Negative reasoning like `allBut` is a bad idea with an open world of
platforms. Concretely, if we add a new, quite different sort of
platform, existing packages with `allBut` will claim they work on it
even though they probably won't.
Adding ldns builds additional plugins for rewriting DNS queries,
such as blocking and forwarding.
For example, to use a custom domain blocklist, you can do
```nix
let
myBlockListFile = writeText "blocked-domains" ''
*.example.com
'';
in
{
services.dnscrypt-proxy.extraArgs = [
"-X libdcplugin_example_ldns_blocking.so,--domains=${myBlockListFile}"
];
}
```
The darwin build has been broken for a long time and I'm unable to
properly debug the issue.
What appears to be happening is that the symbol `HAVE_SANDBOX_INIT` ends
up being defined as 1 while `HAVE_SANDBOX_H` ends up being 0, resulting in
undefined reference errors when `sandbox_init()` is called (because
`<sandbox.h>` is not included first).
This is a regression from dnscrypt-proxy 1.6.0 to 1.6.1.
For context, sandbox.h is a deprecated OSX mechanism for sandboxing.
The build failure is at
https://hydra.nixos.org/build/32705849/nixlog/1/raw
This patch closesNixOS/nixpkgs#14064
