73b1f0407b
Update all 3p/sources as we do normally except - agenix which is still pinned to 0.15.0 - nixpkgs (unstable) which we bump to the HEAD of the staging-next branch. This branch includes the downgrade of xz from 5.6.1 to 5.4.6 (https://github.com/nixos/nixpkgs/commit/d6dc19adbd). It also includes the second haskell-updates rotation with GHC 9.6.4 which contains a few build fixes that seem to be required to get our Haskell targets to work. Note that this only reverts xz to a version that doesn't contain the now known backdoor (CVE-2024-3094) which may or may not actually affect NixOS. Additionally reverting to a version before the malicious contributor's involvement may be difficult, but prudent: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024 Changes required by the updates: - //3p/overlays/haskell: - Update ihp-hsx to latest master to fix build with Stackage LTS 22. - Update tmp-postgres to latest master to work around failure with ansi-wl-pprint >= 1. - Patch punycode for mtl >= 2.3. - //users/Profpatsch: - Clean up some warnings, mostly about unused dependencies - my-prelude: Fix build with ghc-boot-9.6.4 - cas-serve: Use crypton over unmaintained cryptonite - ical-smolify: skip in ci, iCalendar would require heavy patching to work with Stackage LTS 22. - //users/{wpcarro,aspen,flokli}: Disable home-manager / nixos configuration builds that seem to have transient failures that should disappear as we move away from staging-next and closer to an actual channel release. Change-Id: I5cca48e101041c3aedc1d9932dbca2cac885fcc1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/11289 Tested-by: BuildkiteCI Autosubmit: sterni <sternenseemann@systemli.org> Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: tazjin <tazjin@tvl.su>
76 lines
2 KiB
Nix
76 lines
2 KiB
Nix
{ depot, pkgs, lib, ... }:
|
|
|
|
let
|
|
# bins = depot.nix.getBins pkgs.sqlite ["sqlite3"];
|
|
|
|
whatcd-resolver = pkgs.haskellPackages.mkDerivation {
|
|
pname = "whatcd-resolver";
|
|
version = "0.1.0";
|
|
|
|
src = depot.users.Profpatsch.exactSource ./. [
|
|
./whatcd-resolver.cabal
|
|
./Main.hs
|
|
./src/WhatcdResolver.hs
|
|
./src/AppT.hs
|
|
./src/JsonLd.hs
|
|
./src/Optional.hs
|
|
./src/Html.hs
|
|
./src/Http.hs
|
|
./src/Transmission.hs
|
|
./src/Redacted.hs
|
|
];
|
|
|
|
libraryHaskellDepends = [
|
|
depot.users.Profpatsch.my-prelude
|
|
depot.users.Profpatsch.my-webstuff
|
|
pkgs.haskellPackages.pa-prelude
|
|
pkgs.haskellPackages.pa-label
|
|
pkgs.haskellPackages.pa-json
|
|
pkgs.haskellPackages.pa-error-tree
|
|
pkgs.haskellPackages.pa-field-parser
|
|
pkgs.haskellPackages.pa-run-command
|
|
pkgs.haskellPackages.aeson-better-errors
|
|
pkgs.haskellPackages.blaze-html
|
|
pkgs.haskellPackages.hs-opentelemetry-sdk
|
|
pkgs.haskellPackages.http-conduit
|
|
pkgs.haskellPackages.http-types
|
|
pkgs.haskellPackages.ihp-hsx
|
|
pkgs.haskellPackages.monad-logger
|
|
pkgs.haskellPackages.resource-pool
|
|
pkgs.haskellPackages.postgresql-simple
|
|
pkgs.haskellPackages.tmp-postgres
|
|
pkgs.haskellPackages.unliftio
|
|
pkgs.haskellPackages.wai-extra
|
|
pkgs.haskellPackages.warp
|
|
pkgs.haskellPackages.punycode
|
|
];
|
|
|
|
isExecutable = true;
|
|
isLibrary = false;
|
|
license = lib.licenses.mit;
|
|
};
|
|
|
|
bins = depot.nix.getBins whatcd-resolver [ "whatcd-resolver" ];
|
|
|
|
in
|
|
|
|
depot.nix.writeExecline "whatcd-resolver-wrapped" { } [
|
|
"importas"
|
|
"-i"
|
|
"PATH"
|
|
"PATH"
|
|
"export"
|
|
"PATH"
|
|
# TODO: figure out how to automatically migrate to a new postgres version with tmp_postgres (dump?)
|
|
"${pkgs.postgresql_14}/bin:$${PATH}"
|
|
"export"
|
|
"WHATCD_RESOLVER_TOOLS"
|
|
(pkgs.linkFarm "whatcd-resolver-tools" [
|
|
{
|
|
name = "pg_format";
|
|
path = "${pkgs.pgformatter}/bin/pg_format";
|
|
}
|
|
])
|
|
bins.whatcd-resolver
|
|
]
|
|
|