wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-05 20:41:47 +02:00
Code Activity

builtin:fetchurl: Ensure a fixed-output derivation

Browse source 
Previously we didn't check that the derivation was fixed-output, so
you could use builtin:fetchurl to impurely fetch a file.
This commit is contained in:
Eelco Dolstra 2024-02-01 21:46:01 +01:00
parent ef6d055ace
commit 1ee42c5b88
2 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/libstore/builtins/fetchurl.cc
View file

@ -16,6 +16,9 @@ void builtinFetchurl(const BasicDerivation & drv, const std::string & netrcData)
writeFile(settings.netrcFile, netrcData, 0600);
}
if (!drv.type().isFixed())
throw Error("'builtin:fetchurl' must be a fixed-output derivation");
auto getAttr = [&](const std::string & name) {
auto i = drv.env.find(name);
if (i == drv.env.end()) throw Error("attribute '%s' missing", name);