nix: Enable pure mode by default

We want to encourage a brave new world of hermetic evaluation for
source-level reproducibility, so flakes should not poke around in the
filesystem outside of their explicit dependencies.

Note that the default installation source remains impure in that it
can refer to mutable flakes, so "nix build nixpkgs.hello" still works
(and fetches the latest nixpkgs, unless it has been pinned by the
user).

A problem with pure evaluation is that builtins.currentSystem is
unavailable. For the moment, I've hard-coded "x86_64-linux" in the
nixpkgs flake. Eventually, "system" should be a flake function
argument.

6 files changed, 38 insertions, 30 deletions

diff --git a/corepkgs/default-installation-source.nix b/corepkgs/default-installation-source.nix
deleted file mode 100644
index 71ba04452..000000000
--- a/corepkgs/default-installation-source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-builtins.mapAttrs (flakeName: flakeInfo:
-  (getFlake flakeInfo.uri).${flakeName}.provides.packages or {})
-  builtins.flakeRegistry
diff --git a/corepkgs/local.mk b/corepkgs/local.mk
index 41aaec63b..67306e50d 100644
--- a/corepkgs/local.mk
+++ b/corepkgs/local.mk
@@ -3,8 +3,7 @@ corepkgs_FILES = \
   unpack-channel.nix \
   derivation.nix \
   fetchurl.nix \
-  imported-drv-to-derivation.nix \
-  default-installation-source.nix
+  imported-drv-to-derivation.nix
 
 $(foreach file,config.nix $(corepkgs_FILES),$(eval $(call install-data-in,$(d)/$(file),$(datadir)/nix/corepkgs)))
 
diff --git a/src/libexpr/eval.hh b/src/libexpr/eval.hh
index 35c01b97a..27c6c3da8 100644
--- a/src/libexpr/eval.hh
+++ b/src/libexpr/eval.hh
@@ -318,6 +318,8 @@ public:
 
     const FlakeRegistry & getFlakeRegistry();
 
+    Value * makeFlakeRegistryValue();
+
 private:
     std::unique_ptr<FlakeRegistry> _flakeRegistry;
     std::once_flag _flakeRegistryInit;
diff --git a/src/libexpr/primops/flake.cc b/src/libexpr/primops/flake.cc
index 5e92b1da3..4d027558d 100644
--- a/src/libexpr/primops/flake.cc
+++ b/src/libexpr/primops/flake.cc
@@ -16,50 +16,49 @@ const FlakeRegistry & EvalState::getFlakeRegistry()
     {
         _flakeRegistry = std::make_unique<FlakeRegistry>();
 
-        if (!evalSettings.pureEval) {
-
 #if 0
-            auto registryUri = "file:///home/eelco/Dev/gists/nix-flakes/registry.json";
+        auto registryUri = "file:///home/eelco/Dev/gists/nix-flakes/registry.json";
 
-            auto registryFile = getDownloader()->download(DownloadRequest(registryUri));
+        auto registryFile = getDownloader()->download(DownloadRequest(registryUri));
 #endif
 
-            auto registryFile = readFile(settings.nixDataDir + "/nix/flake-registry.json");
+        auto registryFile = readFile(settings.nixDataDir + "/nix/flake-registry.json");
 
-            auto json = nlohmann::json::parse(registryFile);
+        auto json = nlohmann::json::parse(registryFile);
 
-            auto version = json.value("version", 0);
-            if (version != 1)
-                throw Error("flake registry '%s' has unsupported version %d", registryFile, version);
+        auto version = json.value("version", 0);
+        if (version != 1)
+            throw Error("flake registry '%s' has unsupported version %d", registryFile, version);
 
-            auto flakes = json["flakes"];
-            for (auto i = flakes.begin(); i != flakes.end(); ++i) {
-                FlakeRegistry::Entry entry{FlakeRef(i->value("uri", ""))};
-                _flakeRegistry->entries.emplace(i.key(), entry);
-            }
+        auto flakes = json["flakes"];
+        for (auto i = flakes.begin(); i != flakes.end(); ++i) {
+            FlakeRegistry::Entry entry{FlakeRef(i->value("uri", ""))};
+            _flakeRegistry->entries.emplace(i.key(), entry);
         }
     });
 
     return *_flakeRegistry;
 }
 
-static void prim_flakeRegistry(EvalState & state, const Pos & pos, Value * * args, Value & v)
+Value * EvalState::makeFlakeRegistryValue()
 {
-    auto registry = state.getFlakeRegistry();
+    auto v = allocValue();
+
+    auto registry = getFlakeRegistry();
 
-    state.mkAttrs(v, registry.entries.size());
+    mkAttrs(*v, registry.entries.size());
 
     for (auto & entry : registry.entries) {
-        auto vEntry = state.allocAttr(v, entry.first);
-        state.mkAttrs(*vEntry, 2);
-        mkString(*state.allocAttr(*vEntry, state.symbols.create("uri")), entry.second.ref.to_string());
+        auto vEntry = allocAttr(*v, entry.first);
+        mkAttrs(*vEntry, 2);
+        mkString(*allocAttr(*vEntry, symbols.create("uri")), entry.second.ref.to_string());
         vEntry->attrs->sort();
     }
 
-    v.attrs->sort();
-}
+    v->attrs->sort();
 
-static RegisterPrimOp r1("__flakeRegistry", 0, prim_flakeRegistry);
+    return v;
+}
 
 static FlakeRef lookupFlake(EvalState & state, const FlakeRef & flakeRef)
 {
@@ -129,6 +128,9 @@ static Flake getFlake(EvalState & state, const FlakeRef & flakeRef)
     auto flakePath = fetchFlake(state, flakeRef);
     state.store->assertStorePath(flakePath);
 
+    if (state.allowedPaths)
+        state.allowedPaths->insert(flakePath);
+
     Flake flake;
 
     Value vInfo;
diff --git a/src/nix/installables.cc b/src/nix/installables.cc
index 9b7b96c25..faad057a7 100644
--- a/src/nix/installables.cc
+++ b/src/nix/installables.cc
@@ -30,8 +30,15 @@ Value * SourceExprCommand::getSourceExpr(EvalState & state)
 
     if (file != "")
         state.evalFile(lookupFileArg(state, file), *vSourceExpr);
-    else
-        state.evalFile(lookupFileArg(state, "<nix/default-installation-source.nix>"), *vSourceExpr);
+    else {
+        auto fun = state.parseExprFromString(
+             "builtins.mapAttrs (flakeName: flakeInfo:"
+             "  (getFlake flakeInfo.uri).${flakeName}.provides.packages or {})", "/");
+        auto vFun = state.allocValue();
+        state.eval(fun, *vFun);
+        auto vRegistry = state.makeFlakeRegistryValue();
+        mkApp(*vSourceExpr, *vFun, *vRegistry);
+    }
 
     return vSourceExpr;
 }
diff --git a/src/nix/main.cc b/src/nix/main.cc
index 4b909736d..01b0866f2 100644
--- a/src/nix/main.cc
+++ b/src/nix/main.cc
@@ -97,6 +97,7 @@ void mainWrapped(int argc, char * * argv)
 
     verbosity = lvlError;
     settings.verboseBuild = false;
+    evalSettings.pureEval = true;
 
     NixArgs args;