about summary refs log tree commit diff
diff options
context:
space:
mode:
authorShea Levy <shea@shealevy.com>2014-06-24T14·50-0400
committerShea Levy <shea@shealevy.com>2014-06-24T14·50-0400
commitd62f46e500958bc97ae6837911e27c20a47cc181 (patch)
tree74d8e8f480979061d1b1b09198fa671f774f7af9
parent5cd022d6c099c583c0494bdacd06f4eb32661135 (diff)
Only add the importNative primop if the allow-arbitrary-code-during-evaluation option is true (default false)
-rw-r--r--src/libexpr/primops.cc3
-rw-r--r--src/libstore/globals.cc2
-rw-r--r--src/libstore/globals.hh3
3 files changed, 7 insertions, 1 deletions
diff --git a/src/libexpr/primops.cc b/src/libexpr/primops.cc
index d6ac7c957801..ff82f36b52f7 100644
--- a/src/libexpr/primops.cc
+++ b/src/libexpr/primops.cc
@@ -1368,7 +1368,8 @@ void EvalState::createBaseEnv()
     mkApp(v, *baseEnv.values[baseEnvDispl - 1], *v2);
     forceValue(v);
     addConstant("import", v);
-    addPrimOp("__importNative", 2, prim_importNative);
+    if (settings.enableImportNative)
+        addPrimOp("__importNative", 2, prim_importNative);
     addPrimOp("__typeOf", 1, prim_typeOf);
     addPrimOp("isNull", 1, prim_isNull);
     addPrimOp("__isFunction", 1, prim_isFunction);
diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc
index 180344e336b0..5d359e12811f 100644
--- a/src/libstore/globals.cc
+++ b/src/libstore/globals.cc
@@ -61,6 +61,7 @@ Settings::Settings()
     envKeepDerivations = false;
     lockCPU = getEnv("NIX_AFFINITY_HACK", "1") == "1";
     showTrace = false;
+    enableImportNative = false;
 }
 
 
@@ -148,6 +149,7 @@ void Settings::update()
     get(sshSubstituterHosts, "ssh-substituter-hosts");
     get(useSshSubstituter, "use-ssh-substituter");
     get(logServers, "log-servers");
+    get(enableImportNative, "allow-arbitrary-code-during-evaluation");
 
     string subs = getEnv("NIX_SUBSTITUTERS", "default");
     if (subs == "default") {
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
index 65a6c388b8a6..8dd59a9c7967 100644
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@@ -200,6 +200,9 @@ struct Settings {
     /* A list of URL prefixes that can return Nix build logs. */
     Strings logServers;
 
+    /* Whether the importNative primop should be enabled */
+    bool enableImportNative;
+
 private:
     SettingsMap settings, overrides;