From e628862e97acc5cd9aa2c9da86f26edd6d14605c Mon Sep 17 00:00:00 2001
From: sterni <sternenseemann@systemli.org>
Date: Fri, 19 Feb 2021 12:42:24 +0100
Subject: chore(3p): Bump NixOS channels to 2021-02-18

Main motivation for this is to get the openldap update that fixes
10 CVEs: CVE-2020-36221 to including CVE-2020-36230. See also this
issue which lists them all: https://github.com/NixOS/nixpkgs/issues/113490

Someone should also redeploy whitby as soon as this lands in canon and
all build failures have been fixed.

Things done to resolve upstream breakages:

* grpc no longer takes abseil-cpp as an input, it has also been removed
  in the override.

* Upgrade glittershark's kernel to 5.11 since the linuxPackages_5_9
  attribute has been removed by upstream and the patch used by them is
  available for 5.11 as well.

* The fixed output hash for third_patry.apereo-cas changed for some reason.

* Remove the pin of haskellPackages.vector from the haskell overlay. It
  broke as the most recent version of vector in nixos-unstable no longer
  depends on semigroups. This effectively updates vector from 0.12.1.2
  to 0.12.2.0.

* Align two comments in tvix/libstore/worker-protocol.hh because the
  updated clang-format now demands that.

Change-Id: I2ecf10a98de935e9222acf1feaea447d4c11ed2d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2538
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
---
 third_party/apereo-cas/default.nix                      |  2 +-
 third_party/default.nix                                 | 12 ++++++------
 third_party/grpc/default.nix                            |  1 -
 third_party/nix/src/libstore/worker-protocol.hh         |  2 +-
 third_party/nixpkgs-exposed/exposed/default.nix         |  2 +-
 third_party/nixpkgs-exposed/haskell_overlay/default.nix |  8 --------
 users/glittershark/system/system/modules/kernel.nix     |  4 ++--
 7 files changed, 11 insertions(+), 20 deletions(-)

diff --git a/third_party/apereo-cas/default.nix b/third_party/apereo-cas/default.nix
index 7fa3b0fa92..e9930774ec 100644
--- a/third_party/apereo-cas/default.nix
+++ b/third_party/apereo-cas/default.nix
@@ -37,7 +37,7 @@ let
 
     outputHashAlgo = "sha256";
     outputHashMode = "recursive";
-    outputHash = "1mjk7nh0sr4xb8v5mqb8kzjk1xk9rsx8g069lhpvdkyrc5bq1w8j";
+    outputHash = "07wxmgljs8v0pmnryqjz6dr6jl93x3023y8zx3al5314mmqkpaan";
   };
 in
 pkgs.stdenvNoCC.mkDerivation {
diff --git a/third_party/default.nix b/third_party/default.nix
index 096396d3b6..c3c5ea11bb 100644
--- a/third_party/default.nix
+++ b/third_party/default.nix
@@ -5,11 +5,11 @@
 { ... }:
 
 let
-  # Tracking nixos-unstable as of 2021-01-19.
-  nixpkgsCommit = "68398d2dd50efc2d878bf0f83bbc8bc323b6b0e0";
+  # Tracking nixos-unstable as of 2021-02-18.
+  nixpkgsCommit = "6b1057b452c55bb3b463f0d7055bc4ec3fd1f381";
   nixpkgsSrc = fetchTarball {
     url = "https://github.com/NixOS/nixpkgs/archive/${nixpkgsCommit}.tar.gz";
-    sha256 = "1bivcxnajll53ixwyl304fq22w5dg97fqbwk8imp6ipwq84bq5ga";
+    sha256 = "10qfg11g8m0q2k3ibcm0ivjq494gqynshm3smjl1rfn5ifjf5fz8";
   };
   nixpkgs = import nixpkgsSrc {
     config.allowUnfree = true;
@@ -21,11 +21,11 @@ let
     ];
   };
 
-  # Tracking nixos-20.09 as of 2021-01-19.
-  stableCommit = "88f00e7e12d2669583fffd3f33aae01101464386";
+  # Tracking nixos-20.09 as of 2021-02-17.
+  stableCommit = "5c53c720ff690ef82a9fe4849e7b70c104e1c82f";
   stableNixpkgsSrc = fetchTarball {
     url = "https://github.com/NixOS/nixpkgs/archive/${stableCommit}.tar.gz";
-    sha256 = "0972lcah2wm1j7ab5acnpn1il68q90cdqhvq1vj4nlnygnwzhcfr";
+    sha256 = "0gjxfxbfc6maqg48k9ai476s6zkc94p0y3v9yjgwbiy7b38pqfys";
   };
   stableNixpkgs = import stableNixpkgsSrc {};
 
diff --git a/third_party/grpc/default.nix b/third_party/grpc/default.nix
index a3745a2099..ad34425e8f 100644
--- a/third_party/grpc/default.nix
+++ b/third_party/grpc/default.nix
@@ -1,7 +1,6 @@
 { pkgs, ... }:
 
 (pkgs.originals.grpc.override {
-  abseil-cpp = pkgs.abseil_cpp;
   protobuf = pkgs.protobuf;
   stdenv = pkgs.llvmPackages.libcxxStdenv;
 }).overrideAttrs(orig: rec {
diff --git a/third_party/nix/src/libstore/worker-protocol.hh b/third_party/nix/src/libstore/worker-protocol.hh
index 47095253a1..e2f40a449d 100644
--- a/third_party/nix/src/libstore/worker-protocol.hh
+++ b/third_party/nix/src/libstore/worker-protocol.hh
@@ -53,7 +53,7 @@ typedef enum {
 } WorkerOp;
 
 #define STDERR_NEXT 0x6f6c6d67
-#define STDERR_READ 0x64617461  // data needed from source
+#define STDERR_READ 0x64617461   // data needed from source
 #define STDERR_WRITE 0x64617416  // data for sink
 #define STDERR_LAST 0x616c7473
 #define STDERR_ERROR 0x63787470
diff --git a/third_party/nixpkgs-exposed/exposed/default.nix b/third_party/nixpkgs-exposed/exposed/default.nix
index bf8d7eac5e..6f4441879a 100644
--- a/third_party/nixpkgs-exposed/exposed/default.nix
+++ b/third_party/nixpkgs-exposed/exposed/default.nix
@@ -79,7 +79,7 @@
     lib
     libredirect
     linuxPackages
-    linuxPackages_5_9
+    linuxPackages_5_11
     luajit
     lutris
     makeFontsConf
diff --git a/third_party/nixpkgs-exposed/haskell_overlay/default.nix b/third_party/nixpkgs-exposed/haskell_overlay/default.nix
index 600d26541e..9598b96740 100644
--- a/third_party/nixpkgs-exposed/haskell_overlay/default.nix
+++ b/third_party/nixpkgs-exposed/haskell_overlay/default.nix
@@ -90,14 +90,6 @@ self: super: with pkgs.haskell.lib; rec {
 
   test-framework-quickcheck2 = doJailbreak super.test-framework-quickcheck2;
 
-  vector = overrideSrc (doJailbreak super.vector) rec {
-    src = pkgs.fetchzip {
-      url = "mirror://hackage/vector-${version}/vector-${version}.tar.gz";
-      sha256 = "1312lpb1f4jzbmcjp7mdf9l9ykp1hscxdr66cl8zlcs8kbr13bm7";
-    };
-    version = "0.12.1.2";
-  };
-
   vinyl = overrideSrc (markUnbroken super.vinyl)
     rec {
       src = pkgs.fetchzip {
diff --git a/users/glittershark/system/system/modules/kernel.nix b/users/glittershark/system/system/modules/kernel.nix
index 7051231f3f..5c5ff85515 100644
--- a/users/glittershark/system/system/modules/kernel.nix
+++ b/users/glittershark/system/system/modules/kernel.nix
@@ -11,7 +11,7 @@ let
       name = "linux-ck-patch-${mm}-ck1.xz";
       # example: http://ck.kolivas.org/patches/5.0/5.4/5.4-ck1/patch-5.4-ck1.xz
       url = "http://ck.kolivas.org/patches/${mj}.0/${mm}/${mm}-ck1/patch-${mm}-ck1.xz";
-      sha256 = "0cv1ayj9akl83q2whabj8v3qygkkfwvzcjqx539sw6j3r9qhrs64";
+      sha256 = "14lfpq9hvq1amxrl0ayfid1d04kd35vwsvk1ppnqa87nqfkjq47c";
     };
 
     unpackPhase = ''
@@ -24,7 +24,7 @@ let
   };
 in
 {
-  boot.kernelPackages = pkgs.linuxPackages_5_9.extend (self: super: {
+  boot.kernelPackages = pkgs.linuxPackages_5_11.extend (self: super: {
     kernel = super.kernel.override {
       ignoreConfigErrors = true;
       kernelPatches = super.kernel.kernelPatches ++ [{
-- 
cgit 1.4.1