Got a similar issue, but Discord and Spotify works. For me it's slack-specific.

EDIT: Nevermind looks like I am getting only slack from unstable channel :facepalm:

I don’t think it is Electron specific. I see the same issue with qutebrowser

@terlar I confirm I can reproduce it with qutebrowser. Might be WebKit related ?

I have issues with qutebrowser aswell, with every https:// site, http:// works.
Getting errors like this:

[17193:17227:0727/133405.557216:ERROR:cert_verify_proc_nss.cc(977)] CERT_PKIXVerifyCert for www.google.com failed err=-5992

But my qutebrowser uses QtWebEngine, not WebKit afaik.
I've rolled back so can't double check.

I've been able to track back the issue to the commit 2b7c0dcdaab946153b0eaba5f2420f15ea27b0d6
Before this commit it works perfectly.

EDIT: It seems that there is an update related to nss in this commit (see #93465) I believe that could be related to this specific change.

Interestingly, it seems that not all Electron apps are affected. Signal still works, for instance, but Discord and Slack don't.

This also affects Bitwarden and potentially Steam. Temporarily using nss_3_44 for the nss package in Bitwarden & Discord works.

Steam indeed doesn't work.

cc @ajs124

For reference, so this (hopefully) shows up in search results: ERR_FAILED is the error code qutebrowser shows.

I'm using the canary release and it's working, unfortunately it demands an update from 0.0.104 to 0.0.105

This also affects Bitwarden and potentially Steam. Temporarily using nss_3_44 for the nss package in Bitwarden & Discord works.

Slack also seems to work with nss_3_44, but not nss_3_54

I see that @vcunat and @ajs124 had some similar issues with other programs while handling #93465, they fixed it by simply use a previous version of nss for those programs. Maybe we should do the same ? I'm not completely sure this is the right solution since the list of broken programs seems to be quite long.

Rambox (electron) also seems to be affected

Probably switch the default to the older version? At least that's what this sounds like at a quick look. (i.e. only use the new one for the new Firefox and Thunderbird branches)

Thanks @vcunat I'm not sure how to achieve this, I will check it out later but if somebody with the knowledge can help that would be really cool :).

So much for "NSS 3.54 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.54 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries."

I guess maybe all of this stuff isn't "restricting their use of NSS APIs to the functions listed in NSS Public Functions".

We can switch the default to 3.44.x, but I'm not sure if that will be supported after Firefox ESR 68 is EOL, which will be in a month iirc.

A temp workaround for now is to chuck something like the following in an overlay to build the derivation with the older 3.44 NSS (using discord as an example here):

discord = super.discord.override { nss = super.nss_3_44; };

An alternative workaround that I'm currently using is to replace discord with
(discord.override { nss = pkgs.nss_3_44; })
in environment.systemPackages.

Arch has discord (and everything else) using nss 3.55 and I'm assuming it works

https://www.archlinux.org/packages/core/x86_64/nss/

🤔

Arch has discord (and everything else) using nss 3.55 and I'm assuming it works

https://www.archlinux.org/packages/core/x86_64/nss/

thinking

We use nss 3.54, but I believe this is unrelated ?

We use nss 3.54, but I believe this is unrelated ?

https://github.com/NixOS/nixpkgs/pull/93910 is 3.55, if you want to give that a go. Probably doesn't help much, though.

We use nss 3.54, but I believe this is unrelated ?

Im aware we're on 3.54 just wondering if it's an nss issue affecting other releases on other distros, or a nixpkgs exclusive thing

They also appear to have been using nss 3.54 for a month too: https://github.com/archlinux/svntogit-packages/commits/packages/nss/trunk

Maybe we broke something in the makefile -> gyp based build system transition. Apparently that all came down to the default make target being wrong, so what you could do is revert that whole change, append all to the makeFlags, update to a newer release, rebuild everything and see if that fixes anything.

Steam, Discord and Bitwarden stopped working for me.

Slack stopped working for me as well. I don't use Steam, Discord, or Bitwarden (the Linux app-- I use it in the browser only).

However, using (slack override { nss = pkgs.nss_3_44; }) fixed it, as per @Maxwell-lt. Thanks!

So #94184 for now?

Not sure if related but dropbox doesn't currently work for me.

This might be related, but vscode doesn't connect to the network either. I tried overriding it with nss 3.44 but apparently it doesn't depend on it:

building Nix...
building the system configuration...
error: anonymous function at /nix/store/6v24x81y505p8i9ghnx7hd4m83lr1w43-nixos-20.09pre236091.28fce082c8c/nixos/pkgs/applications/editors/vscode/with-extensions.nix:1:1 called with unexpected argument 'nss', at /nix/store/6v24x81y505p8i9ghnx7hd4m83lr1w43-nixos-20.09pre236091.28fce082c8c/nixos/lib/customisation.nix:69:16
(use '--show-trace' to show detailed location information)

VSCode is pulling nss from atomEnv which is it at pkgs/applications/editors/atom/env.nix

On Wed, Jul 29, 2020 at 22:58, Matthew Levan notifications@github.com wrote:

This might be related, but vscode doesn't connect to the network either. I tried overriding it with nss 3.44 but apparently it doesn't depend on it:

building Nix...
building the system configuration...
error: anonymous function at /nix/store/6v24x81y505p8i9ghnx7hd4m83lr1w43-nixos-20.09pre236091.28fce082c8c/nixos/pkgs/applications/editors/vscode/with-extensions.nix:1:1 called with unexpected argument 'nss', at /nix/store/6v24x81y505p8i9ghnx7hd4m83lr1w43-nixos-20.09pre236091.28fce082c8c/nixos/lib/customisation.nix:69:16
(use '--show-trace' to show detailed location information)

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.

VSCode is pulling nss from atomEnv which is it at pkgs/applications/editors/atom/env.nix
…
On Wed, Jul 29, 2020 at 22:58, Matthew Levan @.*> wrote: This might be related, but vscode doesn't connect to the network either. I tried overriding it with nss 3.44 but apparently it doesn't depend on it: building Nix... building the system configuration... error: anonymous function at /nix/store/6v24x81y505p8i9ghnx7hd4m83lr1w43-nixos-20.09pre236091.28fce082c8c/nixos/pkgs/applications/editors/vscode/with-extensions.nix:1:1 called with unexpected argument 'nss', at /nix/store/6v24x81y505p8i9ghnx7hd4m83lr1w43-nixos-20.09pre236091.28fce082c8c/nixos/lib/customisation.nix:69:16 (use '--show-trace' to show detailed location information) — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

Great. So how would I go about succinctly overriding atomEnv's nss within the vscode-with-extensions.override expression?

Great. So how would I go about succinctly overriding atomEnv's nss within the vscode-with-extensions.override expression?

Maybe an overlay for atomEnv. I'm not good with the nix language so I don't have any specifics.

How is everyone using pkgs.nss_3_44? It does not exist for me and it clearly does not exist in the stable repo.

How is everyone using pkgs.nss_3_44? It does not exist for me and it clearly does not exist in the stable repo.

https://nixos.org/nixos/packages.html?channel=nixpkgs-unstable&query=nss_3_44

How is everyone using pkgs.nss_3_44? It does not exist for me and it clearly does not exist in the stable repo.

https://nixos.org/nixos/packages.html?channel=nixpkgs-unstable&query=nss_3_44

No results found.

How is everyone using pkgs.nss_3_44? It does not exist for me and it clearly does not exist in the stable repo.

https://nixos.org/nixos/packages.html?channel=nixpkgs-unstable&query=nss_3_44

No results found.

Doesn't show up on stable qutebrowser.

Works on firefox but can't test unstable qutebrowser because it can't access the internet.

Works here on stable qutebrowser

Anyways to get back on topic here... 😂

How do overlays work and is this the appropriate quick fix for someone like
me waiting for a PR to be merged into unstable?

On Wed, Jul 29, 2020 at 7:19 PM theGeekPirate notifications@github.com
wrote:

Works here on stable qutebrowser
[image: image]
https://user-images.githubusercontent.com/1026070/88872972-610f0b00-d1d0-11ea-81ff-71378608a5f4.png

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/NixOS/nixpkgs/issues/93955#issuecomment-666042707,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/ABC6XZ43R2MLSBYTVZQY5PTR6DKDJANCNFSM4PIOMK2A
.

I can't replicate it with qutebrowser --temp-basedir so I have no idea what's going on.

How do overlays work and is this the appropriate quick fix for someone like me waiting for a PR to be merged into unstable?

The simplest solution is to use the stable version of whichever application(s) is/are causing you trouble until https://github.com/NixOS/nixpkgs/pull/94188 is merged.

Great, thank you.

On Wed, Jul 29, 2020 at 7:37 PM theGeekPirate notifications@github.com
wrote:

Anyways to get back on topic here... How do overlays work and is this the
appropriate quick fix for someone like me waiting for a PR to be merged
into unstable?

The simplest solution is to just use the stable version of Discord until

94188 https://github.com/NixOS/nixpkgs/pull/94188 is merged.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/NixOS/nixpkgs/issues/93955#issuecomment-666050717,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/ABC6XZ2YLNS3JHX3AJRR26DR6DMHZANCNFSM4PIOMK2A
.

How do overlays work and is this the appropriate quick fix for someone like me waiting for a PR to be merged into unstable?

The simplest solution is to just use the stable version of Discord until #94188 is merged.

For someone that has many unstable packages that are broken, is an overlay the way to fix the issue for every conceivable package that depends on the troublesome package without having anonymous functions filled with overrides everywhere?

My Nix-fu isn't great, but I'm assuming there's a way to override nss to use that unstable package globally, instead.
Hopefully someone else more knowledgeable can step in and help you.

In case anyone is wondering how to use a package from another channel, this helped me.

Thank you @vcunat for the merge. I've renamed the issue so people that are searching with "my [app] is not connecting anymore" won't get confused by this quite specific nss issue.

Thank you all for finding the source of the problem fast.

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/problems-with-the-application-slack-version-4-4-3/8382/2

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/problems-with-the-application-slack-version-4-4-3/8382/3

Both channels have updated already to contain the fix.