Build failure: feishin

[bobberb]

Nixpkgs version

• Stable (24.11)

Steps to reproduce

1. Attempt to build feishin while on latest commit nixos-24.11 flake
2. Failure
   "Electron 31.7.7 Marked as insecure, refusing to evaluate"

Can Hydra reproduce this build failure?

No, Hydra cannot reproduce this build failure.

Link to Hydra build job

No response

Relevant log output

#nix run nixpkgs/47addd76727f42d351590c905d9d1905ca895b82#feishin


       error: Package ‘electron-31.7.7’ in /nix/store/5kvd3cn4cld24l2cs07m4hw3hwlqq104-source/pkgs/development/tools/electron/binary/generic.nix:37 is marked as insecure, refusing to evaluate.

Additional context

Pulled latest nixos-24.11 commit at time of writing

'github:NixOS/nixpkgs/47addd76727f42d351590c905d9d1905ca895b82' (2025-01-22)

Electron 31.7.7 insecure.

System metadata

• system: "x86_64-linux"
• host os: Linux 6.12.2-zen1, NixOS, 24.11 (Vicuna), 24.11.20250115.e24b4c0
• multi-user?: yes
• sandbox: yes
• version: nix-env (Lix, like Nix) 2.91.1 System type: x86_64-linux Additional system types: i686-linux, x86_64-v1-linux, x86_64-v2-linux, x86_64-v3-linux, x86_64-v4-linux Features: gc, signed-caches System configuration file: /etc/nix/nix.conf User configuration files: /home/user/.config/nix/nix.conf:/nix/store/jv8c6l3r7lvyxnlhf8h1jl1zhx2rn3mw-plasma-workspace-6.2.5/etc/xdg/nix/nix.conf:/nix/store/ci41jxiphqw02kh5371ddbys917d5b67-kglobalacceld-6.2.5/etc/xdg/nix/nix.conf:/nix/store/qjs0vfgjq2yyvs7papbisg1lr7h6wpx5-baloo-6.8.0/etc/xdg/nix/nix.conf:/home/user/.config/kdedefaults/nix/nix.conf:/nix/store/jv8c6l3r7lvyxnlhf8h1jl1zhx2rn3mw-plasma-workspace-6.2.5/etc/xdg/nix/nix.conf:/nix/store/ci41jxiphqw02kh5371ddbys917d5b67-kglobalacceld-6.2.5/etc/xdg/nix/nix.conf:/nix/store/qjs0vfgjq2yyvs7papbisg1lr7h6wpx5-baloo-6.8.0/etc/xdg/nix/nix.conf:/nix/store/jv8c6l3r7lvyxnlhf8h1jl1zhx2rn3mw-plasma-workspace-6.2.5/etc/xdg/nix/nix.conf:/nix/store/ci41jxiphqw02kh5371ddbys917d5b67-kglobalacceld-6.2.5/etc/xdg/nix/nix.conf:/nix/store/qjs0vfgjq2yyvs7papbisg1lr7h6wpx5-baloo-6.8.0/etc/xdg/nix/nix.conf:/home/user/.config/kdedefaults/nix/nix.conf:/etc/xdg/nix/nix.conf:/home/user/.local/share/flatpak/exports/etc/xdg/nix/nix.conf:/var/lib/flatpak/exports/etc/xdg/nix/nix.conf:/home/user/.nix-profile/etc/xdg/nix/nix.conf:/nix/profile/etc/xdg/nix/nix.conf:/home/user/.local/state/nix/profile/etc/xdg/nix/nix.conf:/etc/profiles/per-user/user/etc/xdg/nix/nix.conf:/nix/var/nix/profiles/default/etc/xdg/nix/nix.conf:/run/current-system/sw/etc/xdg/nix/nix.conf Store directory: /nix/store State directory: /nix/var/nix Data directory: /nix/store/h7aaq5877bh62is6ca6bn5dr8bzmcqrs-lix-2.91.1/share
• channels(root): "nixos-23.11"
• channels(user): ""
• nixpkgs: /nix/store/awsvw44jla0idziiks2zwgzslfd2dczn-source

Notify maintainers

---

Note for maintainers: Please tag this issue in your pull request description. (i.e. Resolves #ISSUE.)

I assert that this issue is relevant for Nixpkgs

• I assert that this is a bug and not a support request.
• I assert that this is not a duplicate of an existing issue.
• I assert that I have read the NixOS Code of Conduct and agree to abide by it.

Is this issue important to you?

Add a 👍 reaction to issues you find important.

[bobberb]

@aucub how does this stuff get merged on a stable branch without someone alerting to a package not building?

[bobberb]

Awesome. Thank you for the explanation and thanks to all for the security!

…

On Fri, Jan 24, 2025, 1:19 PM aucub ***@***.***> wrote: This is a warning about using outdated versions of electron, and the configuration can be modified to allow the installation of unsafe software. This issue is tagged in #370758 <#370758>. The security issue is more important so we won't wait too long. — Reply to this email directly, view it on GitHub <#376166 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAON37FH4BAQOLA5RPJ6ON32MJ743AVCNFSM6AAAAABVXXF7P6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMMJTGEZTANBWHA> . You are receiving this because you authored the thread.Message ID: ***@***.***>

[emilylange]

@bobberb if you happen to have time, would you mind sharing your view on this?

I always thought the eval error one gets when pulling in a package that is marked as insecure is extremely clear.

But that may just be me, given my involvement.

Did you see the eval error that I mentioned in #370758?

Especially the following section:

You can install it anyway by allowing this package, using the following methods:

Do you have suggestions on how this could be improved?

Thanks :)

[bobberb]

It was clear what to do to get Electron 31 running, I was genuinely asking about how merges work with dependencies - I learned security comes first! My music app is not important compared to the community's needs. On Windows, everything runs even with old DLLs! Thank you for your time.

…

On Fri, Jan 24, 2025, 4:34 PM Emily ***@***.***> wrote: @bobberb <https://github.com/bobberb> if you happen to have time, would you mind sharing your view on this? I always thought the eval error one gets when pulling in a package that is marked as insecure is extremely clear. But that may just be me, given my involvement. Did you see the eval error that I mentioned in #370758 <#370758>? Especially the following section: You can install it anyway by allowing this package, using the following methods: Do you have suggestions on how this could be improved? Thanks :) — Reply to this email directly, view it on GitHub <#376166 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAON37CYG5BTCLJDAPGBIDL2MKWWLAVCNFSM6AAAAABVXXF7P6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMMJTGQYTKOBXGY> . You are receiving this because you were mentioned.Message ID: ***@***.***>