guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

02/04: derivations: Add #:leaked-env-vars parameter.

From: Ludovic Courtès
Subject: 02/04: derivations: Add #:leaked-env-vars parameter.
Date: Thu, 30 Apr 2015 22:06:25 +0000 
civodul pushed a commit to branch master
in repository guix.

commit c04681554da812f4ce1bed87c601cd62c663d151
Author: Ludovic Courtès <address@hidden>
Date:   Thu Apr 30 23:51:44 2015 +0200

    derivations: Add #:leaked-env-vars parameter.
    
    Suggested by Joshua Randall <address@hidden>
    in <http://bugs.gnu.org/20402>.
    
    * guix/derivations.scm (derivation): Add #:leaked-env-vars parameter.
      [user+system-env-vars]: Honor it.
    * guix/gexp.scm (gexp->derivation): Add #:leaked-env-vars and pass it to
      'raw-derivation'.
    * doc/guix.texi (Derivations, G-Expressions): Adjust accordingly.
---
 doc/guix.texi        |   10 +++++++++-
 guix/derivations.scm |   12 +++++++++++-
 guix/gexp.scm        |    2 ++
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 4269d4f..dd6af80 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -2187,7 +2187,7 @@ a derivation is the @code{derivation} procedure:
   @var{args} [#:outputs '("out")] [#:hash #f] [#:hash-algo #f] @
   [#:recursive? #f] [#:inputs '()] [#:env-vars '()] @
   [#:system (%current-system)] [#:references-graphs #f] @
-  [#:allowed-references #f] [#:local-build? #f]
+  [#:allowed-references #f] [#:leaked-env-vars #f] [#:local-build? #f]
 Build a derivation with the given arguments, and return the resulting
 @code{<derivation>} object.
 
@@ -2206,6 +2206,13 @@ a simple text format.
 When @var{allowed-references} is true, it must be a list of store items
 or outputs that the derivation's output may refer to.
 
+When @var{leaked-env-vars} is true, it must be a list of strings
+denoting environment variables that are allowed to ``leak'' from the
+daemon's environment to the build environment.  This is only applicable
+to fixed-output derivations---i.e., when @var{hash} is true.  The main
+use is to allow variables such as @code{http_proxy} to be passed to
+derivations that download files.
+
 When @var{local-build?} is true, declare that the derivation is not a
 good candidate for offloading and should rather be built locally
 (@pxref{Daemon Offload Setup}).  This is the case for small derivations
@@ -2728,6 +2735,7 @@ information about monads.)
        [#:recursive? #f] [#:env-vars '()] [#:modules '()] @
        [#:module-path @var{%load-path}] @
        [#:references-graphs #f] [#:allowed-references #f] @
+       [#:leaked-env-vars #f] @
        [#:local-build? #f] [#:guile-for-build #f]
 Return a derivation @var{name} that runs @var{exp} (a gexp) with
 @var{guile-for-build} (a derivation) on @var{system}.  When @var{target}
diff --git a/guix/derivations.scm b/guix/derivations.scm
index 7737e39..1056caa 100644
--- a/guix/derivations.scm
+++ b/guix/derivations.scm
@@ -692,7 +692,7 @@ HASH-ALGO, of the derivation NAME.  RECURSIVE? has the same 
meaning as for
                      (inputs '()) (outputs '("out"))
                      hash hash-algo recursive?
                      references-graphs allowed-references
-                     local-build?)
+                     leaked-env-vars local-build?)
   "Build a derivation with the given arguments, and return the resulting
 <derivation> object.  When HASH and HASH-ALGO are given, a
 fixed-output derivation is created---i.e., one whose result is known in
@@ -707,6 +707,12 @@ the build environment in the corresponding file, in a 
simple text format.
 When ALLOWED-REFERENCES is true, it must be a list of store items or outputs
 that the derivation's output may refer to.
 
+When LEAKED-ENV-VARS is true, it must be a list of strings denoting
+environment variables that are allowed to \"leak\" from the daemon's
+environment to the build environment.  This is only applicable to fixed-output
+derivations--i.e., when HASH is true.  The main use is to allow variables such
+as \"http_proxy\" to be passed to derivations that download files.
+
 When LOCAL-BUILD? is true, declare that the derivation is not a good candidate
 for offloading and should rather be built locally.  This is the case for small
 derivations where the costs of data transfers would outweigh the benefits."
@@ -751,6 +757,10 @@ derivations where the costs of data transfers would 
outweigh the benefits."
                             `(("allowedReferences"
                                . ,(string-join allowed-references)))
                             '())
+                      ,@(if leaked-env-vars
+                            `(("impureEnvVars"
+                               . ,(string-join leaked-env-vars)))
+                            '())
                       ,@env-vars)))
       (match references-graphs
         (((file . path) ...)
diff --git a/guix/gexp.scm b/guix/gexp.scm
index a2da72e..b08a361 100644
--- a/guix/gexp.scm
+++ b/guix/gexp.scm
@@ -282,6 +282,7 @@ names and file names suitable for the #:allowed-references 
argument to
                            (graft? (%graft?))
                            references-graphs
                            allowed-references
+                           leaked-env-vars
                            local-build?)
   "Return a derivation NAME that runs EXP (a gexp) with GUILE-FOR-BUILD (a
 derivation) on SYSTEM.  When TARGET is true, it is used as the
@@ -400,6 +401,7 @@ The other arguments are as for 'derivation'."
                       #:hash hash #:hash-algo hash-algo #:recursive? recursive?
                       #:references-graphs (and=> graphs graphs-file-names)
                       #:allowed-references allowed
+                      #:leaked-env-vars leaked-env-vars
                       #:local-build? local-build?))))
 
 (define* (gexp-inputs exp #:key native?)
reply via email to
[Prev in Thread] Current Thread [Next in Thread]