CODEWITHSUNDEEP
overlaynixnixos
user3416536
user3416536

Reputation: 1469

Nix(OS): Set "permittedInsecurePackages" only for one package build (in an overlay?)

I'd like to apply a configuration point only for a build I'm defining in an overlay in nix.

That is, I'd like to set

permittedInsecurePackages = [
     "webkitgtk-2.4.11"
];

in an overlay. I want to do it there, because the overlay is to set up my claws-mail configuration; and I don't want to allow webkitgtk if I'm not installing claws-mail (which would potentially happen if I put it into ~/.config/nixpkgs/config.nix).

Is there a way to set this in an overlay? I tried setting it into self.config. or super.config., but neither worked.

Upvotes: 3

Views: 2750

Answers (2)

Charles Duffy
Charles Duffy

Reputation: 295403

You can't locally override configuration, but you can stop that configuration from getting in the way of the goal you're trying to accomplish.

The easy thing to do here is to clear meta.knownVulnerabilities in the copy of webkitgtk you pass to the claws-mail build.

To show how this can be done --

let
  ignoringVulns = x: x // { meta = (x.meta // { knownVulnerabilities = []; }); };
  webkitGtkIgnoringVulns = pkgs.webkitgtk24x-gtk2.overrideAttrs ignoringVulns;
in
  pkgs.clawsMail.override { webkitgtk24x-gtk2 = webkitGtkIgnoringVulns; }

The above was tested in nix repl. In an overlay you might replace pkgs. with super. in referring to the original/unmodified versions of the packages at hand; it's still important to keep the webkitGtkIgnoringVulns in a let (or otherwise to not introduce it into the attrset your overlay evaluates to) if you don't want it to be defined in any other scope.

That is to say, to do this in an overlay might look like:

self: super: let
  ignoringVulns = x: x // { meta = (x.meta // { knownVulnerabilities = []; }); };
in {
  clawsMail = super.clawsMail.override {
    webkitgtk24x-gtk2 = self.webkitgtk24x-gtk2.overrideAttrs ignoringVulns;
  };
}

Upvotes: 4

Robert Hensing
Robert Hensing

Reputation: 7359

First, let me set a few things straight that will hopefully help you understand some NixOS and Nixpkgs concepts.

NixOS modules are mostly concerned with system configuration, whereas overlays are a mostly just a mechanism for making changes to the package set. These are separate features of two separate components (NixOS and Nixpkgs) that are distributed together.

What happens is that NixOS loads Nixpkgs when it evaluates. This can be controlled with some NixOS options. Most of these are simply passed to the Nixpkgs function (usually denoted import <nixpkgs>).

This means that NixOS configuration is in control of the config argument to Nixpkgs. However, overlays is merely another parameter of the Nixpkgs function that does not influence the Nixpkgs config.

Also note that self and super are just names that are typically given to the parameters of the function that defines an overlay. They are positional parameters, so you could give them different names if you need to. The result of an overlay function is an attribute set containing the attributes to add or update. self and super have no special meaning as attributes in Nixpkgs. (Although you did hide the super package)

So no, an overlay can not set a Nixpkgs config item. You may instead want to write a NixOS module instead. NixOS modules and NixOS configuration are the same thing.

Also note that NixOS (nixos-rebuild, etc) will not read ~/.config/nixpkgs/config.nix. It has it's own default.

Upvotes: 1

Related Questions