nrabulinski/lix
0
0
Fork 0
forked from lix-project/lix
Code Pull requests Activity

Merge remote-tracking branch 'origin/master' into flakes

Browse source
This commit is contained in:
Eelco Dolstra 2020-02-19 12:57:45 +01:00
parent 30c8297ded 906afedd23
commit f3505a7899
2 changed files with 14 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
doc/manual/release-notes/rl-2.0.xml
View file

@ -503,14 +503,14 @@
</listitem> </listitem>
<listitem> <listitem>
<para><emphasis>Pure evaluation mode</emphasis>. This is a variant <para><emphasis>Pure evaluation mode</emphasis>. With the
of the existing restricted evaluation mode. In pure mode, the Nix <literal>--pure-eval</literal> flag, Nix enables a variant of the existing
evaluator forbids access to anything that could cause different restricted evaluation mode that forbids access to anything that could cause
evaluations of the same command line arguments to produce a different evaluations of the same command line arguments to produce a
different result. This includes builtin functions such as different result. This includes builtin functions such as
<function>builtins.getEnv</function>, but more importantly, <function>builtins.getEnv</function>, but more importantly,
<emphasis>all</emphasis> filesystem or network access unless a <emphasis>all</emphasis> filesystem or network access unless a content hash
content hash or commit hash is specified. For example, calls to or commit hash is specified. For example, calls to
<function>builtins.fetchGit</function> are only allowed if a <function>builtins.fetchGit</function> are only allowed if a
<varname>rev</varname> attribute is specified.</para> <varname>rev</varname> attribute is specified.</para>

10
src/libstore/ssh.cc
View file

@ -33,6 +33,9 @@ std::unique_ptr<SSHMaster::Connection> SSHMaster::startCommand(const std::string
out.create(); out.create();
auto conn = std::make_unique<Connection>(); auto conn = std::make_unique<Connection>();
ProcessOptions options;
options.dieWithParent = false;
conn->sshPid = startProcess([&]() { conn->sshPid = startProcess([&]() {
restoreSignals(); restoreSignals();
@ -64,7 +67,7 @@ std::unique_ptr<SSHMaster::Connection> SSHMaster::startCommand(const std::string
// could not exec ssh/bash // could not exec ssh/bash
throw SysError("unable to execute '%s'", args.front()); throw SysError("unable to execute '%s'", args.front());
}); }, options);
in.readSide = -1; in.readSide = -1;
@ -91,6 +94,9 @@ Path SSHMaster::startMaster()
Pipe out; Pipe out;
out.create(); out.create();
ProcessOptions options;
options.dieWithParent = false;
state->sshMaster = startProcess([&]() { state->sshMaster = startProcess([&]() {
restoreSignals(); restoreSignals();
@ -110,7 +116,7 @@ Path SSHMaster::startMaster()
execvp(args.begin()->c_str(), stringsToCharPtrs(args).data()); execvp(args.begin()->c_str(), stringsToCharPtrs(args).data());
throw SysError("unable to execute '%s'", args.front()); throw SysError("unable to execute '%s'", args.front());
}); }, options);
out.writeSide = -1; out.writeSide = -1;