chore(3p/sources): bump channels & overlays – xz edition r/7837

Update all 3p/sources as we do normally except

- agenix which is still pinned to 0.15.0

- nixpkgs (unstable) which we bump to the HEAD of the staging-next
  branch. This branch includes the downgrade of xz from 5.6.1 to
  5.4.6 (https://github.com/nixos/nixpkgs/commit/d6dc19adbd). It
  also includes the second haskell-updates rotation with GHC 9.6.4
  which contains a few build fixes that seem to be required to get
  our Haskell targets to work.

Note that this only reverts xz to a version that doesn't contain the now
known backdoor (CVE-2024-3094) which may or may not actually affect
NixOS. Additionally reverting to a version before the malicious
contributor's involvement may be difficult, but prudent:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024

Changes required by the updates:

- //3p/overlays/haskell:

  - Update ihp-hsx to latest master to fix build with Stackage LTS 22.
  - Update tmp-postgres to latest master to work around failure with
    ansi-wl-pprint >= 1.
  - Patch punycode for mtl >= 2.3.

- //users/Profpatsch:

  - Clean up some warnings, mostly about unused dependencies
  - my-prelude: Fix build with ghc-boot-9.6.4
  - cas-serve: Use crypton over unmaintained cryptonite
  - ical-smolify: skip in ci, iCalendar would require heavy patching to
    work with Stackage LTS 22.

- //users/{wpcarro,aspen,flokli}:

  Disable home-manager / nixos configuration builds that seem to have
  transient failures that should disappear as we move away from
  staging-next and closer to an actual channel release.

Change-Id: I5cca48e101041c3aedc1d9932dbca2cac885fcc1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11289
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>

1 files changed, 26 insertions, 3 deletions

diff --git a/third_party/overlays/haskell/default.nix b/third_party/overlays/haskell/default.nix
index eaf3d2e85c9e..dc1201ec4377 100644
--- a/third_party/overlays/haskell/default.nix
+++ b/third_party/overlays/haskell/default.nix
@@ -12,15 +12,38 @@ in
 {
   haskellPackages = super.haskellPackages.override {
     overrides = hsSelf: hsSuper: {
+      punycode = haskellLib.appendPatch
+        (self.fetchpatch {
+          name = "punycode-mtl-2.3.patch";
+          url = "https://github.com/litherum/punycode/pull/5/commits/41e55c8b7cef14563e6d04a7190dbabff5a77886.patch";
+          sha256 = "03kgmy4z36jv16ffp5jrig2gr8ydc8cl1iscc7difisaq88mxvqc";
+        })
+        hsSuper.punycode;
+
+      # Build with deprecated ansi-wl-pprint is broken now, use HEAD which switched to
+      # prettyprinter
+      tmp-postgres = haskellLib.overrideSrc
+        {
+          version = "unstable-2023-08-08";
+          src = self.fetchFromGitHub {
+            owner = "jfischoff";
+            repo = "tmp-postgres";
+            rev = "7f2467a6d6d5f6db7eed59919a6773fe006cf22b";
+            sha256 = "0l1gdx5s8ximgawd3yzfy47pv5pgwqmjqp8hx5rbrq68vr04wkbl";
+          };
+        }
+        (hsSuper.tmp-postgres.override {
+          ansi-wl-pprint = hsSelf.prettyprinter;
+        });
 
       ihp-hsx = lib.pipe hsSuper.ihp-hsx [
         (haskellLib.overrideSrc {
-          version = "1.1.0";
+          version = "unstable-2023-03-28";
           src = "${self.fetchFromGitHub {
             owner = "digitallyinduced";
             repo = "ihp";
-            rev = "b5d47963c998ccd779aa5c3d46484338fd621f0d";
-            sha256 = "sha256-M22W8VX4sRaeU2yVraR0S2t2VOwWGmoteD/M8TahdoE=";
+            rev = "ab4ecd05f4e7b6b3c4b74b82d39fc6c5cc48766b";
+            sha256 = "1fj5q9lygnmvqqv2fwqdj12sv63gkdfv5ha6fi190sv07dp9n9an";
           }}/ihp-hsx";
         })
         haskellLib.doJailbreak