Stubborn Openssl Is Insecure Error in NixOS 23.05

When I run

sudo nixos-rebuild switch

on my new NixOS 23.05 installation, I get the following error:

error: Package ‘openssl-1.1.1u’ in /nix/var/nix/profiles/per-user/root/channels/nixos/pkgs/development/libraries/openssl/default.nix:210 is marked as insecure, refusing to evaluate.

Ok, I said. and commented out both openssl and openssh from my configuration.nix and re-ran nixos-rebuild but the error persists.

Any suggestions?

Neither openssh or openssl package depend on openssl_1_1. As the error message says, you can:

(use ‘–show-trace’ to show detailed location information)

Yes, the trace will be pretty long, but you can search for the word “derivation” to find the package that pulls it in. Searching from the bottom to top, I quickly come accross:

       at /nix/store/vby8c3909sglr03fxkclkly29vs49ncy-source/pkgs/stdenv/generic/make-derivation.nix:303:7:

          302|     // (lib.optionalAttrs (attrs ? name || (attrs ? pname && attrs ? version)) {
          303|       name =
             |       ^
          304|         let

       … while evaluating the attribute 'buildPhase' of the derivation 'sublimetext4-bin-4150'
1 Like

(temporary) solution:

export NIXPKGS_ALLOW_INSECURE=1 ; nix-env -iA nixpkgs.sublime4

/related Build failure: sublime4 failed to build , caused by openssl_1_1 being marked insecure · Issue #239615 · NixOS/nixpkgs · GitHub