Fix the error when accessing a forbidden path in pure eval

If we’re in pure eval mode, then tell that in the error message rather
than (wrongly) speaking about restricted mode.

Fix https://github.com/NixOS/nix/issues/5611

2 files changed, 10 insertions, 3 deletions

diff --git a/src/libexpr/eval.cc b/src/libexpr/eval.cc
index 97fc04711..1fd609bd4 100644
--- a/src/libexpr/eval.cc
+++ b/src/libexpr/eval.cc
@@ -519,8 +519,12 @@ Path EvalState::checkSourcePath(const Path & path_)
         }
     }
 
-    if (!found)
-        throw RestrictedPathError("access to absolute path '%1%' is forbidden in restricted mode", abspath);
+    if (!found) {
+        auto modeInformation = evalSettings.pureEval
+            ? "in pure eval mode (use '--impure' to override)"
+            : "in restricted mode";
+        throw RestrictedPathError("access to absolute path '%1%' is forbidden %2%", abspath, modeInformation);
+    }
 
     /* Resolve symlinks. */
     debug(format("checking access to '%s'") % abspath);
diff --git a/tests/pure-eval.sh b/tests/pure-eval.sh
index c994fbb98..cb4b5c5fc 100644
--- a/tests/pure-eval.sh
+++ b/tests/pure-eval.sh
@@ -6,7 +6,10 @@ nix eval --expr 'assert 1 + 2 == 3; true'
 
 [[ $(nix eval --impure --expr 'builtins.readFile ./pure-eval.sh') =~ clearStore ]]
 
-(! nix eval --expr 'builtins.readFile ./pure-eval.sh')
+missingImpureErrorMsg=$(! nix eval --expr 'builtins.readFile ./pure-eval.sh' 2>&1)
+
+echo "$missingImpureErrorMsg" | grep -q -- --impure || \
+    fail "The error message should mention the “--impure” flag to unblock users"
 
 (! nix eval --expr builtins.currentTime)
 (! nix eval --expr builtins.currentSystem)