Disallow reading flake.lock

With --no-write-lock-file, it's possible that flake.lock is out of sync with the actual inputs used by the evaluation. So doing fromJSON (readFile ./flake.lock) will give wrong results. Fixes #4639.
author: Eelco Dolstra <edolstra@gmail.com> 2021-09-14 21:09:11 +0200
committer: Eelco Dolstra <edolstra@gmail.com> 2021-09-14 21:09:11 +0200
commit: e5596113f7fc5e47e058bb15afdf75eee02ed95e (patch)
tree: 78ea8a83298e8899459d8891d9fa7e3e554f29b1 /src/libexpr/primops.cc
parent: 1fbaf367292a8eb57a120f74daacabccce622f2f (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/src/libexpr/primops.cc b/src/libexpr/primops.cc
index 8a087a781..1de86ad04 100644
--- a/src/libexpr/primops.cc
+++ b/src/libexpr/primops.cc
@@ -1412,6 +1412,11 @@ static void prim_readFile(EvalState & state, const Pos & pos, Value * * args, Va
 {
     PathSet context;
     Path path = state.coerceToPath(pos, *args[0], context);
+    if (baseNameOf(path) == "flake.lock")
+        throw Error({
+            .msg = hintfmt("cannot read '%s' because flake lock files can be out of sync", path),
+            .errPos = pos
+        });
     try {
         state.realiseContext(context);
     } catch (InvalidPathError & e) {
author	Eelco Dolstra <edolstra@gmail.com>	2021-09-14 21:09:11 +0200
committer	Eelco Dolstra <edolstra@gmail.com>	2021-09-14 21:09:11 +0200
commit	e5596113f7fc5e47e058bb15afdf75eee02ed95e (patch)
tree	78ea8a83298e8899459d8891d9fa7e3e554f29b1 /src/libexpr/primops.cc
parent	1fbaf367292a8eb57a120f74daacabccce622f2f (diff)