fix(3p/overlays): upgrade tpm2-pkcs11, but add unmerged patch r/7718

Instead of pinning to an old version, move forward but with a fix for
the critical bug that's been preventing me from upgrading.

The project seems to be unmaintained upstream, but I took the fix from
the open pull requests.

Change-Id: I85c8f780b1e363bac4060dd89b1930a6e59ce2a3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11145
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: flokli <flokli@flokli.de>

1 files changed, 8 insertions, 4 deletions

diff --git a/third_party/overlays/tvl.nix b/third_party/overlays/tvl.nix
index 9ebe21369ba9..c8a256fa3a83 100644
--- a/third_party/overlays/tvl.nix
+++ b/third_party/overlays/tvl.nix
@@ -149,8 +149,12 @@ depot.nix.readTree.drvTargets {
     };
   };
 
-  # OpenVPN + TPM2 is broken on versions of this package somewhere
-  # after 1.8.0, but it is a critical dependency for tazjin. For this
-  # reason it is vendored from a specific nixpkgs commit.
-  tpm2-pkcs11 = self.callPackage ./patches/tpm2-pkcs11.nix { };
+  # Imports a patch that fixes usage of this package on versions
+  # >=1.9. The patch has been proposed upstream, but so far with no
+  # reactions from the maintainer:
+  #
+  # https://github.com/tpm2-software/tpm2-pkcs11/pull/849
+  tpm2-pkcs11 = super.tpm2-pkcs11.overrideAttrs (old: {
+    patches = (old.patches or [ ]) ++ [ ./patches/tpm2-pkcs11-190-dbupgrade.patch ];
+  });
 }