about summary refs log tree commit diff
diff options
context:
space:
mode:
authorsterni <sternenseemann@systemli.org>2024-03-31T09·56+0200
committerclbot <clbot@tvl.fyi>2024-03-31T22·27+0000
commit73b1f0407bb224f82cca6ce1854a6080a6afecca (patch)
treeb5a9f287e6ccd983ecb77fd63f6d706db18f5869
parentb67b0a6d7243135f3341c0a449895d209d0908d8 (diff)
chore(3p/sources): bump channels & overlays – xz edition r/7837
Update all 3p/sources as we do normally except

- agenix which is still pinned to 0.15.0

- nixpkgs (unstable) which we bump to the HEAD of the staging-next
  branch. This branch includes the downgrade of xz from 5.6.1 to
  5.4.6 (https://github.com/nixos/nixpkgs/commit/d6dc19adbd). It
  also includes the second haskell-updates rotation with GHC 9.6.4
  which contains a few build fixes that seem to be required to get
  our Haskell targets to work.

Note that this only reverts xz to a version that doesn't contain the now
known backdoor (CVE-2024-3094) which may or may not actually affect
NixOS. Additionally reverting to a version before the malicious
contributor's involvement may be difficult, but prudent:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024

Changes required by the updates:

- //3p/overlays/haskell:

  - Update ihp-hsx to latest master to fix build with Stackage LTS 22.
  - Update tmp-postgres to latest master to work around failure with
    ansi-wl-pprint >= 1.
  - Patch punycode for mtl >= 2.3.

- //users/Profpatsch:

  - Clean up some warnings, mostly about unused dependencies
  - my-prelude: Fix build with ghc-boot-9.6.4
  - cas-serve: Use crypton over unmaintained cryptonite
  - ical-smolify: skip in ci, iCalendar would require heavy patching to
    work with Stackage LTS 22.

- //users/{wpcarro,aspen,flokli}:

  Disable home-manager / nixos configuration builds that seem to have
  transient failures that should disappear as we move away from
  staging-next and closer to an actual channel release.

Change-Id: I5cca48e101041c3aedc1d9932dbca2cac885fcc1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11289
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
-rw-r--r--default.nix13
-rw-r--r--third_party/overlays/haskell/default.nix29
-rw-r--r--third_party/sources/sources.json32
-rw-r--r--users/Profpatsch/cas-serve/cas-serve.cabal3
-rw-r--r--users/Profpatsch/cas-serve/default.nix2
-rw-r--r--users/Profpatsch/ical-smolify/default.nix11
-rw-r--r--users/Profpatsch/my-prelude/src/MyPrelude.hs3
-rw-r--r--users/Profpatsch/my-prelude/src/Postgres/MonadPostgres.hs1
-rw-r--r--users/Profpatsch/whatcd-resolver/default.nix2
-rw-r--r--users/Profpatsch/whatcd-resolver/whatcd-resolver.cabal4
10 files changed, 68 insertions, 32 deletions
diff --git a/default.nix b/default.nix
index 0ffbdbabaa8d..ad1396222ad6 100644
--- a/default.nix
+++ b/default.nix
@@ -110,6 +110,19 @@ readTree.fix (self: (readDepot {
     # xanthous and related targets are disabled until cl/9186 is submitted
     self.users.aspen.xanthous
     self.users.aspen.system.system.mugwumpSystem
+
+    # Temporarily disabled after cl/11289. Hopefully these failures are transient
+    # and will disappear with the next channel bump.
+    self.users.aspen.system.home.ogopogoHome
+    self.users.aspen.system.home.luscaHome
+    self.users.aspen.system.home.yerenHome
+    self.users.aspen.system.system.roswellSystem
+    self.users.flokli.nixos.archeologyEc2System
+    self.users.flokli.nixos.deploy-archeology-ec2
+    self.users.wpcarro.nixos.avaSystem
+    self.users.wpcarro.nixos.kyokoSystem
+    self.users.wpcarro.nixos.marcusSystem
+    self.users.wpcarro.nixos.tarascoSystem
   ];
 
   # List of all buildable targets, for CI purposes.
diff --git a/third_party/overlays/haskell/default.nix b/third_party/overlays/haskell/default.nix
index eaf3d2e85c9e..dc1201ec4377 100644
--- a/third_party/overlays/haskell/default.nix
+++ b/third_party/overlays/haskell/default.nix
@@ -12,15 +12,38 @@ in
 {
   haskellPackages = super.haskellPackages.override {
     overrides = hsSelf: hsSuper: {
+      punycode = haskellLib.appendPatch
+        (self.fetchpatch {
+          name = "punycode-mtl-2.3.patch";
+          url = "https://github.com/litherum/punycode/pull/5/commits/41e55c8b7cef14563e6d04a7190dbabff5a77886.patch";
+          sha256 = "03kgmy4z36jv16ffp5jrig2gr8ydc8cl1iscc7difisaq88mxvqc";
+        })
+        hsSuper.punycode;
+
+      # Build with deprecated ansi-wl-pprint is broken now, use HEAD which switched to
+      # prettyprinter
+      tmp-postgres = haskellLib.overrideSrc
+        {
+          version = "unstable-2023-08-08";
+          src = self.fetchFromGitHub {
+            owner = "jfischoff";
+            repo = "tmp-postgres";
+            rev = "7f2467a6d6d5f6db7eed59919a6773fe006cf22b";
+            sha256 = "0l1gdx5s8ximgawd3yzfy47pv5pgwqmjqp8hx5rbrq68vr04wkbl";
+          };
+        }
+        (hsSuper.tmp-postgres.override {
+          ansi-wl-pprint = hsSelf.prettyprinter;
+        });
 
       ihp-hsx = lib.pipe hsSuper.ihp-hsx [
         (haskellLib.overrideSrc {
-          version = "1.1.0";
+          version = "unstable-2023-03-28";
           src = "${self.fetchFromGitHub {
             owner = "digitallyinduced";
             repo = "ihp";
-            rev = "b5d47963c998ccd779aa5c3d46484338fd621f0d";
-            sha256 = "sha256-M22W8VX4sRaeU2yVraR0S2t2VOwWGmoteD/M8TahdoE=";
+            rev = "ab4ecd05f4e7b6b3c4b74b82d39fc6c5cc48766b";
+            sha256 = "1fj5q9lygnmvqqv2fwqdj12sv63gkdfv5ha6fi190sv07dp9n9an";
           }}/ihp-hsx";
         })
         haskellLib.doJailbreak
diff --git a/third_party/sources/sources.json b/third_party/sources/sources.json
index 248fa4df7388..ebc7dff492af 100644
--- a/third_party/sources/sources.json
+++ b/third_party/sources/sources.json
@@ -29,10 +29,10 @@
         "homepage": "https://nix-community.github.io/home-manager/",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "206f457fffdb9a73596a4cb2211a471bd305243d",
-        "sha256": "0imc472hq7mmqhf5h8rhgfplw6575rl15fni0dc4wpypv9jccia9",
+        "rev": "30f2ec39519f4f5a8a96af808c439e730c15aeab",
+        "sha256": "11jy0k35j1f27agqzvs3yq37chdvw1xvnymgv2ds3fymasg5m5j2",
         "type": "tarball",
-        "url": "https://github.com/nix-community/home-manager/archive/206f457fffdb9a73596a4cb2211a471bd305243d.tar.gz",
+        "url": "https://github.com/nix-community/home-manager/archive/30f2ec39519f4f5a8a96af808c439e730c15aeab.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "impermanence": {
@@ -72,15 +72,15 @@
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "nixpkgs": {
-        "branch": "nixos-unstable",
+        "branch": "staging-next",
         "description": "Nix Packages collection",
         "homepage": "",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d691274a972b3165335d261cc4671335f5c67de9",
-        "sha256": "05lkkw0a63v1zan5g31blhckw6zf66p4gfqkpp01mp7fqwykmzx4",
+        "rev": "b4bf622e464f47c69fefb43746c531044b630d59",
+        "sha256": "0k35khcx03rfr9l997mmmmya78c2rqcg4kflmdgkfyz73v0lllaa",
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/d691274a972b3165335d261cc4671335f5c67de9.tar.gz",
+        "url": "https://github.com/NixOS/nixpkgs/archive/b4bf622e464f47c69fefb43746c531044b630d59.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "nixpkgs-stable": {
@@ -89,10 +89,10 @@
         "homepage": "",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8ac30a39abc5ea67037dfbf090d6e89f187c6e50",
-        "sha256": "0g8iy5qgb6qp2nq9p0yqhh1w5yp60v90h8zlkgxqhx4dj2fw9vy6",
+        "rev": "219951b495fc2eac67b1456824cc1ec1fd2ee659",
+        "sha256": "065jy7qivlbdqmbvd7r9h97b23f21axmc4r7sqmq2h0j82rmymxv",
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/8ac30a39abc5ea67037dfbf090d6e89f187c6e50.tar.gz",
+        "url": "https://github.com/NixOS/nixpkgs/archive/219951b495fc2eac67b1456824cc1ec1fd2ee659.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "rust-overlay": {
@@ -101,10 +101,10 @@
         "homepage": "",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "50db54295d3922a3b7a40d580b84d75150b36c34",
-        "sha256": "0v8indbzb97dk9qk4srrxq8z5ds614kazi72zcxjhjzdxc8mklj7",
+        "rev": "f258266af947599e8069df1c2e933189270f143a",
+        "sha256": "0436rpv58risp1149pga61vg85mbmfh92v8bkil1i2kxfg3kg78h",
         "type": "tarball",
-        "url": "https://github.com/oxalica/rust-overlay/archive/50db54295d3922a3b7a40d580b84d75150b36c34.tar.gz",
+        "url": "https://github.com/oxalica/rust-overlay/archive/f258266af947599e8069df1c2e933189270f143a.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "rustsec-advisory-db": {
@@ -113,10 +113,10 @@
         "homepage": "https://rustsec.org",
         "owner": "RustSec",
         "repo": "advisory-db",
-        "rev": "369d98c1b95b7b56d0859605916d7b81a7d1f1c4",
-        "sha256": "1npq87rjn606fhrpaxkphn8spdr1xafpy79nvrc3dnlvq163sr5n",
+        "rev": "aa8e65c812517eae85190715fa63f312aa875773",
+        "sha256": "0li4c2ssza42jw1f3d5y7h3ds7kw88bf4r4l6xniznjvxi8vxf32",
         "type": "tarball",
-        "url": "https://github.com/RustSec/advisory-db/archive/369d98c1b95b7b56d0859605916d7b81a7d1f1c4.tar.gz",
+        "url": "https://github.com/RustSec/advisory-db/archive/aa8e65c812517eae85190715fa63f312aa875773.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     }
 }
diff --git a/users/Profpatsch/cas-serve/cas-serve.cabal b/users/Profpatsch/cas-serve/cas-serve.cabal
index 82db1f5fd89a..d14776700a7c 100644
--- a/users/Profpatsch/cas-serve/cas-serve.cabal
+++ b/users/Profpatsch/cas-serve/cas-serve.cabal
@@ -65,10 +65,9 @@ executable cas-serve
         text,
         sqlite-simple,
         http-types,
-        ihp-hsx,
         wai,
         warp,
         mtl,
         bytestring,
         memory,
-        cryptonite,
+        crypton,
diff --git a/users/Profpatsch/cas-serve/default.nix b/users/Profpatsch/cas-serve/default.nix
index 1b4fbe03e78f..14c3e4aa13b4 100644
--- a/users/Profpatsch/cas-serve/default.nix
+++ b/users/Profpatsch/cas-serve/default.nix
@@ -15,7 +15,7 @@ let
     libraryHaskellDepends = [
       pkgs.haskellPackages.pa-prelude
       pkgs.haskellPackages.pa-label
-      pkgs.haskellPackages.ihp-hsx
+      pkgs.haskellPackages.crypton
       pkgs.haskellPackages.wai
       pkgs.haskellPackages.warp
       pkgs.haskellPackages.sqlite-simple
diff --git a/users/Profpatsch/ical-smolify/default.nix b/users/Profpatsch/ical-smolify/default.nix
index f67d175ce3f3..bf766db0e974 100644
--- a/users/Profpatsch/ical-smolify/default.nix
+++ b/users/Profpatsch/ical-smolify/default.nix
@@ -1,7 +1,7 @@
 { depot, pkgs, lib, ... }:
 
 let
-  cas-serve = pkgs.writers.writeHaskell "ical-smolify"
+  ical-smolify = pkgs.writers.writeHaskell "ical-smolify"
     {
       libraries = [
         pkgs.haskellPackages.iCalendar
@@ -13,4 +13,11 @@ let
     } ./IcalSmolify.hs;
 
 in
-cas-serve
+
+ical-smolify.overrideAttrs (old: {
+  meta = lib.recursiveUpdate old.meta or { } {
+    # Dependency iCalendar no longer builds in nixpkgs due to a lack of maintenance upstream
+    # https://github.com/nixos/nixpkgs/commit/13d10cc6e302e7d5800c6a08c1728b14c3801e26
+    ci.skip = true;
+  };
+})
diff --git a/users/Profpatsch/my-prelude/src/MyPrelude.hs b/users/Profpatsch/my-prelude/src/MyPrelude.hs
index ffc03c5ecdde..880983c47e92 100644
--- a/users/Profpatsch/my-prelude/src/MyPrelude.hs
+++ b/users/Profpatsch/my-prelude/src/MyPrelude.hs
@@ -345,7 +345,8 @@ stringToText = Data.Text.pack
 --
 -- ATTN: Don’t use `String` in code if you can avoid it, prefer `Text` instead.
 stringToBytesUtf8 :: String -> ByteString
-stringToBytesUtf8 = GHC.utf8EncodeString
+-- TODO(Profpatsch): use a stable interface
+stringToBytesUtf8 = GHC.utf8EncodeByteString
 
 -- | Like `show`, but generate a 'Text'
 --
diff --git a/users/Profpatsch/my-prelude/src/Postgres/MonadPostgres.hs b/users/Profpatsch/my-prelude/src/Postgres/MonadPostgres.hs
index 2585f6637c41..f83a6d7fcf51 100644
--- a/users/Profpatsch/my-prelude/src/Postgres/MonadPostgres.hs
+++ b/users/Profpatsch/my-prelude/src/Postgres/MonadPostgres.hs
@@ -8,7 +8,6 @@ module Postgres.MonadPostgres where
 import AtLeast (AtLeast)
 import Control.Exception
 import Control.Foldl qualified as Fold
-import Control.Monad.Except
 import Control.Monad.Logger.CallStack (MonadLogger, logDebug, logWarn)
 import Control.Monad.Reader (MonadReader (ask), ReaderT (..))
 import Control.Monad.Trans.Resource
diff --git a/users/Profpatsch/whatcd-resolver/default.nix b/users/Profpatsch/whatcd-resolver/default.nix
index 6d5d0834b1a7..27468507ac5a 100644
--- a/users/Profpatsch/whatcd-resolver/default.nix
+++ b/users/Profpatsch/whatcd-resolver/default.nix
@@ -31,7 +31,6 @@ let
       pkgs.haskellPackages.pa-run-command
       pkgs.haskellPackages.aeson-better-errors
       pkgs.haskellPackages.blaze-html
-      pkgs.haskellPackages.dlist
       pkgs.haskellPackages.hs-opentelemetry-sdk
       pkgs.haskellPackages.http-conduit
       pkgs.haskellPackages.http-types
@@ -39,7 +38,6 @@ let
       pkgs.haskellPackages.monad-logger
       pkgs.haskellPackages.resource-pool
       pkgs.haskellPackages.postgresql-simple
-      pkgs.haskellPackages.selective
       pkgs.haskellPackages.tmp-postgres
       pkgs.haskellPackages.unliftio
       pkgs.haskellPackages.wai-extra
diff --git a/users/Profpatsch/whatcd-resolver/whatcd-resolver.cabal b/users/Profpatsch/whatcd-resolver/whatcd-resolver.cabal
index cad1fabe9905..a9bd04827b83 100644
--- a/users/Profpatsch/whatcd-resolver/whatcd-resolver.cabal
+++ b/users/Profpatsch/whatcd-resolver/whatcd-resolver.cabal
@@ -86,13 +86,11 @@ library
         aeson-better-errors,
         aeson,
         blaze-html,
-        blaze-markup,
         bytestring,
         case-insensitive,
         containers,
         unordered-containers,
         directory,
-        dlist,
         exceptions,
         filepath,
         hs-opentelemetry-sdk,
@@ -107,8 +105,6 @@ library
         resource-pool,
         postgresql-simple,
         punycode,
-        scientific,
-        selective,
         tmp-postgres,
         unliftio,
         wai-extra,