Move third-party Haskell overrides to digitallyinduced/nixpkgs fork#2624
Open
mpscholten wants to merge 5 commits intomasterfrom
Open
Move third-party Haskell overrides to digitallyinduced/nixpkgs fork#2624mpscholten wants to merge 5 commits intomasterfrom
mpscholten wants to merge 5 commits intomasterfrom
Conversation
Switch the nixpkgs flake input to a digitallyinduced/nixpkgs fork that snapshots upstream/haskell-updates, which already carries every package IHP needs from the upstream PRs previously pushed: hasql 1.10 stack, hasql-mapping, postgresql-types (nikita-volkov family), temporary-ospath, wai-session-maybe, wai-session-clientsession-deferred, countable-inflections 0.3.2, ptr-peeker unbroken, and hasql-interpolate with the cabal-revisioned hasql 1.10 support. NixSupport/overlay.nix shrinks ~70 lines: the entire third-party hackage block is gone, as is the unused hackageOrLocal helper. In its place, a small rebind block points haskellPackages.hasql etc. at the version-suffixed attrs (hasql_1_10_3, hasql-pool_1_4_2, ...) the fork ships as extra-packages. Postgrest is unaffected because its own overrideScope in configuration-common.nix pins to super.hasql_1_6_4_4. NixSupport/hackage/ now holds only ihp-zip.nix (the IHP-maintained fork of zip that doesn't live on Hackage). update-nix-from-cabal.sh's third-party section is deleted accordingly. Structural benefit: the IFD foot-gun is gone. There is no longer any place in the overlay where adding a new Hackage dep via callHackage would be tempting — new deps must come through the fork. Verified IFD-free with --no-allow-import-from-derivation on ihp, ihp-datasync, ihp-typed-sql, ihp-pglistener, ihp-migrate, and ghc912-ihp-datasync. The pre-existing yarn.nix IFD in the guide check (via mkYarnModules) is unrelated and untouched. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> # Conflicts: # update-nix-from-cabal.sh
mpscholten
force-pushed
the
feature/nixpkgs-fork
branch
from
81000a2 to
84bda28
Compare
Picks up ~200 commits of upstream haskell-updates progression since the initial snapshot at c11132a13656. IFD-free eval re-verified on ihp, ihp-datasync, and ghc912-ihp-datasync. ihp-zip is not yet in hackage-packages.nix in this snapshot either, so NixSupport/hackage/ihp-zip.nix remains. Will be removable in a follow-up after nixpkgs's next hackage2nix regeneration catches up to Hackage. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The haskell-updates snapshot ships tls 2.1.8 whose test suite has 4
flaky TLS 1.3 PSK handshake property tests ("handshake can handshake
with TLS 1.3 PSK", "... PSK ticket", "... 0RTT") that fail under nix
check phase on aarch64-darwin. They blocked the whole nix flake check
graph via transitive dep.
dontCheck is the same remedy used for say/text-icu/cryptonite in the
per-GHC 9.12 / 9.14 blocks. IHP doesn't exercise the failing code
paths directly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
devenv-module.nix was using pkgs.haskellPackages.mmark-cli, which bypasses the overlay defined in NixSupport/overlay.nix. That meant the tls = dontCheck super.tls override added in ed609ab only applied to pkgs.ghc.* and pkgs.ghc912.*, but not to mmark-cli's transitive tls dep — so the flaky tls 2.1.8 test suite still ran during CI and still killed the whole graph. Switching to pkgs.ghc.mmark-cli makes mmark-cli pull in the overridden tls (with dontCheck), unblocking CI. pkgs.ghc is the full overlay- aware haskellPackages set (created via haskellPackages.override), so any package not explicitly overridden is still the default version. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The nixpkgs fork (haskell-updates snapshot) now ships ghc-9.14.1, which flipped `pkgs.haskell.packages ? ghc914` from false to true and started gating CI on 35+ ghc914-* package checks. They all fail on the first transitive dep that still upper-bounds ghc <9.13 — in this run, ghc-tcplugins-extra-0.5. The original intent of the conditional was "only check ghc914 if nixpkgs includes it" — assuming that would gate on whether upstream had merged 9.14 support. In practice the ecosystem lags behind the compiler: nixpkgs ships 9.14 before downstream deps support it. Keeping overlay.nix's ghc914 branch (opt-in for anyone who wants to try it), just not gating CI on it. When the ecosystem catches up we can re-enable. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Core Size & Compile Allocations Benchmark
HTTP Latency (GET /, 5000 reqs, 10 concurrent)
Top 10 modules (this PR)
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
nixpkgsflake input todigitallyinduced/nixpkgs:ihp-nixpkgs, a snapshot ofupstream/haskell-updatesthat already carries every Hackage package IHP needs (hasql 1.10 stack, hasql-mapping, postgresql-types family, temporary-ospath, wai-session-maybe, countable-inflections 0.3.2, ptr-peeker unbroken, hasql-interpolate with cabal-revisioned hasql 1.10 support).NixSupport/overlay.nixby ~70 lines: deletes the third-party block, deletes the unusedhackageOrLocalhelper, and replaces it with a small rebind block pointinghaskellPackages.hasqletc. at the fork's version-suffixed attributes.NixSupport/hackage/*.nixfiles. Onlyihp-zip.nixstays (IHP-maintained fork of zip, not on Hackage).update-nix-from-cabal.sh's third-party loop is deleted accordingly.Why
The pre-generated
NixSupport/hackage/approach worked but was a footgun magnet: adding a new Hackage dep viacallHackage(IFD) would silently break nix caching, and nothing in the structure prevented it. Pushing these overrides into a nixpkgs fork means there is no longer a place in IHP's own overlay where it would even be tempting to reach forcallHackage. New third-party deps now go through the fork.nixpkgs-nixosstays onnixos-25.11— only the Haskell-package input switches.Fork contents
Branch
ihp-nixpkgsindigitallyinduced/nixpkgsis a direct snapshot ofNixOS/nixpkgs:haskell-updatesatc11132a13656. No IHP-specific commits sit on top — every override IHP needs is already in upstreamhaskell-updatesfrom previously-merged PRs. To bump the snapshot: fast-forwardihp-nixpkgsto a newerhaskell-updatestip andnix flake update nixpkgs.Verification
Ran with
nix eval --no-allow-import-from-derivation:.#packages.aarch64-darwin.default.#packages.aarch64-darwin.ihp-datasync.#packages.aarch64-darwin.ihp-typed-sql.#packages.aarch64-darwin.ihp-pglistener.#packages.aarch64-darwin.migrate.#checks.aarch64-darwin.ghc912-ihp-datasync.#checks.aarch64-darwin(attr eval)The pre-existing
yarn.nixIFD in.#checks.aarch64-darwin.guide(viapkgs.mkYarnModules) is unrelated —NixSupport/default.nix:416wasn't touched and the baseline had the same state.Test plan
nix flake check --impureagainst default GHC (9.10) and GHC 9.12nix developworks andghc-pkg list hasqlshows1.10.3ghc-pkg list postgresql-typesshows0.1.2🤖 Generated with Claude Code