chore(3p/sources): bump channels & overlays – xz edition

Update all 3p/sources as we do normally except

- agenix which is still pinned to 0.15.0

- nixpkgs (unstable) which we bump to the HEAD of the staging-next
  branch. This branch includes the downgrade of xz from 5.6.1 to
  5.4.6 (https://github.com/nixos/nixpkgs/commit/d6dc19adbd). It
  also includes the second haskell-updates rotation with GHC 9.6.4
  which contains a few build fixes that seem to be required to get
  our Haskell targets to work.

Note that this only reverts xz to a version that doesn't contain the now
known backdoor (CVE-2024-3094) which may or may not actually affect
NixOS. Additionally reverting to a version before the malicious
contributor's involvement may be difficult, but prudent:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024

Changes required by the updates:

- //3p/overlays/haskell:

  - Update ihp-hsx to latest master to fix build with Stackage LTS 22.
  - Update tmp-postgres to latest master to work around failure with
    ansi-wl-pprint >= 1.
  - Patch punycode for mtl >= 2.3.

- //users/Profpatsch:

  - Clean up some warnings, mostly about unused dependencies
  - my-prelude: Fix build with ghc-boot-9.6.4
  - cas-serve: Use crypton over unmaintained cryptonite
  - ical-smolify: skip in ci, iCalendar would require heavy patching to
    work with Stackage LTS 22.

- //users/{wpcarro,aspen,flokli}:

  Disable home-manager / nixos configuration builds that seem to have
  transient failures that should disappear as we move away from
  staging-next and closer to an actual channel release.

Change-Id: I5cca48e101041c3aedc1d9932dbca2cac885fcc1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11289
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
This commit is contained in:
sterni 2024-03-31 11:56:52 +02:00 committed by clbot
parent b67b0a6d72
commit 73b1f0407b
10 changed files with 68 additions and 32 deletions
default.nix
third_party
overlays/haskell
sources
users/Profpatsch

View file

@ -110,6 +110,19 @@ readTree.fix (self: (readDepot {
# xanthous and related targets are disabled until cl/9186 is submitted # xanthous and related targets are disabled until cl/9186 is submitted
self.users.aspen.xanthous self.users.aspen.xanthous
self.users.aspen.system.system.mugwumpSystem self.users.aspen.system.system.mugwumpSystem
# Temporarily disabled after cl/11289. Hopefully these failures are transient
# and will disappear with the next channel bump.
self.users.aspen.system.home.ogopogoHome
self.users.aspen.system.home.luscaHome
self.users.aspen.system.home.yerenHome
self.users.aspen.system.system.roswellSystem
self.users.flokli.nixos.archeologyEc2System
self.users.flokli.nixos.deploy-archeology-ec2
self.users.wpcarro.nixos.avaSystem
self.users.wpcarro.nixos.kyokoSystem
self.users.wpcarro.nixos.marcusSystem
self.users.wpcarro.nixos.tarascoSystem
]; ];
# List of all buildable targets, for CI purposes. # List of all buildable targets, for CI purposes.

View file

@ -12,15 +12,38 @@ in
{ {
haskellPackages = super.haskellPackages.override { haskellPackages = super.haskellPackages.override {
overrides = hsSelf: hsSuper: { overrides = hsSelf: hsSuper: {
punycode = haskellLib.appendPatch
(self.fetchpatch {
name = "punycode-mtl-2.3.patch";
url = "https://github.com/litherum/punycode/pull/5/commits/41e55c8b7cef14563e6d04a7190dbabff5a77886.patch";
sha256 = "03kgmy4z36jv16ffp5jrig2gr8ydc8cl1iscc7difisaq88mxvqc";
})
hsSuper.punycode;
# Build with deprecated ansi-wl-pprint is broken now, use HEAD which switched to
# prettyprinter
tmp-postgres = haskellLib.overrideSrc
{
version = "unstable-2023-08-08";
src = self.fetchFromGitHub {
owner = "jfischoff";
repo = "tmp-postgres";
rev = "7f2467a6d6d5f6db7eed59919a6773fe006cf22b";
sha256 = "0l1gdx5s8ximgawd3yzfy47pv5pgwqmjqp8hx5rbrq68vr04wkbl";
};
}
(hsSuper.tmp-postgres.override {
ansi-wl-pprint = hsSelf.prettyprinter;
});
ihp-hsx = lib.pipe hsSuper.ihp-hsx [ ihp-hsx = lib.pipe hsSuper.ihp-hsx [
(haskellLib.overrideSrc { (haskellLib.overrideSrc {
version = "1.1.0"; version = "unstable-2023-03-28";
src = "${self.fetchFromGitHub { src = "${self.fetchFromGitHub {
owner = "digitallyinduced"; owner = "digitallyinduced";
repo = "ihp"; repo = "ihp";
rev = "b5d47963c998ccd779aa5c3d46484338fd621f0d"; rev = "ab4ecd05f4e7b6b3c4b74b82d39fc6c5cc48766b";
sha256 = "sha256-M22W8VX4sRaeU2yVraR0S2t2VOwWGmoteD/M8TahdoE="; sha256 = "1fj5q9lygnmvqqv2fwqdj12sv63gkdfv5ha6fi190sv07dp9n9an";
}}/ihp-hsx"; }}/ihp-hsx";
}) })
haskellLib.doJailbreak haskellLib.doJailbreak

View file

@ -29,10 +29,10 @@
"homepage": "https://nix-community.github.io/home-manager/", "homepage": "https://nix-community.github.io/home-manager/",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "206f457fffdb9a73596a4cb2211a471bd305243d", "rev": "30f2ec39519f4f5a8a96af808c439e730c15aeab",
"sha256": "0imc472hq7mmqhf5h8rhgfplw6575rl15fni0dc4wpypv9jccia9", "sha256": "11jy0k35j1f27agqzvs3yq37chdvw1xvnymgv2ds3fymasg5m5j2",
"type": "tarball", "type": "tarball",
"url": "https://github.com/nix-community/home-manager/archive/206f457fffdb9a73596a4cb2211a471bd305243d.tar.gz", "url": "https://github.com/nix-community/home-manager/archive/30f2ec39519f4f5a8a96af808c439e730c15aeab.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"impermanence": { "impermanence": {
@ -72,15 +72,15 @@
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"nixpkgs": { "nixpkgs": {
"branch": "nixos-unstable", "branch": "staging-next",
"description": "Nix Packages collection", "description": "Nix Packages collection",
"homepage": "", "homepage": "",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d691274a972b3165335d261cc4671335f5c67de9", "rev": "b4bf622e464f47c69fefb43746c531044b630d59",
"sha256": "05lkkw0a63v1zan5g31blhckw6zf66p4gfqkpp01mp7fqwykmzx4", "sha256": "0k35khcx03rfr9l997mmmmya78c2rqcg4kflmdgkfyz73v0lllaa",
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/d691274a972b3165335d261cc4671335f5c67de9.tar.gz", "url": "https://github.com/NixOS/nixpkgs/archive/b4bf622e464f47c69fefb43746c531044b630d59.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
@ -89,10 +89,10 @@
"homepage": "", "homepage": "",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8ac30a39abc5ea67037dfbf090d6e89f187c6e50", "rev": "219951b495fc2eac67b1456824cc1ec1fd2ee659",
"sha256": "0g8iy5qgb6qp2nq9p0yqhh1w5yp60v90h8zlkgxqhx4dj2fw9vy6", "sha256": "065jy7qivlbdqmbvd7r9h97b23f21axmc4r7sqmq2h0j82rmymxv",
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/8ac30a39abc5ea67037dfbf090d6e89f187c6e50.tar.gz", "url": "https://github.com/NixOS/nixpkgs/archive/219951b495fc2eac67b1456824cc1ec1fd2ee659.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"rust-overlay": { "rust-overlay": {
@ -101,10 +101,10 @@
"homepage": "", "homepage": "",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "50db54295d3922a3b7a40d580b84d75150b36c34", "rev": "f258266af947599e8069df1c2e933189270f143a",
"sha256": "0v8indbzb97dk9qk4srrxq8z5ds614kazi72zcxjhjzdxc8mklj7", "sha256": "0436rpv58risp1149pga61vg85mbmfh92v8bkil1i2kxfg3kg78h",
"type": "tarball", "type": "tarball",
"url": "https://github.com/oxalica/rust-overlay/archive/50db54295d3922a3b7a40d580b84d75150b36c34.tar.gz", "url": "https://github.com/oxalica/rust-overlay/archive/f258266af947599e8069df1c2e933189270f143a.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"rustsec-advisory-db": { "rustsec-advisory-db": {
@ -113,10 +113,10 @@
"homepage": "https://rustsec.org", "homepage": "https://rustsec.org",
"owner": "RustSec", "owner": "RustSec",
"repo": "advisory-db", "repo": "advisory-db",
"rev": "369d98c1b95b7b56d0859605916d7b81a7d1f1c4", "rev": "aa8e65c812517eae85190715fa63f312aa875773",
"sha256": "1npq87rjn606fhrpaxkphn8spdr1xafpy79nvrc3dnlvq163sr5n", "sha256": "0li4c2ssza42jw1f3d5y7h3ds7kw88bf4r4l6xniznjvxi8vxf32",
"type": "tarball", "type": "tarball",
"url": "https://github.com/RustSec/advisory-db/archive/369d98c1b95b7b56d0859605916d7b81a7d1f1c4.tar.gz", "url": "https://github.com/RustSec/advisory-db/archive/aa8e65c812517eae85190715fa63f312aa875773.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
} }
} }

View file

@ -65,10 +65,9 @@ executable cas-serve
text, text,
sqlite-simple, sqlite-simple,
http-types, http-types,
ihp-hsx,
wai, wai,
warp, warp,
mtl, mtl,
bytestring, bytestring,
memory, memory,
cryptonite, crypton,

View file

@ -15,7 +15,7 @@ let
libraryHaskellDepends = [ libraryHaskellDepends = [
pkgs.haskellPackages.pa-prelude pkgs.haskellPackages.pa-prelude
pkgs.haskellPackages.pa-label pkgs.haskellPackages.pa-label
pkgs.haskellPackages.ihp-hsx pkgs.haskellPackages.crypton
pkgs.haskellPackages.wai pkgs.haskellPackages.wai
pkgs.haskellPackages.warp pkgs.haskellPackages.warp
pkgs.haskellPackages.sqlite-simple pkgs.haskellPackages.sqlite-simple

View file

@ -1,7 +1,7 @@
{ depot, pkgs, lib, ... }: { depot, pkgs, lib, ... }:
let let
cas-serve = pkgs.writers.writeHaskell "ical-smolify" ical-smolify = pkgs.writers.writeHaskell "ical-smolify"
{ {
libraries = [ libraries = [
pkgs.haskellPackages.iCalendar pkgs.haskellPackages.iCalendar
@ -13,4 +13,11 @@ let
} ./IcalSmolify.hs; } ./IcalSmolify.hs;
in in
cas-serve
ical-smolify.overrideAttrs (old: {
meta = lib.recursiveUpdate old.meta or { } {
# Dependency iCalendar no longer builds in nixpkgs due to a lack of maintenance upstream
# https://github.com/nixos/nixpkgs/commit/13d10cc6e302e7d5800c6a08c1728b14c3801e26
ci.skip = true;
};
})

View file

@ -345,7 +345,8 @@ stringToText = Data.Text.pack
-- --
-- ATTN: Dont use `String` in code if you can avoid it, prefer `Text` instead. -- ATTN: Dont use `String` in code if you can avoid it, prefer `Text` instead.
stringToBytesUtf8 :: String -> ByteString stringToBytesUtf8 :: String -> ByteString
stringToBytesUtf8 = GHC.utf8EncodeString -- TODO(Profpatsch): use a stable interface
stringToBytesUtf8 = GHC.utf8EncodeByteString
-- | Like `show`, but generate a 'Text' -- | Like `show`, but generate a 'Text'
-- --

View file

@ -8,7 +8,6 @@ module Postgres.MonadPostgres where
import AtLeast (AtLeast) import AtLeast (AtLeast)
import Control.Exception import Control.Exception
import Control.Foldl qualified as Fold import Control.Foldl qualified as Fold
import Control.Monad.Except
import Control.Monad.Logger.CallStack (MonadLogger, logDebug, logWarn) import Control.Monad.Logger.CallStack (MonadLogger, logDebug, logWarn)
import Control.Monad.Reader (MonadReader (ask), ReaderT (..)) import Control.Monad.Reader (MonadReader (ask), ReaderT (..))
import Control.Monad.Trans.Resource import Control.Monad.Trans.Resource

View file

@ -31,7 +31,6 @@ let
pkgs.haskellPackages.pa-run-command pkgs.haskellPackages.pa-run-command
pkgs.haskellPackages.aeson-better-errors pkgs.haskellPackages.aeson-better-errors
pkgs.haskellPackages.blaze-html pkgs.haskellPackages.blaze-html
pkgs.haskellPackages.dlist
pkgs.haskellPackages.hs-opentelemetry-sdk pkgs.haskellPackages.hs-opentelemetry-sdk
pkgs.haskellPackages.http-conduit pkgs.haskellPackages.http-conduit
pkgs.haskellPackages.http-types pkgs.haskellPackages.http-types
@ -39,7 +38,6 @@ let
pkgs.haskellPackages.monad-logger pkgs.haskellPackages.monad-logger
pkgs.haskellPackages.resource-pool pkgs.haskellPackages.resource-pool
pkgs.haskellPackages.postgresql-simple pkgs.haskellPackages.postgresql-simple
pkgs.haskellPackages.selective
pkgs.haskellPackages.tmp-postgres pkgs.haskellPackages.tmp-postgres
pkgs.haskellPackages.unliftio pkgs.haskellPackages.unliftio
pkgs.haskellPackages.wai-extra pkgs.haskellPackages.wai-extra

View file

@ -86,13 +86,11 @@ library
aeson-better-errors, aeson-better-errors,
aeson, aeson,
blaze-html, blaze-html,
blaze-markup,
bytestring, bytestring,
case-insensitive, case-insensitive,
containers, containers,
unordered-containers, unordered-containers,
directory, directory,
dlist,
exceptions, exceptions,
filepath, filepath,
hs-opentelemetry-sdk, hs-opentelemetry-sdk,
@ -107,8 +105,6 @@ library
resource-pool, resource-pool,
postgresql-simple, postgresql-simple,
punycode, punycode,
scientific,
selective,
tmp-postgres, tmp-postgres,
unliftio, unliftio,
wai-extra, wai-extra,