for the longest time, I've always had to do this before every nix build:
export NIXPKGS_ALLOW_INSECURE=1
Because I would always get this error when trying to rebuild my darwin nix configuration:
error: Package ‘python-2.7.18.8’ in /nix/store/5qjsx5ivqlq8s3dfwv76mwbdcvnm7ldg-nixpkgs-24.11-darwin/nixpkgs/pkgs/development/interpreters/python/cpython/2.7/default.nix:336 is marked as insecure, refusing to evaluate.
Known issues:
- Python 2.7 has reached its end of life after 2020-01-01. See https://www.python.org/doc/sunset-python-2/.
You can install it anyway by allowing this package, using the
following methods:
a) To temporarily allow all insecure packages, you can use an environment
variable for a single invocation of the nix tools:
$ export NIXPKGS_ALLOW_INSECURE=1
Note: When using `nix shell`, `nix build`, `nix develop`, etc with a flake,
then pass `--impure` in order to allow use of environment variables.
b) for `nixos-rebuild` you can add ‘python-2.7.18.8’ to
`nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
like so:
{
nixpkgs.config.permittedInsecurePackages = [
"python-2.7.18.8"
];
}
c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
‘python-2.7.18.8’ to `permittedInsecurePackages` in
~/.config/nixpkgs/config.nix, like so:
{
permittedInsecurePackages = [
"python-2.7.18.8"
];
}
i was never able to find out what the offending package was until I read this post today: https://github.com/NixOS/nixpkgs/issues/209804
so, i was able to narrow it down successfully:
$ nix path-info -r /run/current-system --extra-experimental-features nix-command | grep python-2.7.1
8.8
/nix/store/l8z7f1rkp6l4h4lj87n14z3yhf09ihnb-python-2.7.18.8
$ nix-store -q --referrers /nix/store/l8z7f1rkp6l4h4lj87n14z3yhf09ihnb-python-2.7.18.8
/nix/store/l8z7f1rkp6l4h4lj87n14z3yhf09ihnb-python-2.7.18.8
/nix/store/bxkxgmihyn3dpsvkaylyf35090mk5izj-home-manager-path
$ nix-store -q --referrers /nix/store/bxkxgmihyn3dpsvkaylyf35090mk5izj-home-manager-path
/nix/store/bxkxgmihyn3dpsvkaylyf35090mk5izj-home-manager-path
/nix/store/lvizsq8pkxyvxw974hnxbf5n38abkmfg-env-manifest.nix
/nix/store/28rdmx48zlpc1jg3g0mgz0zdc09hyxn7-user-environment
/nix/store/gvh8dvxcfzl2qrzp7iy9y4w8hcslvi18-hm_fontconfigconf.d10hmfonts.conf
/nix/store/sbmry5fl0flksxswqssphzn30ha5xhga-home-manager-generation
So, this looks like the one, and it matches what the other guys found in the git issue too:
/nix/store/gvh8dvxcfzl2qrzp7iy9y4w8hcslvi18-hm_fontconfigconf.d10hmfonts.conf
So it's home-manager's fontconfig, which I do have an entry for in my configuration file, but don't seem to be using?:
/nixos/darwin-configuration.nix:
fonts = {
fontconfig = {
enable = true;
# defaultFonts = {
# monospace = [ "Jetbrains Mono" ];
# sansSerif = [ "Arimo" ];
# serif = [ "GohuFont" ];
# };
};
};
even after commenting the above out, it still didn't seem to make a difference
oh well, at least i'm a little closer to understanding what the issue is i think