aboutsummaryrefslogtreecommitdiff
path: root/tests/pure-eval.sh
AgeCommit message (Collapse)Author
2022-06-21Forbid the tilde expansion in pure eval modeThéophane Hufschmitt
Fix #6684
2021-12-23Properly return false on `builtins.pathExists /someNonAllowedPath`regnat
Follow-up from https://github.com/NixOS/nix/pull/5807 to fix https://github.com/NixOS/nix/pull/5807#issuecomment-1000135394
2021-11-25Fix the error when accessing a forbidden path in pure evalregnat
If we’re in pure eval mode, then tell that in the error message rather than (wrongly) speaking about restricted mode. Fix https://github.com/NixOS/nix/issues/5611
2020-12-03Move 'nix hash-*' and 'nix to-*' to 'nix hash'Eelco Dolstra
From the 'nix' UX review.
2020-12-02nix eval: Add option to write a directoryEelco Dolstra
This is useful for generating the nix manpages, but it may have other applications (like generating configuration files without a Nix store).
2019-11-27nix: Add --expr flagEelco Dolstra
This replaces the '(...)' installable syntax, which is not very discoverable. The downside is that you can't have multiple expressions or mix expressions and other installables.
2019-04-08nix: Add --impure as a shorter alias of --no-pure-evalEelco Dolstra
2019-04-08Fix testsEelco Dolstra
2018-01-16Add pure evaluation modeEelco Dolstra
In this mode, the following restrictions apply: * The builtins currentTime, currentSystem and storePath throw an error. * $NIX_PATH and -I are ignored. * fetchGit and fetchMercurial require a revision hash. * fetchurl and fetchTarball require a sha256 attribute. * No file system access is allowed outside of the paths returned by fetch{Git,Mercurial,url,Tarball}. Thus 'nix build -f ./foo.nix' is not allowed. Thus, the evaluation result is completely reproducible from the command line arguments. E.g. nix build --pure-eval '( let nix = fetchGit { url = https://github.com/NixOS/nixpkgs.git; rev = "9c927de4b179a6dd210dd88d34bda8af4b575680"; }; nixpkgs = fetchGit { url = https://github.com/NixOS/nixpkgs.git; ref = "release-17.09"; rev = "66b4de79e3841530e6d9c6baf98702aa1f7124e4"; }; in (import (nix + "/release.nix") { inherit nix nixpkgs; }).build.x86_64-linux )' The goal is to enable completely reproducible and traceable evaluation. For example, a NixOS configuration could be fully described by a single Git commit hash. 'nixos-rebuild' would do something like nix build --pure-eval '( (import (fetchGit { url = file:///my-nixos-config; rev = "..."; })).system ') where the Git repository /my-nixos-config would use further fetchGit calls or Git externals to fetch Nixpkgs and whatever other dependencies it has. Either way, the commit hash would uniquely identify the NixOS configuration and allow it to reproduced.