[feat] all dependencies build

wireapp · May 29, 2024 · b5e1571 · b5e1571
1 parent 39a35d3
commit b5e1571
Show file tree

Hide file tree

Showing 8 changed files with 1,713 additions and 1,128 deletions.
diff --git a/libs/libzauth/libzauth-c/Cargo.lock b/libs/libzauth/libzauth-c/Cargo.lock
diff --git a/libs/libzauth/libzauth-c/Cargo.nix b/libs/libzauth/libzauth-c/Cargo.nix
diff --git a/libs/libzauth/libzauth-c/crate-hashes.json b/libs/libzauth/libzauth-c/crate-hashes.json
diff --git a/nix/haskell-pins.nix b/nix/haskell-pins.nix
@@ -36,7 +36,7 @@
 # and update the 'rev' field of the pin under 'gitPins'.
 #
 # 2. Update 'sha256' field under `fetchgit` to be an empty string.  (This step is optional:
-# since the hash has changed, the error will be the same if you remove it or if you leave the
+# since the sha256 has changed, the error will be the same if you remove it or if you leave the
 # old value in place.)
 #
 # 3. Run step 3. from how to add a git pin.
@@ -66,24 +66,25 @@ let
     transitive-anns = {
       src = fetchgit {
         url = "https://github.com/wireapp/transitive-anns";
-        rev = "95ee8b5f9c47fe04f8f0d1321f0ade261ab9af54";
-        sha256 = "sha256-8NEAHkCBlGO6xnG2K3Lllb2xiCHSYf/dSV1YrmBkOW8=";
+        rev = "5e0cad1f411a0c92e6445404c205ddd4a0229c4d";
+        hash = "sha256-/P4KJ4yZgqhZhzmg1GcE+Ti4kdsWUQX8q++RhgCUDKI=";
       };
     };
 
     cryptobox-haskell = {
       src = fetchgit {
         url = "https://github.com/wireapp/cryptobox-haskell";
         rev = "7546a1a25635ef65183e3d44c1052285e8401608";
-        sha256 = "0dgizj1kc135yzzqdf5l7f5ax0qpvrr8mxvg7s1dbm01cf11aqzn";
+        hash = "sha256-9mMVgmMB1NWCPm/3inLeF4Ouiju0uIb/92UENoP88TU=";
       };
     };
 
+    # FIXME(mangoiv): should be merged https://github.com/wireapp/saml2-web-sso/pull/86
     saml2-web-sso = {
       src = fetchgit {
         url = "https://github.com/wireapp/saml2-web-sso";
-        rev = "0cf23a87b140ba5b960a848ecad3976e6fdaac88";
-        sha256 = "sha256-Gm58Yjt5ZGh74cfEjcZSx6jvwkpFC324xTPLhLS29r0=";
+        rev = "9474485e6ed45930b75524f97633f7e036fc0273";
+        hash = "sha256-TkULURVk7lDHXpbXREwowxFoiUp2VSVZWjr9KF48170=";
       };
     };
 
@@ -95,7 +96,7 @@ let
       src = fetchgit {
         url = "https://github.com/wireapp/bloodhound";
         rev = "abf819a4a6ec7601f1e58cb8da13b2fdad377d9e";
-        sha256 = "sha256-m1O+F/mOJN5z5WNChmeyHP4dtmLRkl2YnLlTuwzRelk=";
+        hash = "sha256-m1O+F/mOJN5z5WNChmeyHP4dtmLRkl2YnLlTuwzRelk=";
       };
     };
 
@@ -104,7 +105,7 @@ let
       src = fetchgit {
         url = "https://github.com/akshaymankar/hs-certificate";
         rev = "9e293695d8ca5efc513ee0082ae955ff9b32eb6b";
-        sha256 = "sha256-mD5Dvuzol3K9CNNSfa2L9ir9AbrQ8HJc0QNmkK3qBWk=";
+        hash = "sha256-mD5Dvuzol3K9CNNSfa2L9ir9AbrQ8HJc0QNmkK3qBWk=";
       };
       packages = {
         "crypton-x509-validation" = "x509-validation";
@@ -116,15 +117,16 @@ let
       src = fetchgit {
         url = "https://github.com/wireapp/HaskellNet-SSL";
         rev = "c2844b63a39f458ffbfe62f2ac824017f1f84453";
-        sha256 = "sha256-1mu/yEAWr3POY4MHRomum0DDvs5Qty1JvP3v5GS2u64=";
+        hash = "sha256-1mu/yEAWr3POY4MHRomum0DDvs5Qty1JvP3v5GS2u64=";
       };
     };
 
+    # PR https://github.com/dylex/hsaml2/pull/20
     hsaml2 = {
       src = fetchgit {
-        url = "https://github.com/dylex/hsaml2";
-        rev = "95d9dc7502c2533f7927de00cbc2bd20ad989ace";
-        sha256 = "sha256-z3s/ZkkCd2ThVBsu72pS/+XygHImuffz/HVy3hkQ6eo=";
+        url = "https://github.com/mangoiv/hsaml2";
+        rev = "d35f92a3253d146c92caf371b90eb4889841918a";
+        hash = "sha256-gufEAC7fFqafG8dXkGIOSfAcVv+ZWkawmBgUV+Ics2s=";
       };
     };
 
@@ -134,7 +136,7 @@ let
       src = fetchgit {
         url = "https://github.com/wireapp/hedis";
         rev = "c45975e4b5f42b9d0c853e2d59ed55582f6b1482";
-        sha256 = "sha256-oB7Z7ErYFguLiWPaFzCsD3Q+7UPfAkvdkc8aKSePmbQ=";
+        hash = "sha256-oB7Z7ErYFguLiWPaFzCsD3Q+7UPfAkvdkc8aKSePmbQ=";
       };
     };
 
@@ -143,7 +145,7 @@ let
       src = fetchgit {
         url = "https://github.com/wireapp/http-client";
         rev = "37494bb9a89dd52f97a8dc582746c6ff52943934";
-        sha256 = "sha256-z47GlT+tHsSlRX4ApSGQIpOpaZiBeqr72/tWuvzw8tc=";
+        hash = "sha256-z47GlT+tHsSlRX4ApSGQIpOpaZiBeqr72/tWuvzw8tc=";
       };
       packages = {
         "http-client" = "http-client";
@@ -158,7 +160,7 @@ let
       src = fetchgit {
         url = "https://github.com/wireapp/hspec-wai";
         rev = "08176f07fa893922e2e78dcaf996c33d79d23ce2";
-        sha256 = "sha256-Nc5POjA+mJt7Vi3drczEivGsv9PXeVOCSwp21lLmz58=";
+        hash = "sha256-Nc5POjA+mJt7Vi3drczEivGsv9PXeVOCSwp21lLmz58=";
       };
     };
 
@@ -167,7 +169,7 @@ let
       src = fetchgit {
         url = "https://github.com/wireapp/cql";
         rev = "abbd2739969d17a909800f282d10d42a254c4e3b";
-        sha256 = "sha256-2MYwZKiTdwgjJdLNvECi7gtcIo+3H4z1nYzen5x0lgU=";
+        hash = "sha256-2MYwZKiTdwgjJdLNvECi7gtcIo+3H4z1nYzen5x0lgU=";
       };
     };
 
@@ -176,7 +178,7 @@ let
       src = fetchgit {
         url = "https://github.com/wireapp/cql-io";
         rev = "c2b6aa995b5817ed7c78c53f72d5aa586ef87c36";
-        sha256 = "sha256-DMRWUq4yorG5QFw2ZyF/DWnRjfnzGupx0njTiOyLzPI=";
+        hash = "sha256-DMRWUq4yorG5QFw2ZyF/DWnRjfnzGupx0njTiOyLzPI=";
       };
     };
 
@@ -186,7 +188,7 @@ let
       src = fetchgit {
         url = "https://github.com/wireapp/wai-predicates";
         rev = "ff95282a982ab45cced70656475eaf2cefaa26ea";
-        sha256 = "sha256-x2XSv2+/+DG9FXN8hfUWGNIO7V4iBhlzYz19WWKaLKQ=";
+        hash = "sha256-x2XSv2+/+DG9FXN8hfUWGNIO7V4iBhlzYz19WWKaLKQ=";
       };
     };
 
@@ -195,7 +197,7 @@ let
       src = fetchgit {
         url = "https://github.com/wireapp/wai-routing";
         rev = "7e996a93fec5901767f845a50316b3c18e51a61d";
-        sha256 = "18icwks9jc6sy42vcvj2ysaip2s0dsrpvm9sy608b6nq6kk1ahlk";
+        hash = "sha256-k0IV5jTYmoWA8TrVfbNuQIsblfZCbrYF8dowmfTkLKI=";
       };
     };
 
@@ -204,7 +206,7 @@ let
       src = fetchgit {
         url = "https://github.com/wireapp/tasty";
         rev = "97df5c1db305b626ffa0b80055361b7b28e69cec";
-        sha256 = "sha256-oACehxazeKgRr993gASRbQMf74heh5g0B+70ceAg17I=";
+        hash = "sha256-oACehxazeKgRr993gASRbQMf74heh5g0B+70ceAg17I=";
       };
       packages = {
         tasty-hunit = "hunit";
@@ -216,24 +218,25 @@ let
     servant-openapi3 = {
       src = fetchgit {
         url = "https://github.com/wireapp/servant-openapi3";
-        rev = "5cdb2783f15058f753c41b800415d4ba1149a78b";
-        sha256 = "sha256-8FM3IAA3ewCuv9Mar8aWmzbyfKK9eLXIJPMHzmYb1zE=";
+        rev = "0db0095040df2c469a48f5b8724595f82afbad0c";
+        hash = "sha256-iKMWd+qm8hHhKepa13VWXDPCpTMXxoOwWyoCk4lLlIY=";
       };
     };
 
+    # we need HEAD, the latest release is too old
     postie = {
       src = fetchgit {
         url = "https://github.com/alexbiehl/postie";
         rev = "7321b977a2b427e0be782b7239901e4edfbb027f";
-        sha256 = "sha256-DKugy4EpRsSgaGvybdh2tLa7HCtoxId+7RAAAw43llA=";
+        hash = "sha256-DKugy4EpRsSgaGvybdh2tLa7HCtoxId+7RAAAw43llA=";
       };
     };
 
     tinylog = {
       src = fetchgit {
         url = "https://github.com/wireapp/tinylog.git";
         rev = "9609104263e8cd2a631417c1c3ef23e090de0d09";
-        sha256 = "sha256-htEIJY+LmIMACVZrflU60+X42/g14NxUyFM7VJs4E6w=";
+        hash = "sha256-htEIJY+LmIMACVZrflU60+X42/g14NxUyFM7VJs4E6w=";
       };
     };
 
@@ -242,7 +245,7 @@ let
       src = fetchgit {
         url = "https://github.com/wireapp/tasty-ant-xml";
         rev = "34ff294d805e62e73678dccc0be9d3da13540fbe";
-        sha256 = "sha256-+rHcS+BwEFsXqPAHX/KZDIgv9zfk1dZl0LlZJ57Com4=";
+        hash = "sha256-+rHcS+BwEFsXqPAHX/KZDIgv9zfk1dZl0LlZJ57Com4=";
       };
     };
 
@@ -256,10 +259,15 @@ let
     };
     # PR: https://github.com/yesodweb/wai/pull/958
     warp = {
+      # src = fetchgit {
+      #   url = "https://github.com/wireapp/wai";
+      #   rev = "8b20c9db265a202a2c7ba2a9ec8786a1ee59957b";
+      #   hash = "sha256-fKUSiRl38FKY1gFSmbksktoqoLfQrDxRRWEh4k+RRW4=";
+      # };
       src = fetchgit {
-        url = "https://github.com/wireapp/wai";
-        rev = "bedd6a835f6d98128880465c30e8115fa986e3f6";
-        sha256 = "sha256-0r/d9YwcKZIZd10EhL2TP+W14Wjk0/S8Q4pVvZuZLaY=";
+        url = "https://github.com/yesodweb/wai";
+        rev = "d50e1184600631a114e3d2ad119abdf0ef08834b";
+        hash = "sha256-C2IeAookelho7Wb3t4tadItQxTNHry0ZKXAw0ZnyoEs=";
       };
       packages = {
         "warp" = "warp";
@@ -273,21 +281,6 @@ let
       version = "0.4.0";
       sha256 = "sha256-DSMckKIeVE/buSMg8Mq+mUm1bYPYB7veA11Ns7vTBbc=";
     };
-
-    # these are not yet in nixpkgs
-    ghc-source-gen = {
-      version = "0.4.4.0";
-      sha256 = "sha256-ZSJGF4sdr7tOCv6IUCjIiTrFYL+5gF4W3U6adjBODrE=";
-    };
-    hoogle = {
-      version = "5.0.18.4";
-      sha256 = "sha256-gIc4hpdUfTS33rZPfzwLfVcXkQaglmsljqViyYdihdk=";
-    };
-    # dependency of hoogle
-    safe = {
-      version = "0.3.20";
-      sha256 = "sha256-PGwjhrRnkH8cLhd7fHTZFd6ts9abp0w5sLlV8ke1yXU=";
-    };
   };
   # Name -> Source -> Maybe Subpath -> Drv
   mkGitDrv = name: src: subpath:

diff --git a/nix/manual-overrides.nix b/nix/manual-overrides.nix
@@ -1,4 +1,4 @@
-{ libsodium, protobuf, hlib, mls-test-cli, ... }:
+{ libsodium, protobuf, hlib, mls-test-cli, fetchurl, curl, ... }:
 # FUTUREWORK: Figure out a way to detect if some of these packages are not
 # actually marked broken, so we can cleanup this file on every nixpkgs bump.
 hself: hsuper: {
@@ -7,21 +7,24 @@ hself: hsuper: {
   # (these are in general not fine they need to be investigated)
   # FUTUREWORK: investigate whether all of these tests need to fail
   # ----------------
-  amqp = hlib.dontCheck hsuper.amqp_0_22_2;
+
+  # tests don't compile because `replicateM` isn't in scope. this dependency should be dropped asap
+  wai-route = hlib.dontCheck hsuper.wai-route;
+
   # test suite doesn't compile and needs network access
   bloodhound = hlib.dontCheck hsuper.bloodhound;
   # tests need network access, cabal2nix disables haddocks
   cql-io = hlib.doHaddock (hlib.dontCheck hsuper.cql-io);
   # PR with fix: https://github.com/freckle/hspec-junit-formatter/pull/23
   # the PR has been merged, but has not arrived in nixpkgs
   hspec-junit-formatter = hlib.markUnbroken (hlib.dontCheck hsuper.hspec-junit-formatter);
-  markov-chain-usage-model = hlib.markUnbroken (hlib.dontCheck hsuper.markov-chain-usage-model);
-  openapi3 = hlib.markUnbroken (hlib.dontCheck hsuper.openapi3);
-  quickcheck-state-machine = hlib.dontCheck hsuper.quickcheck-state-machine;
+  quickcheck-state-machine = hlib.markUnbroken (hlib.dontCheck hsuper.quickcheck-state-machine);
   saml2-web-sso = hlib.dontCheck hsuper.saml2-web-sso;
+  # these are okay, the only issue is that the compiler underlines
+  # errors differently than before
+  singletons-base = hlib.markUnbroken (hlib.dontCheck hsuper.singletons-base);
   # one of the tests is flaky
   transitive-anns = hlib.dontCheck hsuper.transitive-anns;
-  warp = hlib.dontCheck hsuper.warp;
 
   # Tests require a running redis
   hedis = hlib.dontCheck hsuper.hedis;
@@ -34,30 +37,44 @@ hself: hsuper: {
   binary-parsers = hlib.markUnbroken (hlib.doJailbreak hsuper.binary-parsers);
   bytestring-arbitrary = hlib.markUnbroken (hlib.doJailbreak hsuper.bytestring-arbitrary);
   lens-datetime = hlib.markUnbroken (hlib.doJailbreak hsuper.lens-datetime);
-  network-arbitrary = hlib.markUnbroken (hlib.doJailbreak hsuper.network-arbitrary);
-  proto-lens-protoc = hlib.doJailbreak hsuper.proto-lens-protoc;
-  proto-lens-setup = hlib.doJailbreak hsuper.proto-lens-setup;
-  th-desugar = hlib.doJailbreak hsuper.th-desugar;
+  libsodium = hlib.markUnbroken (hlib.addPkgconfigDepend hsuper.libsodium (
+    libsodium.overrideAttrs (old: 
+      rec {
+        # we don't care for the patches for mingw and for 1.0.19
+        patches = [];
+        version = "1.0.18";
+        src = fetchurl {
+          url = "https://download.libsodium.org/libsodium/releases/${old.pname}-${version}.tar.gz";
+          hash = "sha256-b1BEkLNCpPikxKAvybhmy++GItXfTlRStGvhIeRmNsE=";
+        };
+      }
+    )));
+
+  # depend on an old version of hedgehog
+  polysemy-test = hlib.markUnbroken (hlib.doJailbreak hsuper.polysemy-test);
+  polysemy-conc = hlib.markUnbroken (hlib.doJailbreak hsuper.polysemy-conc);
 
   # ------------------------------------
   # okay but marked broken (nixpkgs bug)
   # (we can unfortunately not do anything here but update nixpkgs)
   # ------------------------------------
-  bytestring-conversion = hlib.markUnbroken hsuper.bytestring-conversion;
   template = hlib.markUnbroken hsuper.template;
-  polysemy-test = hlib.markUnbroken hsuper.polysemy-test;
 
   # -----------------
   # version overrides
   # (these are fine but will probably need to be adjusted in a future nixpkgs update)
   # -----------------
-  hpack = hsuper.hpack_0_36_0;
-  linear-generics = hsuper.linear-generics_0_2_2;
-  network-conduit-tls = hsuper.network-conduit-tls_1_4_0;
-  optparse-generic = hsuper.optparse-generic_1_5_2;
-  th-abstraction = hsuper.th-abstraction_0_5_0_0;
-  tls = hsuper.tls_1_9_0;
-  warp-tls = hsuper.warp-tls_3_4_3;
+  tls = hsuper.tls_2_0_5;
+  tls-session-manager = hsuper.tls-session-manager_0_0_5;
+
+  # for warp (and its transitive deps)
+  # we have a PR open, this needed updating and that transitively needs a few 
+  # newer deps
+  auto-update = hsuper.auto-update_0_2_0;
+  http2 = hsuper.http2_5_2_1;
+  time-manager = hsuper.time-manager_0_1_0;
+  network-control = hsuper.network-control_0_1_0;
+  # end for warp
 
   # -----------------
   # flags and patches
@@ -70,4 +87,5 @@ hself: hsuper: {
   types-common-journal = hlib.addBuildTool hsuper.types-common-journal protobuf;
   wire-api = hlib.addBuildTool hsuper.wire-api mls-test-cli;
   wire-message-proto-lens = hlib.addBuildTool hsuper.wire-message-proto-lens protobuf;
+  warp = hlib.addTestToolDepend hsuper.warp curl;
 }
diff --git a/nix/sources.json b/nix/sources.json
@@ -1,26 +1,14 @@
 {
-    "bombon": {
-        "branch": "main",
-        "description": "Nix CycloneDX Software Bills of Materials (SBOMs)",
-        "homepage": "",
-        "owner": "nikstur",
-        "repo": "bombon",
-        "rev": "09dce0377beb87c24822f79501d6c76166105788",
-        "sha256": "1z80waaimga03m4b0nhc3djaca4y2bh0dq8mc1r8s59hqngc22ch",
-        "type": "tarball",
-        "url": "https://github.com/nikstur/bombon/archive/09dce0377beb87c24822f79501d6c76166105788.tar.gz",
-        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
-    },
     "nixpkgs": {
         "branch": "nixpkgs-unstable",
         "description": "Nix Packages collection",
         "homepage": "https://github.com/NixOS/nixpkgs",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
-        "sha256": "114ggf0xbwq16djg4qql3jljknk9xr8h7dw18ccalwqg9k1cgv0g",
+        "rev": "4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4",
+        "sha256": "1ibmc6iijim53bpi1wc1b295l579wzxgs8ynmsi0ldgjrxhgli1a",
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d.tar.gz",
+        "url": "https://github.com/NixOS/nixpkgs/archive/4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "nixpkgs-cargo": {