diff options
author | Shea Levy <shea@shealevy.com> | 2014-06-24T14·50-0400 |
---|---|---|
committer | Shea Levy <shea@shealevy.com> | 2014-06-24T14·50-0400 |
commit | d62f46e500958bc97ae6837911e27c20a47cc181 (patch) | |
tree | 74d8e8f480979061d1b1b09198fa671f774f7af9 /src | |
parent | 5cd022d6c099c583c0494bdacd06f4eb32661135 (diff) |
Only add the importNative primop if the allow-arbitrary-code-during-evaluation option is true (default false)
Diffstat (limited to 'src')
-rw-r--r-- | src/libexpr/primops.cc | 3 | ||||
-rw-r--r-- | src/libstore/globals.cc | 2 | ||||
-rw-r--r-- | src/libstore/globals.hh | 3 |
3 files changed, 7 insertions, 1 deletions
diff --git a/src/libexpr/primops.cc b/src/libexpr/primops.cc index d6ac7c957801..ff82f36b52f7 100644 --- a/src/libexpr/primops.cc +++ b/src/libexpr/primops.cc @@ -1368,7 +1368,8 @@ void EvalState::createBaseEnv() mkApp(v, *baseEnv.values[baseEnvDispl - 1], *v2); forceValue(v); addConstant("import", v); - addPrimOp("__importNative", 2, prim_importNative); + if (settings.enableImportNative) + addPrimOp("__importNative", 2, prim_importNative); addPrimOp("__typeOf", 1, prim_typeOf); addPrimOp("isNull", 1, prim_isNull); addPrimOp("__isFunction", 1, prim_isFunction); diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc index 180344e336b0..5d359e12811f 100644 --- a/src/libstore/globals.cc +++ b/src/libstore/globals.cc @@ -61,6 +61,7 @@ Settings::Settings() envKeepDerivations = false; lockCPU = getEnv("NIX_AFFINITY_HACK", "1") == "1"; showTrace = false; + enableImportNative = false; } @@ -148,6 +149,7 @@ void Settings::update() get(sshSubstituterHosts, "ssh-substituter-hosts"); get(useSshSubstituter, "use-ssh-substituter"); get(logServers, "log-servers"); + get(enableImportNative, "allow-arbitrary-code-during-evaluation"); string subs = getEnv("NIX_SUBSTITUTERS", "default"); if (subs == "default") { diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index 65a6c388b8a6..8dd59a9c7967 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -200,6 +200,9 @@ struct Settings { /* A list of URL prefixes that can return Nix build logs. */ Strings logServers; + /* Whether the importNative primop should be enabled */ + bool enableImportNative; + private: SettingsMap settings, overrides; |