Type
fix
Scope
cutter
Summary
programs.cutter.extended.enable is forced false on both system76 and
tpnix, and the cutter entry in the pentesting devshell (toolDefs /
toolPackageMap in modules/devshell/pentesting.nix) is commented out. This
workaround keeps nix flake check green: without it, the auto-derived
checks.x86_64-linux.packages/pentest-cutter (see
modules/package-checks.nix) tries to build nixpkgs.cutter 2.4.1, which
fails to compile against qtbase / shiboken6 6.11 with error: use of undeclared identifier 'SBK_CUTTERPLUGIN_IDX' in
src/plugins/PluginManager.cpp.
The fix has been merged upstream in rizinorg/cutter#3606 (handles the
camel-case-to-uppercase type-index rename in shiboken6 6.11), but it is
only on the dev branch — there is no Cutter release yet that contains
it, and nixpkgs/pkgs/development/tools/analysis/rizin/cutter.nix still
pins v2.4.1. We are waiting on either a new upstream Cutter release
that ships the fix or a nixpkgs cutter bump to a snapshot containing
commit 07fea9c772dc573588dc2e5771f0740ee1883738.
Unblock condition
Unblocked when nixpkgs unstable ships a cutter derivation that builds
against shiboken6 6.11 (i.e., contains
rizinorg/cutter@07fea9c772dc573588dc2e5771f0740ee1883738 or a later
release with that fix).
Upstream pull requests
fix rizinorg/cutter#3606 - merged 2026-05-01, lands on dev branch only
Upstream issues
blocker NixOS/nixpkgs#514250 - nixpkgs cutter build failure tracker
related rizinorg/cutter#3599 - upstream root-cause issue (closed by rizinorg/cutter#3606)
Upstream releases and channels
fix https://github.com/rizinorg/cutter/tree/dev - contains rizinorg/cutter@07fea9c
fix https://github.com/rizinorg/cutter/releases - target >= 2.4.2
Local workaround / affected code
Pentesting devshell toolDefs — cutter entry commented out (uncomment to re-enable):
|
# ghidra: installed system-wide via programs.ghidra.extended |
|
# cutter: disabled — upstream cutter 2.4.1 fails to build against Qt/PySide6 6.11. |
|
# Tracking: https://github.com/Bad3r/nixos/issues/156 |
|
# { |
|
# name = "cutter"; |
|
# desktop = { |
|
# desktopName = "Cutter (Pentesting Shell)"; |
|
# comment = "Reverse engineering platform powered by rizin"; |
|
# categories = [ |
|
# "Development" |
|
# "Security" |
|
# ]; |
|
# icon = "cutter"; |
|
# }; |
|
# } |
Pentesting devshell toolPackageMap — cutter removed from the inherit (pkgs) list (uncomment to re-enable):
|
inherit (pkgs) |
|
wireshark |
|
nmap |
|
aircrack-ng |
|
john |
|
sqlmap |
|
hashcat |
|
# cutter # disabled — see https://github.com/Bad3r/nixos/issues/156 |
|
iaito |
|
radare2 |
|
rizin |
|
mitmproxy |
|
whatweb |
|
; |
Host-level disable on system76 (flip false → true to re-enable):
|
cutter.extended.enable = lib.mkOverride 1100 false; # Disabled — see https://github.com/Bad3r/nixos/issues/156 |
Host-level disable on tpnix (flip false → true to re-enable):
|
cutter.extended.enable = lib.mkOverride 1100 false; # Disabled — see https://github.com/Bad3r/nixos/issues/156 |
Exit criteria
Validation
nix eval --raw .#nixosConfigurations.system76.pkgs.cutter.version
nix build .#packages.x86_64-linux.pentest-cutter
nix build .#nixosConfigurations.system76.config.system.build.toplevel
nix build .#nixosConfigurations.tpnix.config.system.build.toplevel
Notes
Disable landed in #157 (commit
8c890090386deb42de77f3d5b3d68defb926eb3f) — code is commented out
rather than removed, so reverting once the upstream fix lands is a
one-shot uncomment plus host flip.
Failing build symptom (NixOS/nixpkgs#514250 / rizinorg/cutter#3599):
src/plugins/PluginManager.cpp:221:77: error: use of undeclared identifier 'SBK_CUTTERPLUGIN_IDX'
221 | reinterpret_cast<PyTypeObject **>(SbkCutterBindingsTypeStructs)[SBK_CUTTERPLUGIN_IDX],
| ^~~~~~~~~~~~~~~~~~~~
Root cause: shiboken6 6.11 generates the type-index enum as
SBK_CutterPlugin_IDX (camel case) instead of the previous
SBK_CUTTERPLUGIN_IDX (upper case). rizinorg/cutter#3606 makes
PluginManager.cpp accept either spelling.
Confirmations
Type
fix
Scope
cutter
Summary
programs.cutter.extended.enableis forcedfalseon bothsystem76andtpnix, and thecutterentry in the pentesting devshell (toolDefs/toolPackageMapinmodules/devshell/pentesting.nix) is commented out. Thisworkaround keeps
nix flake checkgreen: without it, the auto-derivedchecks.x86_64-linux.packages/pentest-cutter(seemodules/package-checks.nix) tries to buildnixpkgs.cutter2.4.1, whichfails to compile against
qtbase/shiboken66.11 witherror: use of undeclared identifier 'SBK_CUTTERPLUGIN_IDX'insrc/plugins/PluginManager.cpp.The fix has been merged upstream in
rizinorg/cutter#3606(handles thecamel-case-to-uppercase type-index rename in shiboken6 6.11), but it is
only on the
devbranch — there is no Cutter release yet that containsit, and
nixpkgs/pkgs/development/tools/analysis/rizin/cutter.nixstillpins
v2.4.1. We are waiting on either a new upstream Cutter releasethat ships the fix or a
nixpkgscutter bump to a snapshot containingcommit
07fea9c772dc573588dc2e5771f0740ee1883738.Unblock condition
Unblocked when nixpkgs unstable ships a
cutterderivation that buildsagainst
shiboken66.11 (i.e., containsrizinorg/cutter@07fea9c772dc573588dc2e5771f0740ee1883738or a laterrelease with that fix).
Upstream pull requests
fix rizinorg/cutter#3606 - merged 2026-05-01, lands on dev branch only
Upstream issues
blocker NixOS/nixpkgs#514250 - nixpkgs cutter build failure tracker
related rizinorg/cutter#3599 - upstream root-cause issue (closed by rizinorg/cutter#3606)
Upstream releases and channels
fix https://github.com/rizinorg/cutter/tree/dev - contains rizinorg/cutter@07fea9c
fix https://github.com/rizinorg/cutter/releases - target >= 2.4.2
Local workaround / affected code
Pentesting devshell
toolDefs— cutter entry commented out (uncomment to re-enable):nixos/modules/devshell/pentesting.nix
Lines 90 to 104 in 8c89009
Pentesting devshell
toolPackageMap—cutterremoved from theinherit (pkgs)list (uncomment to re-enable):nixos/modules/devshell/pentesting.nix
Lines 180 to 193 in 8c89009
Host-level disable on
system76(flipfalse→trueto re-enable):nixos/modules/system76/apps-enable.nix
Line 85 in 8c89009
Host-level disable on
tpnix(flipfalse→trueto re-enable):nixos/modules/tpnix/apps-enable.nix
Line 71 in 8c89009
Exit criteria
./build.sh --updatepulls in a lockfile revision with the fixcutterblock uncommented inmodules/devshell/pentesting.nix(toolDefsandtoolPackageMap)cutter.extended.enable = lib.mkOverride 1100 true;onsystem76cutter.extended.enable = lib.mkOverride 1100 true;ontpnixnix build .#nixosConfigurations.system76.config.system.build.toplevelsucceedsnix build .#nixosConfigurations.tpnix.config.system.build.toplevelsucceedsnix build .#packages.x86_64-linux.pentest-cuttersucceedsValidation
Notes
Disable landed in #157 (commit
8c890090386deb42de77f3d5b3d68defb926eb3f) — code is commented outrather than removed, so reverting once the upstream fix lands is a
one-shot uncomment plus host flip.
Failing build symptom (NixOS/nixpkgs#514250 / rizinorg/cutter#3599):
Root cause: shiboken6 6.11 generates the type-index enum as
SBK_CutterPlugin_IDX(camel case) instead of the previousSBK_CUTTERPLUGIN_IDX(upper case).rizinorg/cutter#3606makesPluginManager.cppaccept either spelling.Confirmations
status(blocked-upstream)issues and this is not a duplicate.nonereference line starts with a reserved role keyword (blocker,fix,related,superseded).main.typeandscopein the issue title match the Type and Scope body fields.