How to install BROKEN, insecure and unfree apps #2

New issue

Open

opened 2026-04-29 14:22:51 +00:00 by bahrom04 · 0 comments

bahrom04 commented 2026-04-29 14:22:51 +00:00

Owner

Copy link

This log showed when trying to install Fondo app.

 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        Known issues:
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:         - libsoup 2 is EOL, with many known unfixed CVEs.
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        The last release happened 2023-10-11,
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        with few security backports since and no stable release.
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        Vulnerabilities likely include (incomplete list):
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        - CVE-2025-4948: https://gitlab.gnome.org/GNOME/libsoup/-/issues/449
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        - CVE-2025-46421: https://gitlab.gnome.org/GNOME/libsoup/-/issues/439
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        - CVE-2025-32914: https://gitlab.gnome.org/GNOME/libsoup/-/issues/436
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        - CVE-2025-32913: https://gitlab.gnome.org/GNOME/libsoup/-/issues/435
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        - CVE-2025-32912: https://gitlab.gnome.org/GNOME/libsoup/-/issues/434
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        - CVE-2025-32911: https://gitlab.gnome.org/GNOME/libsoup/-/issues/433
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        - CVE-2025-32910: https://gitlab.gnome.org/GNOME/libsoup/-/issues/432
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        - CVE-2025-32909: https://gitlab.gnome.org/GNOME/libsoup/-/issues/431
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        - CVE-2025-32907: https://gitlab.gnome.org/GNOME/libsoup/-/issues/428
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        - CVE-2025-32053: https://gitlab.gnome.org/GNOME/libsoup/-/issues/426
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        - CVE-2025-32052: https://gitlab.gnome.org/GNOME/libsoup/-/issues/425
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        - CVE-2025-32050: https://gitlab.gnome.org/GNOME/libsoup/-/issues/424
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        - CVE-2024-52531: https://gitlab.gnome.org/GNOME/libsoup/-/issues/423
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        - CVE-2025-2784: https://gitlab.gnome.org/GNOME/libsoup/-/issues/422
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        These vulnerabilities were fixed in libsoup 3,
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        with the vulnerable code present in libsoup 2 versions.
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        You can install it anyway by allowing this package, using the
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        following methods:
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        a) To temporarily allow all insecure packages, you can use an environment
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:           variable for a single invocation of the nix tools:
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:             $ export NIXPKGS_ALLOW_INSECURE=1
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:           Note: When using `nix shell`, `nix build`, `nix develop`, etc with a flake,
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:                 then pass `--impure` in order to allow use of environment variables.
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        b) for `nixos-rebuild` you can add ‘libsoup-2.74.3’ to
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:           `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:           like so:
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:             {
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:               nixpkgs.config.permittedInsecurePackages = [
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:                 "libsoup-2.74.3"
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:               ];
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:             }
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:        c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:           ‘libsoup-2.74.3’ to `permittedInsecurePackages` in
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:           ~/.config/nixpkgs/config.nix, like so:
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:             {
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:               permittedInsecurePackages = [
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:                 "libsoup-2.74.3"
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:               ];
 TRACE nix_software_center::ui::installworker > CAUGHT LINE:             }

--

I get the unfree part, but why the broken and insecure ones tho? Those apps being capped is a free effortless feature.

Our "audience" has no idea what it means to take responsibility over installing certain app, so if there's something bad going to happen, we will be the ones to take the responsibility.

I think we shall show an error dialogue in this case indicating that this app is either broken or insecure, so "we are kinda protecting user's space from it".

This log showed when trying to install Fondo app. ``` TRACE nix_software_center::ui::installworker > CAUGHT LINE: Known issues: TRACE nix_software_center::ui::installworker > CAUGHT LINE: - libsoup 2 is EOL, with many known unfixed CVEs. TRACE nix_software_center::ui::installworker > CAUGHT LINE: The last release happened 2023-10-11, TRACE nix_software_center::ui::installworker > CAUGHT LINE: with few security backports since and no stable release. TRACE nix_software_center::ui::installworker > CAUGHT LINE: TRACE nix_software_center::ui::installworker > CAUGHT LINE: Vulnerabilities likely include (incomplete list): TRACE nix_software_center::ui::installworker > CAUGHT LINE: - CVE-2025-4948: https://gitlab.gnome.org/GNOME/libsoup/-/issues/449 TRACE nix_software_center::ui::installworker > CAUGHT LINE: - CVE-2025-46421: https://gitlab.gnome.org/GNOME/libsoup/-/issues/439 TRACE nix_software_center::ui::installworker > CAUGHT LINE: - CVE-2025-32914: https://gitlab.gnome.org/GNOME/libsoup/-/issues/436 TRACE nix_software_center::ui::installworker > CAUGHT LINE: - CVE-2025-32913: https://gitlab.gnome.org/GNOME/libsoup/-/issues/435 TRACE nix_software_center::ui::installworker > CAUGHT LINE: - CVE-2025-32912: https://gitlab.gnome.org/GNOME/libsoup/-/issues/434 TRACE nix_software_center::ui::installworker > CAUGHT LINE: - CVE-2025-32911: https://gitlab.gnome.org/GNOME/libsoup/-/issues/433 TRACE nix_software_center::ui::installworker > CAUGHT LINE: - CVE-2025-32910: https://gitlab.gnome.org/GNOME/libsoup/-/issues/432 TRACE nix_software_center::ui::installworker > CAUGHT LINE: - CVE-2025-32909: https://gitlab.gnome.org/GNOME/libsoup/-/issues/431 TRACE nix_software_center::ui::installworker > CAUGHT LINE: - CVE-2025-32907: https://gitlab.gnome.org/GNOME/libsoup/-/issues/428 TRACE nix_software_center::ui::installworker > CAUGHT LINE: - CVE-2025-32053: https://gitlab.gnome.org/GNOME/libsoup/-/issues/426 TRACE nix_software_center::ui::installworker > CAUGHT LINE: - CVE-2025-32052: https://gitlab.gnome.org/GNOME/libsoup/-/issues/425 TRACE nix_software_center::ui::installworker > CAUGHT LINE: - CVE-2025-32050: https://gitlab.gnome.org/GNOME/libsoup/-/issues/424 TRACE nix_software_center::ui::installworker > CAUGHT LINE: - CVE-2024-52531: https://gitlab.gnome.org/GNOME/libsoup/-/issues/423 TRACE nix_software_center::ui::installworker > CAUGHT LINE: - CVE-2025-2784: https://gitlab.gnome.org/GNOME/libsoup/-/issues/422 TRACE nix_software_center::ui::installworker > CAUGHT LINE: TRACE nix_software_center::ui::installworker > CAUGHT LINE: These vulnerabilities were fixed in libsoup 3, TRACE nix_software_center::ui::installworker > CAUGHT LINE: with the vulnerable code present in libsoup 2 versions. TRACE nix_software_center::ui::installworker > CAUGHT LINE: TRACE nix_software_center::ui::installworker > CAUGHT LINE: TRACE nix_software_center::ui::installworker > CAUGHT LINE: You can install it anyway by allowing this package, using the TRACE nix_software_center::ui::installworker > CAUGHT LINE: following methods: TRACE nix_software_center::ui::installworker > CAUGHT LINE: TRACE nix_software_center::ui::installworker > CAUGHT LINE: a) To temporarily allow all insecure packages, you can use an environment TRACE nix_software_center::ui::installworker > CAUGHT LINE: variable for a single invocation of the nix tools: TRACE nix_software_center::ui::installworker > CAUGHT LINE: TRACE nix_software_center::ui::installworker > CAUGHT LINE: $ export NIXPKGS_ALLOW_INSECURE=1 TRACE nix_software_center::ui::installworker > CAUGHT LINE: TRACE nix_software_center::ui::installworker > CAUGHT LINE: Note: When using `nix shell`, `nix build`, `nix develop`, etc with a flake, TRACE nix_software_center::ui::installworker > CAUGHT LINE: then pass `--impure` in order to allow use of environment variables. TRACE nix_software_center::ui::installworker > CAUGHT LINE: TRACE nix_software_center::ui::installworker > CAUGHT LINE: b) for `nixos-rebuild` you can add ‘libsoup-2.74.3’ to TRACE nix_software_center::ui::installworker > CAUGHT LINE: `nixpkgs.config.permittedInsecurePackages` in the configuration.nix, TRACE nix_software_center::ui::installworker > CAUGHT LINE: like so: TRACE nix_software_center::ui::installworker > CAUGHT LINE: TRACE nix_software_center::ui::installworker > CAUGHT LINE: { TRACE nix_software_center::ui::installworker > CAUGHT LINE: nixpkgs.config.permittedInsecurePackages = [ TRACE nix_software_center::ui::installworker > CAUGHT LINE: "libsoup-2.74.3" TRACE nix_software_center::ui::installworker > CAUGHT LINE: ]; TRACE nix_software_center::ui::installworker > CAUGHT LINE: } TRACE nix_software_center::ui::installworker > CAUGHT LINE: TRACE nix_software_center::ui::installworker > CAUGHT LINE: c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add TRACE nix_software_center::ui::installworker > CAUGHT LINE: ‘libsoup-2.74.3’ to `permittedInsecurePackages` in TRACE nix_software_center::ui::installworker > CAUGHT LINE: ~/.config/nixpkgs/config.nix, like so: TRACE nix_software_center::ui::installworker > CAUGHT LINE: TRACE nix_software_center::ui::installworker > CAUGHT LINE: { TRACE nix_software_center::ui::installworker > CAUGHT LINE: permittedInsecurePackages = [ TRACE nix_software_center::ui::installworker > CAUGHT LINE: "libsoup-2.74.3" TRACE nix_software_center::ui::installworker > CAUGHT LINE: ]; TRACE nix_software_center::ui::installworker > CAUGHT LINE: } ``` -- I get the unfree part, but why the broken and insecure ones tho? Those apps being capped is a free effortless feature. Our "audience" has no idea what it means to take responsibility over installing certain app, so if there's something bad going to happen, we will be the ones to take the responsibility. I think we shall show an error dialogue in this case indicating that this app is either broken or insecure, so "we are kinda protecting user's space from it".

bahrom04 added the

bug

label 2026-04-29 14:22:51 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

badge-on-switcher

release-25.11

0.1.2

Labels

Clear labels

  

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

fix

fixing good

  

good first issue

  

help wanted

Need some help

  

question

More information is needed

  

wontfix

This won't be fixed

No labels

bug

duplicate

enhancement

fix

good first issue

help wanted

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

xinux/software-center#2

No description provided.