wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-12 06:35:08 +02:00
Code Activity

getDefaultNixPath: actually respect {restrict,pure}-eval

Browse source 
Previously, getDefaultNixPath was called too early: at initialisation
time, before CLI and config have been processed, when `restrictEval` and
`pureEval` both have their default value `false`. Call it when
initialising the EvalState instead, and use `setDefault`.
This commit is contained in:
Naïm Favier 2023-01-25 15:10:35 +01:00
parent f233fd496d
commit 1cba5984a6
No known key found for this signature in database
GPG key ID: 95AFCE8211908325
4 changed files with 31 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

3
tests/restricted.sh
View file

@ -17,6 +17,9 @@ nix-instantiate --restrict-eval --eval -E 'builtins.readDir ../src/nix-channel'
(! nix-instantiate --restrict-eval --eval -E 'let __nixPath = [ { prefix = "foo"; path = ./.; } ]; in <foo>')
nix-instantiate --restrict-eval --eval -E 'let __nixPath = [ { prefix = "foo"; path = ./.; } ]; in <foo>' -I src=.
# no default NIX_PATH
(unset NIX_PATH; ! nix-instantiate --restrict-eval --find-file .)
p=$(nix eval --raw --expr "builtins.fetchurl file://$(pwd)/restricted.sh" --impure --restrict-eval --allowed-uris "file://$(pwd)")
cmp $p restricted.sh