e628862e97
Main motivation for this is to get the openldap update that fixes 10 CVEs: CVE-2020-36221 to including CVE-2020-36230. See also this issue which lists them all: https://github.com/NixOS/nixpkgs/issues/113490 Someone should also redeploy whitby as soon as this lands in canon and all build failures have been fixed. Things done to resolve upstream breakages: * grpc no longer takes abseil-cpp as an input, it has also been removed in the override. * Upgrade glittershark's kernel to 5.11 since the linuxPackages_5_9 attribute has been removed by upstream and the patch used by them is available for 5.11 as well. * The fixed output hash for third_patry.apereo-cas changed for some reason. * Remove the pin of haskellPackages.vector from the haskell overlay. It broke as the most recent version of vector in nixos-unstable no longer depends on semigroups. This effectively updates vector from 0.12.1.2 to 0.12.2.0. * Align two comments in tvix/libstore/worker-protocol.hh because the updated clang-format now demands that. Change-Id: I2ecf10a98de935e9222acf1feaea447d4c11ed2d Reviewed-on: https://cl.tvl.fyi/c/depot/+/2538 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: sterni <sternenseemann@systemli.org>
72 lines
2.3 KiB
Nix
72 lines
2.3 KiB
Nix
# This file controls the import of external dependencies (i.e.
|
|
# third-party code) into my package tree.
|
|
#
|
|
# This includes *all packages needed from nixpkgs*.
|
|
{ ... }:
|
|
|
|
let
|
|
# Tracking nixos-unstable as of 2021-02-18.
|
|
nixpkgsCommit = "6b1057b452c55bb3b463f0d7055bc4ec3fd1f381";
|
|
nixpkgsSrc = fetchTarball {
|
|
url = "https://github.com/NixOS/nixpkgs/archive/${nixpkgsCommit}.tar.gz";
|
|
sha256 = "10qfg11g8m0q2k3ibcm0ivjq494gqynshm3smjl1rfn5ifjf5fz8";
|
|
};
|
|
nixpkgs = import nixpkgsSrc {
|
|
config.allowUnfree = true;
|
|
config.allowBroken = true;
|
|
|
|
# Lutris depends on p7zip, which is considered insecure.
|
|
config.permittedInsecurePackages = [
|
|
"p7zip-16.02"
|
|
];
|
|
};
|
|
|
|
# Tracking nixos-20.09 as of 2021-02-17.
|
|
stableCommit = "5c53c720ff690ef82a9fe4849e7b70c104e1c82f";
|
|
stableNixpkgsSrc = fetchTarball {
|
|
url = "https://github.com/NixOS/nixpkgs/archive/${stableCommit}.tar.gz";
|
|
sha256 = "0gjxfxbfc6maqg48k9ai476s6zkc94p0y3v9yjgwbiy7b38pqfys";
|
|
};
|
|
stableNixpkgs = import stableNixpkgsSrc {};
|
|
|
|
exposed = import ./nixpkgs-exposed/exposed { inherit nixpkgs stableNixpkgs; };
|
|
|
|
in exposed.lib.fix(self: exposed // {
|
|
callPackage = nixpkgs.lib.callPackageWith self;
|
|
|
|
# Provide the source code of nixpkgs, but do not provide an imported
|
|
# version of it.
|
|
inherit nixpkgsCommit nixpkgsSrc stableNixpkgsSrc;
|
|
|
|
# Packages to be overridden
|
|
originals = {
|
|
inherit (nixpkgs) gtest openldap go grpc notmuch rr;
|
|
inherit (stableNixpkgs) git tdlib;
|
|
ffmpeg = nixpkgs.ffmpeg-full;
|
|
telega = stableNixpkgs.emacsPackages.telega;
|
|
};
|
|
|
|
# Use LLVM 11
|
|
llvmPackages = nixpkgs.llvmPackages_11;
|
|
clangStdenv = nixpkgs.llvmPackages_11.stdenv;
|
|
stdenv = nixpkgs.llvmPackages_11.stdenv;
|
|
|
|
clang-tools = (nixpkgs.clang-tools.override {
|
|
llvmPackages = nixpkgs.llvmPackages_11;
|
|
});
|
|
|
|
# Provide Emacs 27
|
|
#
|
|
# The assert exists because the name of the attribute is unversioned
|
|
# (which is different from previous versions).
|
|
emacs27 = assert ((exposed.lib.versions.major nixpkgs.emacs.version) == "27");
|
|
nixpkgs.emacs.overrideAttrs(old: {
|
|
configureFlags = old.configureFlags ++ [ "--with-cairo" ];
|
|
});
|
|
|
|
emacs27-nox = assert ((exposed.lib.versions.major nixpkgs.emacs.version) == "27");
|
|
nixpkgs.emacs-nox;
|
|
|
|
# Make NixOS available
|
|
nixos = import "${nixpkgsSrc}/nixos";
|
|
})
|