diff options
| author | Eelco Dolstra <edolstra@gmail.com> | 2017-10-30T11·39+0100 |
|---|---|---|
| committer | Eelco Dolstra <edolstra@gmail.com> | 2017-10-30T11·41+0100 |
| commit | 812e027e1d5a4f83394069edd67bdf8404ffa2bb (patch) | |
| tree | fe11aee398ea3ddfa0a8117c566e2ed1c6435883 /tests/restricted.sh | |
| parent | f1c555cef870654cdaf232b5d08fdbba0bf06add (diff) | |
Add option allowed-uris
This allows network access in restricted eval mode.
Diffstat (limited to 'tests/restricted.sh')
| -rw-r--r-- | tests/restricted.sh | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/tests/restricted.sh b/tests/restricted.sh index 19096a9f8dd2..a297847cc8e3 100644 --- a/tests/restricted.sh +++ b/tests/restricted.sh @@ -16,3 +16,15 @@ nix-instantiate --option restrict-eval true --eval -E 'builtins.readDir ../src/b (! nix-instantiate --option restrict-eval true --eval -E 'let __nixPath = [ { prefix = "foo"; path = ./.; } ]; in <foo>') nix-instantiate --option restrict-eval true --eval -E 'let __nixPath = [ { prefix = "foo"; path = ./.; } ]; in <foo>' -I src=. +p=$(nix eval --raw "(builtins.fetchurl file://$(pwd)/restricted.sh)" --restrict-eval --allowed-uris "file://$(pwd)") +cmp $p restricted.sh + +(! nix eval --raw "(builtins.fetchurl file://$(pwd)/restricted.sh)" --restrict-eval) + +(! nix eval --raw "(builtins.fetchurl file://$(pwd)/restricted.sh)" --restrict-eval --allowed-uris "file://$(pwd)/restricted.sh/") + +nix eval --raw "(builtins.fetchurl file://$(pwd)/restricted.sh)" --restrict-eval --allowed-uris "file://$(pwd)/restricted.sh" + +(! nix eval --raw "(builtins.fetchurl https://github.com/NixOS/patchelf/archive/master.tar.gz)" --restrict-eval) +(! nix eval --raw "(builtins.fetchTarball https://github.com/NixOS/patchelf/archive/master.tar.gz)" --restrict-eval) +(! nix eval --raw "(fetchGit git://github.com/NixOS/patchelf.git)" --restrict-eval) |