[SOLVED] Sonarr is broken in 24.11 + unstable (aka: how the hell do I use nixpkgs.config.permittedInsecurePackages?)

Hi,

I’ve just upgraded to 24.11 and Sonarr is broken. The error string says:

b) for nixos-rebuild you can add ‘aspnetcore-runtime-wrapped-6.0.36’ to
nixpkgs.config.permittedInsecurePackages in the configuration.nix,
like so:

        {
          nixpkgs.config.permittedInsecurePackages = [
            "aspnetcore-runtime-wrapped-6.0.36"
          ];
        }

I’ve tried adding the code to various parts of my configuration.nix but I keep getting error messages when trying to build. Can anyone help me with this please?

Thanks,

How are you adding the code, show the whole file, and what is the error?

this was super annoying because it required a bunch of additions that looked alike. if you don’t know how to read, like me, you could easily waste 20 minutes on this

anyways, what you’re likely missing:

        nixpkgs.config.permittedInsecurePackages = [
          "aspnetcore-runtime-6.0.36"
          "aspnetcore-runtime-wrapped-6.0.36"
          "dotnet-sdk-6.0.428"
          "dotnet-sdk-wrapped-6.0.428"
        ];
4 Likes

This has fixed it! Thank-you so much. Apparently, I too do not know how to read!

1 Like

I still have a similar issue, although in my case I’m supposed to add

{
  nixpkgs.config.permittedInsecurePackages = [
    "dotnet-runtime-6.0.36"
  ];
}

But no matter where and how I try to put it, the option just seems to be ignored.

I also tried adding the other packages suggested by aanderse, but to no avail.
Also export NIXPKGS_ALLOW_INSECURE=1
did not solve it for me.

I don’t know if this’ll help or not, but the first lines of my config are:

config, pkgs, … }:

{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];

nixpkgs.config.permittedInsecurePackages = [
“aspnetcore-runtime-6.0.36”
“aspnetcore-runtime-wrapped-6.0.36”
“dotnet-sdk-6.0.428”
“dotnet-sdk-wrapped-6.0.428”
];

Bootloader.

boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
… and so on …

I can confirm that I also needed to do the following on 24.11 to build Sonarr:

{
    nixpkgs.config.permittedInsecurePackages = [
      "aspnetcore-runtime-6.0.36"
      "aspnetcore-runtime-wrapped-6.0.36"
      "dotnet-sdk-6.0.428"
      "dotnet-sdk-wrapped-6.0.428"
    ];
}

Seems like the move of Sonarr to a supported version (.NET 8) might take a while.

But no matter where and how I try to put it, the option just seems to be ignored.

@Almin17 be more specific please. Are we talking a NixOS deployment, or a build of Sonarr in isolation, where do you put this option, etc. Note that as other people have said, you have to put several packages related to dotnet in this list, not just dotnet-runtime-....

they already pasted their config - they must have misunderstood the instructions left

@Almin17 - you need to add all 4 of the listed entries to permittedInsecurePackages as listed several times above - like this:

    nixpkgs.config.permittedInsecurePackages = [
      "aspnetcore-runtime-6.0.36"
      "aspnetcore-runtime-wrapped-6.0.36"
      "dotnet-sdk-6.0.428"
      "dotnet-sdk-wrapped-6.0.428"
    ];

make sure you put all 4 of those exceptions in!

2 Likes

Mine looks like

{ config, lib, pkgs, ... }:  

#lib is needed for mkDefault
with lib;

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
      ./framework.nix
    ];

  nixpkgs.config.permittedInsecurePackages = [
     "dotnet-runtime-wrapped-6.0.36"
     "aspnetcore-runtime-6.0.36"
     "aspnetcore-runtime-wrapped-6.0.36"
     "dotnet-sdk-6.0.428"
     "dotnet-sdk-wrapped-6.0.428"
  ];


... bootloader and so on

@justinas I’m trying to build/upgrade NixOS to 24.11, not building Sonarr, this thread is simply the only plausible one I came across when searching for the issue.

@aanderse I already listed all of those, doesn’t make a difference in my case.

The full output:

sudo nixos-rebuild switch --upgrade
unpacking channels...
building Nix...
building the system configuration...
error:
       … while calling the 'head' builtin
         at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/attrsets.nix:1:35741:
       … while evaluating the attribute 'value'
         at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:1:33591:
       … while evaluating the option `system.build.toplevel':

       … while evaluating definitions from `/nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/activation/top-level.nix':

       … while evaluating the option `system.systemBuilderArgs':

       … while evaluating definitions from `/nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/activation/activatable-system.nix':

       … while evaluating the option `system.activationScripts.etc.text':

       … while evaluating definitions from `/nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/etc/etc-activation.nix':

       … while evaluating definitions from `/nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/etc/etc.nix':

       … while evaluating the option `environment.etc.dbus-1.source':

       (stack trace truncated; use '--show-trace' to show the full, detailed trace)

       error: Package ‘dotnet-runtime-6.0.36’ in /nix/store/0jxmxi5zihn9gli94hazpyb7mn6311zm-nixos-24.11/nixos/pkgs/development/compilers/dotnet/build-dotnet.nix:212 is marked as insecure, refusing to evaluate.


       Known issues:
        - Dotnet SDK 6.0.36 is EOL, please use 8.0 (LTS) or 9.0 (Current)

       You can install it anyway by allowing this package, using the
       following methods:

       a) To temporarily allow all insecure packages, you can use an environment
          variable for a single invocation of the nix tools:

            $ export NIXPKGS_ALLOW_INSECURE=1

          Note: When using `nix shell`, `nix build`, `nix develop`, etc with a flake,
                then pass `--impure` in order to allow use of environment variables.

       b) for `nixos-rebuild` you can add ‘dotnet-runtime-6.0.36’ to
          `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
          like so:

            {
              nixpkgs.config.permittedInsecurePackages = [
                "dotnet-runtime-6.0.36"
              ];
            }

       c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
          ‘dotnet-runtime-6.0.36’ to `permittedInsecurePackages` in
          ~/.config/nixpkgs/config.nix, like so:

            {
              permittedInsecurePackages = [
                "dotnet-runtime-6.0.36"
              ];
            }

the configuration you posted doesn’t have the one listed in the error message you just posted:

              permittedInsecurePackages = [
                "dotnet-runtime-6.0.36"
              ];

does adding that to the list fix it?

Ahhhh! Damn, did I not read carefully enough! Thank you so much, @aanderse ! And sorry for your time and attention, my bad entirely!

hahaha no problem, you and me both… glad we got you sorted

I have the same problem, and adding the permitted insecure packages does allow me to start the build process, but since my sonarr is running on a raspberry pi it does not have enough memory on the SD card to finish the build, and when I try to deploy the build remotely I get a segmentation fault during the checkPhase of the sonarr build (which takes around 20 minutes to get to)

[1/391/396 built, 1247 copied (11306.0/11310.7 MiB), 2560.5 MiB DL] building sonarr-4.0.11.2680 (checkPhase): 18:47:15.8 Info: --- End: NzbDrone.Core.Test.ParserTests.SingleEpisodeParserFixture.should_parse_japanese_variety_show_format("221204 乃木坂工
[1/391/396 built, 1247 copied (11306.0/11310.7 MiB), 2560.5 MiB DL] building sonarr-4.0.11.2680 (checkPhase): 18:47:16.6 Info: --- End: NzbDrone.Core.Test.ParserTests.UnicodeReleaseParserFixture.should_parse_chinese_anime_releases("【傲娇零&自由字幕组 
[1/391/396 built, 1247 copied (11306.0/11310.7 MiB), 2560.5 MiB DL] building sonarr-4.0.11.2680 (checkPhase): 18:47:16.6 Info: --- End: NzbDrone.Core.Test.ParserTests.UnicodeReleaseParserFixture.should_parse_chinese_anime_releases("[星空字幕组] 剃须。 
[1/391/396 built, 1247 copied (11306.0/11310.7 MiB), 2560.5 MiB DL] building sonarr-4.0.11.2680 (checkPhase): 18:47:16.7 Info: --- End: NzbDrone.Core.Test.ParserTests.UnicodeReleaseParserFixture.should_parse_chinese_anime_releases("【喵萌奶茶屋】★10月 
[1/391/396 built, 1247 copied (11306.0/11310.7 MiB), 2560.5 MiB DL] building sonarr-4.0.11.2680 (checkPhase): 18:47:16.9 Info: --- End: NzbDrone.Core.Test.ParserTests.UnicodeReleaseParserFixture.should_parse_chinese_anime_season_episode_releases("[Q]  
[1/391/396 built, 1247 copied (11306.0/11310.7 MiB), 2560.5 MiB DL] building sonarr-4.0.11.2680 (checkPhase): 18:47:16.9 Info: --- End: NzbDrone.Core.Test.ParserTests.UnicodeReleaseParserFixture.should_parse_chinese_multiepisode_releases("[诸神字幕组][
[1/391/396 built, 1247 copied (11306.0/11310.7 MiB), 2560.5 MiB DL] building sonarr-4.0.11.2680 (checkPhase): 18:47:17.0 Info: --- End: NzbDrone.Core.Test.ParserTests.UnicodeReleaseParserFixture.should_parse_gm_team_releases_and_files("[GM-Team][国漫][
[1/391/396 built, 1247 copied (11306.0/11310.7 MiB), 2560.5 MiB DL] building sonarr-4.0.11.2680 (checkPhase): 18:47:17.1 Info: --- End: NzbDrone.Core.Test.ParserTests.UnicodeReleaseParserFixture.should_parse_unbracketed_chinese_anime_releases("[银光字 
[1/391/396 built, 1247 copied (11306.0/11310.7 MiB), 2560.5 MiB DL] building sonarr-4.0.11.2680 (checkPhase): qemu: uncaught target signal 11 (Segmentation fault) - core dumped 

I’m sort of stuck here and haven’t been able to find a solution, my temporary “fix” has been to just disable sonarr :smiling_face_with_tear:

1 Like

You can simply disable tests for it. I’m using Nixarr on a RPI and I’m able to build it with this:

nixarr = {
  enable = true;
  sonarr = {
    enable = true;
    package = pkgs.sonarr.overrideAttrs (lib.const { doCheck = false; });
  };
  # ...rest of nixarr config
};