From cd5c7c0ee6ccfa1c1b3b9b0831604bc180cee4b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <v@cunat.cz>
Date: Thu, 12 Nov 2020 19:16:04 +0100
Subject: [PATCH] knot-resolver: drop capabilities after startup

By default.  I forgot to add this a long time ago.
The difference in runtime closure is really tiny (232 KiB by du).
---
 pkgs/servers/dns/knot-resolver/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/dns/knot-resolver/default.nix b/pkgs/servers/dns/knot-resolver/default.nix
index f7a07acf04b..cdbdbdc56eb 100644
--- a/pkgs/servers/dns/knot-resolver/default.nix
+++ b/pkgs/servers/dns/knot-resolver/default.nix
@@ -3,7 +3,7 @@
 , runCommand, pkgconfig, meson, ninja, makeWrapper
 # build+runtime deps.
 , knot-dns, luajitPackages, libuv, gnutls, lmdb, systemd, dns-root-data
-, nghttp2
+, nghttp2, libcap_ng # optionals, in principle
 # test-only deps.
 , cmocka, which, cacert
 , extraFeatures ? false /* catch-all if defaults aren't enough */
@@ -55,7 +55,7 @@ unwrapped = stdenv.mkDerivation rec {
   # http://knot-resolver.readthedocs.io/en/latest/build.html#requirements
   buildInputs = [ knot-dns lua.lua libuv gnutls lmdb ]
     ++ optional stdenv.isLinux systemd # passing sockets, sd_notify
-    ++ [ nghttp2 ]
+    ++ [ nghttp2 libcap_ng ]
     ## optional dependencies; TODO: libedit, dnstap
     ;