diff options
| author | Eelco Dolstra <edolstra@gmail.com> | 2020-02-19 12:57:45 +0100 |
|---|---|---|
| committer | Eelco Dolstra <edolstra@gmail.com> | 2020-02-19 12:57:45 +0100 |
| commit | f3505a78991458e8cc447d9bde0be5ff1aa39335 (patch) | |
| tree | 1056f6ab21a4a608ead8acfee189b6561aed579f | |
| parent | 30c8297ded3caf7ebd862d5eef23333b19a9b554 (diff) | |
| parent | 906afedd238e4d83ef9ea4cf5a3aca77e980d582 (diff) | |
Merge remote-tracking branch 'origin/master' into flakes
| -rw-r--r-- | doc/manual/release-notes/rl-2.0.xml | 12 | ||||
| -rw-r--r-- | src/libstore/ssh.cc | 10 |
2 files changed, 14 insertions, 8 deletions
diff --git a/doc/manual/release-notes/rl-2.0.xml b/doc/manual/release-notes/rl-2.0.xml index fc9a77b08..4c683dd3d 100644 --- a/doc/manual/release-notes/rl-2.0.xml +++ b/doc/manual/release-notes/rl-2.0.xml @@ -503,14 +503,14 @@ </listitem> <listitem> - <para><emphasis>Pure evaluation mode</emphasis>. This is a variant - of the existing restricted evaluation mode. In pure mode, the Nix - evaluator forbids access to anything that could cause different - evaluations of the same command line arguments to produce a + <para><emphasis>Pure evaluation mode</emphasis>. With the + <literal>--pure-eval</literal> flag, Nix enables a variant of the existing + restricted evaluation mode that forbids access to anything that could cause + different evaluations of the same command line arguments to produce a different result. This includes builtin functions such as <function>builtins.getEnv</function>, but more importantly, - <emphasis>all</emphasis> filesystem or network access unless a - content hash or commit hash is specified. For example, calls to + <emphasis>all</emphasis> filesystem or network access unless a content hash + or commit hash is specified. For example, calls to <function>builtins.fetchGit</function> are only allowed if a <varname>rev</varname> attribute is specified.</para> diff --git a/src/libstore/ssh.cc b/src/libstore/ssh.cc index 2ee7115c5..84548a6e4 100644 --- a/src/libstore/ssh.cc +++ b/src/libstore/ssh.cc @@ -33,6 +33,9 @@ std::unique_ptr<SSHMaster::Connection> SSHMaster::startCommand(const std::string out.create(); auto conn = std::make_unique<Connection>(); + ProcessOptions options; + options.dieWithParent = false; + conn->sshPid = startProcess([&]() { restoreSignals(); @@ -64,7 +67,7 @@ std::unique_ptr<SSHMaster::Connection> SSHMaster::startCommand(const std::string // could not exec ssh/bash throw SysError("unable to execute '%s'", args.front()); - }); + }, options); in.readSide = -1; @@ -91,6 +94,9 @@ Path SSHMaster::startMaster() Pipe out; out.create(); + ProcessOptions options; + options.dieWithParent = false; + state->sshMaster = startProcess([&]() { restoreSignals(); @@ -110,7 +116,7 @@ Path SSHMaster::startMaster() execvp(args.begin()->c_str(), stringsToCharPtrs(args).data()); throw SysError("unable to execute '%s'", args.front()); - }); + }, options); out.writeSide = -1; |