The `overrideScope` bound by `makeScope` (via special `callPackage`)
took an override in the form `super: self { … }`. But this is
dangerously close to the `self: super { … }` form used by *everything*
else, even other definitions of `overrideScope`! Since that
implementation did not even share any code either until I changed it
recently in 3cf43547f4, this inconsistency
is almost certainly an oversight and not intentional.
Unfortunately, just as the inconstency is hard to debug if one just
assumes the conventional order, any sudden fix would break existing
overrides in the same hard-to-debug way. So instead of changing the
definition a new `overrideScope'` with the conventional order is added,
and old `overrideScope` deprecated with a warning saying to use
`overrideScope'` instead. That will hopefully get people to stop using
`overrideScope`, freeing our hand to change or remove it in the future.
Most importantly, this sets PrivateTmp, ProtectHome, and ProtectSystem
so that Chrony flaws are mitigated, should they occur.
Moving to ProtectSystem=full however, requires moving the chrony key
files under /var/lib/chrony -- which should be fine, anyway.
This also ensures ConditionCapability=CAP_SYS_TIME is set, ensuring
that chronyd will only be launched in an environment where such a
capability can be granted.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
nfs-utils had a dependency on gcc through
etc/systemd/system-generators/*-server-generator. It was not stripped
correctly because it’s not in an expected path. This adds it to the
strip list.
or else at least the following config will fail with an evaluation error
instead of an assert
```
{
services.nixosManual.enable = false;
services.nixosManual.showManual = true;
}
```
Update to the latest release.
Highlights for c-lightning users
--------------------------------
- Less stuck payments: Liveness ping test before locking up funds with peers.
- Better routing: now considers size of channels.
- Fewer spurious closes: fee estimate improvements, and new feerates command
- Several annoying bugs fixed.
Highlights for the network
--------------------------
- Gossipd now less spammy with channel_update.
- option_data_loss_protect to protect peers against being out-of-date.
- Payment errors now refer to the correct channel.
Internal Improvements
---------------------
- Simplified client flow; after init message exchange by connectd, each is
isolated in its own daemon.
- JSON parameter handling vastly simplfied.
- Python testing framework now uses proper fixtures, and split into separate
files.
- Many other cleanups and clarifications.
- We keepachangelog.com!
Signed-off-by: William Casarin <jb55@jb55.com>