We were packaging ydiff twice!
In this patch, I've merged the two expressions into one, trying to
take the best of each. ydiff (top-level) didn't support being used as
a Python library, which is required by one other package (patroni), so
I chose gitAndTools.ydiff as the starting point, then moved in the
longDescription from the top-level one, as well as the code used to
run the tests.
While I was there, I fixed the tests, which were intended to be run by
the top-level ydiff but actually were not, because unlike mkDerivation
buildPythonApplication will not run `make test' by default.
Also, top-level ydiff previously propagated less and patchutils,
meaning they'd have been installed globally instead of just referenced
by ydiff. gitAndTools.ydiff just did nothing. Both also expected to
find git, hg, and svn in the environment, which was impure. So now
all these programs are referenced by store path from ydiff, for
purity.
Now that smtp_tls_security_level is using mkDefault, and therefore can
be overridden, there's no need for an option for overriding it to a
specific value.
I run Postfix on my workstation as a smarthost, where it only ever
talks to my SMTP server. Because I know it'll only ever connect to
this server, and because I know this server supports TLS, I'd like to
set smtp_tls_security_level to "encrypt" so Postfix won't fall back to
an unencrypted connection.
By default, `dhall-docs` uses the name of the input directory
as the initial component of the documentation header. However,
since the input directory is built using Nix the header contains
the Nix store hash in the name, which then appears in the
generated documentation.
The fix is to override this default behavior by supplying the
`--package-name` flag to `dhall-docs`.
With libcap 2.41 the output of cap_to_text changed, also the original
author of code hoped that this would never happen.
To counter this now the security-wrapper only relies on the syscall
ABI, which is more stable and robust than string parsing. If new
breakages occur this will be more obvious because version numbers will
be incremented.
Furthermore all errors no make execution explicitly fail instead of
hiding errors behind debug environment variables and the code style was
more consistent with no goto fail; goto fail; vulnerabilities (https://gotofail.com/)
