chore(3p/sources): bump channels & overlays – xz edition

Update all 3p/sources as we do normally except - agenix which is still pinned to 0.15.0 - nixpkgs (unstable) which we bump to the HEAD of the staging-next branch. This branch includes the downgrade of xz from 5.6.1 to 5.4.6 (d6dc19adbd). It also includes the second haskell-updates rotation with GHC 9.6.4 which contains a few build fixes that seem to be required to get our Haskell targets to work. Note that this only reverts xz to a version that doesn't contain the now known backdoor (CVE-2024-3094) which may or may not actually affect NixOS. Additionally reverting to a version before the malicious contributor's involvement may be difficult, but prudent: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024 Changes required by the updates: - //3p/overlays/haskell: - Update ihp-hsx to latest master to fix build with Stackage LTS 22. - Update tmp-postgres to latest master to work around failure with ansi-wl-pprint >= 1. - Patch punycode for mtl >= 2.3. - //users/Profpatsch: - Clean up some warnings, mostly about unused dependencies - my-prelude: Fix build with ghc-boot-9.6.4 - cas-serve: Use crypton over unmaintained cryptonite - ical-smolify: skip in ci, iCalendar would require heavy patching to work with Stackage LTS 22. - //users/{wpcarro,aspen,flokli}: Disable home-manager / nixos configuration builds that seem to have transient failures that should disappear as we move away from staging-next and closer to an actual channel release. Change-Id: I5cca48e101041c3aedc1d9932dbca2cac885fcc1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/11289 Tested-by: BuildkiteCI Autosubmit: sterni <sternenseemann@systemli.org> Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: tazjin <tazjin@tvl.su>
2024-03-31 11:56:52 +02:00 · 2024-03-31 11:56:52 +02:00 · 73b1f0407b
commit 73b1f0407b
parent b67b0a6d72
10 changed files with 68 additions and 32 deletions
--- a/third_party/overlays/haskell/default.nix
+++ b/third_party/overlays/haskell/default.nix
@ -12,15 +12,38 @@ in
 {
  haskellPackages = super.haskellPackages.override {
    overrides = hsSelf: hsSuper: {
+      punycode = haskellLib.appendPatch
+        (self.fetchpatch {
+          name = "punycode-mtl-2.3.patch";
+          url = "https://github.com/litherum/punycode/pull/5/commits/41e55c8b7cef14563e6d04a7190dbabff5a77886.patch";
+          sha256 = "03kgmy4z36jv16ffp5jrig2gr8ydc8cl1iscc7difisaq88mxvqc";
+        })
+        hsSuper.punycode;
+
+      # Build with deprecated ansi-wl-pprint is broken now, use HEAD which switched to
+      # prettyprinter
+      tmp-postgres = haskellLib.overrideSrc
+        {
+          version = "unstable-2023-08-08";
+          src = self.fetchFromGitHub {
+            owner = "jfischoff";
+            repo = "tmp-postgres";
+            rev = "7f2467a6d6d5f6db7eed59919a6773fe006cf22b";
+            sha256 = "0l1gdx5s8ximgawd3yzfy47pv5pgwqmjqp8hx5rbrq68vr04wkbl";
+          };
+        }
+        (hsSuper.tmp-postgres.override {
+          ansi-wl-pprint = hsSelf.prettyprinter;
+        });

      ihp-hsx = lib.pipe hsSuper.ihp-hsx [
        (haskellLib.overrideSrc {
-          version = "1.1.0";
+          version = "unstable-2023-03-28";
          src = "${self.fetchFromGitHub {
            owner = "digitallyinduced";
            repo = "ihp";
-            rev = "b5d47963c998ccd779aa5c3d46484338fd621f0d";
-            sha256 = "sha256-M22W8VX4sRaeU2yVraR0S2t2VOwWGmoteD/M8TahdoE=";
+            rev = "ab4ecd05f4e7b6b3c4b74b82d39fc6c5cc48766b";
+            sha256 = "1fj5q9lygnmvqqv2fwqdj12sv63gkdfv5ha6fi190sv07dp9n9an";
          }}/ihp-hsx";
        })
        haskellLib.doJailbreak