From 25d28cb1d576bb166806a363fc9b2252fd3b5b29 Mon Sep 17 00:00:00 2001
From: sterni <sternenseemann@systemli.org>
Date: Fri, 7 Mar 2025 18:49:13 +0100
Subject: [PATCH] chore(3p/sources): bump channels & overlays (2025-03-07)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Bump Emacs 29 to 30 to address CVEs in prior versions:
  https://github.com/NixOS/nixpkgs/pull/386174

* //3p/overlays/tvl:

  - Drop upstreamed fix for buildkite-agent
  - Drop tpm2-pkcs11 patch for an issue that has been
    addressed in 1.9.1.
  - Drop Nix 2.3 patch for home-manager. An alternative
    to it has been upstreamed in
    <https://github.com/nix-community/home-manager/pull/5067>.

* //users/flokli/presentations: disable derivations that have
  been failing since the latest chromium upgrade (presumably).
  reveal-md … --print fails to export a PDF. Enabling debug
  output reveals that a timeout in pupeteer is hit.

Change-Id: Id83eb5e5fe2db77e648817c5c737b2f95b43deeb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13217
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
---
 ...nment-fix-compatibility-with-Nix-2.3.patch | 32 -------------------
 .../patches/tpm2-pkcs11-190-dbupgrade.patch   | 29 -----------------
 third_party/overlays/tvl.nix                  | 18 -----------
 third_party/sources/sources.json              | 24 +++++++-------
 .../2023-09-09-nixcon-tvix/default.nix        |  4 +++
 .../2024-10-25-nixcon-tvix/default.nix        |  4 +++
 users/sterni/emacs/default.nix                |  2 +-
 users/tazjin/emacs/default.nix                |  2 +-
 8 files changed, 22 insertions(+), 93 deletions(-)
 delete mode 100644 third_party/overlays/patches/0001-home-environment-fix-compatibility-with-Nix-2.3.patch
 delete mode 100644 third_party/overlays/patches/tpm2-pkcs11-190-dbupgrade.patch

diff --git a/third_party/overlays/patches/0001-home-environment-fix-compatibility-with-Nix-2.3.patch b/third_party/overlays/patches/0001-home-environment-fix-compatibility-with-Nix-2.3.patch
deleted file mode 100644
index d05e925ff..000000000
--- a/third_party/overlays/patches/0001-home-environment-fix-compatibility-with-Nix-2.3.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 949776a927faf69887ba71eb339762381e90e105 Mon Sep 17 00:00:00 2001
-From: Vincent Ambo <mail@tazj.in>
-Date: Fri, 21 Feb 2025 17:45:23 +0300
-Subject: [PATCH] home-environment: fix compatibility with Nix 2.3
-
----
- modules/home-environment.nix | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/modules/home-environment.nix b/modules/home-environment.nix
-index fffb3b1c..d12f143a 100644
---- a/modules/home-environment.nix
-+++ b/modules/home-environment.nix
-@@ -728,13 +728,13 @@ in
- 
-           # Create a temporary GC root to prevent collection during activation.
-           trap 'run rm -f $VERBOSE_ARG "$newGenGcPath"' EXIT
--          run --silence nix-store --realise "$newGenPath" --add-root "$newGenGcPath"
-+          run --quiet nix-store --realise "$newGenPath" --add-root "$newGenGcPath" --indirect
- 
-           ${activationCmds}
- 
-           ${optionalString (!config.uninstall) ''
-             # Create the "current generation" GC root.
--            run --silence nix-store --realise "$newGenPath" --add-root "$currentGenGcPath"
-+            run --silence nix-store --realise "$newGenPath" --add-root "$currentGenGcPath" --indirect
- 
-             if [[ -e "$legacyGenGcPath" ]]; then
-               run rm $VERBOSE_ARG "$legacyGenGcPath"
--- 
-2.47.2
-
diff --git a/third_party/overlays/patches/tpm2-pkcs11-190-dbupgrade.patch b/third_party/overlays/patches/tpm2-pkcs11-190-dbupgrade.patch
deleted file mode 100644
index f831c11a8..000000000
--- a/third_party/overlays/patches/tpm2-pkcs11-190-dbupgrade.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 987323794148a6ff5ce3d02eef8cfeb46bee1761 Mon Sep 17 00:00:00 2001
-From: Anton <tracefinder@gmail.com>
-Date: Tue, 7 Nov 2023 12:02:15 +0300
-Subject: [PATCH] Skip null attribute during DB update
-
-Signed-off-by: Anton <tracefinder@gmail.com>
----
- src/lib/db.c | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/src/lib/db.c b/src/lib/db.c
-index b4bbd1bf..74c5a7b4 100644
---- a/src/lib/db.c
-+++ b/src/lib/db.c
-@@ -2169,9 +2169,11 @@ static CK_RV dbup_handler_from_7_to_8(sqlite3 *updb) {
- 
-         /* for each tobject */
-         CK_ATTRIBUTE_PTR a = attr_get_attribute_by_type(tobj->attrs, CKA_ALLOWED_MECHANISMS);
--        CK_BYTE type = type_from_ptr(a->pValue, a->ulValueLen);
--        if (type != TYPE_BYTE_INT_SEQ) {
--            rv = _db_update_tobject_attrs(updb, tobj->id, tobj->attrs);
-+        if (a) {
-+            CK_BYTE type = type_from_ptr(a->pValue, a->ulValueLen);
-+            if (type != TYPE_BYTE_INT_SEQ) {
-+                rv = _db_update_tobject_attrs(updb, tobj->id, tobj->attrs);
-+            }
-         }
- 
-         tobject_free(tobj);
diff --git a/third_party/overlays/tvl.nix b/third_party/overlays/tvl.nix
index 0b4d52eca..f4011ff04 100644
--- a/third_party/overlays/tvl.nix
+++ b/third_party/overlays/tvl.nix
@@ -33,14 +33,6 @@ depot.nix.readTree.drvTargets {
     withAWS = false;
   });
 
-  # see b/439; this fix will be upstreamed in nixpkgs
-  buildkite-agent = super.buildkite-agent.overrideAttrs (old: {
-    # once PR#386414 propagates here (& len(ldflags) = 2), we can delete this
-    ldflags = assert (builtins.length old.ldflags) == 1; old.ldflags ++ [
-      "-X github.com/buildkite/agent/v3/version.buildNumber=nix"
-    ];
-  });
-
   # No longer builds with Nix 2.3 after
   # https://github.com/nixos/nixpkgs/commit/5f9d2d95721cdf20ace744f2db75ad70a7aedd3a
   nixos-option = super.nixos-option.override {
@@ -49,7 +41,6 @@ depot.nix.readTree.drvTargets {
 
   home-manager = super.home-manager.overrideAttrs (_: {
     src = depot.third_party.sources.home-manager;
-    patches = [ ./patches/0001-home-environment-fix-compatibility-with-Nix-2.3.patch ];
     version = "git-"
       + builtins.substring 0 7 depot.third_party.sources.home-manager.rev;
   });
@@ -171,15 +162,6 @@ depot.nix.readTree.drvTargets {
     doCheck = false;
   };
 
-  # Imports a patch that fixes usage of this package on versions
-  # >=1.9. The patch has been proposed upstream, but so far with no
-  # reactions from the maintainer:
-  #
-  # https://github.com/tpm2-software/tpm2-pkcs11/pull/849
-  tpm2-pkcs11 = super.tpm2-pkcs11.overrideAttrs (old: {
-    patches = (old.patches or [ ]) ++ [ ./patches/tpm2-pkcs11-190-dbupgrade.patch ];
-  });
-
   # Dependency isn't supported by Python 3.12
   html5validator = super.html5validator.override {
     python3 = self.python311;
diff --git a/third_party/sources/sources.json b/third_party/sources/sources.json
index a9ad22240..855aa1406 100644
--- a/third_party/sources/sources.json
+++ b/third_party/sources/sources.json
@@ -43,10 +43,10 @@
         "homepage": "https://nix-community.github.io/home-manager/",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "fcac3d6d88302a5e64f6cb8014ac785e08874c8d",
-        "sha256": "172sb8wdqm5fcx85gwzbf0b3l846s4b3ldfrpdhq5lf27lb20w81",
+        "rev": "cf47e7ea2182c5638fdd1b42de329cc7d185cf8b",
+        "sha256": "09igpxhchgfd7xjgr882wz2yssw67p8blf0v23pkys18k46l2f13",
         "type": "tarball",
-        "url": "https://github.com/nix-community/home-manager/archive/fcac3d6d88302a5e64f6cb8014ac785e08874c8d.tar.gz",
+        "url": "https://github.com/nix-community/home-manager/archive/cf47e7ea2182c5638fdd1b42de329cc7d185cf8b.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "impermanence": {
@@ -92,10 +92,10 @@
         "homepage": "",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "303bd8071377433a2d8f76e684ec773d70c5b642",
-        "sha256": "0qzxhnipsp48z9vx5xkdh74m6yny8k4ah6f47r1axk6lxhiwfdkj",
+        "rev": "36fd87baa9083f34f7f5027900b62ee6d09b1f2f",
+        "sha256": "0b56iwbr9cwakzzs4n9k6nacgzk3j81vx2spc8m6w6vvv2qdw7js",
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/303bd8071377433a2d8f76e684ec773d70c5b642.tar.gz",
+        "url": "https://github.com/NixOS/nixpkgs/archive/36fd87baa9083f34f7f5027900b62ee6d09b1f2f.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "nixpkgs-stable": {
@@ -118,10 +118,10 @@
         "homepage": "",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "f4d5a693c18b389f0d58f55b6f7be6ef85af186f",
-        "sha256": "1yw2xbmkh8klzn8j7cm5dn6ilm3qbz1rl6rjiqy9vqla2ldvqbsl",
+        "rev": "d95582a900bd0e7e516ce3bed0503f742649fffb",
+        "sha256": "1ffn2xxprbb04nvy94lqypnjj2snx0qd8lw5i9lp56nd6b4yj6ny",
         "type": "tarball",
-        "url": "https://github.com/oxalica/rust-overlay/archive/f4d5a693c18b389f0d58f55b6f7be6ef85af186f.tar.gz",
+        "url": "https://github.com/oxalica/rust-overlay/archive/d95582a900bd0e7e516ce3bed0503f742649fffb.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "rustsec-advisory-db": {
@@ -130,10 +130,10 @@
         "homepage": "https://rustsec.org",
         "owner": "RustSec",
         "repo": "advisory-db",
-        "rev": "2e25d9665f10de885c81a9fb9d51a289f625b05f",
-        "sha256": "14zcd5apyyb8s2xf3h4wbhhq5zrpg0hcawq5dz4k0l2wdqmdcv0h",
+        "rev": "74ff50e899726ef85314978f60e9f7858462b21f",
+        "sha256": "0lyc9d866fgmhcrjpdgq375sdhyg2fdjnnf83k9wmgcp2nqddi22",
         "type": "tarball",
-        "url": "https://github.com/RustSec/advisory-db/archive/2e25d9665f10de885c81a9fb9d51a289f625b05f.tar.gz",
+        "url": "https://github.com/RustSec/advisory-db/archive/74ff50e899726ef85314978f60e9f7858462b21f.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     }
 }
diff --git a/users/flokli/presentations/2023-09-09-nixcon-tvix/default.nix b/users/flokli/presentations/2023-09-09-nixcon-tvix/default.nix
index b50309b6c..6dc9c7d04 100644
--- a/users/flokli/presentations/2023-09-09-nixcon-tvix/default.nix
+++ b/users/flokli/presentations/2023-09-09-nixcon-tvix/default.nix
@@ -34,4 +34,8 @@ stdenv.mkDerivation {
     # Above command doesn't fail on error, ensure file has been created
     [[ -f "$out/slides.pdf" ]] || exit 1
   '';
+
+  # reveal-md presentation.md --print started timing out possibly due to
+  # chromium: 133.0.6943.141 -> 134.0.6998.35
+  meta.ci.skip = true;
 }
diff --git a/users/flokli/presentations/2024-10-25-nixcon-tvix/default.nix b/users/flokli/presentations/2024-10-25-nixcon-tvix/default.nix
index 763104cfd..f41f023d9 100644
--- a/users/flokli/presentations/2024-10-25-nixcon-tvix/default.nix
+++ b/users/flokli/presentations/2024-10-25-nixcon-tvix/default.nix
@@ -32,4 +32,8 @@ stdenv.mkDerivation {
     # Above command doesn't fail on error, ensure file has been created
     [[ -f "$out/slides.pdf" ]] || exit 1
   '';
+
+  # reveal-md presentation.md --print started timing out possibly due to
+  # chromium: 133.0.6943.141 -> 134.0.6998.35
+  meta.ci.skip = true;
 }
diff --git a/users/sterni/emacs/default.nix b/users/sterni/emacs/default.nix
index 5bc69ab1a..61ac9da16 100644
--- a/users/sterni/emacs/default.nix
+++ b/users/sterni/emacs/default.nix
@@ -14,7 +14,7 @@ let
     exec chktex -n8 "$@"
   '';
 
-  emacs = (pkgs.emacsPackagesFor pkgs.emacs29-pgtk).withPackages (epkgs: [
+  emacs = (pkgs.emacsPackagesFor pkgs.emacs-pgtk).withPackages (epkgs: [
     epkgs.bqn-mode
     #epkgs.elpaPackages.ada-mode
     epkgs.elpaPackages.rainbow-mode
diff --git a/users/tazjin/emacs/default.nix b/users/tazjin/emacs/default.nix
index 2f20778bf..dac9e10b0 100644
--- a/users/tazjin/emacs/default.nix
+++ b/users/tazjin/emacs/default.nix
@@ -3,7 +3,7 @@
 { depot, lib, pkgs, ... }:
 
 pkgs.makeOverridable
-  ({ emacs ? pkgs.emacs30-pgtk }:
+  ({ emacs ? pkgs.emacs-pgtk }:
   let
     emacsPackages = (pkgs.emacsPackagesFor emacs);
     emacsWithPackages = emacsPackages.emacsWithPackages;