nrabulinski/lix
0
0
Fork 0
forked from lix-project/lix
Code Pull requests Activity

Merge remote-tracking branch 'origin/master' into flakes

Browse source
This commit is contained in:
Eelco Dolstra 2020-02-19 12:57:45 +01:00
parent 30c8297ded 906afedd23
commit f3505a7899
2 changed files with 14 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
doc/manual/release-notes/rl-2.0.xml
View file

@ -503,14 +503,14 @@
</listitem>
<listitem>
<para><emphasis>Pure evaluation mode</emphasis>. This is a variant
of the existing restricted evaluation mode. In pure mode, the Nix
evaluator forbids access to anything that could cause different
evaluations of the same command line arguments to produce a
<para><emphasis>Pure evaluation mode</emphasis>. With the
<literal>--pure-eval</literal> flag, Nix enables a variant of the existing
restricted evaluation mode that forbids access to anything that could cause
different evaluations of the same command line arguments to produce a
different result. This includes builtin functions such as
<function>builtins.getEnv</function>, but more importantly,
<emphasis>all</emphasis> filesystem or network access unless a
content hash or commit hash is specified. For example, calls to
<emphasis>all</emphasis> filesystem or network access unless a content hash
or commit hash is specified. For example, calls to
<function>builtins.fetchGit</function> are only allowed if a
<varname>rev</varname> attribute is specified.</para>

10
src/libstore/ssh.cc
View file

@ -33,6 +33,9 @@ std::unique_ptr<SSHMaster::Connection> SSHMaster::startCommand(const std::string
out.create();
auto conn = std::make_unique<Connection>();
ProcessOptions options;
options.dieWithParent = false;
conn->sshPid = startProcess([&]() {
restoreSignals();
@ -64,7 +67,7 @@ std::unique_ptr<SSHMaster::Connection> SSHMaster::startCommand(const std::string
// could not exec ssh/bash
throw SysError("unable to execute '%s'", args.front());
});
}, options);
in.readSide = -1;
@ -91,6 +94,9 @@ Path SSHMaster::startMaster()
Pipe out;
out.create();
ProcessOptions options;
options.dieWithParent = false;
state->sshMaster = startProcess([&]() {
restoreSignals();
@ -110,7 +116,7 @@ Path SSHMaster::startMaster()
execvp(args.begin()->c_str(), stringsToCharPtrs(args).data());
throw SysError("unable to execute '%s'", args.front());
});
}, options);
out.writeSide = -1;