wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-06-25 14:51:16 +02:00
Code Activity

Don't allow __final in fetchTree

Browse source 
It's now only allowed in fetchFinalTree, which is not exposed to users
but only to call-flake.nix.
This commit is contained in:
Eelco Dolstra 2024-11-08 19:27:54 +01:00
parent d90b56d527
commit 4dceca51de
7 changed files with 55 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

20
src/libexpr/primops/fetchTree.cc
View file

@ -78,6 +78,7 @@ struct FetchTreeParams {
bool emptyRevFallback = false;
bool allowNameArgument = false;
bool isFetchGit = false;
bool isFinal = false;
};
static void fetchTree(
@ -195,6 +196,13 @@ static void fetchTree(
state.checkURI(input.toURLString());
if (params.isFinal) {
input.attrs.insert_or_assign("__final", Explicit<bool>(true));
} else {
if (input.isFinal())
throw Error("input '%s' is not allowed to use the '__final' attribute", input.to_string());
}
auto [storePath, input2] = input.fetchToStore(state.store);
state.allowPath(storePath);
@ -431,6 +439,18 @@ static RegisterPrimOp primop_fetchTree({
.experimentalFeature = Xp::FetchTree,
});
void prim_fetchFinalTree(EvalState & state, const PosIdx pos, Value * * args, Value & v)
{
fetchTree(state, pos, args, v, {.isFinal = true});
}
static RegisterPrimOp primop_fetchFinalTree({
.name = "fetchFinalTree",
.args = {"input"},
.fun = prim_fetchFinalTree,
.internal = true,
});
static void fetch(EvalState & state, const PosIdx pos, Value * * args, Value & v,
const std::string & who, bool unpack, std::string name)
{