about summary refs log tree commit diff
path: root/src/libexpr
diff options
context:
space:
mode:
authorEelco Dolstra <eelco.dolstra@logicblox.com>2016-07-26T19·16+0200
committerEelco Dolstra <eelco.dolstra@logicblox.com>2016-07-26T19·16+0200
commit06bbfb6004942bfcddd930e746ee7a2bfe5c3872 (patch)
tree25395e3e0da92eb914abf4f59f33027269a28224 /src/libexpr
parentee3032e4de439b481ce1a4bc7fd8d71ea6ed2c94 (diff)
builtins.{fetchurl,fetchTarball}: Support a sha256 attribute
Also, allow builtins.{fetchurl,fetchTarball} in restricted mode if a
hash is specified.
Diffstat (limited to 'src/libexpr')
-rw-r--r--src/libexpr/primops.cc10
1 files changed, 7 insertions, 3 deletions
diff --git a/src/libexpr/primops.cc b/src/libexpr/primops.cc
index 565ed69ae77b..25736ebff065 100644
--- a/src/libexpr/primops.cc
+++ b/src/libexpr/primops.cc
@@ -1680,9 +1680,8 @@ static void prim_compareVersions(EvalState & state, const Pos & pos, Value * * a
 void fetch(EvalState & state, const Pos & pos, Value * * args, Value & v,
     const string & who, bool unpack)
 {
-    if (state.restricted) throw Error(format("‘%1%’ is not allowed in restricted mode") % who);
-
     string url;
+    Hash expectedHash;
 
     state.forceValue(*args[0]);
 
@@ -1694,6 +1693,8 @@ void fetch(EvalState & state, const Pos & pos, Value * * args, Value & v,
             string name(attr.name);
             if (name == "url")
                 url = state.forceStringNoCtx(*attr.value, *attr.pos);
+            else if (name == "sha256")
+                expectedHash = parseHash16or32(htSHA256, state.forceStringNoCtx(*attr.value, *attr.pos));
             else
                 throw EvalError(format("unsupported argument ‘%1%’ to ‘%2%’, at %3%") % attr.name % who % attr.pos);
         }
@@ -1704,7 +1705,10 @@ void fetch(EvalState & state, const Pos & pos, Value * * args, Value & v,
     } else
         url = state.forceStringNoCtx(*args[0], pos);
 
-    Path res = makeDownloader()->downloadCached(state.store, url, unpack);
+    if (state.restricted && !expectedHash)
+        throw Error(format("‘%1%’ is not allowed in restricted mode") % who);
+
+    Path res = makeDownloader()->downloadCached(state.store, url, unpack, expectedHash);
     mkString(v, res, PathSet({res}));
 }