diff options
author | Gergely Risko <errge@nilcons.com> | 2014-08-27T14·46+0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-08-28T16·23+0200 |
commit | fd61069a42289da195532bf68d15dc695cca7236 (patch) | |
tree | c0bc88b587aa590d7cdd58146e63af663e1917cf /src | |
parent | 3f0a4bf0e7254edddaa864d23893d98da23c2977 (diff) |
Introduce allowedRequisites feature
Diffstat (limited to 'src')
-rw-r--r-- | src/libstore/build.cc | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index c547a5cbfecf..6390a7480e99 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -2326,7 +2326,24 @@ void DerivationGoal::registerOutputs() PathSet allowed = parseReferenceSpecifiers(drv, get(drv.env, "allowedReferences")); foreach (PathSet::iterator, i, references) if (allowed.find(*i) == allowed.end()) - throw BuildError(format("output is not allowed to refer to path ‘%1%’") % *i); + throw BuildError(format("output (‘%1%’) is not allowed to refer to path ‘%2%’") % actualPath % *i); + } + + /* If the derivation specifies an `allowedRequisites' + attribute (containing a list of paths that the output may + refer to), check that all requisites are in that list. !!! + allowedRequisites should really be per-output. */ + if (drv.env.find("allowedRequisites") != drv.env.end()) { + PathSet allowed = parseReferenceSpecifiers(drv, get(drv.env, "allowedRequisites")); + PathSet requisites; + /* Our requisites are the union of the closures of our references. */ + foreach (PathSet::iterator, i, references) + /* Don't call computeFSClosure on ourselves. */ + if (actualPath != *i) + computeFSClosure(worker.store, *i, requisites); + foreach (PathSet::iterator, i, requisites) + if (allowed.find(*i) == allowed.end()) + throw BuildError(format("output (‘%1%’) is not allowed to refer to requisite path ‘%2%’") % actualPath % *i); } worker.store.optimisePath(path); // FIXME: combine with scanForReferences() |