minio: mark package as insecure

[britter]

Context: #490996

Things done

• Built on platform:
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• Tested, as applicable:
  • NixOS tests in nixos/tests.
  • Package tests at passthru.tests.
  • Tests in lib/tests or pkgs/test for functions and "core" functionality.
• Ran nixpkgs-review on this PR. See nixpkgs-review usage.
• Tested basic functionality of all binary files, usually in ./result/bin/.
• Nixpkgs Release Notes
  • Package update: when the change is major or breaking.
• NixOS Release Notes
  • Module addition: when adding a new NixOS module.
  • Module update: when the change is significant.
• Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

[britter]

@herbetom good idea. Applied your suggestion. Do you know when would be a good point in time to remove the package completely for 26.05?

[herbetom]

Thinking about it, it might make sense to have a slightly better (a bit more elaborate, or some link to some place where alternatives are mentioned (thinking about this comment)) message and then backport this to 25.11.
That way stable users also get a headsup it's unmaintained and will be dropped. But not so sure about the customs in that regard.
My gut feeling for removal on unstable would then be like 4 weeks from now. Surely not a long time but 26.05 also isn't far away.

[bachp]

Do any of the proposed alternatives already have a nixos module?

[mweinelt]

Ceph and Garage have modules and tests

[britter]

@herbetom how about f7b1609?

[bachp]

@britter minio was moved to pkgs-by-name in #486114.

Can you resolve the merge conflict.

[britter]

@bachp done!

[herbetom]

LGTM

$ nix-build -A minio
[...]
       error: Package ‘minio-2025-10-15T17-29-55Z’ in /home/tom/git/NixOS/nixpkgs/pkgs/by-name/mi/minio/package.nix:69 is marked as insecure, refusing to evaluate.


       Known issues:
        - minio has been abandoned by upstream and will be removed for 26.05. Users should migrate to alternatives such as Garage, SeaweedFS, or Ceph. S3-compatible clients such as rclone can be used to move data.

       You can install it anyway by allowing this package, using the
       following methods:
[...]

[LeSuisse]

This will require a bit more work, it will impact too many packages right now if we mark it insecure.

We might need to disable the S3 tests in pkgs/by-name/ar/arrow-cpp/package.nix and pkgs/by-name/ce/ceph/arrow-cpp-19.nix until arrow-cpp upstream do something about it.
apache/arrow#47908

[britter]

This will require a bit more work, it will impact too many packages right now if we mark it insecure.

What do you mean specifically other than disabling the tests that you've listed?

[LeSuisse]

We have a bunch of NixOS tests that would be great to convert to an alternative:

• nixos/tests/atticd.nix
• nixos/tests/clickhouse/s3.nix
• nixos/tests/ente/default.nix
• nixos/tests/nextcloud/with-objectstore.nix
• nixos/tests/thanos.nix
• nixos/tests/web-apps/lasuite-docs.nix

I suppose the NixOS modules depending on Minio in some ways can be adjusted later on, users will need to handle the move between the services.

• nixos/modules/services/development/athens.nix
• nixos/modules/services/misc/gitea.nix
• nixos/modules/services/web-apps/ente.md (documentation update)
• nixos/modules/services/web-apps/hedgedoc.nix (documentation update)
• nixos/modules/services/web-apps/outline.nix (documentation update)
• nixos/modules/virtualisation/incus.nix

(Did not look at the usage of minio-client...)