diff options
| author | Archit Gupta <archit@accelbread.com> | 2023-04-14 11:33:38 -0700 |
|---|---|---|
| committer | Archit Gupta <archit@accelbread.com> | 2023-04-14 11:33:38 -0700 |
| commit | bfc558c972aa8d6f5ef15a3e720bed964925ae32 (patch) | |
| tree | c42fa4c7f66e8fff55f52a6648d0c919bd3a93e9 /src | |
| parent | b41f73906896b02b8ffa3f9ea4ea8a18a61a34e0 (diff) | |
Whitelist commit-lockfile-summary in flake nixConfig
Diffstat (limited to 'src')
| -rw-r--r-- | src/libexpr/flake/config.cc | 2 | ||||
| -rw-r--r-- | src/nix/flake.md | 6 |
2 files changed, 4 insertions, 4 deletions
diff --git a/src/libexpr/flake/config.cc b/src/libexpr/flake/config.cc index 89ddbde7e..e89014862 100644 --- a/src/libexpr/flake/config.cc +++ b/src/libexpr/flake/config.cc @@ -31,7 +31,7 @@ static void writeTrustedList(const TrustedList & trustedList) void ConfigFile::apply() { - std::set<std::string> whitelist{"bash-prompt", "bash-prompt-prefix", "bash-prompt-suffix", "flake-registry"}; + std::set<std::string> whitelist{"bash-prompt", "bash-prompt-prefix", "bash-prompt-suffix", "flake-registry", "commit-lockfile-summary"}; for (auto & [name, value] : settings) { diff --git a/src/nix/flake.md b/src/nix/flake.md index d70f34eeb..965f6eb48 100644 --- a/src/nix/flake.md +++ b/src/nix/flake.md @@ -382,9 +382,9 @@ The following attributes are supported in `flake.nix`: * `nixConfig`: a set of `nix.conf` options to be set when evaluating any part of a flake. In the interests of security, only a small set of whitelisted options (currently `bash-prompt`, `bash-prompt-prefix`, - `bash-prompt-suffix`, and `flake-registry`) are allowed to be set without - confirmation so long as `accept-flake-config` is not set in the global - configuration. + `bash-prompt-suffix`, `flake-registry`, and `commit-lockfile-summary`) + are allowed to be set without confirmation so long as `accept-flake-config` + is not set in the global configuration. ## Flake inputs |