installation fails when following the official guide

[jobafr]

I'm following the NixoOs Use'sr Guide. After having installed the nix package manager, it says to install the latest version of nixops using nix-env -i nixops.

The installation fails with the error message below. I realize that the error message contains instructions on how to work around this. However, it would probably be good if either those were included in the manual, or made unnecessary (I assume by updating NixOps's dependencies).

$ nix-env -i nixops
installing 'nixops-1.7'
error:
       … while evaluating the attribute 'drvPath'

         at /nix/store/mz5byrgkj4gkwcp0qcixjkwb3ffiqz3y-nixpkgs/nixpkgs/lib/customisation.nix:222:7:

          221|     in commonAttrs // {
          222|       drvPath = assert condition; drv.drvPath;
             |       ^
          223|       outPath = assert condition; drv.outPath;

       … while calling the 'derivationStrict' builtin

         at /builtin/derivation.nix:9:12: (source not available)

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: Package ‘python-2.7.18.6’ in /nix/store/mz5byrgkj4gkwcp0qcixjkwb3ffiqz3y-nixpkgs/nixpkgs/pkgs/development/interpreters/python/cpython/2.7/default.nix:330 is marked as insecure, refusing to evaluate.


       Known issues:
        - Python 2.7 has reached its end of life after 2020-01-01. See https://www.python.org/doc/sunset-python-2/.

       You can install it anyway by allowing this package, using the
       following methods:

       a) To temporarily allow all insecure packages, you can use an environment
          variable for a single invocation of the nix tools:

            $ export NIXPKGS_ALLOW_INSECURE=1

        Note: For `nix shell`, `nix build`, `nix develop` or any other Nix 2.4+
        (Flake) command, `--impure` must be passed in order to read this
        environment variable.

       b) for `nixos-rebuild` you can add ‘python-2.7.18.6’ to
          `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
          like so:

            {
              nixpkgs.config.permittedInsecurePackages = [
                "python-2.7.18.6"
              ];
            }

       c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
          ‘python-2.7.18.6’ to `permittedInsecurePackages` in
          ~/.config/nixpkgs/config.nix, like so:

            {
              permittedInsecurePackages = [
                "python-2.7.18.6"
              ];
            }

[akavel]

This showed up to be even harder for me to workaround while on NixOS with flakes enabled, and with home-manager, and with nix profile on top. For some reason, adding permittedInsecurePackages to my ~/.config/nixpkgs/config.nix didn't seem to help. In the end, I managed to get something installed with:

$ nix profile install nixpkgs#nixopsUnstable

Then moved it to my home-manager config to have the precise version pinned in flake.lock. Will try to see if I can work with nixopsUnstable reasonably enough...

[hehongbo]

Just a quick reminder,nixops_unstable is also marked as insecure for weeks due to CVE-2023-32681 and the use of python3.10-requests-2.28.2.