Migrate to tar-0.6

[Bodigrim]

Closes #1277.

[Bodigrim]

Could someone help me out with Nix Flake please? Never used Nix in my life unfortunately.

[peterbecich]

Fixing it, will append a commit to this PR, sorry for the inconvenience

[peterbecich]

I think it is fixed. Pardon the git rebase. It was fixed by nix flake update and other tweaks to the Flake so nix flake update would succeed: #1285

Your addition to the Flake tar.source = "0.6.0" was correct; however, the Flake was too far behind NixPkgs for this to work, and the other constraints in the Flake may have also caused issues.

This is effectively the same as tar.source = "0.6.0"

hackage-server/flake.nix

Lines 34 to 36 in 6b71d16

	# https://community.flake.parts/haskell-flake/dependency#nixpkgs
	tar = { super, ... }:
	{ custom = _: super.tar_0_6_0_0; };

but it will pull the library from NixPkgs instead of building it from Hackage, if possible.

[Bodigrim]

Thanks @peterbecich!

@gbaz @ysangkok @andreasabel this is ready for review.

[andreasabel]

Thanks for the upgrade!

[andreasabel]

Can we get a test case that triggers this error?

Could be not easy to engineer, but it is good to have evidence for every error that it is possible to trigger.

[Bodigrim]

Are there tests for pre-existing errors somewhere? I can add a new one there.

This is a rare condition though: one has to have an intent to craft a malicious TAR, you cannot obtain one by mistake.

[andreasabel]

Are there tests for pre-existing errors somewhere? I can add a new one there.

Yeah, that is the usual problem: There aren't enough tests to start with, so there isn't a good pretext to add some for new or changed features. One can't require adding a test infrastructure for a maintenance PR like this.

[Bodigrim]

@gbaz @ysangkok any more reviews? Or are you happy to merge?

[ysangkok]

Looks ok to me. Happy to merge.