puck/lix
0
0
Fork 0
forked from lix-project/lix
Code Pull requests Activity

Whitelist commit-lockfile-summary in flake nixConfig

Browse source
This commit is contained in:
Archit Gupta 2023-04-14 11:33:38 -07:00
parent b41f739068
commit bfc558c972
2 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/libexpr/flake/config.cc
View file

@ -31,7 +31,7 @@ static void writeTrustedList(const TrustedList & trustedList)
void ConfigFile::apply() void ConfigFile::apply()
{ {
std::set<std::string> whitelist{"bash-prompt", "bash-prompt-prefix", "bash-prompt-suffix", "flake-registry"}; std::set<std::string> whitelist{"bash-prompt", "bash-prompt-prefix", "bash-prompt-suffix", "flake-registry", "commit-lockfile-summary"};
for (auto & [name, value] : settings) { for (auto & [name, value] : settings) {

6
src/nix/flake.md
View file

@ -382,9 +382,9 @@ The following attributes are supported in `flake.nix`:
* `nixConfig`: a set of `nix.conf` options to be set when evaluating any * `nixConfig`: a set of `nix.conf` options to be set when evaluating any
part of a flake. In the interests of security, only a small set of part of a flake. In the interests of security, only a small set of
whitelisted options (currently `bash-prompt`, `bash-prompt-prefix`, whitelisted options (currently `bash-prompt`, `bash-prompt-prefix`,
`bash-prompt-suffix`, and `flake-registry`) are allowed to be set without `bash-prompt-suffix`, `flake-registry`, and `commit-lockfile-summary`)
confirmation so long as `accept-flake-config` is not set in the global are allowed to be set without confirmation so long as `accept-flake-config`
configuration. is not set in the global configuration.
## Flake inputs ## Flake inputs