Commit graph

883 commits

Author SHA1 Message Date
Bartosz Stebel
f43324e141 fix(3p/apereo-cas): Mitigate CVE-2021-44228
Same approach as in cl/4270.

Change-Id: I3a5a3533ab97513a4b9d8cacc26d013b58441f93
2021-12-10 17:52:49 +01:00
Vincent Ambo
0fa937551e refactor(gerrit-queue): Remove dependency on gin
Unnecessary dependency & complexity.

(Patch originally contributed by an anonymous contributor)

Change-Id: Id49dc362cb0c1b29937404447bb0b1f9794dc117
2021-12-10 13:09:10 +00:00
Vincent Ambo
6e4decf19b refactor(gerrit-queue): Gracefully handle missing changesets
(Patch contributed by an anonymous contributor)

Change-Id: I29fd7dd008d4e509ea074a38d3948946b26da7ab
2021-12-10 13:09:09 +00:00
Vincent Ambo
59f97332b3 subtree(3p/gerrit-queue): Vendor at commit '24f5a642'
Imported from github/tvlfyi/gerrit-queue, originally from
github/tweag/gerrit-queue but that upstream is unmaintained.

git-subtree-dir: third_party/gerrit-queue
git-subtree-mainline: ff10b7ab83
git-subtree-split: 24f5a642af
Change-Id: I307cc38185ab9e25eb102c95096298a150ae13a2
2021-12-09 16:13:56 +03:00
Vincent Ambo
ff10b7ab83 chore(3p): Remove gerrit-queue folder in preparation for vendoring
The upstream isn't really maintained anymore, so we may as well take
it over since we're patching it anyways.

Change-Id: I7dddc03ab90b00611520a77a26e73a5be1c2cfb8
2021-12-09 16:11:01 +03:00
Vincent Ambo
afa2d08fe7 feat(3p/gerrit-queue): Patch to use Gerrit 'Autosubmit' label
... instead of a hashtag in Gerrit.

Might be easier to review here:

24f5a642af

Change-Id: I1ae8d4607f7cb858135f88411c82e1a353b28105
2021-12-09 11:16:30 +00:00
Vincent Ambo
417a1ba9eb feat(3p/gerrit-queue): Add derivation for gerrit-queue
This is a Gerrit autosubmit bot (actually written by flokli) which we
intend to use.

For now we're using the plain upstream version, but we'll want to
patch some of the behaviours of it so there's a vendoring on the
horizon.

Change-Id: I021d41b55f9f678435d9aec6d359545577cb9ec0
2021-12-09 11:16:15 +00:00
Vincent Ambo
57b37cdc83 subtree(3p/exwm): Update to upstream '10bd1223'
A lot has happened in the meantime (EXWM maintainer change) and this
pulls in all the relevant changes since then.

It may become unnecessary to keep EXWM subtreed, but we'll get to that
later.

Change-Id: I45cc06d747d84b3d28fd0db0e4bb3b749a956583
2021-12-08 22:17:42 +03:00
sterni
5c34d6645c chore(3p): bump NixOS unstable to 2021-12-07
Contains fix for unauthentictaed arbitrary file system access in
grafana.

Change-Id: Ic15f5376be32fb03b20824d1efb2f837ca2b2411
2021-12-07 19:27:54 +00:00
Vincent Ambo
214f422572 feat(3p/agenix): Import latest version from GitHub
It's time to automate secrets deployment on hosts like whitby.

Change-Id: If7006124b4b5fec16b4c3570488c11e484f93888
2021-12-07 18:27:54 +00:00
sterni
6ef5162a93 chore(3p): bump NixOS channels and emacs overlay to 2021-12-07
* //third_party/cgit: apply patch [1] for Git 2.34 compatibility to
  reflect dropping of the string_list_init function in 770fed [2].
  Patch hasn't been applied on cgit's master yet, over concern about a
  breaking change in git (?) [3].

[1]: https://lists.zx2c4.com/pipermail/cgit/2021-November/004666.html
[2]: 770fedaf9f
[3]: https://lists.zx2c4.com/pipermail/cgit/2021-November/004667.html

Change-Id: Ie10c99c017ae5a43f4369b42151e19ecf07f7949
2021-12-07 10:36:17 +00:00
Profpatsch
f1a75e88cf fix(third_party/nix-diff): use version which handles non-utf8 drvs
We had a problem on whitby where decoding of the drv files would fail
with an utf8-decoding error.

This version of nix-diff will leniently input files as utf-8, with
replacement characters if necessary.

Change-Id: I5cb245923c6db0875e63e420cb0783e235b6859f
2021-11-29 15:41:47 +00:00
Vincent Ambo
bf4d8ab603 fix(3p/overlays): Avoid cache-busting EXWM on every commit
This is a bit silly, I assumed hte previous one would concatenate the
path before importing it into the store - but it doesn't.

Change-Id: Iebb4c9cb432751448deeac07d6b7ad8225711d30
2021-11-25 13:57:04 +00:00
sterni
397c3e70b3 chore(3p): bump NixOS channels to 2021-11-24
* The API for gradleGen changed which makes our override a bit simpler
  at least.

Change-Id: Ib5d7bc33d30a4545235a8a74eadbb418cd76d1d0
2021-11-25 13:19:04 +01:00
Vincent Ambo
4f1249e46f refactor(readTree): Move 'drvTargets' into readTree
This function is also generally useful for readTree consumers that
have the concept of subtargets.

Change-Id: Ic7fc03380dec6953fb288763a28e50ab3624d233
2021-11-23 14:42:08 +00:00
Vincent Ambo
18c248547d fix(3p/overlays): Downgrade Nix to stable version for nix-serve
Where I'm using stable in the non-versioning sense of the word.

https: //github.com/edolstra/nix-serve/issues/28
Change-Id: I87869a62bc0f3b289950a79aabd4d2041390bb09
2021-11-23 12:02:44 +00:00
Vincent Ambo
ccb918ae97 fix(3p/overlays): Rollback Nix to 2.3 depot-wide
There is too much breakage with the newer version than I have time to
deal with right now (and I think the same goes for the others).

Change-Id: I54045d1ef16d0215e516986477d734c54e48f1f8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3904
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-11-22 08:02:37 +00:00
sterni
3e256b4947 chore(3p): bump NixOS channels to 2021-11-16
Change-Id: I95572427b041f7a406bee214f5819a698d681661
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3882
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-11-19 10:54:52 +00:00
sterni
0eee1eaf51 chore(3p/overlays/tvl): drop override for sbcl
nixpkgs has upgraded to SBCL 2.1.9 in the meantime, so dropping the
override will ensure that we keep pace with upstream going forward,
instead of ending up with an out-of-date SBCL.

Change-Id: I5e04532d5ef653de4ec083deee9c9a72522daaf1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3881
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-11-16 10:37:43 +00:00
Vincent Ambo
81ca294877 chore(3p/overlays): Bump Emacs overlay to 2021-11-14
I'm having issues with vterm and I wonder if it's caused by something
in another package that is fixed in a newer overlay.

Change-Id: Icb89636cd6c72b10558184634b7c9a5b7b8548c5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3877
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-11-15 12:25:35 +00:00
Vincent Ambo
27cbe4e099 chore(3p): Bump nixpkgs and emacs-overlay
Change-Id: Ic3dd1050b137b3107d22b656675cc87727ee4a5c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3841
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-11-12 08:27:48 +00:00
sterni
9b6497e5da chore(3p): bump NixOS channels to 2021-11-03
* //third_party/{abseil_cpp, grpc}: fix linker problem by passing the
  C++ standard to use explicitly. nixpkgs upstream stopped passing this
  to abseil between bumps and the way this problem manifests itself is
  linker errors, because… C++, I suppose.

Change-Id: I932ea70befee90984ae2e575dfc23f5c601cd289
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3769
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: grfn <grfn@gws.fyi>
2021-11-07 21:05:21 +00:00
Vincent Ambo
425637b63b chore(3p/nixpkgs): Bump nixpkgs and Emacs overlay
... bumping these in the same commit to avoid double-recompilation of
Emacs stuff.

Change-Id: Ieab114115b788c36e9d42246445cf17b960c11de
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3741
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-10-22 11:46:47 +00:00
Vincent Ambo
7bde7ca995 fix(3p/dfmt): Enable release builds
This was supposed to be a new patchset of the previous commit, but due
to ??? the change became submittable in between patchsets and I
submitted it.

Change-Id: I92aca64a9f3eee5b7ede6e9fa37d3b12d3f5d1f7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3729
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-10-19 11:47:38 +00:00
Vincent Ambo
67ec19e854 feat(3p/dfmt): Add derivation for the D code formatter
Change-Id: I4e06676f45df334db4fbc4f1657a6f16828547dc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3727
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-10-15 11:51:19 +00:00
sterni
4dbd8c630d chore(3p): bump NixOS channels to 2021-10-13
Change-Id: I8e87ea4140b449e0af4411e48421a565f77be0b6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3726
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-10-14 07:13:18 +00:00
sterni
14282370e9 feat(rustsec-advisory-db): update to 2021-10-08 via nix-prefetch-git
This makes it much easier to update the db manually and also lays the
foundation for future automation bumping the advisory db.

Change-Id: I1244020c8bb1af43bf4e207c55f6420eb3f57bcf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3713
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: Profpatsch <mail@profpatsch.de>
2021-10-12 13:35:14 +00:00
sterni
a3f8d2b84b refactor(tools/rust-crates-advisory): move advisory-db to 3p
Change-Id: Iaaed35de078292c0c99a7c83de9ca5fdf27b8135
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3711
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-10-12 13:35:14 +00:00
Vincent Ambo
e9061b11ab chore(3p/nixpkgs): Bump to 2021-10-09
Change-Id: Ic180b67c764e750d82c3bf4273216d7da75d3aaa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3709
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-10-10 12:03:47 +00:00
Vincent Ambo
dfc7d2c020 chore(3p/overlays): Bump Emacs overlay to 2021-10-10
Change-Id: I794738b8e27404e9b8de2f04d980b94b73dae764
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3708
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-10-10 12:03:47 +00:00
Vincent Ambo
0bb728a5d4 chore(3p/emacs): Remove unused 'explain-pause-mode' derivation
Change-Id: Ibe1a7d4b67c9986aa3da1493e0f30906209abcca
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3707
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-10-10 11:02:07 +00:00
sterni
04f7cc3880 fix(3p): resolve linker issues with clang-compiled C++ packages
The point where this broke is likely when llvmPackages_11.stdenv started
respecting stdenv.hostPlatform.linker and thus using GNU binutils'
ld.bfd for linking. That linker can't deal with clang's C++ ABI.

To fix this we introduce a modified version of llvmPackages_11.stdenv
which uses llvmPackages_11.bintools for linking purposes (I also aim to
upstream this in some form, but am not sure about the details atm, so
we'll just do this in the tvl overlay for now). This is the precondition
for getting our C++ packages in //third_party to work
again. Additionally the following fixes were necessary:

* abseil-cpp needed to be updated (by overriding the version from
  nixpkgs for now, since I can't update the subtree on my own) to
  fulfill grpc's requirements (grpc 1.41.0 needs abseil-cpp LTS
  20210324).

* gtest needs a patch from nixpkgs which fixes the path to its include
  directory for CMake.

* We need to build re2 with clang as well, otherwise linking will fail.

Fixes b/132.

Change-Id: I7b64579fe96451547babe070fd35db398581e49d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3701
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: tazjin <mail@tazj.in>
2021-10-10 10:03:03 +00:00
sterni
c0ccb6625c chore(3p): bump NixOS channels to 2021-10-04
* //third_party/overlays/tvl: sbcl 2.1.8 -> 2.1.9

Change-Id: I6817a641d2926af9cd38e90138840e761e5c1581
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3686
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: grfn <grfn@gws.fyi>
2021-10-05 12:10:18 +00:00
sterni
8f2714d4cc chore(3p): bump NixOS unstable channel to 2021-09-30
depot-nixpkgs-update did not update the unstable channel properly, since
nixos.org still has caching issues: The channel has updated (e. g. the
nixos-unstable branch in nixpkgs), but channels.nixos.org is still
pointing to a stale version. See:

* https://github.com/NixOS/nixpkgs/issues/140026
* https://github.com/NixOS/nixos-org-configurations/issues/169

I've updated the channel manually here, since that version of nixpkgs
has a fix for bqn-mode I'm interested in.

Hopefully this problem is sorted out soon since depot-nixpkgs-update
relies on the HTTP channel “API” to obtain the date of the channel (as
opposed to the date of the commit).

Change-Id: Iae55e4a7f77b479e08dbe9eb82752ecc4f470d81
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3656
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-09-30 16:43:37 +00:00
sterni
82ef52a188 chore(3p): bump NixOS channels to 2021-09-{27,30}
* awscli2 now builds again upstream

Change-Id: Iabffe8251e5839a49f217c7d351c8c712b5ddbb0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3653
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-09-30 12:33:05 +00:00
Vincent Ambo
24fca8c910 feat(3p/overlays): Bump emacs overlay to 2021-09-27
Change-Id: If0e43f62b6f6adec32efddcad9c1a887d3ef5ece
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3646
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-09-27 20:30:52 +00:00
Vincent Ambo
e5c3b9d391 feat(web/cgit): Use new logo in cgit page
Change-Id: I5212b235aa2a72c90e4795dce4c9fccfa00ddec3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3629
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
2021-09-27 15:41:29 +00:00
Vincent Ambo
48d5724dab chore(3p/nixpkgs): Update to 2021-09-24
I tried to remove the awscli2 override, the build no longer fails but
just hangs infinitely on unstable now, so it's staying in for the time
being.

Change-Id: I871b0f5bffe0edf4db815ca4df2c3f142bc9e13d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3630
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-09-24 15:27:52 +00:00
Vincent Ambo
87c141d3d7 chore(3p/nixpkgs): Bump channels to 2021-09-20
Included fixes:

* grfn/mugwump: removed superfluous Buildkite agent user
* tazjin/camden: Disabled bitlbee (user config is broken)
* grfn/home/vim: vimUtils expects a `pname`
* 3p/nixpkgs: Pick awscli2 from stable channel

Change-Id: I64ed726b3350f75c7a8a0e6552bcf1d8d9ba7d46
2021-09-21 14:45:11 +03:00
Vincent Ambo
43b1791ec6 chore(3p/git): Unvendor git and track patches instead
This was vendored a long time ago under the expectation that keeping
it in sync with cgit would be easier this way, but it has proven not
to be a big issue.

On the other hand, a vendored copy of git is an annoying maintenance
burden. It is much easier to rebase the single (dottime) patch that we
have.

This removes the vendored copy of git and instead passes the git
source code to cgit via `pkgs.srcOnly`, which includes the applied
patch so that cgit can continue rendering dottime.

Change-Id: If31f62dea7ce688fd1b9050204e9378019775f2b
2021-09-21 14:29:35 +03:00
Christian Hesse
2d8e7dc9d9 chore(3p/cgit): git: update to v2.32.0
Update to git version v2.32.0, this requires changes for these
upstream commits:

* 47957485b3b731a7860e0554d2bd12c0dce1c75a
  tree.h API: simplify read_tree_recursive() signature

Signed-off-by: Christian Hesse <mail@eworm.de>
Change-Id: I9c37205af2e67d03f9cdd3d39e4fbd611bfa7288
2021-09-21 14:14:08 +03:00
Christian Hesse
b0926aa53d chore(3p/cgit): git: update to v2.31.1
Update to git version v2.31.1, no additional changes required.

Signed-off-by: Christian Hesse <mail@eworm.de>
Change-Id: I3e0312e59b065ec39906d00ffa8e762f82b7305f
2021-09-21 14:14:08 +03:00
Christian Hesse
3d5020a5d8 fix(3p/cgit): md2html: use proper formatting for hr
This addressed a non-existent background image and made the element
invisible. Drop the style and use something sane.

Signed-off-by: Christian Hesse <mail@eworm.de>
Change-Id: I4f94466742008b9cdb231358199074de6e4424ee
2021-09-21 14:14:07 +03:00
Christian Hesse
bf4cfeb477 chore(3p/cgit): git: update to v2.31.0
Update to git version v2.31.0, this requires changes for these
upstream commits:

* 36a317929b8f0c67d77d54235f2d20751c576cbb
  refs: switch peel_ref() to peel_iterated_oid()

Signed-off-by: Christian Hesse <mail@eworm.de>
Change-Id: Idb3abf22eb68ba5219f22075811884bbce786c3b
2021-09-21 14:14:07 +03:00
Christian Hesse
847d037a02 chore(3p/cgit): git: update to v2.30.1
Update to git version v2.30.1, no additional changes required.

Signed-off-by: Christian Hesse <mail@eworm.de>
Change-Id: I9c8a572fcef2dbb3164ecc397dc071240eba8480
2021-09-21 14:14:07 +03:00
Todd Zullinger
35630558ff test(3p/cgit): t0107: support older and/or non-GNU tar
The untar tests for various compression algorithms use shortcut options
from GNU tar to handle decompression.  These options may not be provided
by non-GNU tar nor even by slightly older GNU tar versions which ship on
many systems.

An example of the latter case is the --zstd option.  This was added in
GNU tar-1.32 (2019-02-23)¹.  This version of tar is not provided by
CentOS/RHEL, in particular.  In Debian, --zstd has been backported to
the tar-1.30 release.

Avoid the requirement on any specific implementations or versions of tar
by piping decompressed output to tar.  This is compatible with older GNU
tar releases as well as tar implementations from other vendors.  (It may
also be a slight benefit that this more closely matches what the
snapshot creation code does.)

¹ Technically, the --zstd option was first released in tar-1.31
  (2019-01-02), but this release was very short-lived and is no longer
  listed on the GNU Tar release page.

Signed-off-by: Todd Zullinger <tmz@pobox.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Change-Id: Ib65412cd1d23312ddd4cf840c09efc32512d3122
2021-09-21 14:14:05 +03:00
Jason A. Donenfeld
44996c4461 refactor(3p/cgit): md2html: use sane_lists extension
This allows for cleaner nesting semantics and matches github more
closely.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Change-Id: I93dacc0c276fefb28d67379ef38b8647c584244b
2021-09-21 14:10:17 +03:00
Christian Hesse
86f7901533 chore(3p/cgit): git: update to v2.30.0
Update to git version v2.30.0, this requires changes for these
upstream commits:

* 88894aaeeae92e8cb41143cc2e045f50289dc790
  blame: simplify 'setup_scoreboard' interface

* 1fbfdf556f2abc708183caca53ae4e2881b46ae2
  banned.h: mark non-reentrant gmtime, etc as banned

Signed-off-by: Christian Hesse <mail@eworm.de>
Change-Id: I6076ef250102010b601c92e9ea5bab2061b77006
2021-09-21 14:10:15 +03:00
Christian Hesse
eab788e961 chore(3p/cgit): git: update to v2.29.2
Update to git version v2.29.2.

No changes required.

Signed-off-by: Christian Hesse <mail@eworm.de>
Change-Id: I8a3c12fdaa492ede79a750eea4b78f750dbfa18f
2021-09-21 14:10:13 +03:00
Christian Hesse
67b44822b3 chore(3p/cgit): git: update to v2.29.1
Update to git version v2.29.1. No functional change, but we want latest
and greated version number, no? 😜

Signed-off-by: Christian Hesse <mail@eworm.de>
Change-Id: Ie890ace2e88dca0d7defb1cac5a2723699f794db
2021-09-21 14:10:06 +03:00