From ffe4ea130279d10bdb988f60ebee6669ceeddbe7 Mon Sep 17 00:00:00 2001
From: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Date: Wed, 6 Sep 2023 14:34:01 +0100
Subject: Update rust in flake.nix: 1.70.0 -> 1.71.1 to address CVE-2023-38497
 (#16260)

---
 flake.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'flake.nix')

diff --git a/flake.nix b/flake.nix
index b89b6d9218..dc7ab5b3fe 100644
--- a/flake.nix
+++ b/flake.nix
@@ -82,7 +82,7 @@
                   #
                   # NOTE: We currently need to set the Rust version unnecessarily high
                   # in order to work around https://github.com/matrix-org/synapse/issues/15939
-                  (rust-bin.stable."1.70.0".default.override {
+                  (rust-bin.stable."1.71.1".default.override {
                     # Additionally install the "rust-src" extension to allow diving into the
                     # Rust source code in an IDE (rust-analyzer will also make use of it).
                     extensions = [ "rust-src" ];
-- 
cgit 1.5.1


From 35934b02a98cbb44ba310707a72e55bc4a5c7f0a Mon Sep 17 00:00:00 2001
From: reivilibre <oliverw@matrix.org>
Date: Wed, 6 Sep 2023 13:35:02 +0000
Subject: Add GCC and GNU Make to the Nix flake development environment so that
 `ruff` can be compiled. (#16090)

* Add gcc and GNU make to the Nix flake

* Newsfile

Signed-off-by: Olivier Wilkinson (reivilibre) <oliverw@matrix.org>

* unset LD_LIBRARY_PATH

---------

Signed-off-by: Olivier Wilkinson (reivilibre) <oliverw@matrix.org>
---
 changelog.d/16090.misc |  1 +
 flake.nix              | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 changelog.d/16090.misc

(limited to 'flake.nix')

diff --git a/changelog.d/16090.misc b/changelog.d/16090.misc
new file mode 100644
index 0000000000..d54ef936c7
--- /dev/null
+++ b/changelog.d/16090.misc
@@ -0,0 +1 @@
+Add GCC and GNU Make to the Nix flake development environment so that `ruff` can be compiled.
\ No newline at end of file
diff --git a/flake.nix b/flake.nix
index dc7ab5b3fe..69c9c19f89 100644
--- a/flake.nix
+++ b/flake.nix
@@ -89,6 +89,10 @@
                   })
                   # The rust-analyzer language server implementation.
                   rust-analyzer
+                  # GCC includes a linker; needed for building `ruff`
+                  gcc
+                  # Needed for building `ruff`
+                  gnumake
 
                   # Native dependencies for running Synapse.
                   icu
@@ -236,6 +240,19 @@
                   URI
                   YAMLLibYAML
                 ]}";
+
+                # Clear the LD_LIBRARY_PATH environment variable on shell init.
+                #
+                # By default, devenv will set LD_LIBRARY_PATH to point to .devenv/profile/lib. This causes
+                # issues when we include `gcc` as a dependency to build C libraries, as the version of glibc
+                # that the development environment's cc compiler uses may differ from that of the system.
+                #
+                # When LD_LIBRARY_PATH is set, system tools will attempt to use the development environment's
+                # libraries. Which, when built against an different glibc version lead, to "version 'GLIBC_X.YY' not
+                # found" errors.
+                enterShell = ''
+                  unset LD_LIBRARY_PATH
+                '';
               }
             ];
           };
-- 
cgit 1.5.1


From 51303035f2366d60772473f42c64ae6cad6684d0 Mon Sep 17 00:00:00 2001
From: reivilibre <oliverw@matrix.org>
Date: Wed, 6 Sep 2023 15:15:56 +0000
Subject: Apply missed suggestions from the review of #16090. (#16263)

* Suggestions from PR

* Newsfile

Signed-off-by: Olivier Wilkinson (reivilibre) <oliverw@matrix.org>

---------

Signed-off-by: Olivier Wilkinson (reivilibre) <oliverw@matrix.org>
---
 changelog.d/16263.misc | 1 +
 flake.nix              | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)
 create mode 100644 changelog.d/16263.misc

(limited to 'flake.nix')

diff --git a/changelog.d/16263.misc b/changelog.d/16263.misc
new file mode 100644
index 0000000000..d54ef936c7
--- /dev/null
+++ b/changelog.d/16263.misc
@@ -0,0 +1 @@
+Add GCC and GNU Make to the Nix flake development environment so that `ruff` can be compiled.
\ No newline at end of file
diff --git a/flake.nix b/flake.nix
index 69c9c19f89..31f2832939 100644
--- a/flake.nix
+++ b/flake.nix
@@ -89,6 +89,7 @@
                   })
                   # The rust-analyzer language server implementation.
                   rust-analyzer
+
                   # GCC includes a linker; needed for building `ruff`
                   gcc
                   # Needed for building `ruff`
@@ -248,8 +249,8 @@
                 # that the development environment's cc compiler uses may differ from that of the system.
                 #
                 # When LD_LIBRARY_PATH is set, system tools will attempt to use the development environment's
-                # libraries. Which, when built against an different glibc version lead, to "version 'GLIBC_X.YY' not
-                # found" errors.
+                # libraries. Which, when built against a different glibc version lead, to "version 'GLIBC_X.YY'
+                # not found" errors.
                 enterShell = ''
                   unset LD_LIBRARY_PATH
                 '';
-- 
cgit 1.5.1