flake: Use nixpkgs 24.11

nixpkgs 24.11 changes how we access xonsh yet again and updates clang. Unfortunately, clang 18 produces significantly more warnings on existing code that is challenging to fix. Make sure that doesn't error when we're running `-Werror` builds. n.b. I had to change the "SSL certificate problem: self-signed certificate" to the old error prior to the improved libcurl errors, since what is presumably a difference in which TLS library is used has cropped up between releases? Either way the curl error buffer is empty. Seems like we aggressively cannot do anything about this. Change-Id: If0141a46a8b445a0e7d6f86f939e8c8e03569bf5
2024-11-21 22:58:12 +00:00 · 2024-11-21 22:58:12 +00:00 · 445b7c7d8a
commit 445b7c7d8a
parent 9a96086381
6 changed files with 13 additions and 11 deletions
--- a/flake.lock
+++ b/flake.lock
@ -34,16 +34,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1727184566,
-        "narHash": "sha256-mgdK8BcFsLSNhe780+cHbEUbZ3OruLa1T/xgQlL4Aj4=",
+        "lastModified": 1733348545,
+        "narHash": "sha256-b4JrUmqT0vFNx42aEN9LTWOHomkTKL/ayLopflVf81U=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "48c3030083c46042584531bc9d931020f1975677",
+        "rev": "9ecb50d2fae8680be74c08bb0a995c5383747f89",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-24.05-small",
+        "ref": "nixos-24.11-small",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -67,11 +67,11 @@
    "pre-commit-hooks": {
      "flake": false,
      "locked": {
-        "lastModified": 1726745158,
-        "narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=",
+        "lastModified": 1733318908,
+        "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74",
+        "rev": "6f4e2a2112050951a314d2733a994fbab94864c6",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -2,7 +2,7 @@
  description = "Lix: A modern, delicious implementation of the Nix package manager";

  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11-small";
    nixpkgs-regression.url = "github:NixOS/nixpkgs/215d4d0fd80ca5163643b03a33fde804a29cc1e2";
    pre-commit-hooks = {
      url = "github:cachix/git-hooks.nix";
--- a/meson.build
+++ b/meson.build
@ -486,6 +486,7 @@ add_project_arguments(
  '-include', 'config.h',
  '-Wno-unused-parameter',
  '-Wno-deprecated-declarations',
+  '-Wno-missing-field-initializers',
  '-Wimplicit-fallthrough',
  '-Werror=switch',
  '-Werror=switch-enum',
--- a/package.nix
+++ b/package.nix
@ -470,7 +470,6 @@ stdenv.mkDerivation (finalAttrs: {
        just,
        nixfmt-rfc-style,
        skopeo,
-        xonsh,

        # Lix specific packages
        pre-commit-checks,
@ -506,7 +505,7 @@ stdenv.mkDerivation (finalAttrs: {
            p.requests
            p.xdg-base-dirs
            p.packaging
-            (p.toPythonModule pkgsBuildHost.xonsh.passthru.unwrapped)
+            p.xonsh
          ]
        );
        pythonEnv = python3.pythonOnBuildForHost.withPackages pythonPackages;
--- a/tests/nixos/default.nix
+++ b/tests/nixos/default.nix
@ -12,6 +12,8 @@ let
      defaults = {
        nixpkgs.pkgs = nixpkgsFor.${system}.native;
        nix.checkAllErrors = false;
+        # nixos-option fails to build with lix and no tests use any of the tools
+        system.disableInstallerTools = true;
      };
      _module.args.nixpkgs = nixpkgs;
      _module.args.system = system;
--- a/tests/nixos/fetchurl.nix
+++ b/tests/nixos/fetchurl.nix
@ -76,7 +76,7 @@ in
    # Fetching from a server with an untrusted cert should fail.
    err = machine.fail("nix build --no-substitute --expr 'import <nix/fetchurl.nix> { url = \"https://bad/index.html\"; hash = \"sha256-rsBwZF/lPuOzdjBZN2E08FjMM3JHyXit0Xi2zN+wAZ8=\"; }' 2>&1")
    print(err)
-    assert "SSL certificate problem: self-signed certificate" in err
+    assert "SSL peer certificate or SSH remote key was not OK" in err

    # Fetching from a server with a trusted cert should work via environment variable override.
    machine.succeed("NIX_SSL_CERT_FILE=/tmp/cafile.pem nix build --no-substitute --expr 'import <nix/fetchurl.nix> { url = \"https://bad/index.html\"; hash = \"sha256-rsBwZF/lPuOzdjBZN2E08FjMM3JHyXit0Xi2zN+wAZ8=\"; }'")