[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
28/118: Only add the importNative primop if the allow-arbitrary-code-dur
|
From: |
Ludovic Courtès |
|
Subject: |
28/118: Only add the importNative primop if the allow-arbitrary-code-during-evaluation option is true (default false) |
|
Date: |
Tue, 19 May 2015 14:45:24 +0000 |
civodul pushed a commit to branch nix
in repository guix.
commit d62f46e500958bc97ae6837911e27c20a47cc181
Author: Shea Levy <address@hidden>
Date: Tue Jun 24 10:50:03 2014 -0400
Only add the importNative primop if the
allow-arbitrary-code-during-evaluation option is true (default false)
---
src/libexpr/primops.cc | 3 ++-
src/libstore/globals.cc | 2 ++
src/libstore/globals.hh | 3 +++
3 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/src/libexpr/primops.cc b/src/libexpr/primops.cc
index d6ac7c9..ff82f36 100644
--- a/src/libexpr/primops.cc
+++ b/src/libexpr/primops.cc
@@ -1368,7 +1368,8 @@ void EvalState::createBaseEnv()
mkApp(v, *baseEnv.values[baseEnvDispl - 1], *v2);
forceValue(v);
addConstant("import", v);
- addPrimOp("__importNative", 2, prim_importNative);
+ if (settings.enableImportNative)
+ addPrimOp("__importNative", 2, prim_importNative);
addPrimOp("__typeOf", 1, prim_typeOf);
addPrimOp("isNull", 1, prim_isNull);
addPrimOp("__isFunction", 1, prim_isFunction);
diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc
index 180344e..5d359e1 100644
--- a/src/libstore/globals.cc
+++ b/src/libstore/globals.cc
@@ -61,6 +61,7 @@ Settings::Settings()
envKeepDerivations = false;
lockCPU = getEnv("NIX_AFFINITY_HACK", "1") == "1";
showTrace = false;
+ enableImportNative = false;
}
@@ -148,6 +149,7 @@ void Settings::update()
get(sshSubstituterHosts, "ssh-substituter-hosts");
get(useSshSubstituter, "use-ssh-substituter");
get(logServers, "log-servers");
+ get(enableImportNative, "allow-arbitrary-code-during-evaluation");
string subs = getEnv("NIX_SUBSTITUTERS", "default");
if (subs == "default") {
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
index 65a6c38..8dd59a9 100644
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@@ -200,6 +200,9 @@ struct Settings {
/* A list of URL prefixes that can return Nix build logs. */
Strings logServers;
+ /* Whether the importNative primop should be enabled */
+ bool enableImportNative;
+
private:
SettingsMap settings, overrides;
- 23/118: findFile: Realise the context of the path attributes, (continued)
- 23/118: findFile: Realise the context of the path attributes, Ludovic Courtès, 2015/05/19
- 11/118: Rephrase @ operator description, Ludovic Courtès, 2015/05/19
- 29/118: Merge branch 'shlevy-import-native', Ludovic Courtès, 2015/05/19
- 12/118: dev-shell is a bash script, not sh, Ludovic Courtès, 2015/05/19
- 22/118: Share code between scopedImport and import, Ludovic Courtès, 2015/05/19
- 26/118: Don't use member initialisers, Ludovic Courtès, 2015/05/19
- 31/118: Add `--json` argument to `nix-instantiate`, Ludovic Courtès, 2015/05/19
- 18/118: Print a warning when loading a large path into memory, Ludovic Courtès, 2015/05/19
- 27/118: Add importNative primop, Ludovic Courtès, 2015/05/19
- 24/118: Drop ImportError and FindError, Ludovic Courtès, 2015/05/19
- 28/118: Only add the importNative primop if the allow-arbitrary-code-during-evaluation option is true (default false),
Ludovic Courtès <=
- 30/118: allow-arbitrary-code-during-evaluation -> allow-unsafe-native-code-during-evaluation, Ludovic Courtès, 2015/05/19
- 34/118: Add builtin function ‘fromJSON’, Ludovic Courtès, 2015/05/19
- 36/118: Fix compilation error on some versions of GCC, Ludovic Courtès, 2015/05/19
- 32/118: Style fix, Ludovic Courtès, 2015/05/19
- 46/118: Fix use of sysread, Ludovic Courtès, 2015/05/19
- 33/118: Manual: html -> xhtml, Ludovic Courtès, 2015/05/19
- 45/118: nix-copy-closure -s: Do substitutions via ‘nix-store --serve’, Ludovic Courtès, 2015/05/19
- 40/118: Remove maybeVfork, Ludovic Courtès, 2015/05/19
- 50/118: Fix closure size display, Ludovic Courtès, 2015/05/19
- 38/118: Fix security hole in ‘nix-store --serve’, Ludovic Courtès, 2015/05/19