electron_35-bin: mark as insecure because it's EOL; electron-source.electron_35: remove as it's EOL

[teutat3s]

Previously:

• electron_34-bin: mark as insecure because it's EOL; electron-source.electron_34: remove as it's EOL #419903

electron_35 is EOL since 2025-09-02.
https://www.electronjs.org/docs/latest/tutorial/electron-timelines (permalink)

This PR removes the source build on Linux for electron 35 and marks the binary variants for Darwin and Linux as insecure.
electron_35-bin will still be available until most dependent packages have updated their versions. Linux will simply use the binary package instead of the source build, just like Darwin.

After this PR has been merged, users will be able opt-into the EOL version of electron as outlined by this eval error message:

       error: Package ‘electron-35.7.5’ in /home/teutat3s/CodeRoom/github.com/NixOS/nixpkgs/pkgs/development/tools/electron/binary/generic.nix:43 is marked as insecure, refusing to evaluate.


       Known issues:
        - Electron version 35.7.5 is EOL

       You can install it anyway by allowing this package, using the
       following methods:

       a) To temporarily allow all insecure packages, you can use an environment
          variable for a single invocation of the nix tools:

            $ export NIXPKGS_ALLOW_INSECURE=1

          Note: When using `nix shell`, `nix build`, `nix develop`, etc with a flake,
                then pass `--impure` in order to allow use of environment variables.

       b) for `nixos-rebuild` you can add ‘electron-35.7.5’ to
          `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
          like so:

            {
              nixpkgs.config.permittedInsecurePackages = [
                "electron-35.7.5"
              ];
            }

       c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
          ‘electron-35.7.5’ to `permittedInsecurePackages` in
          ~/.config/nixpkgs/config.nix, like so:

            {
              permittedInsecurePackages = [
                "electron-35.7.5"
              ];
            }

The following packages are affected by this. Note that those package will continue to work, but users will be presented with the eval error above and have to opt-in.

If you are pinged as one of the maintainers of such package, you can do one of the following:

1. Check if upstream supports a newer electron version and open a PR in nixpkgs to use that instead OR
2. Try using a newer electron version than upstream suggests and if that turns out to be stable, open a PR in nixpkgs to use that instead OR
3. Do nothing in nixpkgs, and maybe make upstream aware that their electron version is EOL.

• affine @xiaoxiangmoe (Upstream issue: Electron 25 end-of-life toeverything/AFFiNE#13647)
• ente-desktop @pinpox @yuyuyureka (ente-desktop: bump to electron_37 #442605)
• gfn-electron @pluiedev (Upstream issue: Electron 35 is EOL hmlendea/gfn-electron#276)
• gridtracker2 @Cryolitia (gridtracker2: 2.250820.0 -> 2.250914.1 #446675)
• httptoolkit @TomaSajt (httptoolkit: use electron_37 #443879)
• joplin-desktop @fugidev (joplin-desktop: use electron_36 #442657)
• koodo-reader @TomaSajt (koodo-reader: use electron_37 #443886)
• mattermost-desktop @jokogr @liff (mattermost-desktop: 5.12.1 -> 5.13.1 #444002)
• penpot-desktop @NTBBloodbath (penpot-desktop: 0.13.1 -> 0.18.1 #407337)
• pocket-casts @yayayayaka (pocket-casts: use electron_36 #447494)

Things done

• Built on platform:
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• Tested, as applicable:
  • NixOS tests in nixos/tests.
  • Package tests at passthru.tests.
  • Tests in lib/tests or pkgs/test for functions and "core" functionality.
• Ran nixpkgs-review on this PR. See nixpkgs-review usage.
• Tested basic functionality of all binary files, usually in ./result/bin/.
• Nixpkgs Release Notes
  • Package update: when the change is major or breaking.
• NixOS Release Notes
  • Module addition: when adding a new NixOS module.
  • Module update: when the change is significant.
• Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

---

Add a 👍 reaction to pull requests you find important.

[pluiedev]

Notified upstream via hmlendea/gfn-electron#276. I'll look into updating gfn-electron to newer Electron versions before the removal date

[yuyuyureka]

For ente-desktop: #442605

[fugidev]

joplin-desktop: #442657

[teutat3s]

We plan to merge this PR on 2025-09-19 to give maintainers a bit more time.

[pyrox0]

Marking as draft for a clear signal to not merge yet. Feel free to mark as ready to review on day of merge.

[TomaSajt]

Opened PRs:

• httptoolkit: use electron_37 #443879
• koodo-reader: use electron_37 #443886

[teutat3s]

For mattermost-desktop: #444002
For penpot-desktop: #407337 (plus upstream has since released several newer versions)

[nixpkgs-ci]

Backport failed for release-25.05, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin release-25.05
git worktree add -d .worktree/backport-442413-to-release-25.05 origin/release-25.05
cd .worktree/backport-442413-to-release-25.05
git switch --create backport-442413-to-release-25.05
git cherry-pick -x f4f73f206e8a198a69f1ba5b3a8be05a1adafed2 b67464cfb67bc88be9a8b627b1f0ab22618746fa

[Cryolitia]

gridtracker2: #446675