I'd like to apply a configuration point only for a build I'm defining in an overlay in nix.
That is, I'd like to set
permittedInsecurePackages = [
"webkitgtk-2.4.11"
];
in an overlay. I want to do it there, because the overlay is to set up my claws-mail configuration; and I don't want to allow webkitgtk if I'm not installing claws-mail (which would potentially happen if I put it into ~/.config/nixpkgs/config.nix).
Is there a way to set this in an overlay? I tried setting it into self.config. or super.config., but neither worked.
You can't locally override configuration, but you can stop that configuration from getting in the way of the goal you're trying to accomplish.
The easy thing to do here is to clear meta.knownVulnerabilities in the copy of webkitgtk you pass to the claws-mail build.
To show how this can be done --
let
ignoringVulns = x: x // { meta = (x.meta // { knownVulnerabilities = []; }); };
webkitGtkIgnoringVulns = pkgs.webkitgtk24x-gtk2.overrideAttrs ignoringVulns;
in
pkgs.clawsMail.override { webkitgtk24x-gtk2 = webkitGtkIgnoringVulns; }
The above was tested in nix repl. In an overlay you might replace pkgs. with super. in referring to the original/unmodified versions of the packages at hand; it's still important to keep the webkitGtkIgnoringVulns in a let (or otherwise to not introduce it into the attrset your overlay evaluates to) if you don't want it to be defined in any other scope.
That is to say, to do this in an overlay might look like:
self: super: let
ignoringVulns = x: x // { meta = (x.meta // { knownVulnerabilities = []; }); };
in {
clawsMail = super.clawsMail.override {
webkitgtk24x-gtk2 = self.webkitgtk24x-gtk2.overrideAttrs ignoringVulns;
};
}