From 73b1f0407bb224f82cca6ce1854a6080a6afecca Mon Sep 17 00:00:00 2001 From: sterni Date: Sun, 31 Mar 2024 11:56:52 +0200 Subject: chore(3p/sources): bump channels & overlays – xz edition MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update all 3p/sources as we do normally except - agenix which is still pinned to 0.15.0 - nixpkgs (unstable) which we bump to the HEAD of the staging-next branch. This branch includes the downgrade of xz from 5.6.1 to 5.4.6 (https://github.com/nixos/nixpkgs/commit/d6dc19adbd). It also includes the second haskell-updates rotation with GHC 9.6.4 which contains a few build fixes that seem to be required to get our Haskell targets to work. Note that this only reverts xz to a version that doesn't contain the now known backdoor (CVE-2024-3094) which may or may not actually affect NixOS. Additionally reverting to a version before the malicious contributor's involvement may be difficult, but prudent: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024 Changes required by the updates: - //3p/overlays/haskell: - Update ihp-hsx to latest master to fix build with Stackage LTS 22. - Update tmp-postgres to latest master to work around failure with ansi-wl-pprint >= 1. - Patch punycode for mtl >= 2.3. - //users/Profpatsch: - Clean up some warnings, mostly about unused dependencies - my-prelude: Fix build with ghc-boot-9.6.4 - cas-serve: Use crypton over unmaintained cryptonite - ical-smolify: skip in ci, iCalendar would require heavy patching to work with Stackage LTS 22. - //users/{wpcarro,aspen,flokli}: Disable home-manager / nixos configuration builds that seem to have transient failures that should disappear as we move away from staging-next and closer to an actual channel release. Change-Id: I5cca48e101041c3aedc1d9932dbca2cac885fcc1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/11289 Tested-by: BuildkiteCI Autosubmit: sterni Reviewed-by: sterni Reviewed-by: tazjin --- default.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'default.nix') diff --git a/default.nix b/default.nix index 0ffbdbabaa..ad1396222a 100644 --- a/default.nix +++ b/default.nix @@ -110,6 +110,19 @@ readTree.fix (self: (readDepot { # xanthous and related targets are disabled until cl/9186 is submitted self.users.aspen.xanthous self.users.aspen.system.system.mugwumpSystem + + # Temporarily disabled after cl/11289. Hopefully these failures are transient + # and will disappear with the next channel bump. + self.users.aspen.system.home.ogopogoHome + self.users.aspen.system.home.luscaHome + self.users.aspen.system.home.yerenHome + self.users.aspen.system.system.roswellSystem + self.users.flokli.nixos.archeologyEc2System + self.users.flokli.nixos.deploy-archeology-ec2 + self.users.wpcarro.nixos.avaSystem + self.users.wpcarro.nixos.kyokoSystem + self.users.wpcarro.nixos.marcusSystem + self.users.wpcarro.nixos.tarascoSystem ]; # List of all buildable targets, for CI purposes. -- cgit 1.4.1