about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--misc/docker/Dockerfile4
-rw-r--r--misc/docker/README.md8
-rw-r--r--src/libexpr/eval.cc12
3 files changed, 21 insertions, 3 deletions
diff --git a/misc/docker/Dockerfile b/misc/docker/Dockerfile
index 2f8e3dd7a679..0f69d02df25f 100644
--- a/misc/docker/Dockerfile
+++ b/misc/docker/Dockerfile
@@ -4,8 +4,8 @@ FROM alpine
 RUN apk add --update openssl
 
 # Download Nix and install it into the system.
-RUN wget https://nixos.org/releases/nix/nix-2.0/nix-2.0-x86_64-linux.tar.bz2 \
-  && echo "6312837aee33306cdbb351b75ba1638b89d21b30f0caf0346f9a742425f197ee  nix-2.0-x86_64-linux.tar.bz2" | sha256sum -c \
+RUN wget https://nixos.org/releases/nix/nix-2.0.2/nix-2.0.2-x86_64-linux.tar.bz2 \
+  && echo "d0c2492d7d8f824e3b1ace15a1a58f64a0a8faacc59936ebedfe18905d982d7c  nix-2.0.2-x86_64-linux.tar.bz2" | sha256sum -c \
   && tar xjf nix-*-x86_64-linux.tar.bz2 \
   && addgroup -g 30000 -S nixbld \
   && for i in $(seq 1 30); do adduser -S -D -h /var/empty -g "Nix build user $i" -u $((30000 + i)) -G nixbld nixbld$i ; done \
diff --git a/misc/docker/README.md b/misc/docker/README.md
new file mode 100644
index 000000000000..491be7408964
--- /dev/null
+++ b/misc/docker/README.md
@@ -0,0 +1,8 @@
+To update https://hub.docker.com/r/nixos/nix/
+
+    $ docker build . -t nixos/nix:2.0
+    $ docker tag nixos/nix:2.0 nixos/nix:latest
+    $ docker push nixos/nix:latest
+    $ docker push nixos/nix:2.0
+
+Write access: @domenkozar
diff --git a/src/libexpr/eval.cc b/src/libexpr/eval.cc
index a2cce162b90c..353097f89713 100644
--- a/src/libexpr/eval.cc
+++ b/src/libexpr/eval.cc
@@ -317,10 +317,20 @@ EvalState::EvalState(const Strings & _searchPath, ref<Store> store)
 
     if (settings.restrictEval || settings.pureEval) {
         allowedPaths = PathSet();
+
         for (auto & i : searchPath) {
             auto r = resolveSearchPathElem(i);
             if (!r.first) continue;
-            allowedPaths->insert(r.second);
+
+            auto path = r.second;
+
+            if (store->isInStore(r.second)) {
+                PathSet closure;
+                store->computeFSClosure(store->toStorePath(r.second), closure);
+                for (auto & path : closure)
+                    allowedPaths->insert(path);
+            } else
+                allowedPaths->insert(r.second);
         }
     }