I don’t see anything that jumps out at me. It’s probably depending on an a package that is insecure. Check the logs. They’ll point to exactly what the issue is.
Why-depends can help you out. https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-why-depends.html
I don't remember if you can use it directly on a derivation or not, so you might have to track down the relevant package.
Edit: forgot to mention you can give it /run/current-system for the first argument to only see what's currently loaded from the store.
Thanks!
I guess it should be nix why-depends .nix-profile/bin nixpkgs#freeimage
but unfortunately that just spits out the "freeimage is insecure" error (for whatever reason? it's not like I'm installing the insecure package)
❱ nix why-depends .nix-profile/bin nixpkgs#freeimage
error: Package ‘freeimage-unstable-2021-11-01’ in /nix/store/dzv2jjx429kczqwqklfb8v4mn9phv778-source/pkgs/development/libraries/freeimage/default.nix:72 is marked as insecure, refusing to evaluate.
[...]
Neither NIXPKGS_ALLOW_INSECURE=1 nix why-depends ...
or nix why-depends --option permittedInsecurePackages freeimage-unstable-2021-11-01 ...
(which may very well be wrong) seem to bypass the overzealous security check... I ended up updating my working copy of the nixpkgs git repo and running grep -rl freeimage *
there.
Had that error and deduced it was imv after spending some time reading through the trace.
I dont have an actual command for you as i couldnt find one when i was looking ^^
You have three options:
- Take a close look at the stack trace, it should contain the dependant's definition file somewhere. They're hard to read, it's a known issue that isn't easy to fix.
- Roll back your Nixpkgs and figure out which package's runtime closure depends on the package that is broken in the newer Nixpkgs using
why-depends
- Trace through the source code yourself (i.e. grep for the broken dep's name in your explicitly declared deps)