Hi all! I’ve recently acquired an embedded board with a Nordic nRF chip that I want to learn how to work with.
There are a bunch of nRF tools available in nixpkgs like nrfutil
, nrf5-sdk
, nrf-command-line-tools
, and nrfconnect
. However, all of them seem to rely on an insecure segger-jlink-qt4-796s
package, so when I try to rebuild I get the following trace:
error: Package ‘segger-jlink-qt4-796s’ in /nix/store/l3amk5lsakpc93him5kry24kax23sn4h-source/pkgs/by-name/se/segger-jlink/qt4-bundled.nix:44 is marked as insecure, refusing to evaluate.
Known issues:
- This bundled version of Qt 4 has reached its end of life after 2015. See https://github.com/NixOS/nixpkgs/pull/174634
- CVE-2023-43114
- CVE-2023-38197
- CVE-2023-37369
- CVE-2023-34410
- CVE-2023-32763
- CVE-2023-32762
- CVE-2023-32573
- CVE-2022-25634
- CVE-2020-17507
- CVE-2020-0570
- CVE-2018-21035
- CVE-2018-19873
- CVE-2018-19871
- CVE-2018-19870
- CVE-2018-19869
- CVE-2015-1290
- CVE-2014-0190
- CVE-2013-0254
- CVE-2012-6093
- CVE-2012-5624
- CVE-2009-2700
You can install it anyway by allowing this package, using the
following methods:
a) To temporarily allow all insecure packages, you can use an environment
variable for a single invocation of the nix tools:
$ export NIXPKGS_ALLOW_INSECURE=1
Note: When using `nix shell`, `nix build`, `nix develop`, etc with a flake,
then pass `--impure` in order to allow use of environment variables.
b) for `nixos-rebuild` you can add ‘segger-jlink-qt4-796s’ to
`nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
like so:
{
nixpkgs.config.permittedInsecurePackages = [
"segger-jlink-qt4-796s"
];
}
c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
‘segger-jlink-qt4-796s’ to `permittedInsecurePackages` in
~/.config/nixpkgs/config.nix, like so:
{
permittedInsecurePackages = [
"segger-jlink-qt4-796s"
];
}
Sure, I said, and tried option B (Here is a link to relevant part of my config), but unfortunately adding the package to permitted insecure has had zero effect. I’ve then tried option A with an env var and had no success either.
I’m a bit at a loss as to what else to do in this situation.
Edit:
One detail I forgot to mention, is while nrf packages attempt to build segger-jlink-qt4-796s
for themselves, it is not a package present in current Unstable list of packages. At least when using search.nixos.org
I don’t see it. There is segger-jlink
, but adding it to a list of packages does not help.
Could it be that adding segger-jlink-qt4-796s
to permittedInsecurePackages
doesn’t work because it’s not a package at the branch of nixpkgs I use?