this post was submitted on 21 Feb 2024
14 points (100.0% liked)

Nix / NixOS

1783 readers
1 users here now

Main links

Videos

founded 1 year ago
MODERATORS
 

While updating home-manager I got a notice that freeimage-unstable-2021-11-01 is marked as unsafe.

Since chances are it's used by something I never use, I'd like to know what I'm using that depends on it... any idea how to do it?

Also.. any idea why I have 4 copies of the freeimage stuff in my /nix/store? (I just run nix-collect-garbage -d and the 4 seem to be actually different):

❱ md5sum /nix/store/*freeimage*/lib/libfreeimage.a
67a0ce1cb5dd562473e27d7c88e8a9bd  /nix/store/6gi6hm57zngqnxb6p5dnxhjjcbr96lrk-freeimage-unstable-2021-11-01/lib/libfreeimage.a
5995e0affbfa28b63da7e997cb4dbe63  /nix/store/09nwykzzksc0zknflsyxyah5b67c2rsn-freeimage-unstable-2021-11-01/lib/libfreeimage.a
67a0ce1cb5dd562473e27d7c88e8a9bd  /nix/store/ikfiv4gpmcpyir7lsj45by653qcnvgyx-freeimage-unstable-2021-11-01/lib/libfreeimage.a
213a408e3c1fbb5dfa4491deebe05984  /nix/store/q2sc85f2hclgwl8m3qdw8rpbs44gzmah-freeimage-unstable-2021-11-01/lib/libfreeimage.a
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 7 points 9 months ago* (last edited 9 months ago) (1 children)

Why-depends can help you out. https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-why-depends.html

I don't remember if you can use it directly on a derivation or not, so you might have to track down the relevant package.

Edit: forgot to mention you can give it /run/current-system for the first argument to only see what's currently loaded from the store.

[–] [email protected] 2 points 9 months ago

Thanks!

I guess it should be nix why-depends .nix-profile/bin nixpkgs#freeimage but unfortunately that just spits out the "freeimage is insecure" error (for whatever reason? it's not like I'm installing the insecure package)

❱ nix why-depends .nix-profile/bin nixpkgs#freeimage
error: Package ‘freeimage-unstable-2021-11-01’ in /nix/store/dzv2jjx429kczqwqklfb8v4mn9phv778-source/pkgs/development/libraries/freeimage/default.nix:72 is marked as insecure, refusing to evaluate.
[...]

Neither NIXPKGS_ALLOW_INSECURE=1 nix why-depends ... or nix why-depends --option permittedInsecurePackages freeimage-unstable-2021-11-01 ... (which may very well be wrong) seem to bypass the overzealous security check... I ended up updating my working copy of the nixpkgs git repo and running grep -rl freeimage * there.