[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
97/118: Introduce allowedRequisites feature
|
From: |
Ludovic Courtès |
|
Subject: |
97/118: Introduce allowedRequisites feature |
|
Date: |
Tue, 19 May 2015 14:45:57 +0000 |
civodul pushed a commit to branch nix
in repository guix.
commit abd9d61e6201ddbde3305dd27c286e883e950bec
Author: Gergely Risko <address@hidden>
Date: Wed Aug 27 16:46:02 2014 +0200
Introduce allowedRequisites feature
---
nix/libstore/build.cc | 19 ++++++++++++++++++-
1 files changed, 18 insertions(+), 1 deletions(-)
diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
index 5c605a7..133ea6d 100644
--- a/nix/libstore/build.cc
+++ b/nix/libstore/build.cc
@@ -2358,7 +2358,24 @@ void DerivationGoal::registerOutputs()
PathSet allowed = parseReferenceSpecifiers(drv, get(drv.env,
"allowedReferences"));
foreach (PathSet::iterator, i, references)
if (allowed.find(*i) == allowed.end())
- throw BuildError(format("output is not allowed to refer to
path `%1%'") % *i);
+ throw BuildError(format("output (`%1%') is not allowed to
refer to path `%2%'") % actualPath % *i);
+ }
+
+ /* If the derivation specifies an `allowedRequisites'
+ attribute (containing a list of paths that the output may
+ refer to), check that all requisites are in that list. !!!
+ allowedRequisites should really be per-output. */
+ if (drv.env.find("allowedRequisites") != drv.env.end()) {
+ PathSet allowed = parseReferenceSpecifiers(drv, get(drv.env,
"allowedRequisites"));
+ PathSet requisites;
+ /* Our requisites are the union of the closures of our references.
*/
+ foreach (PathSet::iterator, i, references)
+ /* Don't call computeFSClosure on ourselves. */
+ if (actualPath != *i)
+ computeFSClosure(worker.store, *i, requisites);
+ foreach (PathSet::iterator, i, requisites)
+ if (allowed.find(*i) == allowed.end())
+ throw BuildError(format("output (`%1%') is not allowed to
refer to requisite path `%2%'") % actualPath % *i);
}
worker.store.optimisePath(path); // FIXME: combine with
scanForReferences()
- 95/118: Make hook shutdown more reliable, (continued)
- 95/118: Make hook shutdown more reliable, Ludovic Courtès, 2015/05/19
- 81/118: findRoots(): Prevent a call to lstat(), Ludovic Courtès, 2015/05/19
- 101/118: On Linux, disable address space randomization, Ludovic Courtès, 2015/05/19
- 91/118: Use regular file GC roots if possible, Ludovic Courtès, 2015/05/19
- 102/118: Remove bogus comment, Ludovic Courtès, 2015/05/19
- 80/118: Make readDirectory() return inode / file type, Ludovic Courtès, 2015/05/19
- 94/118: Doh, Ludovic Courtès, 2015/05/19
- 96/118: fix disappearing bash arguments, Ludovic Courtès, 2015/05/19
- 104/118: createDirs(): Handle ‘path’ being a symlink, Ludovic Courtès, 2015/05/19
- 103/118: nix-daemon: Close unnecessary fd, Ludovic Courtès, 2015/05/19
- 97/118: Introduce allowedRequisites feature,
Ludovic Courtès <=
- 113/118: Clean up temp roots in a more C++ way, Ludovic Courtès, 2015/05/19
- 105/118: Remove some duplicate code, Ludovic Courtès, 2015/05/19
- 108/118: Improve error message if the daemon worker fails to start, Ludovic Courtès, 2015/05/19
- 100/118: Settings: Add bool get(), Ludovic Courtès, 2015/05/19
- 106/118: Improved error message when encountering unsupported file types, Ludovic Courtès, 2015/05/19
- 114/118: nix-daemon: Call exit(), not _exit(), Ludovic Courtès, 2015/05/19
- 99/118: Add an 'optimiseStore' remote procedure call., Ludovic Courtès, 2015/05/19
- 107/118: Fix build on gcc < 4.7, Ludovic Courtès, 2015/05/19
- 98/118: Add disallowedReferences / disallowedRequisites, Ludovic Courtès, 2015/05/19
- 110/118: Make ~DerivationGoal more reliable, Ludovic Courtès, 2015/05/19