wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-07 10:11:47 +02:00
Code Activity

Add option allowed-uris

Browse source 
This allows network access in restricted eval mode.
This commit is contained in:
Eelco Dolstra 2017-10-30 12:39:59 +01:00
parent f1c555cef8
commit 812e027e1d
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
8 changed files with 67 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/libstore/globals.hh
View file

@ -225,7 +225,7 @@ public:
Setting<bool> restrictEval{this, false, "restrict-eval",
"Whether to restrict file system access to paths in $NIX_PATH, "
"and to disallow fetching files from the network."};
"and network access to the URI prefixes listed in 'allowed-uris'."};
Setting<size_t> buildRepeat{this, 0, "repeat",
"The number of times to repeat a build in order to verify determinism.",
@ -353,6 +353,8 @@ public:
Setting<uint64_t> maxFree{this, std::numeric_limits<uint64_t>::max(), "max-free",
"Stop deleting garbage when free disk space is above the specified amount."};
Setting<Strings> allowedUris{this, {}, "allowed-uris",
"Prefixes of URIs that builtin functions such as fetchurl and fetchGit are allowed to fetch."};
};