-
-
Save grahamc/cd0173fcfc06e15ac0d2ecd84f696d00 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ nix-env -iA mypackage | |
error: Package `foobar-123` in ./packages.nix is marked as insecure for the following reasons: | |
- CVE-2016-1234 remote privilege escalation because lol | |
- CVE-2016-1235 remote privilege escalation because lol | |
You can install it anyway by whitelisting this package, using the following methods: | |
nixos-rebuild | |
------------- | |
Adding `pkgs.mypackage` to `nixpkgs.config.permittedInsecurePackages` in the | |
configuration.nix, like so: | |
{ nixpkgs.config.permittedInsecurePackages = [ "foobar-123" ]; } | |
nix-env, nix-build, or other nix commands: | |
------------------------------------------ | |
Adding `pkgs.mypackage` to `permittedInsecurePackages` in | |
~/.nixpkgs/config.nix, like so: | |
{ permittedInsecurePackages = [ "foobar-123" ]; } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
mypackage = stdenv.mkDerivation rec { | |
name = "foobar-${version}"; | |
version = "123"; | |
# ... | |
meta = { | |
knownVulnerabilities = [ | |
"CVE-2016-1234 remote privilege escalation because lol" | |
"CVE-2016-1235 remote privilege escalation because lol" | |
]; | |
}; | |
}; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment