lix-project/lix
18
47
Fork 24
Code Issues 333 Code Review (Gerrit) Projects 1 Releases Wiki Activity

Whitelist commit-lockfile-summary in flake nixConfig

Browse source
This commit is contained in:
Archit Gupta 2023-04-14 11:33:38 -07:00
parent b41f739068
commit bfc558c972
2 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/libexpr/flake/config.cc
View file

@ -31,7 +31,7 @@ static void writeTrustedList(const TrustedList & trustedList)
void ConfigFile::apply()
{
std::set<std::string> whitelist{"bash-prompt", "bash-prompt-prefix", "bash-prompt-suffix", "flake-registry"};
std::set<std::string> whitelist{"bash-prompt", "bash-prompt-prefix", "bash-prompt-suffix", "flake-registry", "commit-lockfile-summary"};
for (auto & [name, value] : settings) {

6
src/nix/flake.md
View file

@ -382,9 +382,9 @@ The following attributes are supported in `flake.nix`:
* `nixConfig`: a set of `nix.conf` options to be set when evaluating any
part of a flake. In the interests of security, only a small set of
whitelisted options (currently `bash-prompt`, `bash-prompt-prefix`,
`bash-prompt-suffix`, and `flake-registry`) are allowed to be set without
confirmation so long as `accept-flake-config` is not set in the global
configuration.
`bash-prompt-suffix`, `flake-registry`, and `commit-lockfile-summary`)
are allowed to be set without confirmation so long as `accept-flake-config`
is not set in the global configuration.
## Flake inputs