diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/manual/command-ref/conf-file.xml | 18 | ||||
-rw-r--r-- | doc/manual/release-notes/rl-1.12.xml | 8 |
2 files changed, 25 insertions, 1 deletions
diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml index 6b90083f0873..fb4d8cefc4d2 100644 --- a/doc/manual/command-ref/conf-file.xml +++ b/doc/manual/command-ref/conf-file.xml @@ -563,7 +563,8 @@ password <replaceable>my-password</replaceable> <para>If set to <literal>true</literal>, the Nix evaluator will not allow access to any files outside of the Nix search path (as set via the <envar>NIX_PATH</envar> environment variable or the - <option>-I</option> option). The default is + <option>-I</option> option), or to URIs outside of + <option>allowed-uri</option>. The default is <literal>false</literal>.</para> </listitem> @@ -571,6 +572,21 @@ password <replaceable>my-password</replaceable> </varlistentry> + <varlistentry xml:id="conf-allowed-uris"><term><literal>allowed-uris</literal></term> + + <listitem> + + <para>A list of URI prefixes to which access is allowed in + restricted evaluation mode. For example, when set to + <literal>https://github.com/NixOS</literal>, builtin functions + such as <function>fetchGit</function> are allowed to access + <literal>https://github.com/NixOS/patchelf.git</literal>.</para> + + </listitem> + + </varlistentry> + + <varlistentry xml:id="conf-pre-build-hook"><term><literal>pre-build-hook</literal></term> <listitem> diff --git a/doc/manual/release-notes/rl-1.12.xml b/doc/manual/release-notes/rl-1.12.xml index 609dcef6b49e..7c9a8b75ecee 100644 --- a/doc/manual/release-notes/rl-1.12.xml +++ b/doc/manual/release-notes/rl-1.12.xml @@ -418,6 +418,14 @@ configureFlags = "--prefix=${placeholder "out"} --includedir=${placeholder "dev" through the MELPA package repository.</para> </listitem> + <listitem> + <para>In restricted evaluation mode + (<option>--restrict-eval</option>), builtin functions that + download from the network (such as <function>fetchGit</function>) + are permitted to fetch underneath the list of URI prefixes + specified in the option <option>allowed-uris</option>.</para> + </listitem> + </itemizedlist> <para>This release has contributions from TBD.</para> |