wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-06-25 10:41:16 +02:00
Code Activity

Add option allowed-uris

Browse source 
This allows network access in restricted eval mode.
This commit is contained in:
Eelco Dolstra 2017-10-30 12:39:59 +01:00
parent f1c555cef8
commit 812e027e1d
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
8 changed files with 67 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/libexpr/primops/fetchgit.cc
View file

@ -113,9 +113,6 @@ GitInfo exportGit(ref<Store> store, const std::string & uri,
static void prim_fetchGit(EvalState & state, const Pos & pos, Value * * args, Value & v)
{
// FIXME: cut&paste from fetch().
if (state.restricted) throw Error("'fetchGit' is not allowed in restricted mode");
std::string url;
std::string ref = "master";
std::string rev;
@ -150,6 +147,10 @@ static void prim_fetchGit(EvalState & state, const Pos & pos, Value * * args, Va
} else
url = state.forceStringNoCtx(*args[0], pos);
// FIXME: git externals probably can be used to bypass the URI
// whitelist. Ah well.
state.checkURI(url);
auto gitInfo = exportGit(state.store, url, ref, rev, name);
state.mkAttrs(v, 8);