fcitx-engines.mozc fails to build due to Python 2 being marked insecure

[chuahou]

Steps To Reproduce

Steps to reproduce the behavior:

1. build fcitx-engines.mozc

Build log

error: Package ‘python-2.7.18.6’ in /nix/store/x9k42pcj3s0il0468a7jkqydjijy7rks-source/pkgs/development/interpreters/python/cpython/2.7/default.nix:341 is marked as insecure, refusing to evaluate.


       Known issues:
        - Python 2.7 has reached its end of life after 2020-01-01. See https://www.python.org/doc/sunset-python-2/.

       You can install it anyway by allowing this package, using the
       following methods:

       a) To temporarily allow all insecure packages, you can use an environment
          variable for a single invocation of the nix tools:

            $ export NIXPKGS_ALLOW_INSECURE=1

        Note: For `nix shell`, `nix build`, `nix develop` or any other Nix 2.4+
        (Flake) command, `--impure` must be passed in order to read this
        environment variable.

       b) for `nixos-rebuild` you can add ‘python-2.7.18.6’ to
          `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
          like so:

            {
              nixpkgs.config.permittedInsecurePackages = [
                "python-2.7.18.6"
              ];
            }

       c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
          ‘python-2.7.18.6’ to `permittedInsecurePackages` in
          ~/.config/nixpkgs/config.nix, like so:

            {
              permittedInsecurePackages = [
                "python-2.7.18.6"
              ];
            }

Additional context

This is as expected since it uses Python 2 which was marked vulnerable in #201859, and it builds fine if any of the above steps are taken.

However, I thought I should still open an issue as it seems to me like the right thing would be to also fix this package to not depend on Python 2. I am not familiar enough with fcitx and mozc to know if this is plausible, or if this should be given up on in favour of fcitx5-mozc which seems to be built out of newer versions of the same source repository. If possible, I hope a maintainer or anyone could shed light on the "right" way forward.

Notify maintainers

@gebner @ericsagnes

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

 - system: `"x86_64-linux"`
 - host os: `Linux 5.15.86, NixOS, 23.05 (Stoat), 23.05.20230111.6c8644f`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.12.0`
 - channels(root): `""`
 - nixpkgs: `/nix/store/izkfanzxhdp831q9a1lbbj1qrv70543z-source`

[sifmelcara]

I hit the same issue and forced to migrating to fcitx5

Maybe it would make sense to mark fcitx (fcitx4) and fcitx4 input methods as deprecated and delete them later? Is there a reason to keep 2 versions of fcitx around?

[chuahou]

@sifmelcara I'm not familiar with the development situation with fcitx, but it does seem that fcitx is more or less superseded by fcitx5 so that makes sense. Though for me fcitx builds fine and it's fcitx-engines.mozc that's broken, so perhaps it'd be more sensible to mark fcitx-engines.mozc (and any other input methods that are broken similarly) as deprecated/broken instead?

[sifmelcara]

Yes that would make sense

[Profpatsch]

google/mozc#462

Python3 is supported since the update on 2020-10-18 (google/mozc@a5a4927).

This took me like 1 minute to find, yet nobody bothered to do it before breaking my input methods …

[Atemu]

Fixed by #220776