Merge branch 'allow-import-from-derivation' of https://github.com/shlevy/nix

This commit is contained in:
Eelco Dolstra 2017-03-09 13:36:30 +01:00
commit 86227390c5
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
4 changed files with 17 additions and 0 deletions

View file

@ -644,6 +644,16 @@ password <replaceable>my-password</replaceable>
</varlistentry> </varlistentry>
<varlistentry xml:id="conf-allow-import-from-derivation"><term><literal>allow-import-from-derivation</literal></term>
<listitem><para>By default, nix allows you to <function>import</function> from a derivation,
allowing building at evaluation time. With this option set to false, nix will throw an error
when evaluating an expression that uses this feature, allowing users to ensure their evaluation
will not require any builds to take place.</para></listitem>
</varlistentry>
</variablelist> </variablelist>
</para> </para>

View file

@ -59,6 +59,8 @@ void EvalState::realiseContext(const PathSet & context)
drvs.insert(decoded.first + "!" + decoded.second); drvs.insert(decoded.first + "!" + decoded.second);
} }
if (!drvs.empty()) { if (!drvs.empty()) {
if (!settings.enableImportFromDerivation)
throw EvalError(format("attempted to realize %1% during evaluation but 'allow-import-from-derivation' is false") % *(drvs.begin()));
/* For performance, prefetch all substitute info. */ /* For performance, prefetch all substitute info. */
PathSet willBuild, willSubstitute, unknown; PathSet willBuild, willSubstitute, unknown;
unsigned long long downloadSize, narSize; unsigned long long downloadSize, narSize;

View file

@ -70,6 +70,7 @@ Settings::Settings()
enableImportNative = false; enableImportNative = false;
netrcFile = fmt("%s/%s", nixConfDir, "netrc"); netrcFile = fmt("%s/%s", nixConfDir, "netrc");
caFile = getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt")); caFile = getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt"));
enableImportFromDerivation = true;
} }
@ -185,6 +186,7 @@ void Settings::update()
_get(keepGoing, "keep-going"); _get(keepGoing, "keep-going");
_get(keepFailed, "keep-failed"); _get(keepFailed, "keep-failed");
_get(netrcFile, "netrc-file"); _get(netrcFile, "netrc-file");
_get(enableImportFromDerivation, "allow-import-from-derivation");
} }

View file

@ -198,6 +198,9 @@ struct Settings {
/* Path to the SSL CA file used */ /* Path to the SSL CA file used */
Path caFile; Path caFile;
/* Whether we allow import-from-derivation */
bool enableImportFromDerivation;
private: private:
SettingsMap settings, overrides; SettingsMap settings, overrides;