diff --git a/changelog.d/5-internal/update-nix-env b/changelog.d/5-internal/update-nix-env new file mode 100644 index 00000000000..379ad1b96b8 --- /dev/null +++ b/changelog.d/5-internal/update-nix-env @@ -0,0 +1 @@ +Upgrade wire-server's Nix env. Switch to nixpkgs `nixos-25.11` (the release branch). diff --git a/flake.lock b/flake.lock index aa065d4c194..1d17c5750d5 100644 --- a/flake.lock +++ b/flake.lock @@ -103,23 +103,6 @@ "type": "github" } }, - "hsaml2": { - "flake": false, - "locked": { - "lastModified": 1717163391, - "narHash": "sha256-gufEAC7fFqafG8dXkGIOSfAcVv+ZWkawmBgUV+Ics2s=", - "owner": "dylex", - "repo": "hsaml2", - "rev": "874627ad22e69afe4d9a797e39633ffb30697c78", - "type": "github" - }, - "original": { - "owner": "dylex", - "ref": "main", - "repo": "hsaml2", - "type": "github" - } - }, "hspec-wai": { "flake": false, "locked": { @@ -156,17 +139,17 @@ }, "nixpkgs": { "locked": { - "lastModified": 1765772535, - "narHash": "sha256-aq+dQoaPONOSjtFIBnAXseDm9TUhIbe215TPmkfMYww=", + "lastModified": 1770770419, + "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "09b8fda8959d761445f12b55f380d90375a1d6bb", + "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a", "type": "github" }, "original": { "owner": "nixos", + "ref": "nixos-25.11", "repo": "nixpkgs", - "rev": "09b8fda8959d761445f12b55f380d90375a1d6bb", "type": "github" } }, @@ -211,7 +194,6 @@ "cql-io": "cql-io", "flake-utils": "flake-utils", "hedis": "hedis", - "hsaml2": "hsaml2", "hspec-wai": "hspec-wai", "http-client": "http-client", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index 242b5774b03..070afbd9a40 100644 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,7 @@ inputs = { self.submodules = true; - nixpkgs.url = "github:nixos/nixpkgs?rev=09b8fda8959d761445f12b55f380d90375a1d6bb"; + nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.11"; nixpkgs_24_11.url = "github:nixos/nixpkgs?ref=nixos-24.11"; flake-utils.url = "github:numtide/flake-utils"; tom-bombadil = { @@ -16,10 +16,6 @@ url = "github:wireapp/bloodhound?ref=wire-fork"; flake = false; }; - hsaml2 = { - url = "github:dylex/hsaml2?ref=main"; - flake = false; - }; hedis = { url = "github:wireapp/hedis?ref=wire-changes"; flake = false; diff --git a/integration/scripts/integration-dynamic-backends-vhosts.sh b/integration/scripts/integration-dynamic-backends-vhosts.sh index 5478a68b03a..00f3176f980 100755 --- a/integration/scripts/integration-dynamic-backends-vhosts.sh +++ b/integration/scripts/integration-dynamic-backends-vhosts.sh @@ -7,6 +7,6 @@ DOMAIN=$2 echo 'Creating RabbitMQ resources' -curl --cacert /certs/rabbitmq-ca/ca.pem -u "$RABBITMQ_USERNAME:$RABBITMQ_PASSWORD" -X PUT "$ENDPOINT_URL/$DOMAIN" +curl --cacert /certs/rabbitmq-ca/ca.crt -u "$RABBITMQ_USERNAME:$RABBITMQ_PASSWORD" -X PUT "$ENDPOINT_URL/$DOMAIN" echo "RabbitMQ vhost created successfully for $DOMAIN" diff --git a/nix/haskell-pins.nix b/nix/haskell-pins.nix index c723af12bc1..79f352ca20f 100644 --- a/nix/haskell-pins.nix +++ b/nix/haskell-pins.nix @@ -62,11 +62,6 @@ let src = inputs.bloodhound; }; - # Merged PR https://github.com/dylex/hsaml2/pull/20 - hsaml2 = { - src = inputs.hsaml2; - }; - # PR: https://github.com/informatikr/hedis/pull/224 # PR: https://github.com/informatikr/hedis/pull/226 # PR: https://github.com/informatikr/hedis/pull/227 @@ -170,23 +165,6 @@ let }; hackagePins = { - # start pinned dependencies for http2 - http-semantics = { - version = "0.4.0"; - sha256 = "sha256-rh0z51EKvsu5rQd5n2z3fSRjjEObouNZSBPO9NFYOF0="; - }; - - network-run = { - version = "0.5.0"; - sha256 = "sha256-vbXh+CzxDsGApjqHxCYf/ijpZtUCApFbkcF5gyN0THU="; - }; - - time-manager = { - version = "0.2.4"; - sha256 = "sha256-sAt/331YLQ2IU3z90aKYSq1nxoazv87irsuJp7ZG3pw="; - }; - # end pinned dependencies for http2 - # This pin should not be necessary. However, without it, Nix tries to fetch # the sources from the `amazonka` package and fails. # Fix: https://github.com/NixOS/nixpkgs/pull/409098 @@ -205,9 +183,11 @@ let version = "3.4.12"; sha256 = "sha256-Y9xQ1wBbBtSZ4qw3yTGSYX27qi2uFRDJVtAdmQqRnFQ="; }; - http2 = { - version = "5.4.0"; - sha256 = "sha256-PeEWVd61bQ8G7LvfLeXklzXqNJFaAjE2ecRMWJZESPE="; + + # Version freshly released, thus not in nixpkgs, yet: https://github.com/dylex/hsaml2/issues/21 + hsaml2 = { + version = "0.2.0"; + sha256 = "sha256-kEalrs79uI8CMaVa7suYEzeer/YqFoJOqkV+LhiUwY4="; }; }; # Name -> Source -> Maybe Subpath -> Drv diff --git a/nix/manual-overrides.nix b/nix/manual-overrides.nix index 41181092c99..2a561e53f66 100644 --- a/nix/manual-overrides.nix +++ b/nix/manual-overrides.nix @@ -31,6 +31,9 @@ hself: hsuper: { hasql-transaction = hlib.dontCheck hsuper.hasql-transaction; # users 1.2.1 from nixpkgs postgresql-binary = hlib.dontCheck (hsuper.postgresql-binary); + # Test fixtures don't seem to be bundled for Hackage + hsaml2 = hlib.dontCheck (hsuper.hsaml2); + # --------------------- # need to be jailbroken # (these need to be fixed upstream eventually) @@ -86,6 +89,10 @@ hself: hsuper: { # warp requires curl in its testsuite warp = hlib.addTestToolDepends hsuper.warp [ curl ]; + http-semantics = hsuper.http-semantics_0_4_0; + network-run = hsuper.network-run_0_5_0; + http2 = hsuper.http2_5_4_0; + # ----------------- # flags and patches # (these are fine)