OpenSSL released an update which fixes two severity high security issues: * https://mta.openssl.org/pipermail/openssl-announce/2021-March/000197.html * https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html Update to the nixpkgs (currently still master) commits updating OpenSSL. Other changes: * Use GHC 8.8.4 for haskell-language-server as GHC 8.8.3 got removed from nixpkgs last friday. Change-Id: Ic1b2f49284e78193a4330da4bb4b718a797f5ab1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2653 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: glittershark <grfn@gws.fyi>
		
			
				
	
	
		
			72 lines
		
	
	
	
		
			2.3 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
			
		
		
	
	
			72 lines
		
	
	
	
		
			2.3 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
| # This file controls the import of external dependencies (i.e.
 | |
| # third-party code) into my package tree.
 | |
| #
 | |
| # This includes *all packages needed from nixpkgs*.
 | |
| { ... }:
 | |
| 
 | |
| let
 | |
|   # Tracking nixos-unstable as of 2021-03-25.
 | |
|   nixpkgsCommit = "60dd94fb7e01a8288f6638eee71d7cb354c49327";
 | |
|   nixpkgsSrc = fetchTarball {
 | |
|     url = "https://github.com/NixOS/nixpkgs/archive/${nixpkgsCommit}.tar.gz";
 | |
|     sha256 = "0skdwk9bdld295kzrymirs8xrzycqmhsclaz8s18jhcz75hb8sk3";
 | |
|   };
 | |
|   nixpkgs = import nixpkgsSrc {
 | |
|     config.allowUnfree = true;
 | |
|     config.allowBroken = true;
 | |
| 
 | |
|     # Lutris depends on p7zip, which is considered insecure.
 | |
|     config.permittedInsecurePackages = [
 | |
|       "p7zip-16.02"
 | |
|     ];
 | |
|   };
 | |
| 
 | |
|   # Tracking nixos-20.09 as of 2021-03-25.
 | |
|   stableCommit = "223d0d733a66b46504ea6b4c15f88b7cc4db58fb";
 | |
|   stableNixpkgsSrc = fetchTarball {
 | |
|     url = "https://github.com/NixOS/nixpkgs/archive/${stableCommit}.tar.gz";
 | |
|     sha256 = "073327ris0frqa3kpid3nsjr9w8yx2z83xpsc24w898mrs9r7d5v";
 | |
|   };
 | |
|   stableNixpkgs = import stableNixpkgsSrc {};
 | |
| 
 | |
|   exposed = import ./nixpkgs-exposed/exposed { inherit nixpkgs stableNixpkgs; };
 | |
| 
 | |
| in exposed.lib.fix(self: exposed // {
 | |
|   callPackage = nixpkgs.lib.callPackageWith self;
 | |
| 
 | |
|   # Provide the source code of nixpkgs, but do not provide an imported
 | |
|   # version of it.
 | |
|   inherit nixpkgsCommit nixpkgsSrc stableNixpkgsSrc;
 | |
| 
 | |
|   # Packages to be overridden
 | |
|   originals = {
 | |
|     inherit (nixpkgs) gtest openldap go grpc notmuch rr;
 | |
|     inherit (stableNixpkgs) git tdlib;
 | |
|     ffmpeg = nixpkgs.ffmpeg-full;
 | |
|     telega = stableNixpkgs.emacsPackages.telega;
 | |
|   };
 | |
| 
 | |
|   # Use LLVM 11
 | |
|   llvmPackages = nixpkgs.llvmPackages_11;
 | |
|   clangStdenv = nixpkgs.llvmPackages_11.stdenv;
 | |
|   stdenv = nixpkgs.llvmPackages_11.stdenv;
 | |
| 
 | |
|   clang-tools = (nixpkgs.clang-tools.override {
 | |
|     llvmPackages = nixpkgs.llvmPackages_11;
 | |
|   });
 | |
| 
 | |
|   # Provide Emacs 27
 | |
|   #
 | |
|   # The assert exists because the name of the attribute is unversioned
 | |
|   # (which is different from previous versions).
 | |
|   emacs27 = assert ((exposed.lib.versions.major nixpkgs.emacs.version) == "27");
 | |
|     nixpkgs.emacs.overrideAttrs(old: {
 | |
|       configureFlags = old.configureFlags ++ [ "--with-cairo" ];
 | |
|     });
 | |
| 
 | |
|   emacs27-nox = assert ((exposed.lib.versions.major nixpkgs.emacs.version) == "27");
 | |
|     nixpkgs.emacs-nox;
 | |
| 
 | |
|   # Make NixOS available
 | |
|   nixos = import "${nixpkgsSrc}/nixos";
 | |
| })
 |