From 4b2f3c5454a249c6fbd7697a5297c6d4db92ef3e Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Mon, 1 Jul 2024 12:47:15 +0300 Subject: chore(3p/sources): bump to OpenSSH vulnerability hotfix See https://github.com/NixOS/nixpkgs/pull/323753 for details. Changes: * git: temporarily comment out dottime patch (it doesn't apply, but it's not critical) * third-party/cgit: use an older git version where dottime patch still applies * 3p/crate2nix: remove crate2nix patches included in latest release * tvix: remove unneeded defaultCrateOverrides (upstreamed to nixpkgs) * tvix: regenerate Cargo.nix * tvix/nix-compat: remove unnused AtermWriteable::aterm_bytes pub(crate) function * tvix/nix-compat: remove redundant trait bounds * tvix/glue: use clone_into() to set drv.{builder,system} * tools/crate2nix: apply workaround for https://github.com/numtide/treefmt/issues/327 * toold/depotfmt: expose treefmt config as passthru * tools/crate2nix: undo some more hacks in the crate2nix-check drv Change-Id: Ifbcedeb3e8f81b2f6ec1dbf10189bfa6dfd9c75c Co-Authored-By: Florian Klink Reviewed-on: https://cl.tvl.fyi/c/depot/+/11907 Reviewed-by: tazjin Tested-by: BuildkiteCI Reviewed-by: flokli --- third_party/cgit/default.nix | 25 ++++++-- third_party/git/default.nix | 2 +- .../crate2nix-drop-darwin-explicit-dontstrip.patch | 22 ------- .../crate2nix-run-tests-in-build-source.patch | 69 ---------------------- .../overlays/patches/treefmt-fix-no-cache.patch | 43 ++++++++++++++ third_party/overlays/tvl.nix | 7 ++- third_party/sources/sources.json | 6 +- 7 files changed, 71 insertions(+), 103 deletions(-) delete mode 100644 third_party/overlays/patches/crate2nix-drop-darwin-explicit-dontstrip.patch delete mode 100644 third_party/overlays/patches/crate2nix-run-tests-in-build-source.patch create mode 100644 third_party/overlays/patches/treefmt-fix-no-cache.patch (limited to 'third_party') diff --git a/third_party/cgit/default.nix b/third_party/cgit/default.nix index c783bda16ed2..bac6a3264e6e 100644 --- a/third_party/cgit/default.nix +++ b/third_party/cgit/default.nix @@ -27,12 +27,25 @@ stdenv.mkDerivation rec { # # TODO(tazjin): Add an assert for this somewhere so we notice it on # channel bumps. - preBuild = '' - rm -rf git # remove submodule dir ... - cp -r --no-preserve=ownership,mode ${pkgs.srcOnly depot.third_party.git} git - makeFlagsArray+=(prefix="$out" CGIT_SCRIPT_PATH="$out/cgit/") - cat tvl-extra.css >> cgit.css - ''; + preBuild = + let + # we have to give cgit a git with dottime support to build + git' = pkgs.git.overrideAttrs (old: { + src = pkgs.fetchurl { + url = "https://github.com/git/git/archive/refs/tags/v2.44.2.tar.gz"; + hash = "sha256-3h0LBfAD4MXfZc0tjWQDO81UdbRo3w5C0W7j7rr9m9I="; + }; + patches = (old.patches or [ ]) ++ [ + ../git/0001-feat-third_party-git-date-add-dottime-format.patch + ]; + }); + in + '' + rm -rf git # remove submodule dir ... + cp -r --no-preserve=ownership,mode ${pkgs.srcOnly git'} git + makeFlagsArray+=(prefix="$out" CGIT_SCRIPT_PATH="$out/cgit/") + cat tvl-extra.css >> cgit.css + ''; stripDebugList = [ "cgit" ]; diff --git a/third_party/git/default.nix b/third_party/git/default.nix index eed07b5616c6..19613fd69555 100644 --- a/third_party/git/default.nix +++ b/third_party/git/default.nix @@ -4,6 +4,6 @@ pkgs.git.overrideAttrs (old: { patches = (old.patches or [ ]) ++ [ - ./0001-feat-third_party-git-date-add-dottime-format.patch + # ./0001-feat-third_party-git-date-add-dottime-format.patch ]; }) diff --git a/third_party/overlays/patches/crate2nix-drop-darwin-explicit-dontstrip.patch b/third_party/overlays/patches/crate2nix-drop-darwin-explicit-dontstrip.patch deleted file mode 100644 index ba64e660c0e3..000000000000 --- a/third_party/overlays/patches/crate2nix-drop-darwin-explicit-dontstrip.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 0209f258cda8a9972a785e26d92fb477ce4d1b0e Mon Sep 17 00:00:00 2001 -From: Ilan Joselevich -Date: Tue, 11 Jun 2024 18:14:06 +0300 -Subject: [PATCH] Get rid of dontStrip for Darwin as it's no longer needed - -Fixed in https://github.com/NixOS/nixpkgs/pull/255900 ---- - templates/nix/crate2nix/default.nix | 2 -- - -diff --git a/templates/nix/crate2nix/default.nix b/templates/nix/crate2nix/default.nix -index 95d3730f..c53925e7 100644 ---- a/templates/nix/crate2nix/default.nix -+++ b/templates/nix/crate2nix/default.nix -@@ -349,8 +349,6 @@ rec { - buildRustCrateForPkgsFunc pkgs - ( - crateConfig // { -- # https://github.com/NixOS/nixpkgs/issues/218712 -- dontStrip = stdenv.hostPlatform.isDarwin; - src = crateConfig.src or ( - pkgs.fetchurl rec { - name = "${crateConfig.crateName}-${crateConfig.version}.tar.gz"; diff --git a/third_party/overlays/patches/crate2nix-run-tests-in-build-source.patch b/third_party/overlays/patches/crate2nix-run-tests-in-build-source.patch deleted file mode 100644 index 52793270e6e8..000000000000 --- a/third_party/overlays/patches/crate2nix-run-tests-in-build-source.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 7cf084f73f7d15fe0538a625182fa7179c083b3d Mon Sep 17 00:00:00 2001 -From: Raito Bezarius -Date: Tue, 16 Jan 2024 02:10:48 +0100 -Subject: [PATCH] fix(template): run tests in `/build/source` instead `/build` - -Previously, the source tree was located inline in `/build` during tests, this was a mistake -because the crates more than often are built in `/build/source` as per the `sourceRoot` system. - -This can cause issues with test binaries hardcoding `/build/source/...` as their choice for doing things, -causing them to be confused in the test phase which is relocated without rewriting the paths inside test binaries. - -We fix that by relocating ourselves in the right hierarchy. - -This is a "simple" fix in the sense that more edge cases could exist but they are hard to reason about -because they would be crates using custom `sourceRoot`, i.e. having `crate.sourceRoot` set and then it becomes -a bit hard to reproduce the hierarchy, you need to analyze whether the path is absolute or relative, - -If it's relative, you can just reuse it and reproduce that specific hierarchy. -If it's absolute, you need to cut the "absolute" meaningless part, e.g. `$NIX_BUILD_TOP/` and proceed like -it's a relative path IMHO. ---- - crate2nix/Cargo.nix | 10 ++++++++++ - crate2nix/templates/nix/crate2nix/default.nix | 10 ++++++++++ - -diff --git a/Cargo.nix b/Cargo.nix -index 6ef7a49..172ff34 100644 ---- a/Cargo.nix -+++ b/Cargo.nix -@@ -2889,6 +2889,16 @@ rec { - # recreate a file hierarchy as when running tests with cargo - - # the source for test data -+ # It's necessary to locate the source in $NIX_BUILD_TOP/source/ -+ # instead of $NIX_BUILD_TOP/ -+ # because we compiled those test binaries in the former and not the latter. -+ # So all paths will expect source tree to be there and not in the build top directly. -+ # For example: $NIX_BUILD_TOP := /build in general, if you ask yourself. -+ # TODO(raitobezarius): I believe there could be more edge cases if `crate.sourceRoot` -+ # do exist but it's very hard to reason about them, so let's wait until the first bug report. -+ mkdir -p source/ -+ cd source/ -+ - ${pkgs.buildPackages.xorg.lndir}/bin/lndir ${crate.src} - - # build outputs -diff --git a/crate2nix/templates/nix/crate2nix/default.nix b/crate2nix/templates/nix/crate2nix/default.nix -index e4fc2e9..dfb14c4 100644 ---- a/templates/nix/crate2nix/default.nix -+++ b/templates/nix/crate2nix/default.nix -@@ -135,6 +135,16 @@ rec { - # recreate a file hierarchy as when running tests with cargo - - # the source for test data -+ # It's necessary to locate the source in $NIX_BUILD_TOP/source/ -+ # instead of $NIX_BUILD_TOP/ -+ # because we compiled those test binaries in the former and not the latter. -+ # So all paths will expect source tree to be there and not in the build top directly. -+ # For example: $NIX_BUILD_TOP := /build in general, if you ask yourself. -+ # TODO(raitobezarius): I believe there could be more edge cases if `crate.sourceRoot` -+ # do exist but it's very hard to reason about them, so let's wait until the first bug report. -+ mkdir -p source/ -+ cd source/ -+ - ${pkgs.buildPackages.xorg.lndir}/bin/lndir ${crate.src} - - # build outputs --- -2.43.0 - diff --git a/third_party/overlays/patches/treefmt-fix-no-cache.patch b/third_party/overlays/patches/treefmt-fix-no-cache.patch new file mode 100644 index 000000000000..2ad9d595e106 --- /dev/null +++ b/third_party/overlays/patches/treefmt-fix-no-cache.patch @@ -0,0 +1,43 @@ +From 601af097720079ea40db100b1dd6aefba4685e7c Mon Sep 17 00:00:00 2001 +From: Florian Klink +Date: Mon, 1 Jul 2024 17:34:08 +0300 +Subject: [PATCH] fix: only try opening the cache if cache is enabled + +Otherwise `--no-cache` still fails to open the cache. +--- + cli/format.go | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/cli/format.go b/cli/format.go +index 492a4f3..8ccf578 100644 +--- a/cli/format.go ++++ b/cli/format.go +@@ -118,9 +118,11 @@ func (f *Format) Run() (err error) { + f.formatters[name] = formatter + } + +- // open the cache +- if err = cache.Open(f.TreeRoot, f.ClearCache, f.formatters); err != nil { +- return err ++ // open the cache if configured ++ if !f.NoCache { ++ if cache.Open(f.TreeRoot, f.ClearCache, f.formatters); err != nil { ++ return err ++ } + } + + // create an app context and listen for shutdown +@@ -148,7 +150,9 @@ func (f *Format) Run() (err error) { + f.processedCh = make(chan *walk.File, cap(f.filesCh)) + + // start concurrent processing tasks in reverse order +- eg.Go(f.updateCache(ctx)) ++ if !f.NoCache { ++ eg.Go(f.updateCache(ctx)) ++ } + eg.Go(f.applyFormatters(ctx)) + eg.Go(f.walkFilesystem(ctx)) + +-- +2.44.1 + diff --git a/third_party/overlays/tvl.nix b/third_party/overlays/tvl.nix index f2260be8b8fb..6aba5480b205 100644 --- a/third_party/overlays/tvl.nix +++ b/third_party/overlays/tvl.nix @@ -101,8 +101,6 @@ depot.nix.readTree.drvTargets { patches = old.patches or [ ] ++ [ # https://github.com/nix-community/crate2nix/pull/301 ./patches/crate2nix-tests-debug.patch - # TODO(Kranzes): drop on next release - ./patches/crate2nix-drop-darwin-explicit-dontstrip.patch ]; }); @@ -135,4 +133,9 @@ depot.nix.readTree.drvTargets { hash = "sha256-ucTzO2qdN4QkowMVvC3+4pjEVjbwMsB0xFk+bvQxwtQ="; }; }) else super.fuse; + + treefmt = super.treefmt.overrideAttrs (old: { + # https://github.com/numtide/treefmt/pull/328 + patches = old.patches or [ ] ++ [ ./patches/treefmt-fix-no-cache.patch ]; + }); } diff --git a/third_party/sources/sources.json b/third_party/sources/sources.json index 8844eddc9c15..9406d02c86f1 100644 --- a/third_party/sources/sources.json +++ b/third_party/sources/sources.json @@ -65,10 +65,10 @@ "homepage": "", "owner": "NixOS", "repo": "nixpkgs", - "rev": "051f920625ab5aabe37c920346e3e69d7d34400e", - "sha256": "08lin51g5x2vv89rs6vmqxnyy8pfysh0wdp6mdxw6l86dpm2rbg2", + "rev": "7f993cdf26ccef564eabf31fdb40d140821e12bc", + "sha256": "0dypbvibfdmv14rqlamf451625fw2fyk11prw9bbywi0q2i313d5", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/051f920625ab5aabe37c920346e3e69d7d34400e.tar.gz", + "url": "https://github.com/NixOS/nixpkgs/archive/7f993cdf26ccef564eabf31fdb40d140821e12bc.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "nixpkgs-stable": { -- cgit 1.4.1