diff options
| author | Shea Levy <shea@shealevy.com> | 2017-03-30 08:04:21 -0400 |
|---|---|---|
| committer | Shea Levy <shea@shealevy.com> | 2017-03-30 08:04:21 -0400 |
| commit | 0bb8db257d98a32abde759f4d07d28b5178bd3bf (patch) | |
| tree | ea00a7b109da40a2a187f2bda4cde3f92a6d4818 /src/libstore | |
| parent | c60715e937e3773bbb8a114fc9b9c6577f8c5cb5 (diff) | |
Add exec primop behind allow-unsafe-native-code-during-evaluation.
Execute a given program with the (optional) given arguments as the
user running the evaluation, parsing stdout as an expression to be
evaluated.
There are many use cases for nix that would benefit from being able to
run arbitrary code during evaluation, including but not limited to:
* Automatic git fetching to get a sha256 from a git revision
* git rev-parse HEAD
* Automatic extraction of information from build specifications from
other tools, particularly language-specific package managers like
cabal or npm
* Secrets decryption (e.g. with nixops)
* Private repository fetching
Ideally, we would add this functionality in a more principled way to
nix, but in the mean time 'builtins.exec' can be used to get these
tasks done.
The primop is only available when the
'allow-unsafe-native-code-during-evaluation' nix option is true. That
flag also enables the 'importNative' primop, which is strictly more
powerful but less convenient (since it requires compiling a plugin
against the running version of nix).
Diffstat (limited to 'src/libstore')
| -rw-r--r-- | src/libstore/globals.cc | 4 | ||||
| -rw-r--r-- | src/libstore/globals.hh | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc index 012b3d5b8..8c900be77 100644 --- a/src/libstore/globals.cc +++ b/src/libstore/globals.cc @@ -67,7 +67,7 @@ Settings::Settings() envKeepDerivations = false; lockCPU = getEnv("NIX_AFFINITY_HACK", "1") == "1"; showTrace = false; - enableImportNative = false; + enableNativeCode = false; netrcFile = fmt("%s/%s", nixConfDir, "netrc"); caFile = getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt")); enableImportFromDerivation = true; @@ -179,7 +179,7 @@ void Settings::update() _get(envKeepDerivations, "env-keep-derivations"); _get(sshSubstituterHosts, "ssh-substituter-hosts"); _get(useSshSubstituter, "use-ssh-substituter"); - _get(enableImportNative, "allow-unsafe-native-code-during-evaluation"); + _get(enableNativeCode, "allow-unsafe-native-code-during-evaluation"); _get(useCaseHack, "use-case-hack"); _get(preBuildHook, "pre-build-hook"); _get(keepGoing, "keep-going"); diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index 462721681..ccec300f7 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -181,8 +181,8 @@ struct Settings { /* Whether to show a stack trace if Nix evaluation fails. */ bool showTrace; - /* Whether the importNative primop should be enabled */ - bool enableImportNative; + /* Whether native-code enabling primops should be enabled */ + bool enableNativeCode; /* The hook to run just before a build to set derivation-specific build settings */ |