputs' of the derivation 'scribus-1.4.8'
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/pkgs/stdenv/generic/make-derivation.nix:201:11:
200| // (lib.optionalAttrs (attrs ? name || (attrs ? pname && attrs ? version)) {
201| name =
| ^
202| let
… while evaluating the attribute 'passAsFile'
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/pkgs/build-support/buildenv/default.nix:77:5:
76| # XXX: The size is somewhat arbitrary
77| passAsFile = if builtins.stringLength pkgs >= 128*1024 then [ "pkgs" ] else [ ];
| ^
78| }
… while evaluating the attribute 'passAsFile' of the derivation 'home-manager-path'
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/pkgs/stdenv/generic/make-derivation.nix:201:11:
200| // (lib.optionalAttrs (attrs ? name || (attrs ? pname && attrs ? version)) {
201| name =
| ^
202| let
… while evaluating the attribute 'value'
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/lib/modules.nix:392:44:
391| defnsByName' = byName "config" (module: value:
392| [{ inherit (module) file; inherit value; }]
| ^
393| ) configs;
… while evaluating 'dischargeProperties'
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/lib/modules.nix:609:25:
608| */
609| dischargeProperties = def:
| ^
610| if def._type or "" == "merge" then
… from call site
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/lib/modules.nix:538:137:
537| defs' = concatMap (m:
538| map (value: { inherit (m) file; inherit value; }) (builtins.addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
| ^
539| ) defs;
… while evaluating definitions from `/home/ao/.nix-defexpr/channels/home-manager/modules/home-environment.nix':
… while evaluating anonymous lambda
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/lib/modules.nix:537:28:
536| # Process mkMerge and mkIf properties.
537| defs' = concatMap (m:
| ^
538| map (value: { inherit (m) file; inherit value; }) (builtins.addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
… from call site
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/lib/modules.nix:537:17:
536| # Process mkMerge and mkIf properties.
537| defs' = concatMap (m:
| ^
538| map (value: { inherit (m) file; inherit value; }) (builtins.addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
… while evaluating the attribute 'values'
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/lib/modules.nix:650:7:
649| in {
650| values = concatMap (def: if getPrio def == highestPrio then [(strip def)] else []) defs;
| ^
651| inherit highestPrio;
… while evaluating the attribute 'values'
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/lib/modules.nix:551:9:
550| in {
551| values = defs''';
| ^
552| inherit (defs'') highestPrio;
… while evaluating the attribute 'mergedValue'
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/lib/modules.nix:557:5:
556| # Type-check the remaining definitions, and merge them. Or throw if no definitions.
557| mergedValue =
| ^
558| if isDefined then
… while evaluating the option `home.activation.installPackages.data':
… while evaluating the attribute 'value'
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/lib/modules.nix:525:9:
524| in warnDeprecation opt //
525| { value = builtins.addErrorContext "while evaluating the option `${showOption loc}':" value;
| ^
526| inherit (res.defsFinal') highestPrio;
… while evaluating anonymous lambda
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/lib/modules.nix:140:72:
139| # For definitions that have an associated option
140| declaredConfig = mapAttrsRecursiveCond (v: ! isOption v) (_: v: v.value) options;
| ^
141|
… from call site
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/lib/attrsets.nix:301:20:
300| then recurse (path ++ [name]) value
301| else f (path ++ [name]) value;
| ^
302| in mapAttrs g set;
… while evaluating 'g'
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/lib/attrsets.nix:298:19:
297| g =
298| name: value:
| ^
299| if isAttrs value && cond value
… from call site
… while evaluating the attribute 'data'
… while evaluating the attribute 'data'
at /home/ao/.nix-defexpr/channels/home-manager/modules/lib/dag.nix:85:9:
84| name = n;
85| data = v.data;
| ^
86| after = v.after ++ dagBefore dag n;
… while evaluating the attribute 'data'
at /home/ao/.nix-defexpr/channels/home-manager/modules/lib/dag.nix:91:37:
90| in if sorted ? result then {
91| result = map (v: { inherit (v) name data; }) sorted.result;
| ^
92| } else
… while evaluating 'mkCmd'
at /home/ao/.nix-defexpr/channels/home-manager/modules/home-environment.nix:519:17:
518| let
519| mkCmd = res: ''
| ^
520| noteEcho Activating ${res.name}
… from call site
… while evaluating the attribute 'text' of the derivation 'activation-script'
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/pkgs/stdenv/generic/make-derivation.nix:201:11:
200| // (lib.optionalAttrs (attrs ? name || (attrs ? pname && attrs ? version)) {
201| name =
| ^
202| let
… while evaluating the attribute 'buildCommand' of the derivation 'home-manager-generation'
at /nix/store/ap3d9c28433049zks3794dg12z4588ir-nixpkgs-21.05.961.1f91fd10406/nixpkgs/pkgs/stdenv/generic/make-derivation.nix:201:11:
200| // (lib.optionalAttrs (attrs ? name || (attrs ? pname && attrs ? version)) {
201| name =
| ^
202| let
I’ve had this error before, but got fixed after I’d reinstalled Nix; adding
# Home Manager needs a bit of information about you and the
# paths it should manage.
home.username = "ao";
home.homeDirectory = "/home/ao";
# This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage
# when a new Home Manager release introduces backwards
# incompatible changes.
#
# You can update Home Manager without changing this value. See
# the Home Manager release notes for a list of state version
# changes in each release.
home.stateVersion = "21.03";
to my home.nix
; and switched my nixpkgs
channel from nixpkgs-unstable
to nixos-20.09
. I don’t know what specifically fixed the issue then. home.nix
now looks like this
$ cat ~/.config/nixpkgs/home.nix
{ config, pkgs, ... }:
let
pkgsUnstable = import <nixpkgs-unstable> {};
lib = pkgs.lib;
onNixOS = false;
in
{
# Let Home Manager install and manage itself.
#programs.home-manager.enable = true;
# Home Manager needs a bit of information about you and the
# paths it should manage.
home.username = "ao";
home.homeDirectory = "/home/ao";
# This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage
# when a new Home Manager release introduces backwards
# incompatible changes.
#
# You can update Home Manager without changing this value. See
# the Home Manager release notes for a list of state version
# changes in each release.
home.stateVersion = "21.05";
home.packages = import ./roles/workstation/home/packages {
inherit pkgs pkgsUnstable lib onNixOS;
};
programs = import ./roles/workstation/programs {
inherit pkgs lib onNixOS;
};
services = import ./roles/workstation/services {
inherit onNixOS;
};
}
You can find the expressions with the packages in my Git repository for dotfiles.