electron_34-bin: mark as insecure because it's EOL; electron-source.electron_34: remove as it's EOL

[TomaSajt]

Previously:

• electron_33-bin: mark as insecure because it's EOL, electron-source.electron_33: remove as it's EOL #397918
• electron_32-bin: mark as insecure because it's EOL, electron-source.electron_32: remove as it's EOL #383660
• electron_31-bin: mark as insecure because it's EOL, electron-source.electron_31: remove as it's EOL #370758
• electron_30-bin: mark as insecure because it's EOL, electron-source.electron_30: remove as it's EOL #350549
• electron_29-bin: mark as insecure because it's EOL, electron-source.electron_29: remove as it's EOL #335850

electron_34 will be EOL soon (2025-06-24).
https://www.electronjs.org/docs/latest/tutorial/electron-timelines (permalink)

This PR removes the source build on Linux for electron 34 and marks the binary variants for Darwin and Linux as insecure.
electron_34 will still be available for an undetermined while. Linux will simply use the binary package instead of the source build, just like Darwin.

After this PR has been merged, users will be able opt-into the EOL version of electron as outlined by this eval error message:

error: Package ‘electron-34.5.8’ in /path/to/nixpkgs/pkgs/development/tools/electron/binary/generic.nix:43 is marked as insecure, refusing to evaluate.


Known issues:
- Electron version 34.5.8 is EOL

You can install it anyway by allowing this package, using the
following methods:

a) To temporarily allow all insecure packages, you can use an environment
  variable for a single invocation of the nix tools:

    $ export NIXPKGS_ALLOW_INSECURE=1

  Note: When using `nix shell`, `nix build`, `nix develop`, etc with a flake,
        then pass `--impure` in order to allow use of environment variables.

b) for `nixos-rebuild` you can add ‘electron-34.5.8’ to
  `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
  like so:

    {
      nixpkgs.config.permittedInsecurePackages = [
        "electron-34.5.8"
      ];
    }

c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
  ‘electron-34.5.8’ to `permittedInsecurePackages` in
  ~/.config/nixpkgs/config.nix, like so:

    {
      permittedInsecurePackages = [
        "electron-34.5.8"
      ];
    }

The following packages are affected by this. Note that those package will continue to work, but users will be presented with the eval error above and have to opt-in.

If you are pinged as one of the maintainers of such package, you can do one of the following:

1. Check if upstream supports a newer electron version and open a PR in nixpkgs to use that instead OR
2. Try using a newer electron version than upstream suggests and if that turns out to be stable, open a PR in nixpkgs to use that instead OR
3. Do nothing in nixpkgs, and maybe make upstream aware that their electron version is EOL.

• appium-inspector @NyCodeGHG appium-inspector: use electron_36 #419966
• bitwarden-desktop @amarshall @SuperSandro2000 bitwarden-desktop: 2025.5.1 -> 2025.6.0 #420516
• breitbandmessung @B4dM4n breitbandmessung: 3.8.0 -> 3.9.0, update electron, move to by-name #420158
• deltachat-desktop @dotlambda
• lx-music-desktop @oosquare lx-music-desktop: bump electron version #419936
• mattermost-desktop @jokogr @liff mattermost-desktop: 5.11.2 -> 5.12.1 #421709
• rstudio @TomaSajt rstudio: bump electron version #419913
• webcord-vencord @NotAShelf @FlafyDev webcord-vencord: bump electron to electron_36 #420519
• whalebird @Weathercold whalebird: 6.2.0-unstable-2025-02-26 -> 6.2.2-unstable-2025-06-12 #420324

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• Nixpkgs 25.11 Release Notes (or backporting 24.11 and 25.05 Nixpkgs Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
• NixOS 25.11 Release Notes (or backporting 24.11 and 25.05 NixOS Release notes)
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other contributing documentation in corresponding paths.

---

Add a 👍 reaction to pull requests you find important.

[amarshall]

Re bitwarden-desktop: the next release will use Electron 36; we could backport it (from bitwarden/clients#14725) in the meantime. However, I likely won’t be able to do that for another day or two, if someone wants to build and test in the meantime, feel free.

[SuperSandro2000]

They want to do a new release tomorrow actually bitwarden/clients#14725 (comment) so we can just wait for that.

done

[NotAShelf]

I'll update webcord-vencord tomorrow (roughly 16 hours from now on.)

[NotAShelf]

I've opened 420519 for webcord-vencord. Further testing would be appreciated.

[teutat3s]

Now that #420250 is merged, let's merge this too. We want a maximum of 3 versions of electron built from source.

[TomaSajt]

Alright.

So, since we're backporting this, ideally, all the PRs above for the dependent packages should also get backported, right?

[nixpkgs-ci]

Successfully created backport PR for release-25.05:

• [Backport release-25.05] electron_34-bin: mark as insecure because it's EOL; electron-source.electron_34: remove as it's EOL #421203

[NotAShelf]

Could someone also merge #420519 before users start getting warnings about electron?

[teutat3s]

For the record, deltachat-desktop did bump their electron version recently, but there hasn't been a new release yet. deltachat/deltachat-desktop@3096a70

[dotlambda]

For the record, deltachat-desktop did bump their electron version recently, but there hasn't been a new release yet. deltachat/deltachat-desktop@3096a70

And I'm having trouble building the newest version. It can't find esbuild for some reason.