From bb0157fb7348a99aee88c7bbc0bde28769b977db Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Thu, 11 Jun 2026 18:12:51 +0200 Subject: [PATCH 1/9] Bump nixpkgs to 26.05 and update some haskell dependencies --- Makefile | 4 - flake.lock | 79 ++++++++++++-------- flake.nix | 23 ++++-- nix/default.nix | 2 +- nix/haskell-pins.nix | 59 ++++----------- nix/manual-overrides.nix | 42 ++++++----- nix/overlay-docs.nix | 8 +- nix/pkgs/python-docs/rst2pdf.nix | 36 --------- nix/pkgs/python-docs/sphinx-multiversion.nix | 20 ----- nix/pkgs/python-docs/sphinx_reredirects.nix | 18 ----- nix/pkgs/python-docs/svg2rlg.nix | 15 ---- nix/wire-server.nix | 1 - services/brig/federation-tests.sh | 47 ------------ 13 files changed, 106 insertions(+), 248 deletions(-) delete mode 100644 nix/pkgs/python-docs/rst2pdf.nix delete mode 100644 nix/pkgs/python-docs/sphinx-multiversion.nix delete mode 100644 nix/pkgs/python-docs/sphinx_reredirects.nix delete mode 100644 nix/pkgs/python-docs/svg2rlg.nix delete mode 100755 services/brig/federation-tests.sh diff --git a/Makefile b/Makefile index 6ecf57183ef..a9a0200f74b 100644 --- a/Makefile +++ b/Makefile @@ -499,10 +499,6 @@ kube-integration-test: kube-integration-teardown: export NAMESPACE=$(NAMESPACE); export HELM_PARALLELISM=$(HELM_PARALLELISM); ./hack/bin/integration-teardown-federation.sh -.PHONY: kube-integration-e2e-telepresence -kube-integration-e2e-telepresence: - ./services/brig/federation-tests.sh $(NAMESPACE) - .PHONY: helm-oci-login helm-oci-login: ./hack/bin/helm-oci-login.sh diff --git a/flake.lock b/flake.lock index 7777eb2c68a..5ba3c4181a0 100644 --- a/flake.lock +++ b/flake.lock @@ -3,17 +3,16 @@ "amazonka": { "flake": false, "locked": { - "lastModified": 1759730860, - "narHash": "sha256-cCRhHH/IgM7tPy8rXHTSRec1zxohO8NWxSVZEG1OjQw=", + "lastModified": 1781133009, + "narHash": "sha256-zeA69byUJv59avBMfstNuHzeG8V09o87Fp9N98aioII=", "owner": "brendanhay", "repo": "amazonka", - "rev": "a7d699be1076e2aad05a1930ca3937ffea954ad8", + "rev": "b562aa3f24845e34b95748daae671860017426be", "type": "github" }, "original": { "owner": "brendanhay", "repo": "amazonka", - "rev": "a7d699be1076e2aad05a1930ca3937ffea954ad8", "type": "github" } }, @@ -68,6 +67,22 @@ "type": "github" } }, + "cryptostore": { + "flake": false, + "locked": { + "lastModified": 1775634484, + "narHash": "sha256-L4sFE6+1MwwRFIkz/EZhTPuty8dH3IbKU6GyDQylEYg=", + "ref": "refs/heads/master", + "rev": "06afcd9e10445053ef8dc42aa0d9b94f900adfb7", + "revCount": 254, + "type": "git", + "url": "https://codeberg.org/ocheron/cryptostore.git" + }, + "original": { + "type": "git", + "url": "https://codeberg.org/ocheron/cryptostore.git" + } + }, "flake-compat": { "flake": false, "locked": { @@ -186,11 +201,11 @@ "hasql-migration": { "flake": false, "locked": { - "lastModified": 1777986637, - "narHash": "sha256-NdrqeecEdokSCqBm6BqZ9mCDnqgDzAiN5BMwjMcvv1Q=", + "lastModified": 1781189692, + "narHash": "sha256-2Z2M65X8Sw8X4Vn5DLhBoVj40MMngqURQUiFR815PPw=", "owner": "wireapp", "repo": "hasql-migration", - "rev": "6fe20bfb145dde56254089902734e2fcb079fc19", + "rev": "61a53a4b7dc589a5dad7c57c1ca9a38c87eb5690", "type": "github" }, "original": { @@ -217,6 +232,23 @@ "type": "github" } }, + "hsaml2": { + "flake": false, + "locked": { + "lastModified": 1781188458, + "narHash": "sha256-qWyv8W84jw5JQpmqHCvxMoLtvfxO2eK6qIoeX95rBJ0=", + "owner": "wireapp", + "repo": "hsaml2", + "rev": "b464d0e3ad173c10d773aef951020470beb72b3f", + "type": "github" + }, + "original": { + "owner": "wireapp", + "ref": "use-crypton-asn1", + "repo": "hsaml2", + "type": "github" + } + }, "hspec-wai": { "flake": false, "locked": { @@ -237,11 +269,11 @@ "http-client": { "flake": false, "locked": { - "lastModified": 1706706086, - "narHash": "sha256-z47GlT+tHsSlRX4ApSGQIpOpaZiBeqr72/tWuvzw8tc=", + "lastModified": 1781190499, + "narHash": "sha256-Ni40f1bsR7Rm9qtlVwve9KrMNv++pu8r9LEal4veDFk=", "owner": "wireapp", "repo": "http-client", - "rev": "37494bb9a89dd52f97a8dc582746c6ff52943934", + "rev": "08ae6f7b9b5d760feacabb4c5887abb44b5a080a", "type": "github" }, "original": { @@ -253,16 +285,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1779796641, - "narHash": "sha256-ZsIrKmhp4vbBXoXXmR/tBXA/UCsAQiJL9vsgZEduhVY=", + "lastModified": 1780902259, + "narHash": "sha256-q8yYEC5f1mFlQO9RGna4LTc9QrcvWunX6FYp83munkQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "25f538306313eae3927264466c70d7001dcea1df", + "rev": "bd0ff2d3eac24699c3664d5966b9ef36f388e2ca", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-25.11", + "ref": "nixos-26.05", "repo": "nixpkgs", "type": "github" } @@ -282,22 +314,6 @@ "type": "github" } }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1772963539, - "narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "9dcb002ca1690658be4a04645215baea8b95f31d", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_24_11": { "locked": { "lastModified": 1751274312, @@ -354,13 +370,14 @@ "bloodhound": "bloodhound", "cql": "cql", "cql-io": "cql-io", + "cryptostore": "cryptostore", "flake-utils": "flake-utils", "hasql-migration": "hasql-migration", "hedis": "hedis", + "hsaml2": "hsaml2", "hspec-wai": "hspec-wai", "http-client": "http-client", "nixpkgs": "nixpkgs", - "nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs_24_11": "nixpkgs_24_11", "postgresql-connection-string": "postgresql-connection-string", "postie": "postie", diff --git a/flake.nix b/flake.nix index 5a9b40ea81a..99f23c74270 100644 --- a/flake.nix +++ b/flake.nix @@ -3,9 +3,8 @@ inputs = { self.submodules = true; - nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.11"; + nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-26.05"; nixpkgs_24_11.url = "github:nixos/nixpkgs?ref=nixos-24.11"; - nixpkgs-unstable.url = "github:nixos/nixpkgs?ref=nixos-unstable"; flake-utils.url = "github:numtide/flake-utils"; tom-bombadil = { url = "github:wireapp/tom-bombadil"; @@ -82,7 +81,7 @@ }; amazonka = { - url = "github:brendanhay/amazonka?rev=a7d699be1076e2aad05a1930ca3937ffea954ad8"; + url = "github:brendanhay/amazonka"; flake = false; }; @@ -95,9 +94,20 @@ url = "github:wireapp/postgresql-connection-string?ref=expose-from-key-value-params"; flake = false; }; + + cryptostore = { + # Use master because the released version doesn't work with the latest version of cyrpton. + url = "git+https://codeberg.org/ocheron/cryptostore.git"; + flake = false; + }; + + hsaml2 = { + url = "github:wireapp/hsaml2/use-crypton-asn1"; + flake = false; + }; }; - outputs = inputs@{ nixpkgs, nixpkgs_24_11, nixpkgs-unstable, flake-utils, tom-bombadil, sbomnix, ... }: + outputs = inputs@{ nixpkgs, nixpkgs_24_11, flake-utils, tom-bombadil, sbomnix, ... }: flake-utils.lib.eachDefaultSystem (system: let pkgs = import nixpkgs { @@ -110,9 +120,6 @@ pkgs_24_11 = import nixpkgs_24_11 { inherit system; }; - pkgs_unstable = import nixpkgs-unstable { - inherit system; - }; bomDependenciesDrv = tom-bombadil.lib.${system}.bomDependenciesDrv; wireServerPkgs = import ./nix { inherit pkgs pkgs_24_11 inputs bomDependenciesDrv; }; in @@ -145,7 +152,7 @@ # Container and SBOM tools pkgs.cyclonedx-cli - pkgs_unstable.syft + pkgs.syft pkgs.kubernetes-helm pkgs.helmfile sbomnix.packages.${system}.default diff --git a/nix/default.nix b/nix/default.nix index a1cc06954f1..b4789d3798a 100644 --- a/nix/default.nix +++ b/nix/default.nix @@ -17,7 +17,7 @@ let docsPkgs = [ pkgs.plantuml pkgs.texlive.combined.scheme-full - (pkgs.python310.withPackages + (pkgs.python315.withPackages (ps: with ps; [ myst-parser rst2pdf diff --git a/nix/haskell-pins.nix b/nix/haskell-pins.nix index cf7490f1b68..40cd37a0110 100644 --- a/nix/haskell-pins.nix +++ b/nix/haskell-pins.nix @@ -62,12 +62,6 @@ let src = inputs.bloodhound; }; - # PR: https://github.com/informatikr/hedis/pull/224 - # PR: https://github.com/informatikr/hedis/pull/226 - # PR: https://github.com/informatikr/hedis/pull/227 - hedis = { - src = inputs.hedis; - }; # Our fork because we need to a few special things http-client = { @@ -173,57 +167,36 @@ let postgresql-connection-string = { src = inputs.postgresql-connection-string; }; - }; - hackagePins = { - # This pin should not be necessary. However, without it, Nix tries to fetch - # the sources from the `amazonka` package and fails. - # Fix: https://github.com/NixOS/nixpkgs/pull/409098 - amazonka-s3-streaming = { - version = "2.0.0.0"; - sha256 = "sha256-SQyFjl1Zf4vnntjZHJpf46gMR3LXWCQAMsR56NdsvRA="; + cryptostore = { + src = inputs.cryptostore; + }; + + hsaml2 = { + src = inputs.hsaml2; }; + }; + hackagePins = { # Pin uri-bytestring: newer parser rejects unescaped Set-Cookie in SSO mobile redirect query, breaking Spar’s URI substitution; stick to 0.3.3.1 for now uri-bytestring = { version = "0.3.3.1"; sha256 = "sha256-jgSTBBDcxRQ0tjs0wTyvEpEAkGA7npJKjdXDT81VpT4="; }; + hedis = { + version = "0.16.1"; + sha256 = "sha256-Kx0oOKRcxeemmZ80bMT9ULYxCboLYp3pcabk0ND2bZU="; + }; + warp = { version = "3.4.12"; sha256 = "sha256-Y9xQ1wBbBtSZ4qw3yTGSYX27qi2uFRDJVtAdmQqRnFQ="; }; - # Version freshly released, thus not in nixpkgs, yet: https://github.com/dylex/hsaml2/issues/21 - hsaml2 = { - version = "0.2.0"; - sha256 = "sha256-kEalrs79uI8CMaVa7suYEzeer/YqFoJOqkV+LhiUwY4="; - }; - - postgresql-binary = { - version = "0.15.0.1"; - sha256 = "sha256-q5t2OgiDxyt8WU+zHVxpyVhFF9PtDu2BlQRfuPpBkgk="; - }; - - hasql = { - version = "1.10.3"; - sha256 = "sha256-aJg6+oSWGkXm9pYLVv15d7M7HcnHhZpkw5c7ezxh2Yc="; - }; - - hasql-th = { - version = "0.5"; - sha256 = "sha256-qD9RljGDwMpPZ2epCxzL3Sbbn2Ce1472Vf2AGFroIW8="; - }; - - hasql-transaction = { - version = "1.2.2"; - sha256 = "sha256-o53h6ly2Kukhw9dcyAOvywzwlZDdgb+b/jqbw72lLHg="; - }; - - hasql-pool = { - version = "1.4.2"; - sha256 = "sha256-iQB2TD9hsPnqoVh5mR3Y2K8Cv67rWqBR0WHxOWZeiD8="; + jose = { + version = "0.13"; + sha256 = "sha256-m8Q1jwCyDrlEPbv2cZ/FIv/ey3dPjDVkmppzvi3Zjw4="; }; }; # Name -> Source -> Maybe Subpath -> Drv diff --git a/nix/manual-overrides.nix b/nix/manual-overrides.nix index 5d69d5bc657..b176136ead1 100644 --- a/nix/manual-overrides.nix +++ b/nix/manual-overrides.nix @@ -16,17 +16,20 @@ hself: hsuper: { quickcheck-state-machine = hlib.markUnbroken (hlib.dontCheck hsuper.quickcheck-state-machine); + # Tests fail, don't know why + sandwich = hlib.dontCheck hsuper.sandwich; + # Tests require a running redis hedis = hlib.dontCheck hsuper.hedis; HaskellNet = hlib.dontCheck hsuper.HaskellNet; # Tests require a running postgresql - hasql = hlib.dontCheck hsuper.hasql; - hasql-pool = hlib.dontCheck hsuper.hasql-pool; - hasql-migration = hlib.markUnbroken (hlib.dontCheck hsuper.hasql-migration); - hasql-transaction = hlib.dontCheck hsuper.hasql-transaction; # users 1.2.1 from nixpkgs - postgresql-binary = hlib.dontCheck (hsuper.postgresql-binary); + hasql = hlib.dontCheck hsuper.hasql_1_10_3; + hasql-pool = hlib.dontCheck hsuper.hasql-pool_1_4_2; + hasql-migration = hlib.markUnbroken (hlib.doJailbreak (hlib.dontCheck hsuper.hasql-migration)); + hasql-transaction = hlib.dontCheck hsuper.hasql-transaction_1_2_2; + postgresql-binary = hlib.dontCheck (hsuper.postgresql-binary_0_15_0_1); # Test fixtures don't seem to be bundled for Hackage hsaml2 = hlib.dontCheck (hsuper.hsaml2); @@ -36,14 +39,13 @@ hself: hsuper: { # (these need to be fixed upstream eventually) # FUTUREWORK: fix the dependency bounds upstream # --------------------- - binary-parsers = hlib.markUnbroken (hlib.doJailbreak hsuper.binary-parsers); bytestring-arbitrary = hlib.markUnbroken (hlib.doJailbreak hsuper.bytestring-arbitrary); lens-datetime = hlib.markUnbroken (hlib.doJailbreak hsuper.lens-datetime); postie = hlib.doJailbreak hsuper.postie; - lrucaching = hlib.doJailbreak (hlib.markUnbroken hsuper.lrucaching); # added servant-openapi3 because the version bounds of some dependent packages # of our pin exclude the versions in our current nixpkgs servant-openapi3 = hlib.doJailbreak (hlib.dontCheck hsuper.servant-openapi3); + amazonka-s3-streaming = hlib.doJailbreak hsuper.amazonka-s3-streaming; # the libsodium haskell library is incompatible with the new version of the libsodium c library # that nixpkgs has - this downgrades libsodium from 1.0.19 to 1.0.18 @@ -60,17 +62,10 @@ hself: hsuper: { } ))); - # hs-opentelemetry pin removal bumps API -> 0.3.0.0 and SDK -> 0.1.0.1 from the pinned commit; instrumentation stays at 0.1.1.0/0.1.0.1. - hs-opentelemetry-instrumentation-wai = hlib.markUnbroken (hlib.doJailbreak hsuper.hs-opentelemetry-instrumentation-wai); - hs-opentelemetry-instrumentation-conduit = hlib.markUnbroken (hlib.doJailbreak hsuper.hs-opentelemetry-instrumentation-conduit); - hs-opentelemetry-instrumentation-http-client = hlib.doJailbreak hsuper.hs-opentelemetry-instrumentation-http-client; - hs-opentelemetry-utils-exceptions = hlib.markUnbroken (hlib.doJailbreak hsuper.hs-opentelemetry-utils-exceptions); - # ------------------------------------ # okay but marked broken (nixpkgs bug) # (we can unfortunately not do anything here but update nixpkgs) # ------------------------------------ - template = hlib.markUnbroken hsuper.template; # /proc doesn't exist on macOS, so skip tests there system-linux-proc = (if stdenv.isDarwin then hlib.dontCheck else (x: x)) (hlib.markUnbroken hsuper.system-linux-proc); @@ -91,13 +86,27 @@ hself: hsuper: { http-semantics = hsuper.http-semantics_0_4_0; network-run = hsuper.network-run_0_5_0; http2 = hsuper.http2_5_4_0; + crypton = hsuper.crypton_1_1_2; + crypton-x509 = hsuper.crypton-x509_1_9_0; + crypton-x509-validation = hsuper.crypton-x509-validation_1_9_0; + crypton-x509-store = hsuper.crypton-x509-store_1_9_0; + crypton-x509-system = hsuper.crypton-x509-system_1_9_0; + crypto-token = hsuper.crypto-token_0_2_0; + tls = hsuper.tls_2_4_1; + hpke = hsuper.hpke_0_1_0; + mlkem = hlib.dontCheck (hlib.markUnbroken hsuper.mlkem); + crypton-connection = hsuper.crypton-connection_0_4_6; + tls-session-manager = hsuper.tls-session-manager_0_1_0; + wreq = hlib.dontCheck hsuper.wreq_0_5_4_5; + hasql-th = hsuper.hasql-th_0_5; + resource-pool = hsuper.resource-pool_0_5_0_0; # ----------------- # flags and patches # (these are fine) # ----------------- cryptostore = hlib.addBuildDepends (hlib.dontCheck (hlib.appendConfigureFlags hsuper.cryptostore [ "-fuse_crypton" ])) - [ hself.crypton hself.crypton-x509 hself.crypton-x509-validation ]; + [ hself.crypton hself.crypton-x509 hself.crypton-x509-validation hself.crypton-asn1-encoding hself.crypton-asn1-types hself.crypton-pem hself.time-hourglass ]; # doJailbreak because upstreams requires a specific crypton-connection version we don't have hoogle = hlib.justStaticExecutables (hlib.dontCheck (hsuper.hoogle)); @@ -108,9 +117,6 @@ hself: hsuper: { types-common-journal = hlib.addBuildTool hsuper.types-common-journal protobuf; wire-api = hlib.addBuildTool hsuper.wire-api mls-test-cli; wire-message-proto-lens = hlib.addBuildTool hsuper.wire-message-proto-lens protobuf; - postgresql-libpq-pkgconfig = hlib.addBuildDepends - (hlib.markUnbroken hsuper.postgresql-libpq-pkgconfig) - [ pkg-config postgresql.dev openssl.dev ]; postgresql-libpq = hlib.overrideCabal (hlib.enableCabalFlag hsuper.postgresql-libpq "use-pkg-config") (drv: { diff --git a/nix/overlay-docs.nix b/nix/overlay-docs.nix index 210822d70dc..306347bf269 100644 --- a/nix/overlay-docs.nix +++ b/nix/overlay-docs.nix @@ -1,13 +1,9 @@ self: super: rec { - python310 = super.python310.override { + python315 = super.python315.override { packageOverrides = pself: psuper: { - rst2pdf = pself.callPackage ./pkgs/python-docs/rst2pdf.nix { }; - sphinx-multiversion = pself.callPackage ./pkgs/python-docs/sphinx-multiversion.nix { }; - sphinx_reredirects = pself.callPackage ./pkgs/python-docs/sphinx_reredirects.nix { }; sphinxcontrib-kroki = pself.callPackage ./pkgs/python-docs/sphinxcontrib-kroki.nix { }; - svg2rlg = pself.callPackage ./pkgs/python-docs/svg2rlg.nix { }; }; }; - python310Packages = python310.pkgs; + python315Packages = python315.pkgs; } diff --git a/nix/pkgs/python-docs/rst2pdf.nix b/nix/pkgs/python-docs/rst2pdf.nix deleted file mode 100644 index caab238eabc..00000000000 --- a/nix/pkgs/python-docs/rst2pdf.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ buildPythonApplication -, buildPythonPackage -, fetchPypi -, docutils -, importlib-metadata -, jinja2 -, packaging -, pygments -, pyyaml -, reportlab -, smartypants -, pillow -, -}: -buildPythonPackage rec { - pname = "rst2pdf"; - version = "0.99"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-j6I/qTvd0fUtBYzq6rZYLBRVRtgPL4qVl083A71sgVI="; - }; - - doCheck = false; - - propagatedBuildInputs = [ - docutils - importlib-metadata - jinja2 - packaging - pygments - pyyaml - reportlab - smartypants - pillow - ]; -} diff --git a/nix/pkgs/python-docs/sphinx-multiversion.nix b/nix/pkgs/python-docs/sphinx-multiversion.nix deleted file mode 100644 index 2b97e1ef912..00000000000 --- a/nix/pkgs/python-docs/sphinx-multiversion.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ buildPythonApplication -, buildPythonPackage -, fetchPypi -, sphinx -, -}: -buildPythonPackage rec { - pname = "sphinx-multiversion"; - version = "0.2.4"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256:1jqbk7a1sm5yfvrvczlfm57sy4ya732fkrbcip5n7vayrfgcmlaw"; - }; - - doCheck = false; - - propagatedBuildInputs = [ - sphinx - ]; -} diff --git a/nix/pkgs/python-docs/sphinx_reredirects.nix b/nix/pkgs/python-docs/sphinx_reredirects.nix deleted file mode 100644 index a5c05d758cb..00000000000 --- a/nix/pkgs/python-docs/sphinx_reredirects.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ fetchPypi -, buildPythonPackage -, sphinx -}: -buildPythonPackage rec { - doCheck = false; - pname = "sphinx_reredirects"; - version = "0.1.2"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-oOchMwR1mwHtwi8DLxcVocYRdvyPFnFk56Urn+7JrGQ="; - }; - - propagatedBuildInputs = [ - sphinx - ]; - -} diff --git a/nix/pkgs/python-docs/svg2rlg.nix b/nix/pkgs/python-docs/svg2rlg.nix deleted file mode 100644 index d154f215952..00000000000 --- a/nix/pkgs/python-docs/svg2rlg.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ buildPythonPackage -, fetchPypi -, reportlab -}: -buildPythonPackage rec { - pname = "svg2rlg"; - version = "0.3"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-BdtEgLkOkS4Icn1MskOF/jPoQ23vB5uPFJtho1Bji+4="; - }; - - buildInputs = [ reportlab ]; - doCheck = false; -} diff --git a/nix/wire-server.nix b/nix/wire-server.nix index 656f6cac4e8..47ff465720e 100644 --- a/nix/wire-server.nix +++ b/nix/wire-server.nix @@ -526,7 +526,6 @@ let ++ pkgs.lib.optionals pkgs.stdenv.isLinux [ # linux-only, not strictly required tools pkgs.docker-compose - (pkgs.telepresence.override { pythonPackages = pkgs.python310Packages; }) ]; in { diff --git a/services/brig/federation-tests.sh b/services/brig/federation-tests.sh deleted file mode 100755 index 09a9597d868..00000000000 --- a/services/brig/federation-tests.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/usr/bin/env bash - -USAGE="$0 " -NAMESPACE=${1:?$USAGE} - -set -e - -command -v telepresence >/dev/null 2>&1 || { - echo >&2 "telepresence is not installed, aborting." - exit 1 -} - -# This script assumes: -# * two wire-server backends under NAMEPACE and NAMESPACE-fed2 have been deployed with helm. -# * you have a locally compiled brig-integration executable -# -# It then downloads the configmaps, performs a hacky override for two configuration flags, -# and then uses telepresence to run a locally-compiled brig-integration executable against -# the brigs and federators inside kubernetes in the two NAMESPACES. - -cd "$(dirname "${BASH_SOURCE[0]}")" - -kubectl -n "$NAMESPACE" get configmap brig-integration -o jsonpath='{.data.integration\.yaml}' >i.yaml -kubectl -n "$NAMESPACE" get configmap brig -o jsonpath='{.data.brig\.yaml}' >b.yaml - -# override some settings so the local brig-integration executable doesn't fail -sed -i "s=privateKeys: /etc/wire/brig/secrets/secretkey.txt=privateKeys: test/resources/zauth/privkeys.txt=g" b.yaml -sed -i "s=publicKeys: /etc/wire/brig/secrets/publickey.txt=publicKeys: test/resources/zauth/pubkeys.txt=g" b.yaml - -# We need to pass --also-proxy to cannon pod IPs, as for some reason (maybe due -# to calico) the pod IPs in some clusters are not within the podCIDR range -# defined on the nodes and cannons need to be accessed directly (without using -# the kubernetes services) -declare -a alsoProxyOptions -while read -r ip; do - alsoProxyOptions+=("--also-proxy=${ip}") -done < <(kubectl get pods -n "$NAMESPACE" -l app=cannon -o json | jq -r '.items[].status.podIPs[].ip') - -AWS_ACCESS_KEY_ID="$(kubectl get secret -n "$NAMESPACE" brig -o json | jq -r '.data | map_values(@base64d) | .awsKeyId')" -export AWS_ACCESS_KEY_ID -AWS_SECRET_ACCESS_KEY="$(kubectl get secret -n "$NAMESPACE" brig -o json | jq -r '.data | map_values(@base64d) | .awsSecretKey')" -export AWS_SECRET_ACCESS_KEY -AWS_REGION="$(kubectl get deployment -n "$NAMESPACE" brig -o json | jq -r '.spec.template.spec.containers | map(.env | map(select(.name == "AWS_REGION").value))[0][0]')" -export AWS_REGION - -# shellcheck disable=SC2086 -telepresence --namespace "$NAMESPACE" --also-proxy=cassandra-ephemeral "${alsoProxyOptions[@]}" --run bash -c "./dist/brig-integration -p federation-end2end-user -i i.yaml -s b.yaml" From 64252906417b1cd42114a97cada21c3548b938e0 Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Fri, 19 Jun 2026 14:37:53 +0200 Subject: [PATCH 2/9] Regen nix --- integration/default.nix | 2 +- libs/saml2-web-sso/default.nix | 2 +- libs/wai-utilities/default.nix | 2 +- libs/wire-api/default.nix | 2 +- libs/wire-otel/default.nix | 2 +- libs/wire-subsystems/default.nix | 2 +- services/brig/default.nix | 2 +- services/galley/default.nix | 2 +- services/gundeck/default.nix | 2 +- tools/db/assets/default.nix | 2 +- tools/db/mls-users/default.nix | 2 +- tools/db/phone-users/default.nix | 2 +- tools/db/team-info/default.nix | 2 +- tools/rabbitmq-consumer/default.nix | 2 +- 14 files changed, 14 insertions(+), 14 deletions(-) diff --git a/integration/default.nix b/integration/default.nix index 3902d31641f..8b94463d28d 100644 --- a/integration/default.nix +++ b/integration/default.nix @@ -199,5 +199,5 @@ mkDerivation { xml-conduit yaml ]; - license = lib.licenses.agpl3Only; + license = lib.meta.getLicenseFromSpdxId "AGPL-3.0-only"; } diff --git a/libs/saml2-web-sso/default.nix b/libs/saml2-web-sso/default.nix index 2c47377bae7..52dd2a17b69 100644 --- a/libs/saml2-web-sso/default.nix +++ b/libs/saml2-web-sso/default.nix @@ -236,5 +236,5 @@ mkDerivation { ]; testToolDepends = [ hspec-discover ]; description = "Library and example web app for the SAML Web-based SSO profile"; - license = lib.licenses.agpl3Only; + license = lib.meta.getLicenseFromSpdxId "AGPL-3.0-only"; } diff --git a/libs/wai-utilities/default.nix b/libs/wai-utilities/default.nix index 19fd1864bb7..dccf4412810 100644 --- a/libs/wai-utilities/default.nix +++ b/libs/wai-utilities/default.nix @@ -79,5 +79,5 @@ mkDerivation { ]; testToolDepends = [ hspec-discover ]; description = "Various helpers for WAI"; - license = lib.licenses.agpl3Only; + license = lib.meta.getLicenseFromSpdxId "AGPL-3.0-only"; } diff --git a/libs/wire-api/default.nix b/libs/wire-api/default.nix index 2af107b2482..fade4b45d2a 100644 --- a/libs/wire-api/default.nix +++ b/libs/wire-api/default.nix @@ -288,5 +288,5 @@ mkDerivation { wai wire-message-proto-lens ]; - license = lib.licenses.agpl3Only; + license = lib.meta.getLicenseFromSpdxId "AGPL-3.0-only"; } diff --git a/libs/wire-otel/default.nix b/libs/wire-otel/default.nix index 47240bd9d56..33e03c0bd07 100644 --- a/libs/wire-otel/default.nix +++ b/libs/wire-otel/default.nix @@ -42,5 +42,5 @@ mkDerivation { unliftio ]; homepage = "https://wire.com/"; - license = lib.licenses.agpl3Only; + license = lib.meta.getLicenseFromSpdxId "AGPL-3.0-only"; } diff --git a/libs/wire-subsystems/default.nix b/libs/wire-subsystems/default.nix index 292b9a59947..ea6c2cddbaf 100644 --- a/libs/wire-subsystems/default.nix +++ b/libs/wire-subsystems/default.nix @@ -403,5 +403,5 @@ mkDerivation { zauth ]; testToolDepends = [ hspec-discover ]; - license = lib.licenses.agpl3Only; + license = lib.meta.getLicenseFromSpdxId "AGPL-3.0-only"; } diff --git a/services/brig/default.nix b/services/brig/default.nix index e6a0d4347b9..b3c9696be70 100644 --- a/services/brig/default.nix +++ b/services/brig/default.nix @@ -385,5 +385,5 @@ mkDerivation { wire-subsystems ]; description = "User Service"; - license = lib.licenses.agpl3Only; + license = lib.meta.getLicenseFromSpdxId "AGPL-3.0-only"; } diff --git a/services/galley/default.nix b/services/galley/default.nix index 9e2a96b6721..8546ddf705b 100644 --- a/services/galley/default.nix +++ b/services/galley/default.nix @@ -266,5 +266,5 @@ mkDerivation { yaml ]; description = "Conversations"; - license = lib.licenses.agpl3Only; + license = lib.meta.getLicenseFromSpdxId "AGPL-3.0-only"; } diff --git a/services/gundeck/default.nix b/services/gundeck/default.nix index 55ad533405f..2e4f8b69d5f 100644 --- a/services/gundeck/default.nix +++ b/services/gundeck/default.nix @@ -242,5 +242,5 @@ mkDerivation { wire-api ]; description = "Push Notification Hub"; - license = lib.licenses.agpl3Only; + license = lib.meta.getLicenseFromSpdxId "AGPL-3.0-only"; } diff --git a/tools/db/assets/default.nix b/tools/db/assets/default.nix index 225b7d192bf..4c9ee2e5d9a 100644 --- a/tools/db/assets/default.nix +++ b/tools/db/assets/default.nix @@ -39,6 +39,6 @@ mkDerivation { ]; executableHaskellDepends = [ base ]; description = "Scan the brig user table, search for malformatted asset keys and print them"; - license = lib.licenses.agpl3Only; + license = lib.meta.getLicenseFromSpdxId "AGPL-3.0-only"; mainProgram = "assets"; } diff --git a/tools/db/mls-users/default.nix b/tools/db/mls-users/default.nix index 1db91c77ba7..fa485dbada4 100644 --- a/tools/db/mls-users/default.nix +++ b/tools/db/mls-users/default.nix @@ -46,6 +46,6 @@ mkDerivation { ]; executableHaskellDepends = [ base ]; description = "Find users without MLS support"; - license = lib.licenses.agpl3Only; + license = lib.meta.getLicenseFromSpdxId "AGPL-3.0-only"; mainProgram = "mls-users"; } diff --git a/tools/db/phone-users/default.nix b/tools/db/phone-users/default.nix index aaae96945ea..8821720170d 100644 --- a/tools/db/phone-users/default.nix +++ b/tools/db/phone-users/default.nix @@ -42,6 +42,6 @@ mkDerivation { ]; executableHaskellDepends = [ base ]; description = "Check users that are only able to login via phone"; - license = lib.licenses.agpl3Only; + license = lib.meta.getLicenseFromSpdxId "AGPL-3.0-only"; mainProgram = "phone-users"; } diff --git a/tools/db/team-info/default.nix b/tools/db/team-info/default.nix index aa1bbce4aaf..d190467795f 100644 --- a/tools/db/team-info/default.nix +++ b/tools/db/team-info/default.nix @@ -34,6 +34,6 @@ mkDerivation { ]; executableHaskellDepends = [ base ]; description = "get team info from cassandra"; - license = lib.licenses.agpl3Only; + license = lib.meta.getLicenseFromSpdxId "AGPL-3.0-only"; mainProgram = "team-info"; } diff --git a/tools/rabbitmq-consumer/default.nix b/tools/rabbitmq-consumer/default.nix index f0729c1caf6..6553128045a 100644 --- a/tools/rabbitmq-consumer/default.nix +++ b/tools/rabbitmq-consumer/default.nix @@ -39,6 +39,6 @@ mkDerivation { ]; executableHaskellDepends = [ base ]; description = "CLI tool to consume messages from a RabbitMQ queue"; - license = lib.licenses.agpl3Only; + license = lib.meta.getLicenseFromSpdxId "AGPL-3.0-only"; mainProgram = "rabbitmq-consumer"; } From 0bd701ca8b4bc79f3fc833e9c443bed574e6f0a4 Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Tue, 23 Jun 2026 15:41:22 +0200 Subject: [PATCH 3/9] Use crypton variants of many libraries memory -> ram hourglass -> time-hourglass asn1-types -> crypton-asn1-types pem -> crypton-pem --- integration/default.nix | 16 ++++++++-------- integration/integration.cabal | 8 ++++---- libs/extended/default.nix | 16 ++++++++-------- libs/extended/extended.cabal | 10 +++++----- libs/galley-types/default.nix | 4 ++-- libs/galley-types/galley-types.cabal | 2 +- libs/saml2-web-sso/default.nix | 18 +++++++++--------- libs/saml2-web-sso/saml2-web-sso.cabal | 12 ++++++------ libs/wire-api/default.nix | 6 +++--- libs/wire-api/wire-api.cabal | 4 ++-- libs/wire-subsystems/default.nix | 12 ++++++------ libs/wire-subsystems/wire-subsystems.cabal | 6 +++--- services/brig/brig.cabal | 2 +- services/brig/default.nix | 4 ++-- services/galley/default.nix | 4 ++-- services/galley/galley.cabal | 2 +- 16 files changed, 63 insertions(+), 63 deletions(-) diff --git a/integration/default.nix b/integration/default.nix index 8b94463d28d..28103a0ebec 100644 --- a/integration/default.nix +++ b/integration/default.nix @@ -9,7 +9,6 @@ , amqp , array , asn1-encoding -, asn1-types , async , attoparsec , base @@ -25,6 +24,8 @@ , cql-io , criterion , crypton +, crypton-asn1-types +, crypton-pem , crypton-x509 , cryptostore , data-default @@ -39,7 +40,6 @@ , filepath , haskell-src-exts , hex -, hourglass , HsOpenSSL , http-client , http-types @@ -48,16 +48,15 @@ , lens , lens-aeson , lib -, memory , mime , monad-control , mtl , network , network-uri , optparse-applicative -, pem , process , proto-lens +, ram , random , raw-strings-qq , regex @@ -78,6 +77,7 @@ , temporary , text , time +, time-hourglass , transformers , transformers-base , unix @@ -116,7 +116,6 @@ mkDerivation { amqp array asn1-encoding - asn1-types async attoparsec base @@ -131,6 +130,8 @@ mkDerivation { cql-io criterion crypton + crypton-asn1-types + crypton-pem crypton-x509 cryptostore data-default @@ -144,7 +145,6 @@ mkDerivation { extra filepath hex - hourglass HsOpenSSL http-client http-types @@ -152,16 +152,15 @@ mkDerivation { kan-extensions lens lens-aeson - memory mime monad-control mtl network network-uri optparse-applicative - pem process proto-lens + ram random raw-strings-qq regex @@ -182,6 +181,7 @@ mkDerivation { temporary text time + time-hourglass transformers transformers-base unix diff --git a/integration/integration.cabal b/integration/integration.cabal index f516226dbff..636c72a4018 100644 --- a/integration/integration.cabal +++ b/integration/integration.cabal @@ -253,7 +253,6 @@ library , amqp , array , asn1-encoding - , asn1-types , async , attoparsec , base @@ -268,6 +267,8 @@ library , cql-io , criterion , crypton + , crypton-asn1-types + , crypton-pem , crypton-x509 , cryptostore , data-default @@ -281,7 +282,6 @@ library , extra , filepath , hex - , hourglass , HsOpenSSL , http-client , http-types @@ -289,16 +289,15 @@ library , kan-extensions , lens , lens-aeson - , memory , mime , monad-control , mtl , network , network-uri , optparse-applicative - , pem , process , proto-lens + , ram , random , raw-strings-qq , regex @@ -319,6 +318,7 @@ library , temporary , text , time + , time-hourglass , transformers , transformers-base , unix diff --git a/libs/extended/default.nix b/libs/extended/default.nix index 8fe0353f7ae..06b5f70244a 100644 --- a/libs/extended/default.nix +++ b/libs/extended/default.nix @@ -5,12 +5,12 @@ { mkDerivation , aeson , amqp -, asn1-types , base , bytestring , cassandra-util , containers , crypton +, crypton-asn1-types , crypton-connection , crypton-pem , crypton-x509 @@ -20,7 +20,6 @@ , exceptions , hasql , hasql-pool -, hourglass , hspec , hspec-discover , http-client @@ -28,11 +27,11 @@ , http-types , imports , lib -, memory , metrics-wai , monad-control , postgresql-connection-string , prometheus-client +, ram , retry , servant , servant-client @@ -43,6 +42,7 @@ , temporary , text , time +, time-hourglass , tinylog , tls , transformers @@ -58,12 +58,12 @@ mkDerivation { libraryHaskellDepends = [ aeson amqp - asn1-types base bytestring cassandra-util containers crypton + crypton-asn1-types crypton-connection crypton-x509 crypton-x509-store @@ -72,16 +72,15 @@ mkDerivation { exceptions hasql hasql-pool - hourglass http-client http-client-tls http-types imports - memory metrics-wai monad-control postgresql-connection-string prometheus-client + ram retry servant servant-client @@ -90,6 +89,7 @@ mkDerivation { servant-server text time + time-hourglass tinylog tls transformers @@ -100,17 +100,17 @@ mkDerivation { ]; testHaskellDepends = [ aeson - asn1-types base bytestring crypton + crypton-asn1-types crypton-pem crypton-x509 - hourglass hspec imports string-conversions temporary + time-hourglass ]; testToolDepends = [ hspec-discover ]; description = "Extended versions of common modules"; diff --git a/libs/extended/extended.cabal b/libs/extended/extended.cabal index 58d587bed59..537bb10aabd 100644 --- a/libs/extended/extended.cabal +++ b/libs/extended/extended.cabal @@ -90,12 +90,12 @@ library build-depends: aeson , amqp - , asn1-types , base , bytestring , cassandra-util , containers , crypton + , crypton-asn1-types , crypton-connection , crypton-x509 , crypton-x509-store @@ -104,16 +104,15 @@ library , exceptions , hasql , hasql-pool - , hourglass , http-client , http-client-tls , http-types , imports - , memory , metrics-wai , monad-control , postgresql-connection-string , prometheus-client + , ram , retry , servant , servant-client @@ -122,6 +121,7 @@ library , servant-server , text , time + , time-hourglass , tinylog , tls , transformers @@ -195,17 +195,17 @@ test-suite extended-tests build-depends: aeson - , asn1-types , base , bytestring , crypton + , crypton-asn1-types , crypton-pem , crypton-x509 , extended - , hourglass , hspec , imports , string-conversions , temporary + , time-hourglass default-language: GHC2021 diff --git a/libs/galley-types/default.nix b/libs/galley-types/default.nix index 305d67cb2c5..69e69e32281 100644 --- a/libs/galley-types/default.nix +++ b/libs/galley-types/default.nix @@ -13,7 +13,7 @@ , http-types , imports , lib -, memory +, ram , text , types-common , uuid @@ -34,7 +34,7 @@ mkDerivation { errors http-types imports - memory + ram text types-common uuid diff --git a/libs/galley-types/galley-types.cabal b/libs/galley-types/galley-types.cabal index ddb920af71b..5f10d475d75 100644 --- a/libs/galley-types/galley-types.cabal +++ b/libs/galley-types/galley-types.cabal @@ -78,7 +78,7 @@ library , errors , http-types , imports - , memory + , ram , text >=0.11 , types-common >=0.16 , uuid diff --git a/libs/saml2-web-sso/default.nix b/libs/saml2-web-sso/default.nix index 52dd2a17b69..f360237b4f0 100644 --- a/libs/saml2-web-sso/default.nix +++ b/libs/saml2-web-sso/default.nix @@ -6,7 +6,6 @@ , aeson , asn1-encoding , asn1-parse -, asn1-types , base , base64-bytestring , binary @@ -15,6 +14,7 @@ , containers , cookie , crypton +, crypton-asn1-types , crypton-x509 , data-default , directory @@ -29,7 +29,6 @@ , ghc-prim , hedgehog , hedgehog-quickcheck -, hourglass , hsaml2 , hspec , hspec-core @@ -44,7 +43,6 @@ , lens , lens-datetime , lib -, memory , mtl , network-uri , openapi3 @@ -52,6 +50,7 @@ , process , QuickCheck , quickcheck-instances +, ram , random , schema-profunctor , servant @@ -63,6 +62,7 @@ , temporary , text , time +, time-hourglass , tinylog , transformers , types-common @@ -89,7 +89,6 @@ mkDerivation { aeson asn1-encoding asn1-parse - asn1-types base base64-bytestring binary @@ -98,6 +97,7 @@ mkDerivation { containers cookie crypton + crypton-asn1-types crypton-x509 data-default directory @@ -112,7 +112,6 @@ mkDerivation { ghc-prim hedgehog hedgehog-quickcheck - hourglass hsaml2 hspec hspec-wai @@ -124,7 +123,6 @@ mkDerivation { invertible-hxt lens lens-datetime - memory mtl network-uri openapi3 @@ -132,6 +130,7 @@ mkDerivation { process QuickCheck quickcheck-instances + ram random schema-profunctor servant @@ -143,6 +142,7 @@ mkDerivation { temporary text time + time-hourglass tinylog transformers types-common @@ -165,7 +165,6 @@ mkDerivation { aeson asn1-encoding asn1-parse - asn1-types base base64-bytestring binary @@ -174,6 +173,7 @@ mkDerivation { containers cookie crypton + crypton-asn1-types crypton-x509 data-default directory @@ -187,7 +187,6 @@ mkDerivation { ghc-prim hedgehog hedgehog-quickcheck - hourglass hsaml2 hspec hspec-core @@ -199,13 +198,13 @@ mkDerivation { imports lens lens-datetime - memory mtl network-uri pretty-show process QuickCheck quickcheck-instances + ram random schema-profunctor servant @@ -217,6 +216,7 @@ mkDerivation { temporary text time + time-hourglass tinylog transformers types-common diff --git a/libs/saml2-web-sso/saml2-web-sso.cabal b/libs/saml2-web-sso/saml2-web-sso.cabal index 710e94e32d0..ab550d3b60f 100644 --- a/libs/saml2-web-sso/saml2-web-sso.cabal +++ b/libs/saml2-web-sso/saml2-web-sso.cabal @@ -83,7 +83,6 @@ library , aeson >=1.4.5.0 , asn1-encoding >=0.9.6 , asn1-parse >=0.9.5 - , asn1-types >=0.3.3 , base >=4.12.0.0 , base64-bytestring >=1.0.0.2 , binary >=0.8.6.0 @@ -92,6 +91,7 @@ library , containers >=0.6.0.1 , cookie >=0.4.4 , crypton >=0.30 + , crypton-asn1-types >=0.3.3 , crypton-x509 >=1.7.5 , data-default >=0.7.1.1 , directory >=1.3.6.0 @@ -106,7 +106,6 @@ library , ghc-prim >=0.5.3 , hedgehog >=1.0.1 , hedgehog-quickcheck >=0.1.1 - , hourglass >=0.2.12 , hsaml2 >=0.1 , hspec >=2.7.1 , hspec-wai >=0.9.0 @@ -118,7 +117,6 @@ library , invertible-hxt , lens >=4.17.1 , lens-datetime >=0.3 - , memory >=0.14.18 , mtl >=2.2.2 , network-uri >=2.6.1.0 , openapi3 @@ -126,6 +124,7 @@ library , process >=1.6.5.0 , QuickCheck >=2.13.2 , quickcheck-instances >=0.3.22 + , ram >=0.14.18 , random >=1.1 , schema-profunctor , servant >=0.16.2 @@ -137,6 +136,7 @@ library , temporary >=1.3 , text >=1.2.3.1 , time >=1.8.0.2 + , time-hourglass >=0.2.12 , tinylog , transformers >=0.5.6.2 , types-common @@ -212,7 +212,6 @@ test-suite saml2-web-sso-tests , aeson >=1.4.5.0 , asn1-encoding >=0.9.6 , asn1-parse >=0.9.5 - , asn1-types >=0.3.3 , base >=4.12.0.0 , base64-bytestring >=1.0.0.2 , binary >=0.8.6.0 @@ -221,6 +220,7 @@ test-suite saml2-web-sso-tests , containers >=0.6.0.1 , cookie >=0.4.4 , crypton >=0.30 + , crypton-asn1-types >=0.3.3 , crypton-x509 >=1.7.5 , data-default >=0.7.1.1 , directory >=1.3.6.0 @@ -234,7 +234,6 @@ test-suite saml2-web-sso-tests , ghc-prim >=0.5.3 , hedgehog , hedgehog-quickcheck >=0.1.1 - , hourglass >=0.2.12 , hsaml2 >=0.1 , hspec >=2.7.1 , hspec-core @@ -246,13 +245,13 @@ test-suite saml2-web-sso-tests , imports , lens >=4.17.1 , lens-datetime >=0.3 - , memory >=0.14.18 , mtl >=2.2.2 , network-uri >=2.6.1.0 , pretty-show , process >=1.6.5.0 , QuickCheck >=2.13.2 , quickcheck-instances >=0.3.22 + , ram >=0.14.18 , random >=1.1 , saml2-web-sso , schema-profunctor @@ -265,6 +264,7 @@ test-suite saml2-web-sso-tests , temporary >=1.3 , text >=1.2.3.1 , time >=1.8.0.2 + , time-hourglass >=0.2.12 , tinylog , transformers >=0.5.6.2 , types-common diff --git a/libs/wire-api/default.nix b/libs/wire-api/default.nix index fade4b45d2a..5b7be3d6549 100644 --- a/libs/wire-api/default.nix +++ b/libs/wire-api/default.nix @@ -63,7 +63,6 @@ , kan-extensions , lens , lib -, memory , metrics-wai , mime , mtl @@ -78,6 +77,7 @@ , protobuf , QuickCheck , quickcheck-instances +, ram , random , regex-base , regex-tdfa @@ -181,7 +181,6 @@ mkDerivation { jose kan-extensions lens - memory metrics-wai mime mtl @@ -195,6 +194,7 @@ mkDerivation { protobuf QuickCheck quickcheck-instances + ram random regex-base regex-tdfa @@ -261,13 +261,13 @@ mkDerivation { iso3166-country-codes iso639 lens - memory metrics-wai openapi3 pem process proto-lens QuickCheck + ram random saml2-web-sso schema-profunctor diff --git a/libs/wire-api/wire-api.cabal b/libs/wire-api/wire-api.cabal index 841fc2114b6..a5c7376d264 100644 --- a/libs/wire-api/wire-api.cabal +++ b/libs/wire-api/wire-api.cabal @@ -332,7 +332,6 @@ library , jose , kan-extensions , lens >=4.12 - , memory , metrics-wai , mime >=0.4 , mtl @@ -346,6 +345,7 @@ library , protobuf >=0.2 , QuickCheck >=2.14 , quickcheck-instances >=0.3.16 + , ram , random >=1.2.0 , regex-base , regex-tdfa @@ -749,11 +749,11 @@ test-suite wire-api-tests , http-types , imports , lens - , memory , metrics-wai , openapi3 , process , QuickCheck + , ram , random , schema-profunctor , servant diff --git a/libs/wire-subsystems/default.nix b/libs/wire-subsystems/default.nix index ea6c2cddbaf..6b11afea20f 100644 --- a/libs/wire-subsystems/default.nix +++ b/libs/wire-subsystems/default.nix @@ -12,7 +12,6 @@ , amazonka-sqs , amqp , asn1-encoding -, asn1-types , async , attoparsec , base @@ -33,6 +32,7 @@ , cookie , cql , crypton +, crypton-asn1-types , crypton-pem , crypton-x509 , crypton-x509-store @@ -75,7 +75,6 @@ , lens-aeson , lib , lrucaching -, memory , mime , mime-mail , MonadRandom @@ -94,6 +93,7 @@ , proto-lens , QuickCheck , quickcheck-instances +, ram , random , raw-strings-qq , resource-pool @@ -153,7 +153,6 @@ mkDerivation { amazonka-sqs amqp asn1-encoding - asn1-types async attoparsec base @@ -174,6 +173,7 @@ mkDerivation { cookie cql crypton + crypton-asn1-types crypton-pem crypton-x509 currency-codes @@ -212,7 +212,6 @@ mkDerivation { lens lens-aeson lrucaching - memory mime mime-mail MonadRandom @@ -230,6 +229,7 @@ mkDerivation { prometheus-client proto-lens QuickCheck + ram raw-strings-qq resource-pool resourcet @@ -282,7 +282,6 @@ mkDerivation { amazonka-sqs amqp asn1-encoding - asn1-types async attoparsec base @@ -302,6 +301,7 @@ mkDerivation { cookie cql crypton + crypton-asn1-types crypton-pem crypton-x509 crypton-x509-store @@ -341,7 +341,6 @@ mkDerivation { lens lens-aeson lrucaching - memory mime mime-mail MonadRandom @@ -358,6 +357,7 @@ mkDerivation { proto-lens QuickCheck quickcheck-instances + ram random raw-strings-qq resource-pool diff --git a/libs/wire-subsystems/wire-subsystems.cabal b/libs/wire-subsystems/wire-subsystems.cabal index 881b3965068..c3fe8097a84 100644 --- a/libs/wire-subsystems/wire-subsystems.cabal +++ b/libs/wire-subsystems/wire-subsystems.cabal @@ -92,7 +92,6 @@ common common-all , amazonka-sqs , amqp , asn1-encoding - , asn1-types , async , attoparsec , base @@ -112,6 +111,7 @@ common common-all , cookie , cql , crypton + , crypton-asn1-types , crypton-pem , currency-codes , data-default @@ -148,7 +148,6 @@ common common-all , lens , lens-aeson , lrucaching - , memory , mime , mime-mail , MonadRandom @@ -164,6 +163,7 @@ common common-all , prometheus-client , proto-lens , QuickCheck + , ram , raw-strings-qq , resource-pool , resourcet @@ -519,7 +519,6 @@ library , iso639 , lens , lrucaching - , memory , mime , mime-mail , mtl @@ -532,6 +531,7 @@ library , postgresql-error-codes , prometheus-client , QuickCheck + , ram , resource-pool , resourcet , retry diff --git a/services/brig/brig.cabal b/services/brig/brig.cabal index 70e95dcd393..dbff947c038 100644 --- a/services/brig/brig.cabal +++ b/services/brig/brig.cabal @@ -261,7 +261,6 @@ library , jose , jwt-tools , lens >=3.8 - , memory , metrics-core >=0.3 , metrics-wai >=0.3 , mime @@ -280,6 +279,7 @@ library , polysemy-wire-zoo , prometheus-client , proto-lens >=0.1 + , ram , random-shuffle >=0.0.3 , raw-strings-qq , resourcet >=1.1 diff --git a/services/brig/default.nix b/services/brig/default.nix index b3c9696be70..647ca2e23f8 100644 --- a/services/brig/default.nix +++ b/services/brig/default.nix @@ -68,7 +68,6 @@ , lens , lens-aeson , lib -, memory , metrics-core , metrics-wai , mime @@ -93,6 +92,7 @@ , prometheus-client , proto-lens , QuickCheck +, ram , random , random-shuffle , raw-strings-qq @@ -208,7 +208,6 @@ mkDerivation { jose jwt-tools lens - memory metrics-core metrics-wai mime @@ -227,6 +226,7 @@ mkDerivation { polysemy-wire-zoo prometheus-client proto-lens + ram random-shuffle raw-strings-qq resourcet diff --git a/services/galley/default.nix b/services/galley/default.nix index 8546ddf705b..1da0130827f 100644 --- a/services/galley/default.nix +++ b/services/galley/default.nix @@ -47,7 +47,6 @@ , lens , lens-aeson , lib -, memory , metrics-core , metrics-wai , mtl @@ -65,6 +64,7 @@ , protobuf , QuickCheck , quickcheck-instances +, ram , random , raw-strings-qq , retry @@ -218,7 +218,6 @@ mkDerivation { kan-extensions lens lens-aeson - memory mtl network network-uri @@ -229,6 +228,7 @@ mkDerivation { protobuf QuickCheck quickcheck-instances + ram random retry servant-client diff --git a/services/galley/galley.cabal b/services/galley/galley.cabal index 760d46ae5de..76092c1fd06 100644 --- a/services/galley/galley.cabal +++ b/services/galley/galley.cabal @@ -385,7 +385,6 @@ executable galley-integration , kan-extensions , lens , lens-aeson - , memory , mtl , network , network-uri @@ -396,6 +395,7 @@ executable galley-integration , protobuf , QuickCheck , quickcheck-instances + , ram , random , retry , servant-client From 52bfca765d5c6f022e320d57f1a45d6d5890f0f2 Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Tue, 23 Jun 2026 16:15:15 +0200 Subject: [PATCH 4/9] gundeck: Adapt for latest hedis, remove pinned hedis from flake inputs --- flake.lock | 18 -- flake.nix | 4 - services/gundeck/gundeck.cabal | 1 - services/gundeck/src/Gundeck/Env.hs | 4 +- services/gundeck/src/Gundeck/Redis.hs | 2 +- .../src/Gundeck/Redis/HedisExtensions.hs | 182 ------------------ 6 files changed, 2 insertions(+), 209 deletions(-) delete mode 100644 services/gundeck/src/Gundeck/Redis/HedisExtensions.hs diff --git a/flake.lock b/flake.lock index 5ba3c4181a0..ae1e0b1c673 100644 --- a/flake.lock +++ b/flake.lock @@ -215,23 +215,6 @@ "type": "github" } }, - "hedis": { - "flake": false, - "locked": { - "lastModified": 1748594228, - "narHash": "sha256-BwcqQZf2GaEn2i6o9bVl+jiu/CjShYlHCmO81bYfc8Y=", - "owner": "wireapp", - "repo": "hedis", - "rev": "00d7fbf5f19b812b9e64e12be8860c4741be8558", - "type": "github" - }, - "original": { - "owner": "wireapp", - "ref": "wire-changes", - "repo": "hedis", - "type": "github" - } - }, "hsaml2": { "flake": false, "locked": { @@ -373,7 +356,6 @@ "cryptostore": "cryptostore", "flake-utils": "flake-utils", "hasql-migration": "hasql-migration", - "hedis": "hedis", "hsaml2": "hsaml2", "hspec-wai": "hspec-wai", "http-client": "http-client", diff --git a/flake.nix b/flake.nix index 99f23c74270..bbc3c8826f9 100644 --- a/flake.nix +++ b/flake.nix @@ -20,10 +20,6 @@ url = "github:wireapp/bloodhound?ref=wire-fork"; flake = false; }; - hedis = { - url = "github:wireapp/hedis?ref=wire-changes"; - flake = false; - }; http-client = { url = "github:wireapp/http-client?ref=master"; diff --git a/services/gundeck/gundeck.cabal b/services/gundeck/gundeck.cabal index 470cd7b5ae7..06bf1b5024f 100644 --- a/services/gundeck/gundeck.cabal +++ b/services/gundeck/gundeck.cabal @@ -40,7 +40,6 @@ library Gundeck.Push.Websocket Gundeck.React Gundeck.Redis - Gundeck.Redis.HedisExtensions Gundeck.Run Gundeck.Schema.Run Gundeck.Schema.V1 diff --git a/services/gundeck/src/Gundeck/Env.hs b/services/gundeck/src/Gundeck/Env.hs index e3670c13a8e..39f6f98bda7 100644 --- a/services/gundeck/src/Gundeck/Env.hs +++ b/services/gundeck/src/Gundeck/Env.hs @@ -38,7 +38,6 @@ import Gundeck.Aws qualified as Aws import Gundeck.Options as Opt hiding (host, port) import Gundeck.Options qualified as O import Gundeck.Redis qualified as Redis -import Gundeck.Redis.HedisExtensions qualified as Redis import Gundeck.ThreadBudget import Imports import Network.AMQP (Channel) @@ -136,8 +135,7 @@ createRedisPool l ep username password identifier = do } let redisConnInfo = Redis.defaultConnectInfo - { Redis.connectHost = Text.unpack $ ep ^. O.host, - Redis.connectPort = Redis.PortNumber (fromIntegral $ ep ^. O.port), + { Redis.connectAddr = Redis.ConnectAddrHostPort (Text.unpack ep._host) (fromIntegral ep._port), Redis.connectUsername = username, Redis.connectAuth = password, Redis.connectTimeout = Just (secondsToNominalDiffTime 5), diff --git a/services/gundeck/src/Gundeck/Redis.hs b/services/gundeck/src/Gundeck/Redis.hs index 17e1f2e3171..e9bf1affafe 100644 --- a/services/gundeck/src/Gundeck/Redis.hs +++ b/services/gundeck/src/Gundeck/Redis.hs @@ -32,7 +32,7 @@ import Control.Concurrent.Async (Async, async) import Control.Monad.Catch qualified as Catch import Control.Retry import Database.Redis -import Gundeck.Redis.HedisExtensions +import Database.Redis.Connection (ClusterDownError) import Imports import System.Logger qualified as Log import System.Logger.Class (MonadLogger) diff --git a/services/gundeck/src/Gundeck/Redis/HedisExtensions.hs b/services/gundeck/src/Gundeck/Redis/HedisExtensions.hs deleted file mode 100644 index 7842fc98822..00000000000 --- a/services/gundeck/src/Gundeck/Redis/HedisExtensions.hs +++ /dev/null @@ -1,182 +0,0 @@ --- This file is part of the Wire Server implementation. --- --- Copyright (C) 2022 Wire Swiss GmbH --- --- This program is free software: you can redistribute it and/or modify it under --- the terms of the GNU Affero General Public License as published by the Free --- Software Foundation, either version 3 of the License, or (at your option) any --- later version. --- --- This program is distributed in the hope that it will be useful, but WITHOUT --- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS --- FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more --- details. --- --- You should have received a copy of the GNU Affero General Public License along --- with this program. If not, see . -module Gundeck.Redis.HedisExtensions - ( ClusterInfoResponse (..), - ClusterInfoResponseState (..), - clusterInfo, - checkedConnectCluster, - ClusterDownError, - ) -where - -import Data.ByteString.Char8 qualified as Char8 -import Database.Redis -import Imports hiding (Down) -import UnliftIO - --- https://redis.io/commands/cluster-info/ -data ClusterInfoResponse = ClusterInfoResponse - { clusterInfoResponseState :: ClusterInfoResponseState, - clusterInfoResponseSlotsAssigned :: Integer, - clusterInfoResponseSlotsOK :: Integer, - clusterInfoResponseSlotsPfail :: Integer, - clusterInfoResponseSlotsFail :: Integer, - clusterInfoResponseKnownNodes :: Integer, - clusterInfoResponseSize :: Integer, - clusterInfoResponseCurrentEpoch :: Integer, - clusterInfoResponseMyEpoch :: Integer, - clusterInfoResponseStatsMessagesSent :: Integer, - clusterInfoResponseStatsMessagesReceived :: Integer, - clusterInfoResponseTotalLinksBufferLimitExceeded :: Integer, - clusterInfoResponseStatsMessagesPingSent :: Maybe Integer, - clusterInfoResponseStatsMessagesPingReceived :: Maybe Integer, - clusterInfoResponseStatsMessagesPongSent :: Maybe Integer, - clusterInfoResponseStatsMessagesPongReceived :: Maybe Integer, - clusterInfoResponseStatsMessagesMeetSent :: Maybe Integer, - clusterInfoResponseStatsMessagesMeetReceived :: Maybe Integer, - clusterInfoResponseStatsMessagesFailSent :: Maybe Integer, - clusterInfoResponseStatsMessagesFailReceived :: Maybe Integer, - clusterInfoResponseStatsMessagesPublishSent :: Maybe Integer, - clusterInfoResponseStatsMessagesPublishReceived :: Maybe Integer, - clusterInfoResponseStatsMessagesAuthReqSent :: Maybe Integer, - clusterInfoResponseStatsMessagesAuthReqReceived :: Maybe Integer, - clusterInfoResponseStatsMessagesAuthAckSent :: Maybe Integer, - clusterInfoResponseStatsMessagesAuthAckReceived :: Maybe Integer, - clusterInfoResponseStatsMessagesUpdateSent :: Maybe Integer, - clusterInfoResponseStatsMessagesUpdateReceived :: Maybe Integer, - clusterInfoResponseStatsMessagesMfstartSent :: Maybe Integer, - clusterInfoResponseStatsMessagesMfstartReceived :: Maybe Integer, - clusterInfoResponseStatsMessagesModuleSent :: Maybe Integer, - clusterInfoResponseStatsMessagesModuleReceived :: Maybe Integer, - clusterInfoResponseStatsMessagesPublishshardSent :: Maybe Integer, - clusterInfoResponseStatsMessagesPublishshardReceived :: Maybe Integer - } - deriving (Show, Eq) - -data ClusterInfoResponseState - = OK - | Down - deriving (Show, Eq) - -defClusterInfoResponse :: ClusterInfoResponse -defClusterInfoResponse = - ClusterInfoResponse - { clusterInfoResponseState = Down, - clusterInfoResponseSlotsAssigned = 0, - clusterInfoResponseSlotsOK = 0, - clusterInfoResponseSlotsPfail = 0, - clusterInfoResponseSlotsFail = 0, - clusterInfoResponseKnownNodes = 0, - clusterInfoResponseSize = 0, - clusterInfoResponseCurrentEpoch = 0, - clusterInfoResponseMyEpoch = 0, - clusterInfoResponseStatsMessagesSent = 0, - clusterInfoResponseStatsMessagesReceived = 0, - clusterInfoResponseTotalLinksBufferLimitExceeded = 0, - clusterInfoResponseStatsMessagesPingSent = Nothing, - clusterInfoResponseStatsMessagesPingReceived = Nothing, - clusterInfoResponseStatsMessagesPongSent = Nothing, - clusterInfoResponseStatsMessagesPongReceived = Nothing, - clusterInfoResponseStatsMessagesMeetSent = Nothing, - clusterInfoResponseStatsMessagesMeetReceived = Nothing, - clusterInfoResponseStatsMessagesFailSent = Nothing, - clusterInfoResponseStatsMessagesFailReceived = Nothing, - clusterInfoResponseStatsMessagesPublishSent = Nothing, - clusterInfoResponseStatsMessagesPublishReceived = Nothing, - clusterInfoResponseStatsMessagesAuthReqSent = Nothing, - clusterInfoResponseStatsMessagesAuthReqReceived = Nothing, - clusterInfoResponseStatsMessagesAuthAckSent = Nothing, - clusterInfoResponseStatsMessagesAuthAckReceived = Nothing, - clusterInfoResponseStatsMessagesUpdateSent = Nothing, - clusterInfoResponseStatsMessagesUpdateReceived = Nothing, - clusterInfoResponseStatsMessagesMfstartSent = Nothing, - clusterInfoResponseStatsMessagesMfstartReceived = Nothing, - clusterInfoResponseStatsMessagesModuleSent = Nothing, - clusterInfoResponseStatsMessagesModuleReceived = Nothing, - clusterInfoResponseStatsMessagesPublishshardSent = Nothing, - clusterInfoResponseStatsMessagesPublishshardReceived = Nothing - } - -parseClusterInfoResponse :: [[ByteString]] -> ClusterInfoResponse -> Maybe ClusterInfoResponse -parseClusterInfoResponse fields resp = case fields of - [] -> pure resp - (["cluster_state", state] : fs) -> parseState state >>= \s -> parseClusterInfoResponse fs $ resp {clusterInfoResponseState = s} - (["cluster_slots_assigned", value] : fs) -> parseInteger value >>= \v -> parseClusterInfoResponse fs $ resp {clusterInfoResponseSlotsAssigned = v} - (["cluster_slots_ok", value] : fs) -> parseInteger value >>= \v -> parseClusterInfoResponse fs $ resp {clusterInfoResponseSlotsOK = v} - (["cluster_slots_pfail", value] : fs) -> parseInteger value >>= \v -> parseClusterInfoResponse fs $ resp {clusterInfoResponseSlotsPfail = v} - (["cluster_slots_fail", value] : fs) -> parseInteger value >>= \v -> parseClusterInfoResponse fs $ resp {clusterInfoResponseSlotsFail = v} - (["cluster_known_nodes", value] : fs) -> parseInteger value >>= \v -> parseClusterInfoResponse fs $ resp {clusterInfoResponseKnownNodes = v} - (["cluster_size", value] : fs) -> parseInteger value >>= \v -> parseClusterInfoResponse fs $ resp {clusterInfoResponseSize = v} - (["cluster_current_epoch", value] : fs) -> parseInteger value >>= \v -> parseClusterInfoResponse fs $ resp {clusterInfoResponseCurrentEpoch = v} - (["cluster_my_epoch", value] : fs) -> parseInteger value >>= \v -> parseClusterInfoResponse fs $ resp {clusterInfoResponseMyEpoch = v} - (["cluster_stats_messages_sent", value] : fs) -> parseInteger value >>= \v -> parseClusterInfoResponse fs $ resp {clusterInfoResponseStatsMessagesSent = v} - (["cluster_stats_messages_received", value] : fs) -> parseInteger value >>= \v -> parseClusterInfoResponse fs $ resp {clusterInfoResponseStatsMessagesReceived = v} - (["total_cluster_links_buffer_limit_exceeded", value] : fs) -> parseClusterInfoResponse fs $ resp {clusterInfoResponseTotalLinksBufferLimitExceeded = fromMaybe 0 $ parseInteger value} -- this value should be mandatory according to the spec, but isn't necessarily set in Redis 6 - (["cluster_stats_messages_ping_sent", value] : fs) -> parseClusterInfoResponse fs $ resp {clusterInfoResponseStatsMessagesPingSent = parseInteger value} - (["cluster_stats_messages_ping_received", value] : fs) -> parseClusterInfoResponse fs $ resp {clusterInfoResponseStatsMessagesPingReceived = parseInteger value} - (["cluster_stats_messages_pong_sent", value] : fs) -> parseClusterInfoResponse fs $ resp {clusterInfoResponseStatsMessagesPongSent = parseInteger value} - (["cluster_stats_messages_pong_received", value] : fs) -> parseClusterInfoResponse fs $ resp {clusterInfoResponseStatsMessagesPongReceived = parseInteger value} - (["cluster_stats_messages_meet_sent", value] : fs) -> parseClusterInfoResponse fs $ resp {clusterInfoResponseStatsMessagesMeetSent = parseInteger value} - (["cluster_stats_messages_meet_received", value] : fs) -> parseClusterInfoResponse fs $ resp {clusterInfoResponseStatsMessagesMeetReceived = parseInteger value} - (["cluster_stats_messages_fail_sent", value] : fs) -> parseClusterInfoResponse fs $ resp {clusterInfoResponseStatsMessagesFailSent = parseInteger value} - (["cluster_stats_messages_fail_received", value] : fs) -> parseClusterInfoResponse fs $ resp {clusterInfoResponseStatsMessagesFailReceived = parseInteger value} - (["cluster_stats_messages_publish_sent", value] : fs) -> parseClusterInfoResponse fs $ resp {clusterInfoResponseStatsMessagesPublishSent = parseInteger value} - (["cluster_stats_messages_publish_received", value] : fs) -> parseClusterInfoResponse fs $ resp {clusterInfoResponseStatsMessagesPublishReceived = parseInteger value} - (["cluster_stats_messages_auth_req_sent", value] : fs) -> parseClusterInfoResponse fs $ resp {clusterInfoResponseStatsMessagesAuthReqSent = parseInteger value} - (["cluster_stats_messages_auth_req_received", value] : fs) -> parseClusterInfoResponse fs $ resp {clusterInfoResponseStatsMessagesAuthReqReceived = parseInteger value} - (["cluster_stats_messages_auth_ack_sent", value] : fs) -> parseClusterInfoResponse fs $ resp {clusterInfoResponseStatsMessagesAuthAckSent = parseInteger value} - (["cluster_stats_messages_auth_ack_received", value] : fs) -> parseClusterInfoResponse fs $ resp {clusterInfoResponseStatsMessagesAuthAckReceived = parseInteger value} - (["cluster_stats_messages_update_sent", value] : fs) -> parseClusterInfoResponse fs $ resp {clusterInfoResponseStatsMessagesUpdateSent = parseInteger value} - (["cluster_stats_messages_update_received", value] : fs) -> parseClusterInfoResponse fs $ resp {clusterInfoResponseStatsMessagesUpdateReceived = parseInteger value} - (["cluster_stats_messages_mfstart_sent", value] : fs) -> parseClusterInfoResponse fs $ resp {clusterInfoResponseStatsMessagesMfstartSent = parseInteger value} - (["cluster_stats_messages_mfstart_received", value] : fs) -> parseClusterInfoResponse fs $ resp {clusterInfoResponseStatsMessagesMfstartReceived = parseInteger value} - (["cluster_stats_messages_module_sent", value] : fs) -> parseClusterInfoResponse fs $ resp {clusterInfoResponseStatsMessagesModuleSent = parseInteger value} - (["cluster_stats_messages_module_received", value] : fs) -> parseClusterInfoResponse fs $ resp {clusterInfoResponseStatsMessagesModuleReceived = parseInteger value} - (["cluster_stats_messages_publishshard_sent", value] : fs) -> parseClusterInfoResponse fs $ resp {clusterInfoResponseStatsMessagesPublishshardSent = parseInteger value} - (["cluster_stats_messages_publishshard_received", value] : fs) -> parseClusterInfoResponse fs $ resp {clusterInfoResponseStatsMessagesPublishshardReceived = parseInteger value} - (_ : fs) -> parseClusterInfoResponse fs resp - where - parseState bs = case bs of - "ok" -> Just OK - "fail" -> Just Down - _ -> Nothing - parseInteger = fmap fst . Char8.readInteger - -instance RedisResult ClusterInfoResponse where - decode r@(Bulk (Just bulkData)) = - maybe (Left r) Right - . flip parseClusterInfoResponse defClusterInfoResponse - . map (Char8.split ':' . Char8.takeWhile (/= '\r')) - $ Char8.lines bulkData - decode r = Left r - -clusterInfo :: (RedisCtx m f) => m (f ClusterInfoResponse) -clusterInfo = sendRequest ["CLUSTER", "INFO"] - -checkedConnectCluster :: ConnectInfo -> IO Connection -checkedConnectCluster connInfo = do - conn <- connectCluster connInfo - res <- runRedis conn clusterInfo - case res of - Right r -> case clusterInfoResponseState r of - OK -> pure conn - _ -> throwIO $ ClusterDownError r - Left e -> throwIO $ ConnectSelectError e - -newtype ClusterDownError = ClusterDownError ClusterInfoResponse deriving (Eq, Show, Typeable) - -instance Exception ClusterDownError From 90e2d18d17dd6640aa059fa1643856456dbc3628 Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Tue, 23 Jun 2026 16:46:38 +0200 Subject: [PATCH 5/9] asn1-encoding -> crypton-asn1-encoding --- integration/default.nix | 4 +- integration/integration.cabal | 2 +- libs/saml2-web-sso/default.nix | 6 +- libs/saml2-web-sso/saml2-web-sso.cabal | 252 ++++++++++----------- libs/wire-api/default.nix | 4 +- libs/wire-api/wire-api.cabal | 2 +- libs/wire-subsystems/default.nix | 6 +- libs/wire-subsystems/wire-subsystems.cabal | 2 +- 8 files changed, 139 insertions(+), 139 deletions(-) diff --git a/integration/default.nix b/integration/default.nix index 28103a0ebec..8ef7ea4b4c6 100644 --- a/integration/default.nix +++ b/integration/default.nix @@ -8,7 +8,6 @@ , aeson-pretty , amqp , array -, asn1-encoding , async , attoparsec , base @@ -24,6 +23,7 @@ , cql-io , criterion , crypton +, crypton-asn1-encoding , crypton-asn1-types , crypton-pem , crypton-x509 @@ -115,7 +115,6 @@ mkDerivation { aeson-pretty amqp array - asn1-encoding async attoparsec base @@ -130,6 +129,7 @@ mkDerivation { cql-io criterion crypton + crypton-asn1-encoding crypton-asn1-types crypton-pem crypton-x509 diff --git a/integration/integration.cabal b/integration/integration.cabal index 636c72a4018..616b77df37f 100644 --- a/integration/integration.cabal +++ b/integration/integration.cabal @@ -252,7 +252,6 @@ library , aeson-pretty , amqp , array - , asn1-encoding , async , attoparsec , base @@ -267,6 +266,7 @@ library , cql-io , criterion , crypton + , crypton-asn1-encoding , crypton-asn1-types , crypton-pem , crypton-x509 diff --git a/libs/saml2-web-sso/default.nix b/libs/saml2-web-sso/default.nix index f360237b4f0..16907ba918a 100644 --- a/libs/saml2-web-sso/default.nix +++ b/libs/saml2-web-sso/default.nix @@ -4,7 +4,6 @@ # dependencies are added or removed. { mkDerivation , aeson -, asn1-encoding , asn1-parse , base , base64-bytestring @@ -14,6 +13,7 @@ , containers , cookie , crypton +, crypton-asn1-encoding , crypton-asn1-types , crypton-x509 , data-default @@ -87,7 +87,6 @@ mkDerivation { src = ./.; libraryHaskellDepends = [ aeson - asn1-encoding asn1-parse base base64-bytestring @@ -97,6 +96,7 @@ mkDerivation { containers cookie crypton + crypton-asn1-encoding crypton-asn1-types crypton-x509 data-default @@ -163,7 +163,6 @@ mkDerivation { ]; testHaskellDepends = [ aeson - asn1-encoding asn1-parse base base64-bytestring @@ -173,6 +172,7 @@ mkDerivation { containers cookie crypton + crypton-asn1-encoding crypton-asn1-types crypton-x509 data-default diff --git a/libs/saml2-web-sso/saml2-web-sso.cabal b/libs/saml2-web-sso/saml2-web-sso.cabal index ab550d3b60f..9d012a9ddd9 100644 --- a/libs/saml2-web-sso/saml2-web-sso.cabal +++ b/libs/saml2-web-sso/saml2-web-sso.cabal @@ -80,80 +80,80 @@ library -Wincomplete-uni-patterns -Wtabs -Wno-x-partial -Wno-deprecations build-depends: - , aeson >=1.4.5.0 - , asn1-encoding >=0.9.6 - , asn1-parse >=0.9.5 - , base >=4.12.0.0 - , base64-bytestring >=1.0.0.2 - , binary >=0.8.6.0 - , bytestring >=0.10.8.2 - , case-insensitive >=1.2.1.0 - , containers >=0.6.0.1 - , cookie >=0.4.4 - , crypton >=0.30 - , crypton-asn1-types >=0.3.3 - , crypton-x509 >=1.7.5 - , data-default >=0.7.1.1 - , directory >=1.3.6.0 - , dns >=4.0.0 - , email-validate >=2.3.2.12 - , errors >=2.3.0 - , exceptions >=0.10.3 - , extra >=1.6.18 + , aeson >=1.4.5.0 + , asn1-parse >=0.9.5 + , base >=4.12.0.0 + , base64-bytestring >=1.0.0.2 + , binary >=0.8.6.0 + , bytestring >=0.10.8.2 + , case-insensitive >=1.2.1.0 + , containers >=0.6.0.1 + , cookie >=0.4.4 + , crypton >=0.30 + , crypton-asn1-encoding >=0.9.6 + , crypton-asn1-types >=0.3.3 + , crypton-x509 >=1.7.5 + , data-default >=0.7.1.1 + , directory >=1.3.6.0 + , dns >=4.0.0 + , email-validate >=2.3.2.12 + , errors >=2.3.0 + , exceptions >=0.10.3 + , extra >=1.6.18 , file-path-th - , filepath >=1.4.2.1 - , foundation >=0.0.25 - , ghc-prim >=0.5.3 - , hedgehog >=1.0.1 - , hedgehog-quickcheck >=0.1.1 - , hsaml2 >=0.1 - , hspec >=2.7.1 - , hspec-wai >=0.9.0 - , http-media >=0.8.0.0 - , http-types >=0.12.3 - , hxt >=9.3.1.18 + , filepath >=1.4.2.1 + , foundation >=0.0.25 + , ghc-prim >=0.5.3 + , hedgehog >=1.0.1 + , hedgehog-quickcheck >=0.1.1 + , hsaml2 >=0.1 + , hspec >=2.7.1 + , hspec-wai >=0.9.0 + , http-media >=0.8.0.0 + , http-types >=0.12.3 + , hxt >=9.3.1.18 , hxt-regex-xmlschema , imports , invertible-hxt - , lens >=4.17.1 - , lens-datetime >=0.3 - , mtl >=2.2.2 - , network-uri >=2.6.1.0 + , lens >=4.17.1 + , lens-datetime >=0.3 + , mtl >=2.2.2 + , network-uri >=2.6.1.0 , openapi3 - , pretty-show >=1.9.5 - , process >=1.6.5.0 - , QuickCheck >=2.13.2 - , quickcheck-instances >=0.3.22 - , ram >=0.14.18 - , random >=1.1 + , pretty-show >=1.9.5 + , process >=1.6.5.0 + , QuickCheck >=2.13.2 + , quickcheck-instances >=0.3.22 + , ram >=0.14.18 + , random >=1.1 , schema-profunctor - , servant >=0.16.2 - , servant-multipart >=0.12 - , servant-server >=0.16.2 - , shelly >=1.8.1 - , silently >=1.2.5.1 - , string-conversions >=0.4.0.1 - , temporary >=1.3 - , text >=1.2.3.1 - , time >=1.8.0.2 - , time-hourglass >=0.2.12 + , servant >=0.16.2 + , servant-multipart >=0.12 + , servant-server >=0.16.2 + , shelly >=1.8.1 + , silently >=1.2.5.1 + , string-conversions >=0.4.0.1 + , temporary >=1.3 + , text >=1.2.3.1 + , time >=1.8.0.2 + , time-hourglass >=0.2.12 , tinylog - , transformers >=0.5.6.2 + , transformers >=0.5.6.2 , types-common - , uniplate >=1.6.12 - , uri-bytestring >=0.3.2.2 + , uniplate >=1.6.12 + , uri-bytestring >=0.3.2.2 , utf8-string - , uuid >=1.3.13 - , wai >=3.2.2.1 - , wai-extra >=3.0.28 + , uuid >=1.3.13 + , wai >=3.2.2.1 + , wai-extra >=3.0.28 , wai-utilities - , warp >=3.2.28 - , word8 >=0.1.3 - , xml-conduit >=1.8.0.1 - , xml-conduit-writer >=0.1.1.2 - , xml-hamlet >=0.5.0.1 - , xml-types >=0.3.6 - , yaml >=0.8.25.1 + , warp >=3.2.28 + , word8 >=0.1.3 + , xml-conduit >=1.8.0.1 + , xml-conduit-writer >=0.1.1.2 + , xml-hamlet >=0.5.0.1 + , xml-types >=0.3.6 + , yaml >=0.8.25.1 default-language: GHC2021 @@ -209,77 +209,77 @@ test-suite saml2-web-sso-tests -with-rtsopts=-N build-depends: - , aeson >=1.4.5.0 - , asn1-encoding >=0.9.6 - , asn1-parse >=0.9.5 - , base >=4.12.0.0 - , base64-bytestring >=1.0.0.2 - , binary >=0.8.6.0 - , bytestring >=0.10.8.2 - , case-insensitive >=1.2.1.0 - , containers >=0.6.0.1 - , cookie >=0.4.4 - , crypton >=0.30 - , crypton-asn1-types >=0.3.3 - , crypton-x509 >=1.7.5 - , data-default >=0.7.1.1 - , directory >=1.3.6.0 - , dns >=4.0.0 - , email-validate >=2.3.2.12 - , errors >=2.3.0 - , exceptions >=0.10.3 - , extra >=1.6.18 - , filepath >=1.4.2.1 - , foundation >=0.0.25 - , ghc-prim >=0.5.3 + , aeson >=1.4.5.0 + , asn1-parse >=0.9.5 + , base >=4.12.0.0 + , base64-bytestring >=1.0.0.2 + , binary >=0.8.6.0 + , bytestring >=0.10.8.2 + , case-insensitive >=1.2.1.0 + , containers >=0.6.0.1 + , cookie >=0.4.4 + , crypton >=0.30 + , crypton-asn1-encoding >=0.9.6 + , crypton-asn1-types >=0.3.3 + , crypton-x509 >=1.7.5 + , data-default >=0.7.1.1 + , directory >=1.3.6.0 + , dns >=4.0.0 + , email-validate >=2.3.2.12 + , errors >=2.3.0 + , exceptions >=0.10.3 + , extra >=1.6.18 + , filepath >=1.4.2.1 + , foundation >=0.0.25 + , ghc-prim >=0.5.3 , hedgehog - , hedgehog-quickcheck >=0.1.1 - , hsaml2 >=0.1 - , hspec >=2.7.1 + , hedgehog-quickcheck >=0.1.1 + , hsaml2 >=0.1 + , hspec >=2.7.1 , hspec-core , hspec-discover - , hspec-wai >=0.9.0 - , http-media >=0.8.0.0 - , http-types >=0.12.3 - , hxt >=9.3.1.18 + , hspec-wai >=0.9.0 + , http-media >=0.8.0.0 + , http-types >=0.12.3 + , hxt >=9.3.1.18 , imports - , lens >=4.17.1 - , lens-datetime >=0.3 - , mtl >=2.2.2 - , network-uri >=2.6.1.0 + , lens >=4.17.1 + , lens-datetime >=0.3 + , mtl >=2.2.2 + , network-uri >=2.6.1.0 , pretty-show - , process >=1.6.5.0 - , QuickCheck >=2.13.2 - , quickcheck-instances >=0.3.22 - , ram >=0.14.18 - , random >=1.1 + , process >=1.6.5.0 + , QuickCheck >=2.13.2 + , quickcheck-instances >=0.3.22 + , ram >=0.14.18 + , random >=1.1 , saml2-web-sso , schema-profunctor - , servant >=0.16.2 - , servant-multipart >=0.12 - , servant-server >=0.16.2 - , shelly >=1.8.1 - , silently >=1.2.5.1 - , string-conversions >=0.4.0.1 - , temporary >=1.3 - , text >=1.2.3.1 - , time >=1.8.0.2 - , time-hourglass >=0.2.12 + , servant >=0.16.2 + , servant-multipart >=0.12 + , servant-server >=0.16.2 + , shelly >=1.8.1 + , silently >=1.2.5.1 + , string-conversions >=0.4.0.1 + , temporary >=1.3 + , text >=1.2.3.1 + , time >=1.8.0.2 + , time-hourglass >=0.2.12 , tinylog - , transformers >=0.5.6.2 + , transformers >=0.5.6.2 , types-common - , uniplate >=1.6.12 - , uri-bytestring >=0.3.2.2 + , uniplate >=1.6.12 + , uri-bytestring >=0.3.2.2 , utf8-string - , uuid >=1.3.13 - , wai >=3.2.2.1 - , wai-extra >=3.0.28 - , warp >=3.2.28 - , word8 >=0.1.3 - , xml-conduit >=1.8.0.1 - , xml-conduit-writer >=0.1.1.2 - , xml-hamlet >=0.5.0.1 - , xml-types >=0.3.6 - , yaml >=0.8.25.1 + , uuid >=1.3.13 + , wai >=3.2.2.1 + , wai-extra >=3.0.28 + , warp >=3.2.28 + , word8 >=0.1.3 + , xml-conduit >=1.8.0.1 + , xml-conduit-writer >=0.1.1.2 + , xml-hamlet >=0.5.0.1 + , xml-types >=0.3.6 + , yaml >=0.8.25.1 default-language: GHC2021 diff --git a/libs/wire-api/default.nix b/libs/wire-api/default.nix index 5b7be3d6549..90c43298786 100644 --- a/libs/wire-api/default.nix +++ b/libs/wire-api/default.nix @@ -8,7 +8,6 @@ , aeson-pretty , aeson-qq , amqp -, asn1-encoding , async , attoparsec , barbies @@ -30,6 +29,7 @@ , containers , cookie , crypton +, crypton-asn1-encoding , crypton-x509 , currency-codes , data-default @@ -132,7 +132,6 @@ mkDerivation { libraryHaskellDepends = [ aeson amqp - asn1-encoding attoparsec barbies base @@ -152,6 +151,7 @@ mkDerivation { containers cookie crypton + crypton-asn1-encoding crypton-x509 currency-codes data-default diff --git a/libs/wire-api/wire-api.cabal b/libs/wire-api/wire-api.cabal index a5c7376d264..274fd5587bf 100644 --- a/libs/wire-api/wire-api.cabal +++ b/libs/wire-api/wire-api.cabal @@ -283,7 +283,6 @@ library build-depends: , aeson >=2.0.1.0 , amqp - , asn1-encoding , attoparsec >=0.10 , barbies , base >=4 && <5 @@ -303,6 +302,7 @@ library , containers >=0.5 , cookie , crypton + , crypton-asn1-encoding , crypton-x509 , currency-codes >=2.0 , data-default diff --git a/libs/wire-subsystems/default.nix b/libs/wire-subsystems/default.nix index 6b11afea20f..50b26ec421f 100644 --- a/libs/wire-subsystems/default.nix +++ b/libs/wire-subsystems/default.nix @@ -11,7 +11,6 @@ , amazonka-ses , amazonka-sqs , amqp -, asn1-encoding , async , attoparsec , base @@ -32,6 +31,7 @@ , cookie , cql , crypton +, crypton-asn1-encoding , crypton-asn1-types , crypton-pem , crypton-x509 @@ -152,7 +152,6 @@ mkDerivation { amazonka-ses amazonka-sqs amqp - asn1-encoding async attoparsec base @@ -173,6 +172,7 @@ mkDerivation { cookie cql crypton + crypton-asn1-encoding crypton-asn1-types crypton-pem crypton-x509 @@ -281,7 +281,6 @@ mkDerivation { amazonka-ses amazonka-sqs amqp - asn1-encoding async attoparsec base @@ -301,6 +300,7 @@ mkDerivation { cookie cql crypton + crypton-asn1-encoding crypton-asn1-types crypton-pem crypton-x509 diff --git a/libs/wire-subsystems/wire-subsystems.cabal b/libs/wire-subsystems/wire-subsystems.cabal index c3fe8097a84..680a8e71519 100644 --- a/libs/wire-subsystems/wire-subsystems.cabal +++ b/libs/wire-subsystems/wire-subsystems.cabal @@ -91,7 +91,6 @@ common common-all , amazonka-ses , amazonka-sqs , amqp - , asn1-encoding , async , attoparsec , base @@ -111,6 +110,7 @@ common common-all , cookie , cql , crypton + , crypton-asn1-encoding , crypton-asn1-types , crypton-pem , currency-codes From 00cb7edd1b84cc6b7c44f1891003fb8f10a64578 Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Tue, 23 Jun 2026 16:59:01 +0200 Subject: [PATCH 6/9] brig: Adapt for new version of jose --- services/brig/src/Brig/API/OAuth.hs | 4 ++-- services/brig/test/integration/API/OAuth.hs | 6 +++--- services/brig/test/integration/API/User/Client.hs | 12 ++++++------ 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/services/brig/src/Brig/API/OAuth.hs b/services/brig/src/Brig/API/OAuth.hs index 8738656b71b..b84df3d0a62 100644 --- a/services/brig/src/Brig/API/OAuth.hs +++ b/services/brig/src/Brig/API/OAuth.hs @@ -313,7 +313,7 @@ createAccessToken key uid cid scope = do doSignClaims :: IO (Either JWTError SignedJWT) doSignClaims = runJOSE $ do algo <- bestJWSAlg key - signJWT key (newJWSHeader ((), algo)) claims + signJWT key (newJWSHeaderProtected algo) claims signRefreshToken :: ClaimsSet -> (Handler r) SignedJWT signRefreshToken claims = do @@ -323,7 +323,7 @@ createAccessToken key uid cid scope = do doSignClaims :: IO (Either JWTError SignedJWT) doSignClaims = runJOSE $ do algo <- bestJWSAlg key - signClaims key (newJWSHeader ((), algo)) claims + signClaims key (newJWSHeaderProtected algo) claims revokeRefreshToken :: (Member Jwk r) => OAuthRevokeRefreshTokenRequest -> (Handler r) () revokeRefreshToken req = do diff --git a/services/brig/test/integration/API/OAuth.hs b/services/brig/test/integration/API/OAuth.hs index 894a6a8f4be..4f245f776d8 100644 --- a/services/brig/test/integration/API/OAuth.hs +++ b/services/brig/test/integration/API/OAuth.hs @@ -44,7 +44,7 @@ import Brig.Options qualified as Opt import Cassandra qualified as C import Control.Lens import Control.Monad.Catch (MonadCatch) -import Crypto.JOSE (JOSE, JWK, bestJWSAlg, newJWSHeader, runJOSE) +import Crypto.JOSE (JOSE, JWK, bestJWSAlg, newJWSHeaderProtected, runJOSE) import Crypto.JWT (Audience (Audience), ClaimsSet, JWTError, NumericDate (NumericDate), SignedJWT, claimAud, claimExp, claimIat, claimIss, claimSub, defaultJWTValidationSettings, emptyClaimsSet, signClaims, signJWT, stringOrUri, verifyClaims) import Data.Aeson qualified as A import Data.ByteString.Char8 qualified as BS @@ -823,7 +823,7 @@ signAccessToken key claims = do doSignClaims :: IO (Either JWTError SignedJWT) doSignClaims = runJOSE $ do algo <- bestJWSAlg key - signJWT key (newJWSHeader ((), algo)) claims + signJWT key (newJWSHeaderProtected algo) claims signRefreshToken :: JWK -> ClaimsSet -> IO SignedJWT signRefreshToken key claims = do @@ -833,7 +833,7 @@ signRefreshToken key claims = do doSignClaims :: IO (Either JWTError SignedJWT) doSignClaims = runJOSE $ do algo <- bestJWSAlg key - signClaims key (newJWSHeader ((), algo)) claims + signClaims key (newJWSHeaderProtected algo) claims badKey :: JWK badKey = do diff --git a/services/brig/test/integration/API/User/Client.hs b/services/brig/test/integration/API/User/Client.hs index 917c42cef19..61d06eaf1a1 100644 --- a/services/brig/test/integration/API/User/Client.hs +++ b/services/brig/test/integration/API/User/Client.hs @@ -1487,18 +1487,18 @@ testCreateAccessToken opts n brig = do _signProof claims = runJOSE $ do algo <- bestJWSAlg jwkKey let h = - newJWSHeader ((), algo) - & (jwk ?~ HeaderParam () jwkPubKey) - & (typ ?~ HeaderParam () "dpop+jwt") + newJWSHeaderProtected algo + & (jwk ?~ HeaderParam RequiredProtection jwkPubKey) + & (typ ?~ HeaderParam RequiredProtection "dpop+jwt") signJWT jwkKey h claims signProofEcdsaP256 :: DPoPClaimsSet -> IO (Either JWTError SignedJWT) signProofEcdsaP256 claims = runJOSE $ do algo <- bestJWSAlg jwkKeyBundleEcdsaP256 let h = - newJWSHeader ((), algo) - & (jwk ?~ HeaderParam () jwkPublicKeyEcdsaP256) - & (typ ?~ HeaderParam () "dpop+jwt") + newJWSHeaderProtected algo + & (jwk ?~ HeaderParam RequiredProtection jwkPublicKeyEcdsaP256) + & (typ ?~ HeaderParam RequiredProtection "dpop+jwt") signJWT jwkKeyBundleEcdsaP256 h claims jwkKey :: JWK From 40b4ea7706e06d848e20430b4811a4e3039a55d7 Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Tue, 23 Jun 2026 17:21:25 +0200 Subject: [PATCH 7/9] asn1-parse -> cryton-asn1-parse --- libs/saml2-web-sso/default.nix | 6 +++--- libs/saml2-web-sso/saml2-web-sso.cabal | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/libs/saml2-web-sso/default.nix b/libs/saml2-web-sso/default.nix index 16907ba918a..c2cf3618c36 100644 --- a/libs/saml2-web-sso/default.nix +++ b/libs/saml2-web-sso/default.nix @@ -4,7 +4,6 @@ # dependencies are added or removed. { mkDerivation , aeson -, asn1-parse , base , base64-bytestring , binary @@ -14,6 +13,7 @@ , cookie , crypton , crypton-asn1-encoding +, crypton-asn1-parse , crypton-asn1-types , crypton-x509 , data-default @@ -87,7 +87,6 @@ mkDerivation { src = ./.; libraryHaskellDepends = [ aeson - asn1-parse base base64-bytestring binary @@ -97,6 +96,7 @@ mkDerivation { cookie crypton crypton-asn1-encoding + crypton-asn1-parse crypton-asn1-types crypton-x509 data-default @@ -163,7 +163,6 @@ mkDerivation { ]; testHaskellDepends = [ aeson - asn1-parse base base64-bytestring binary @@ -173,6 +172,7 @@ mkDerivation { cookie crypton crypton-asn1-encoding + crypton-asn1-parse crypton-asn1-types crypton-x509 data-default diff --git a/libs/saml2-web-sso/saml2-web-sso.cabal b/libs/saml2-web-sso/saml2-web-sso.cabal index 9d012a9ddd9..5959492d602 100644 --- a/libs/saml2-web-sso/saml2-web-sso.cabal +++ b/libs/saml2-web-sso/saml2-web-sso.cabal @@ -81,7 +81,6 @@ library build-depends: , aeson >=1.4.5.0 - , asn1-parse >=0.9.5 , base >=4.12.0.0 , base64-bytestring >=1.0.0.2 , binary >=0.8.6.0 @@ -91,6 +90,7 @@ library , cookie >=0.4.4 , crypton >=0.30 , crypton-asn1-encoding >=0.9.6 + , crypton-asn1-parse >=0.9.5 , crypton-asn1-types >=0.3.3 , crypton-x509 >=1.7.5 , data-default >=0.7.1.1 @@ -210,7 +210,6 @@ test-suite saml2-web-sso-tests build-depends: , aeson >=1.4.5.0 - , asn1-parse >=0.9.5 , base >=4.12.0.0 , base64-bytestring >=1.0.0.2 , binary >=0.8.6.0 @@ -220,6 +219,7 @@ test-suite saml2-web-sso-tests , cookie >=0.4.4 , crypton >=0.30 , crypton-asn1-encoding >=0.9.6 + , crypton-asn1-parse >=0.9.5 , crypton-asn1-types >=0.3.3 , crypton-x509 >=1.7.5 , data-default >=0.7.1.1 From d20fbae45647d2275a8d1ceb8dc28437fafd1686 Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Tue, 23 Jun 2026 17:21:45 +0200 Subject: [PATCH 8/9] pem -> crypton-pem --- libs/types-common/default.nix | 4 ++-- libs/types-common/types-common.cabal | 2 +- libs/wire-api/default.nix | 6 +++--- libs/wire-api/wire-api.cabal | 4 ++-- services/brig/brig.cabal | 2 +- services/brig/default.nix | 4 ++-- services/federator/default.nix | 4 ++-- services/federator/federator.cabal | 2 +- services/galley/default.nix | 4 ++-- services/galley/galley.cabal | 2 +- 10 files changed, 17 insertions(+), 17 deletions(-) diff --git a/libs/types-common/default.nix b/libs/types-common/default.nix index 106a1c2cb78..1709d719291 100644 --- a/libs/types-common/default.nix +++ b/libs/types-common/default.nix @@ -18,6 +18,7 @@ , cryptohash-md5 , cryptohash-sha1 , crypton +, crypton-pem , currency-codes , email-validate , generic-random @@ -33,7 +34,6 @@ , mime , openapi3 , optparse-applicative -, pem , polysemy , polysemy-time , protobuf @@ -79,6 +79,7 @@ mkDerivation { cryptohash-md5 cryptohash-sha1 crypton + crypton-pem currency-codes email-validate generic-random @@ -93,7 +94,6 @@ mkDerivation { mime openapi3 optparse-applicative - pem polysemy polysemy-time protobuf diff --git a/libs/types-common/types-common.cabal b/libs/types-common/types-common.cabal index 31ef91e6d86..e2249067182 100644 --- a/libs/types-common/types-common.cabal +++ b/libs/types-common/types-common.cabal @@ -109,6 +109,7 @@ library , cryptohash-md5 >=0.11.7.2 , cryptohash-sha1 >=0.11.7.2 , crypton >=0.26 + , crypton-pem , currency-codes >=3.0.0.1 , email-validate , generic-random >=1.4.0.0 @@ -123,7 +124,6 @@ library , mime >=0.4.0.2 , openapi3 , optparse-applicative >=0.10 - , pem , polysemy , polysemy-time , protobuf >=0.2 diff --git a/libs/wire-api/default.nix b/libs/wire-api/default.nix index 90c43298786..5671728c638 100644 --- a/libs/wire-api/default.nix +++ b/libs/wire-api/default.nix @@ -30,6 +30,7 @@ , cookie , crypton , crypton-asn1-encoding +, crypton-pem , crypton-x509 , currency-codes , data-default @@ -68,7 +69,6 @@ , mtl , network-uri , openapi3 -, pem , polysemy , polysemy-wire-zoo , process @@ -152,6 +152,7 @@ mkDerivation { cookie crypton crypton-asn1-encoding + crypton-pem crypton-x509 currency-codes data-default @@ -186,7 +187,6 @@ mkDerivation { mtl network-uri openapi3 - pem polysemy polysemy-wire-zoo profunctors @@ -250,6 +250,7 @@ mkDerivation { cassava containers crypton + crypton-pem currency-codes filepath hex @@ -263,7 +264,6 @@ mkDerivation { lens metrics-wai openapi3 - pem process proto-lens QuickCheck diff --git a/libs/wire-api/wire-api.cabal b/libs/wire-api/wire-api.cabal index 274fd5587bf..1ef9703bef6 100644 --- a/libs/wire-api/wire-api.cabal +++ b/libs/wire-api/wire-api.cabal @@ -303,6 +303,7 @@ library , cookie , crypton , crypton-asn1-encoding + , crypton-pem >=0.2 , crypton-x509 , currency-codes >=2.0 , data-default @@ -337,7 +338,6 @@ library , mtl , network-uri , openapi3 - , pem >=0.2 , polysemy , polysemy-wire-zoo , profunctors @@ -674,13 +674,13 @@ test-suite wire-api-golden-tests , bytestring , bytestring-conversion , containers >=0.5 + , crypton-pem , currency-codes , http-api-data , imports , iso3166-country-codes , iso639 , lens - , pem , proto-lens , saml2-web-sso , string-conversions diff --git a/services/brig/brig.cabal b/services/brig/brig.cabal index dbff947c038..2f7ab0b0789 100644 --- a/services/brig/brig.cabal +++ b/services/brig/brig.cabal @@ -392,6 +392,7 @@ executable brig-integration , cassandra-util , containers , cookie + , crypton-pem , data-default , data-timeout , email-validate @@ -421,7 +422,6 @@ executable brig-integration , network , network-uri , optparse-applicative - , pem , pipes , polysemy , polysemy-wire-zoo diff --git a/services/brig/default.nix b/services/brig/default.nix index 647ca2e23f8..4ccc141c029 100644 --- a/services/brig/default.nix +++ b/services/brig/default.nix @@ -28,6 +28,7 @@ , containers , cookie , crypton +, crypton-pem , currency-codes , data-default , data-timeout @@ -80,7 +81,6 @@ , network-uri , openapi3 , optparse-applicative -, pem , pipes , polysemy , polysemy-conc @@ -277,6 +277,7 @@ mkDerivation { cassandra-util containers cookie + crypton-pem data-default data-timeout email-validate @@ -306,7 +307,6 @@ mkDerivation { network network-uri optparse-applicative - pem pipes polysemy polysemy-wire-zoo diff --git a/services/federator/default.nix b/services/federator/default.nix index 5c6a9f429d2..fa8eac96bda 100644 --- a/services/federator/default.nix +++ b/services/federator/default.nix @@ -13,6 +13,7 @@ , containers , crypton , crypton-connection +, crypton-pem , crypton-x509 , crypton-x509-validation , data-default @@ -42,7 +43,6 @@ , mtl , network , optparse-applicative -, pem , polysemy , polysemy-wire-zoo , prometheus-client @@ -87,6 +87,7 @@ mkDerivation { bytestring bytestring-conversion containers + crypton-pem crypton-x509 crypton-x509-validation data-default @@ -110,7 +111,6 @@ mkDerivation { metrics-wai mtl network - pem polysemy polysemy-wire-zoo prometheus-client diff --git a/services/federator/federator.cabal b/services/federator/federator.cabal index 6194c6020b1..872f9911236 100644 --- a/services/federator/federator.cabal +++ b/services/federator/federator.cabal @@ -112,6 +112,7 @@ library , bytestring , bytestring-conversion , containers + , crypton-pem , crypton-x509 , crypton-x509-validation , data-default @@ -135,7 +136,6 @@ library , metrics-wai , mtl , network - , pem , polysemy , polysemy-wire-zoo , prometheus-client diff --git a/services/galley/default.nix b/services/galley/default.nix index 1da0130827f..8ab0f4c24c8 100644 --- a/services/galley/default.nix +++ b/services/galley/default.nix @@ -21,6 +21,7 @@ , conduit , containers , cookie +, crypton-pem , currency-codes , data-default , data-timeout @@ -53,7 +54,6 @@ , network , network-uri , optparse-applicative -, pem , polysemy , polysemy-conc , polysemy-plugin @@ -198,6 +198,7 @@ mkDerivation { conduit containers cookie + crypton-pem currency-codes data-default data-timeout @@ -222,7 +223,6 @@ mkDerivation { network network-uri optparse-applicative - pem process proto-lens protobuf diff --git a/services/galley/galley.cabal b/services/galley/galley.cabal index 76092c1fd06..2ecfe746462 100644 --- a/services/galley/galley.cabal +++ b/services/galley/galley.cabal @@ -365,6 +365,7 @@ executable galley-integration , cereal , containers , cookie + , crypton-pem , currency-codes , data-default , data-timeout @@ -389,7 +390,6 @@ executable galley-integration , network , network-uri , optparse-applicative - , pem , process , proto-lens , protobuf From a1a373374bf976071607d56882f77167d7f00f69 Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Wed, 24 Jun 2026 14:30:09 +0200 Subject: [PATCH 9/9] brig-integration: Ignore SMTPExceptions that happen during graceful termination of the connection Looks like on client timeout, the connection still gets terminated gracefully, which fails because the server eventually responds with the correct code for the data that the client sent before timing out. --- libs/wire-subsystems/src/Wire/EmailSending/SMTP.hs | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/libs/wire-subsystems/src/Wire/EmailSending/SMTP.hs b/libs/wire-subsystems/src/Wire/EmailSending/SMTP.hs index 5c71f8a2c84..f76d0478579 100644 --- a/libs/wire-subsystems/src/Wire/EmailSending/SMTP.hs +++ b/libs/wire-subsystems/src/Wire/EmailSending/SMTP.hs @@ -105,7 +105,7 @@ initSMTP' timeoutDuration lg host port credentials connType = do catch ( logExceptionOrResult lg - ("Checking test connection to " ++ unpack host ++ " on startup") + ("Checking test connection to " ++ unpack host ++ ":" ++ show port ++ " on startup") establishConnection ) ( \(e :: SomeException) -> do @@ -155,7 +155,7 @@ initSMTP' timeoutDuration lg host port credentials connType = do create = logExceptionOrResult lg - ("Creating pooled SMTP connection to " ++ unpack host) + ("Creating pooled SMTP connection to " ++ unpack host ++ ":" ++ show port) establishConnection -- NOTE: because `Data.Pool` masks the async exceptions for the resource deallocation function, @@ -166,9 +166,11 @@ initSMTP' timeoutDuration lg host port credentials connType = do withAsyncWithUnmask do \unmask -> do - logExceptionOrResult lg ("Closing pooled SMTP connection to " ++ unpack host) $ + logExceptionOrResult lg ("Closing pooled SMTP connection to " ++ unpack host ++ ":" ++ show port) $ unmask do - ensureTimeout $ SMTP.gracefullyCloseSMTP c + ensureTimeout $ + SMTP.gracefullyCloseSMTP c + `catch` (\(_ :: SMTP.SMTPException) -> pure ()) do wait logExceptionOrResult :: (MonadIO m, MonadCatch m) => Logger -> String -> m a -> m a