From c47027f3a139669dfb607c22b153564ff53d111c Mon Sep 17 00:00:00 2001 From: regnat Date: Thu, 25 Nov 2021 14:48:01 +0100 Subject: [PATCH] Fix the error when accessing a forbidden path in pure eval MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If we’re in pure eval mode, then tell that in the error message rather than (wrongly) speaking about restricted mode. Fix https://github.com/NixOS/nix/issues/5611 --- src/libexpr/eval.cc | 8 ++++++-- tests/pure-eval.sh | 5 ++++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/src/libexpr/eval.cc b/src/libexpr/eval.cc index 97fc04711..1fd609bd4 100644 --- a/src/libexpr/eval.cc +++ b/src/libexpr/eval.cc @@ -519,8 +519,12 @@ Path EvalState::checkSourcePath(const Path & path_) } } - if (!found) - throw RestrictedPathError("access to absolute path '%1%' is forbidden in restricted mode", abspath); + if (!found) { + auto modeInformation = evalSettings.pureEval + ? "in pure eval mode (use '--impure' to override)" + : "in restricted mode"; + throw RestrictedPathError("access to absolute path '%1%' is forbidden %2%", abspath, modeInformation); + } /* Resolve symlinks. */ debug(format("checking access to '%s'") % abspath); diff --git a/tests/pure-eval.sh b/tests/pure-eval.sh index c994fbb98..cb4b5c5fc 100644 --- a/tests/pure-eval.sh +++ b/tests/pure-eval.sh @@ -6,7 +6,10 @@ nix eval --expr 'assert 1 + 2 == 3; true' [[ $(nix eval --impure --expr 'builtins.readFile ./pure-eval.sh') =~ clearStore ]] -(! nix eval --expr 'builtins.readFile ./pure-eval.sh') +missingImpureErrorMsg=$(! nix eval --expr 'builtins.readFile ./pure-eval.sh' 2>&1) + +echo "$missingImpureErrorMsg" | grep -q -- --impure || \ + fail "The error message should mention the “--impure” flag to unblock users" (! nix eval --expr builtins.currentTime) (! nix eval --expr builtins.currentSystem)