EvalState::realiseContext(): Allow access to the entire closure

Fixes #11030.
2025-06-25 02:21:16 +02:00 · 2024-12-13 16:49:48 +01:00 · 2024-12-13 16:49:48 +01:00 · 08361f031d
commit 08361f031d
parent 18770c7e18
5 changed files with 44 additions and 10 deletions
--- a/src/libexpr/eval.cc
+++ b/src/libexpr/eval.cc
@ -347,6 +347,16 @@ void EvalState::allowPath(const StorePath & storePath)
        rootFS2->allowPrefix(CanonPath(store->toRealPath(storePath)));
 }

+void EvalState::allowClosure(const StorePath & storePath)
+{
+    if (!rootFS.dynamic_pointer_cast<AllowListSourceAccessor>()) return;
+
+    StorePathSet closure;
+    store->computeFSClosure(storePath, closure);
+    for (auto & p : closure)
+        allowPath(p);
+}
+
 void EvalState::allowAndSetStorePathString(const StorePath & storePath, Value & v)
 {
    allowPath(storePath);
@ -3099,10 +3109,7 @@ std::optional<SourcePath> EvalState::resolveLookupPathPath(const LookupPath::Pat
            allowPath(path.path.abs());
            if (store->isInStore(path.path.abs())) {
                try {
-                    StorePathSet closure;
-                    store->computeFSClosure(store->toStorePath(path.path.abs()).first, closure);
-                    for (auto & p : closure)
-                        allowPath(p);
+                    allowClosure(store->toStorePath(path.path.abs()).first);
                } catch (InvalidPath &) { }
            }
        }