this includes the fix for a remote code excecution as root
https://github.com/NixOS/nixpkgs/pull/323761
(probably CVE-2024-6387)
annoyingly it did not bump the version number (to check that the fix
is indeed there, one has to check wich patches are applied).
it also adds nextcloud to the permitteed insecure packages because we
again didn't update it in time (in fairness, it is also broken).
fun irony!
note: tracktrain is now built on nixpkgs-unstable haskell packages;
using nixpkgs-stable with a newer version of haskellPackages.filepath is
unfortunately broken for now.
We can move back to nixpkgs-stable with it once the 24.05 release has
happened.
This is the initial version for this year's run of absurd train
operations. I won't dare to call it a release for at least another month
or so, so no version number.
Changes done in our nixfiles:
- tracktrain now needs ntfy-sh so people (read: I) can get push
notifications if things break or at least look a little weird
- I removed the grafana instance; seems like somewhere in the last year
they changed how to host it under a sub-path (ours was at /metrics),
so it broke, and I'm not feeling any particular urge to fix it
- last year's database contents have been yoten
- also manually updated the gtfs (though I intend to implement logic
for fetching it in tracktrain, I first need to drag Ilztalbahn into
actually publishing up-to-date versions again first)
this copies the current mattermost package definition from upstream
nixpkgs into our repo as-is (that definition itself being a modified
version of our definition that I upstreamed recently).
Since apparently no one else is maintaining the nixpkgs package and I am
apparently maintaining a mattermost package mostly on my own anyways,
this should make upstreaming future changes easier.
This jumps Mattermost ESR Versions (see [1] for their release cycle). The
new version makes use of Go's workspace feature, which unfortunately the
buildGoModule function does not (yet?) support [2], and unfortunately this
breaks the previous build process for mattermost.
Further, the new release also makes use of private modules only included
in the (non-free) enterprise version of mattermost which makes it impossible
to build in the usual way even outside of nixpkgs's build abstractions [3].
Both issues can be solved by using Go 1.22, which has added support for
vendoring when using workspaces, and instructing it to ignore errors with
the -e flag. This requires overriding the go-modules derivation's buildPhase.
Finally, this now also build the commands/mmctl subpackage, which contains
a cli utility to administrate mattermost. This currently has its own nixpkgs
package for no reason i can see at all (it also has a version mismatch
between nixpkgs's mattermost and nixpkgs's mmctl).
[1] https://docs.mattermost.com/upgrade/extended-support-release.html
[2] https://github.com/NixOS/nixpkgs/issues/203039
[3] https://github.com/mattermost/mattermost/issues/26221
