diff options
author | Eelco Dolstra <edolstra@gmail.com> | 2021-09-14 22:27:02 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-09-14 22:27:02 +0200 |
commit | 2c751c0c002deaad6eccc44dc41ecefb6b93bba3 (patch) | |
tree | 78ea8a83298e8899459d8891d9fa7e3e554f29b1 /src | |
parent | 1fbaf367292a8eb57a120f74daacabccce622f2f (diff) | |
parent | e5596113f7fc5e47e058bb15afdf75eee02ed95e (diff) |
Merge pull request #5250 from edolstra/censor-flake-lock
Disallow reading flake.lock
Diffstat (limited to 'src')
-rw-r--r-- | src/libexpr/primops.cc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/libexpr/primops.cc b/src/libexpr/primops.cc index 8a087a781..1de86ad04 100644 --- a/src/libexpr/primops.cc +++ b/src/libexpr/primops.cc @@ -1412,6 +1412,11 @@ static void prim_readFile(EvalState & state, const Pos & pos, Value * * args, Va { PathSet context; Path path = state.coerceToPath(pos, *args[0], context); + if (baseNameOf(path) == "flake.lock") + throw Error({ + .msg = hintfmt("cannot read '%s' because flake lock files can be out of sync", path), + .errPos = pos + }); try { state.realiseContext(context); } catch (InvalidPathError & e) { |