Hi,
I managed to install TensorFlow a while ago (my configuration below)
let
# Custom Python package with all the (Python) imports I need
my-python-packages = python-packages: with python-packages; [
tensorflow
keras
...
];
python-with-my-packages = pkgs.unstable.python3.withPackages my-python-packages;
#python-with-my-packages = pkgs.python3.withPackages my-python-packages;
in
{
# to try making tensorflow work
hardware.opengl.setLdLibraryPath = true;
environment.systemPackages = with pkgs; [
python-with-my-packages
...
];
...
}
…but a recent sudo nixos-rebuild switch refuses to evaluate:
error: Package ‘python3.10-tensorflow-2.11.0’ in /nix/store/qw9nnl2wmvx0ad0f9aqvdbw5cl5mirvc-source/pkgs/development/python-modules/tensorflow/default.nix:445 is marked as insecure, refusing to evaluate.
Known issues:
- CVE-2023-27579
- CVE-2023-25801
- CVE-2023-25676
- CVE-2023-25675
- CVE-2023-25674
- CVE-2023-25673
- CVE-2023-25671
- CVE-2023-25670
- CVE-2023-25669
- CVE-2023-25668
- CVE-2023-25667
- CVE-2023-25665
- CVE-2023-25666
- CVE-2023-25664
- CVE-2023-25663
- CVE-2023-25662
- CVE-2023-25660
- CVE-2023-25659
- CVE-2023-25658
You can install it anyway by allowing this package, using the
following methods:
a) To temporarily allow all insecure packages, you can use an environment
variable for a single invocation of the nix tools:
$ export NIXPKGS_ALLOW_INSECURE=1
Note: For `nix shell`, `nix build`, `nix develop` or any other Nix 2.4+
(Flake) command, `--impure` must be passed in order to read this
environment variable.
b) for `nixos-rebuild` you can add ‘python3.10-tensorflow-2.11.0’ to
`nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
like so:
{
nixpkgs.config.permittedInsecurePackages = [
"python3.10-tensorflow-2.11.0"
];
}
c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
‘python3.10-tensorflow-2.11.0’ to `permittedInsecurePackages` in
~/.config/nixpkgs/config.nix, like so:
{
permittedInsecurePackages = [
"python3.10-tensorflow-2.11.0"
];
}
(use '--show-trace' to show detailed location information)
This however is unexpected. Tensorflow is supposed to be still buildable, only that there won’t be any public cache available. What kind of error do you get?
I tried with the option --show-trace and I got a ton of messages which I cannot really understand:
building Nix...
building the system configuration...
error: Package ‘tensorflow-2.11.0’ in /nix/store/qw9nnl2wmvx0ad0f9aqvdbw5cl5mirvc-source/pkgs/development/python-modules/tensorflow/default.nix:445 is marked as insecure, refusing to evaluate.
Known issues:
- CVE-2023-27579
- CVE-2023-25801
- CVE-2023-25676
- CVE-2023-25675
- CVE-2023-25674
- CVE-2023-25673
- CVE-2023-25671
- CVE-2023-25670
- CVE-2023-25669
- CVE-2023-25668
- CVE-2023-25667
- CVE-2023-25665
- CVE-2023-25666
- CVE-2023-25664
- CVE-2023-25663
- CVE-2023-25662
- CVE-2023-25660
- CVE-2023-25659
- CVE-2023-25658
You can install it anyway by allowing this package, using the
following methods:
a) To temporarily allow all insecure packages, you can use an environment
variable for a single invocation of the nix tools:
$ export NIXPKGS_ALLOW_INSECURE=1
Note: For `nix shell`, `nix build`, `nix develop` or any other Nix 2.4+
(Flake) command, `--impure` must be passed in order to read this
environment variable.
b) for `nixos-rebuild` you can add ‘tensorflow-2.11.0’ to
`nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
like so:
{
nixpkgs.config.permittedInsecurePackages = [
"tensorflow-2.11.0"
];
}
c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
‘tensorflow-2.11.0’ to `permittedInsecurePackages` in
~/.config/nixpkgs/config.nix, like so:
{
permittedInsecurePackages = [
"tensorflow-2.11.0"
];
}
… while evaluating 'handleEvalIssue'
at /nix/store/qw9nnl2wmvx0ad0f9aqvdbw5cl5mirvc-source/pkgs/stdenv/generic/check-meta.nix:226:38:
225|
226| handleEvalIssue = { meta, attrs }: { reason , errormsg ? "" }:
| ^
227| let
… from call site
at /nix/store/qw9nnl2wmvx0ad0f9aqvdbw5cl5mirvc-source/pkgs/stdenv/generic/check-meta.nix:400:16:
399| {
400| no = handleEvalIssue { inherit meta attrs; } { inherit (validity) reason errormsg; };
| ^
401| warn = handleEvalWarning { inherit meta attrs; } { inherit (validity) reason errormsg; };
… while evaluating the attribute 'no'
at /nix/store/qw9nnl2wmvx0ad0f9aqvdbw5cl5mirvc-source/pkgs/stdenv/generic/check-meta.nix:400:11:
399| {
400| no = handleEvalIssue { inherit meta attrs; } { inherit (validity) reason errormsg; };
| ^
401| warn = handleEvalWarning { inherit meta attrs; } { inherit (validity) reason errormsg; };
… while evaluating the attribute 'handled'
at /nix/store/qw9nnl2wmvx0ad0f9aqvdbw5cl5mirvc-source/pkgs/stdenv/generic/check-meta.nix:398:7:
397| # or, alternatively, just output a warning message.
398| handled =
| ^
399| {
… while evaluating the attribute 'src' of the derivation 'python3.10-tensorflow-2.11.0'
at /nix/store/qw9nnl2wmvx0ad0f9aqvdbw5cl5mirvc-source/pkgs/stdenv/generic/make-derivation.nix:302:7:
301| // (lib.optionalAttrs (attrs ? name || (attrs ? pname && attrs ? version)) {
302| name =
| ^
303| let
… while evaluating the attribute 'outPath'
at /nix/store/qw9nnl2wmvx0ad0f9aqvdbw5cl5mirvc-source/lib/customisation.nix:229:7:
228| drvPath = assert condition; drv.drvPath;
229| outPath = assert condition; drv.outPath;
| ^
230| };
… while evaluating the attribute 'outPath'
at /nix/store/qw9nnl2wmvx0ad0f9aqvdbw5cl5mirvc-source/lib/customisation.nix:229:7:
228| drvPath = assert condition; drv.drvPath;
229| outPath = assert condition; drv.outPath;
| ^
230| };
… while evaluating anonymous lambda
at /nix/store/qw9nnl2wmvx0ad0f9aqvdbw5cl5mirvc-source/lib/lists.nix:658:25:
657| */
658| unique = foldl' (acc: e: if elem e acc then acc else acc ++ [ e ]) [];
| ^
659|
… from call site
at /nix/store/qw9nnl2wmvx0ad0f9aqvdbw5cl5mirvc-source/pkgs/development/interpreters/python/python-packages-base.nix:55:6:
54| modules = lib.filter hasPythonModule drvs;
55| in lib.unique ([python] ++ modules ++ lib.concatLists (lib.catAttrs "requiredPythonModules" modules));
| ^
56|
… while evaluating 'requiredPythonModules'
at /nix/store/qw9nnl2wmvx0ad0f9aqvdbw5cl5mirvc-source/pkgs/development/interpreters/python/python-packages-base.nix:53:27:
52| # Get list of required Python modules given a list of derivations.
53| requiredPythonModules = drvs: let
| ^
54| modules = lib.filter hasPythonModule drvs;
… from call site
at /nix/store/qw9nnl2wmvx0ad0f9aqvdbw5cl5mirvc-source/pkgs/development/interpreters/python/wrapper.nix:20:13:
19| env = let
20| paths = requiredPythonModules (extraLibs ++ [ python ] ) ;
| ^
21| pythonPath = "${placeholder "out"}/${python.sitePackages}";
… while evaluating the attribute 'passAsFile'
at /nix/store/qw9nnl2wmvx0ad0f9aqvdbw5cl5mirvc-source/pkgs/build-support/buildenv/default.nix:77:5:
76| # XXX: The size is somewhat arbitrary
77| passAsFile = if builtins.stringLength pkgs >= 128*1024 then [ "pkgs" ] else [ ];
| ^
78| }
… while evaluating the attribute 'passAsFile' of the derivation 'python3-3.10.10-env'
at /nix/store/qw9nnl2wmvx0ad0f9aqvdbw5cl5mirvc-source/pkgs/stdenv/generic/make-derivation.nix:302:7:
301| // (lib.optionalAttrs (attrs ? name || (attrs ? pname && attrs ? version)) {
302| name =
| ^
303| let
… while evaluating the attribute 'passAsFile'
at /nix/store/c475f7p3krxgyqh5lmr7hyn0szf1s6r3-nixos-22.11/nixos/pkgs/build-support/buildenv/default.nix:77:5:
76| # XXX: The size is somewhat arbitrary
77| passAsFile = if builtins.stringLength pkgs >= 128*1024 then [ "pkgs" ] else [ ];
| ^
78| }
… while evaluating the attribute 'passAsFile' of the derivation 'system-path'
at /nix/store/c475f7p3krxgyqh5lmr7hyn0szf1s6r3-nixos-22.11/nixos/pkgs/stdenv/generic/make-derivation.nix:270:7:
269| // (lib.optionalAttrs (attrs ? name || (attrs ? pname && attrs ? version)) {
270| name =
| ^
271| let
… while evaluating 'check'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/types.nix:482:15:
481| descriptionClass = "noun";
482| check = x: isCoercibleToString x && builtins.substring 0 1 (toString x) == "/";
| ^
483| merge = mergeEqualOption;
… from call site
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:760:22:
759| if isDefined then
760| if all (def: type.check def.value) defsFinal then type.merge loc defsFinal
| ^
761| else let allInvalid = filter (def: ! type.check def.value) defsFinal;
… while evaluating anonymous lambda
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:760:17:
759| if isDefined then
760| if all (def: type.check def.value) defsFinal then type.merge loc defsFinal
| ^
761| else let allInvalid = filter (def: ! type.check def.value) defsFinal;
… from call site
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:760:12:
759| if isDefined then
760| if all (def: type.check def.value) defsFinal then type.merge loc defsFinal
| ^
761| else let allInvalid = filter (def: ! type.check def.value) defsFinal;
… while evaluating the attribute 'value'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:771:27:
770| optionalValue =
771| if isDefined then { value = mergedValue; }
| ^
772| else {};
… while evaluating anonymous lambda
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/types.nix:492:14:
491| merge = loc: defs:
492| map (x: x.value) (filter (x: x ? value) (concatLists (imap1 (n: def:
| ^
493| imap1 (m: def':
… from call site
… while evaluating the attribute 'serviceDirectories' of the derivation 'dbus-1'
at /nix/store/c475f7p3krxgyqh5lmr7hyn0szf1s6r3-nixos-22.11/nixos/pkgs/stdenv/generic/make-derivation.nix:270:7:
269| // (lib.optionalAttrs (attrs ? name || (attrs ? pname && attrs ? version)) {
270| name =
| ^
271| let
… while evaluating 'check'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/types.nix:482:15:
481| descriptionClass = "noun";
482| check = x: isCoercibleToString x && builtins.substring 0 1 (toString x) == "/";
| ^
483| merge = mergeEqualOption;
… from call site
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:760:22:
759| if isDefined then
760| if all (def: type.check def.value) defsFinal then type.merge loc defsFinal
| ^
761| else let allInvalid = filter (def: ! type.check def.value) defsFinal;
… while evaluating anonymous lambda
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:760:17:
759| if isDefined then
760| if all (def: type.check def.value) defsFinal then type.merge loc defsFinal
| ^
761| else let allInvalid = filter (def: ! type.check def.value) defsFinal;
… from call site
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:760:12:
759| if isDefined then
760| if all (def: type.check def.value) defsFinal then type.merge loc defsFinal
| ^
761| else let allInvalid = filter (def: ! type.check def.value) defsFinal;
… while evaluating the attribute 'mergedValue'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:758:5:
757| # Type-check the remaining definitions, and merge them. Or throw if no definitions.
758| mergedValue =
| ^
759| if isDefined then
… while evaluating the option `environment.etc.dbus-1.source':
… while evaluating the attribute 'value'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:723:9:
722| in warnDeprecation opt //
723| { value = builtins.addErrorContext "while evaluating the option `${showOption loc}':" value;
| ^
724| inherit (res.defsFinal') highestPrio;
… while evaluating anonymous lambda
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:265:72:
264| # For definitions that have an associated option
265| declaredConfig = mapAttrsRecursiveCond (v: ! isOption v) (_: v: v.value) options;
| ^
266|
… from call site
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/attrsets.nix:420:20:
419| then recurse (path ++ [name]) value
420| else f (path ++ [name]) value;
| ^
421| in mapAttrs g;
… while evaluating 'g'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/attrsets.nix:417:19:
416| g =
417| name: value:
| ^
418| if isAttrs value && cond value
… from call site
… while evaluating 'escapeShellArg'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/strings.nix:354:20:
353| */
354| escapeShellArg = arg: "'${replaceStrings ["'"] ["'\\''"] (toString arg)}'";
| ^
355|
… from call site
… while evaluating 'concatMapStringsSep'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/strings.nix:111:5:
110| # List of input strings
111| list: concatStringsSep sep (map f list);
| ^
112|
… from call site
at /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/etc/etc.nix:54:43:
53| mkdir -p "$out/etc"
54| ${concatMapStringsSep "\n" (etcEntry: escapeShellArgs [
| ^
55| "makeEtcEntry"
… while evaluating anonymous lambda
at /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/etc/etc.nix:54:33:
53| mkdir -p "$out/etc"
54| ${concatMapStringsSep "\n" (etcEntry: escapeShellArgs [
| ^
55| "makeEtcEntry"
… from call site
… while evaluating 'concatMapStringsSep'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/strings.nix:111:5:
110| # List of input strings
111| list: concatStringsSep sep (map f list);
| ^
112|
… from call site
at /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/etc/etc.nix:54:7:
53| mkdir -p "$out/etc"
54| ${concatMapStringsSep "\n" (etcEntry: escapeShellArgs [
| ^
55| "makeEtcEntry"
… while evaluating the attribute 'buildCommand' of the derivation 'etc'
at /nix/store/c475f7p3krxgyqh5lmr7hyn0szf1s6r3-nixos-22.11/nixos/pkgs/stdenv/generic/make-derivation.nix:270:7:
269| // (lib.optionalAttrs (attrs ? name || (attrs ? pname && attrs ? version)) {
270| name =
| ^
271| let
… while evaluating the attribute 'value'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:563:44:
562| defnsByName' = byName "config" (module: value:
563| [{ inherit (module) file; inherit value; }]
| ^
564| ) configs;
… while evaluating 'atDepth'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/attrsets.nix:60:17:
59| len = length attrPath;
60| atDepth = n:
| ^
61| if n == len
… from call site
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/attrsets.nix:63:39:
62| then value
63| else { ${elemAt attrPath n} = atDepth (n + 1); };
| ^
64| in atDepth 0;
… while evaluating the attribute 'value'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/types.nix:552:58:
551| # Push down position info.
552| (map (def: mapAttrs (n: v: { inherit (def) file; value = v; }) def.value) defs);
| ^
553| emptyValue = { value = {}; };
… while evaluating 'dischargeProperties'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:810:25:
809| */
810| dischargeProperties = def:
| ^
811| if def._type or "" == "merge" then
… from call site
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:739:137:
738| defs' = concatMap (m:
739| map (value: { inherit (m) file; inherit value; }) (builtins.addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
| ^
740| ) defs;
… while evaluating definitions from `/nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/etc/etc.nix':
… while evaluating anonymous lambda
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:738:28:
737| # Process mkMerge and mkIf properties.
738| defs' = concatMap (m:
| ^
739| map (value: { inherit (m) file; inherit value; }) (builtins.addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
… from call site
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:738:17:
737| # Process mkMerge and mkIf properties.
738| defs' = concatMap (m:
| ^
739| map (value: { inherit (m) file; inherit value; }) (builtins.addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
… while evaluating the attribute 'values'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:851:7:
850| in {
851| values = concatMap (def: if getPrio def == highestPrio then [(strip def)] else []) defs;
| ^
852| inherit highestPrio;
… while evaluating the attribute 'values'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:752:9:
751| in {
752| values = defs''';
| ^
753| inherit (defs'') highestPrio;
… while evaluating the attribute 'optionalValue.value'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:770:5:
769|
770| optionalValue =
| ^
771| if isDefined then { value = mergedValue; }
… while evaluating anonymous lambda
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/types.nix:546:29:
545| merge = loc: defs:
546| zipAttrsWith (name: defs:
| ^
547| let merged = mergeDefinitions (loc ++ [name]) elemType defs;
… from call site
… while evaluating anonymous lambda
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/attrsets.nix:537:24:
536| let f = attrPath:
537| zipAttrsWith (n: values:
| ^
538| let here = attrPath ++ [n]; in
… from call site
… while evaluating the attribute 'value'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:563:44:
562| defnsByName' = byName "config" (module: value:
563| [{ inherit (module) file; inherit value; }]
| ^
564| ) configs;
… while evaluating 'dischargeProperties'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:810:25:
809| */
810| dischargeProperties = def:
| ^
811| if def._type or "" == "merge" then
… from call site
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:739:137:
738| defs' = concatMap (m:
739| map (value: { inherit (m) file; inherit value; }) (builtins.addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
| ^
740| ) defs;
… while evaluating definitions from `/nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/etc/etc-activation.nix':
… while evaluating anonymous lambda
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:738:28:
737| # Process mkMerge and mkIf properties.
738| defs' = concatMap (m:
| ^
739| map (value: { inherit (m) file; inherit value; }) (builtins.addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
… from call site
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:738:17:
737| # Process mkMerge and mkIf properties.
738| defs' = concatMap (m:
| ^
739| map (value: { inherit (m) file; inherit value; }) (builtins.addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
… while evaluating the attribute 'values'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:851:7:
850| in {
851| values = concatMap (def: if getPrio def == highestPrio then [(strip def)] else []) defs;
| ^
852| inherit highestPrio;
… while evaluating the attribute 'values'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:752:9:
751| in {
752| values = defs''';
| ^
753| inherit (defs'') highestPrio;
… while evaluating the attribute 'mergedValue'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:758:5:
757| # Type-check the remaining definitions, and merge them. Or throw if no definitions.
758| mergedValue =
| ^
759| if isDefined then
… while evaluating the option `system.activationScripts.etc.text':
… while evaluating the attribute 'value'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:723:9:
722| in warnDeprecation opt //
723| { value = builtins.addErrorContext "while evaluating the option `${showOption loc}':" value;
| ^
724| inherit (res.defsFinal') highestPrio;
… while evaluating anonymous lambda
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:265:72:
264| # For definitions that have an associated option
265| declaredConfig = mapAttrsRecursiveCond (v: ! isOption v) (_: v: v.value) options;
| ^
266|
… from call site
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/attrsets.nix:420:20:
419| then recurse (path ++ [name]) value
420| else f (path ++ [name]) value;
| ^
421| in mapAttrs g;
… while evaluating 'g'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/attrsets.nix:417:19:
416| g =
417| name: value:
| ^
418| if isAttrs value && cond value
… from call site
… while evaluating the attribute 'text'
at /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/activation/activation-script.nix:9:5:
8| addAttributeName = mapAttrs (a: v: v // {
9| text = ''
| ^
10| #### Activation script snippet ${a}:
… while evaluating 'id'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/trivial.nix:14:5:
13| # The value to return
14| x: x;
| ^
15|
… from call site
… while evaluating 'textClosureMap'
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/strings-with-deps.nix:75:35:
74|
75| textClosureMap = f: predefined: names:
| ^
76| concatStringsSep "\n" (map f (textClosureList predefined names));
… from call site
at /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/activation/activation-script.nix:49:9:
48|
49| ${textClosureMap id (withDrySnippets) (attrNames withDrySnippets)}
| ^
50|
… while evaluating 'systemActivationScript'
at /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/activation/activation-script.nix:20:33:
19|
20| systemActivationScript = set: onlyDry: let
| ^
21| set' = mapAttrs (_: v: if isString v then (noDepEntry v) // { supportsDryActivation = false; } else v) set;
… from call site
at /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/activation/activation-script.nix:137:18:
136| apply = set: set // {
137| script = systemActivationScript set false;
| ^
138| };
… while evaluating the attribute 'system.activationScripts.script'
at /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/activation/activation-script.nix:137:9:
136| apply = set: set // {
137| script = systemActivationScript set false;
| ^
138| };
… while evaluating the attribute 'activationScript' of the derivation 'nixos-system-nixos-22.11.1069.cbe419ed4c8'
at /nix/store/c475f7p3krxgyqh5lmr7hyn0szf1s6r3-nixos-22.11/nixos/pkgs/stdenv/generic/make-derivation.nix:270:7:
269| // (lib.optionalAttrs (attrs ? name || (attrs ? pname && attrs ? version)) {
270| name =
| ^
271| let
Oh! This is because tensorflow actually consists of two nix derivations, one is the native Bazel build which produces a wheel, and another is the python install that consumes the wheel
