diff --git a/src/libexpr/primops.cc b/src/libexpr/primops.cc index d6ac7c957..ff82f36b5 100644 --- a/src/libexpr/primops.cc +++ b/src/libexpr/primops.cc @@ -1368,7 +1368,8 @@ void EvalState::createBaseEnv() mkApp(v, *baseEnv.values[baseEnvDispl - 1], *v2); forceValue(v); addConstant("import", v); - addPrimOp("__importNative", 2, prim_importNative); + if (settings.enableImportNative) + addPrimOp("__importNative", 2, prim_importNative); addPrimOp("__typeOf", 1, prim_typeOf); addPrimOp("isNull", 1, prim_isNull); addPrimOp("__isFunction", 1, prim_isFunction); diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc index 180344e33..5d359e128 100644 --- a/src/libstore/globals.cc +++ b/src/libstore/globals.cc @@ -61,6 +61,7 @@ Settings::Settings() envKeepDerivations = false; lockCPU = getEnv("NIX_AFFINITY_HACK", "1") == "1"; showTrace = false; + enableImportNative = false; } @@ -148,6 +149,7 @@ void Settings::update() get(sshSubstituterHosts, "ssh-substituter-hosts"); get(useSshSubstituter, "use-ssh-substituter"); get(logServers, "log-servers"); + get(enableImportNative, "allow-arbitrary-code-during-evaluation"); string subs = getEnv("NIX_SUBSTITUTERS", "default"); if (subs == "default") { diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index 65a6c388b..8dd59a9c7 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -200,6 +200,9 @@ struct Settings { /* A list of URL prefixes that can return Nix build logs. */ Strings logServers; + /* Whether the importNative primop should be enabled */ + bool enableImportNative; + private: SettingsMap settings, overrides;