about summary refs log tree commit diff
path: root/third_party/nix/src/libexpr/primops
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/nix/src/libexpr/primops')
-rw-r--r--third_party/nix/src/libexpr/primops/context.cc199
-rw-r--r--third_party/nix/src/libexpr/primops/fetchGit.cc263
-rw-r--r--third_party/nix/src/libexpr/primops/fetchMercurial.cc237
-rw-r--r--third_party/nix/src/libexpr/primops/fromTOML.cc88
4 files changed, 787 insertions, 0 deletions
diff --git a/third_party/nix/src/libexpr/primops/context.cc b/third_party/nix/src/libexpr/primops/context.cc
new file mode 100644
index 000000000000..2ae8ba8aa99e
--- /dev/null
+++ b/third_party/nix/src/libexpr/primops/context.cc
@@ -0,0 +1,199 @@
+#include "derivations.hh"
+#include "eval-inline.hh"
+#include "primops.hh"
+
+namespace nix {
+
+static void prim_unsafeDiscardStringContext(EvalState& state, const Pos& pos,
+                                            Value** args, Value& v) {
+  PathSet context;
+  std::string s = state.coerceToString(pos, *args[0], context);
+  mkString(v, s, PathSet());
+}
+
+static RegisterPrimOp r1("__unsafeDiscardStringContext", 1,
+                         prim_unsafeDiscardStringContext);
+
+static void prim_hasContext(EvalState& state, const Pos& pos, Value** args,
+                            Value& v) {
+  PathSet context;
+  state.forceString(*args[0], context, pos);
+  mkBool(v, !context.empty());
+}
+
+static RegisterPrimOp r2("__hasContext", 1, prim_hasContext);
+
+/* Sometimes we want to pass a derivation path (i.e. pkg.drvPath) to a
+   builder without causing the derivation to be built (for instance,
+   in the derivation that builds NARs in nix-push, when doing
+   source-only deployment).  This primop marks the string context so
+   that builtins.derivation adds the path to drv.inputSrcs rather than
+   drv.inputDrvs. */
+static void prim_unsafeDiscardOutputDependency(EvalState& state, const Pos& pos,
+                                               Value** args, Value& v) {
+  PathSet context;
+  std::string s = state.coerceToString(pos, *args[0], context);
+
+  PathSet context2;
+  for (auto& p : context) {
+    context2.insert(p.at(0) == '=' ? string(p, 1) : p);
+  }
+
+  mkString(v, s, context2);
+}
+
+static RegisterPrimOp r3("__unsafeDiscardOutputDependency", 1,
+                         prim_unsafeDiscardOutputDependency);
+
+/* Extract the context of a string as a structured Nix value.
+
+   The context is represented as an attribute set whose keys are the
+   paths in the context set and whose values are attribute sets with
+   the following keys:
+     path: True if the relevant path is in the context as a plain store
+           path (i.e. the kind of context you get when interpolating
+           a Nix path (e.g. ./.) into a string). False if missing.
+     allOutputs: True if the relevant path is a derivation and it is
+                  in the context as a drv file with all of its outputs
+                  (i.e. the kind of context you get when referencing
+                  .drvPath of some derivation). False if missing.
+     outputs: If a non-empty list, the relevant path is a derivation
+              and the provided outputs are referenced in the context
+              (i.e. the kind of context you get when referencing
+              .outPath of some derivation). Empty list if missing.
+   Note that for a given path any combination of the above attributes
+   may be present.
+*/
+static void prim_getContext(EvalState& state, const Pos& pos, Value** args,
+                            Value& v) {
+  struct ContextInfo {
+    bool path = false;
+    bool allOutputs = false;
+    Strings outputs;
+  };
+  PathSet context;
+  state.forceString(*args[0], context, pos);
+  auto contextInfos = std::map<Path, ContextInfo>();
+  for (const auto& p : context) {
+    Path drv;
+    std::string output;
+    const Path* path = &p;
+    if (p.at(0) == '=') {
+      drv = string(p, 1);
+      path = &drv;
+    } else if (p.at(0) == '!') {
+      std::pair<string, string> ctx = decodeContext(p);
+      drv = ctx.first;
+      output = ctx.second;
+      path = &drv;
+    }
+    auto isPath = drv.empty();
+    auto isAllOutputs = (!drv.empty()) && output.empty();
+
+    auto iter = contextInfos.find(*path);
+    if (iter == contextInfos.end()) {
+      contextInfos.emplace(
+          *path,
+          ContextInfo{isPath, isAllOutputs,
+                      output.empty() ? Strings{} : Strings{std::move(output)}});
+    } else {
+      if (isPath)
+        iter->second.path = true;
+      else if (isAllOutputs)
+        iter->second.allOutputs = true;
+      else
+        iter->second.outputs.emplace_back(std::move(output));
+    }
+  }
+
+  state.mkAttrs(v, contextInfos.size());
+
+  auto sPath = state.symbols.Create("path");
+  auto sAllOutputs = state.symbols.Create("allOutputs");
+  for (const auto& info : contextInfos) {
+    auto& infoVal = *state.allocAttr(v, state.symbols.Create(info.first));
+    state.mkAttrs(infoVal, 3);
+    if (info.second.path) {
+      mkBool(*state.allocAttr(infoVal, sPath), true);
+    }
+    if (info.second.allOutputs)
+      mkBool(*state.allocAttr(infoVal, sAllOutputs), true);
+    if (!info.second.outputs.empty()) {
+      auto& outputsVal = *state.allocAttr(infoVal, state.sOutputs);
+      state.mkList(outputsVal, info.second.outputs.size());
+      size_t i = 0;
+      for (const auto& output : info.second.outputs) {
+        mkString(*(outputsVal.listElems()[i++] = state.allocValue()), output);
+      }
+    }
+  }
+}
+
+static RegisterPrimOp r4("__getContext", 1, prim_getContext);
+
+/* Append the given context to a given string.
+
+   See the commentary above unsafeGetContext for details of the
+   context representation.
+*/
+static void prim_appendContext(EvalState& state, const Pos& pos, Value** args,
+                               Value& v) {
+  PathSet context;
+  auto orig = state.forceString(*args[0], context, pos);
+
+  state.forceAttrs(*args[1], pos);
+
+  auto sPath = state.symbols.Create("path");
+  auto sAllOutputs = state.symbols.Create("allOutputs");
+  for (const auto& attr_iter : *args[1]->attrs) {
+    const Attr* i = &attr_iter.second;  // TODO(tazjin): get rid of this
+    if (!state.store->isStorePath(i->name))
+      throw EvalError("Context key '%s' is not a store path, at %s", i->name,
+                      i->pos);
+    if (!settings.readOnlyMode) {
+      state.store->ensurePath(i->name);
+    }
+    state.forceAttrs(*i->value, *i->pos);
+    auto iter = i->value->attrs->find(sPath);
+    if (iter != i->value->attrs->end()) {
+      if (state.forceBool(*iter->second.value, *iter->second.pos)) {
+        context.insert(i->name);
+      }
+    }
+
+    iter = i->value->attrs->find(sAllOutputs);
+    if (iter != i->value->attrs->end()) {
+      if (state.forceBool(*iter->second.value, *iter->second.pos)) {
+        if (!isDerivation(i->name)) {
+          throw EvalError(
+              "Tried to add all-outputs context of %s, which is not a "
+              "derivation, to a string, at %s",
+              i->name, i->pos);
+        }
+        context.insert("=" + string(i->name));
+      }
+    }
+
+    iter = i->value->attrs->find(state.sOutputs);
+    if (iter != i->value->attrs->end()) {
+      state.forceList(*iter->second.value, *iter->second.pos);
+      if (iter->second.value->listSize() && !isDerivation(i->name)) {
+        throw EvalError(
+            "Tried to add derivation output context of %s, which is not a "
+            "derivation, to a string, at %s",
+            i->name, i->pos);
+      }
+      for (unsigned int n = 0; n < iter->second.value->listSize(); ++n) {
+        auto name = state.forceStringNoCtx(*iter->second.value->listElems()[n],
+                                           *iter->second.pos);
+        context.insert("!" + name + "!" + string(i->name));
+      }
+    }
+  }
+
+  mkString(v, orig, context);
+}
+
+static RegisterPrimOp r5("__appendContext", 2, prim_appendContext);
+
+}  // namespace nix
diff --git a/third_party/nix/src/libexpr/primops/fetchGit.cc b/third_party/nix/src/libexpr/primops/fetchGit.cc
new file mode 100644
index 000000000000..67641258d518
--- /dev/null
+++ b/third_party/nix/src/libexpr/primops/fetchGit.cc
@@ -0,0 +1,263 @@
+#include <nlohmann/json.hpp>
+#include <regex>
+
+#include <glog/logging.h>
+#include <sys/time.h>
+
+#include "download.hh"
+#include "eval-inline.hh"
+#include "hash.hh"
+#include "pathlocks.hh"
+#include "primops.hh"
+#include "store-api.hh"
+
+using namespace std::string_literals;
+
+namespace nix {
+
+struct GitInfo {
+  Path storePath;
+  std::string rev;
+  std::string shortRev;
+  uint64_t revCount = 0;
+};
+
+std::regex revRegex("^[0-9a-fA-F]{40}$");
+
+GitInfo exportGit(ref<Store> store, const std::string& uri,
+                  std::optional<std::string> ref, std::string rev,
+                  const std::string& name) {
+  if (evalSettings.pureEval && rev == "")
+    throw Error("in pure evaluation mode, 'fetchGit' requires a Git revision");
+
+  if (!ref && rev == "" && hasPrefix(uri, "/") && pathExists(uri + "/.git")) {
+    bool clean = true;
+
+    try {
+      runProgram("git", true,
+                 {"-C", uri, "diff-index", "--quiet", "HEAD", "--"});
+    } catch (ExecError& e) {
+      if (!WIFEXITED(e.status) || WEXITSTATUS(e.status) != 1) {
+        throw;
+      }
+      clean = false;
+    }
+
+    if (!clean) {
+      /* This is an unclean working tree. So copy all tracked
+         files. */
+
+      GitInfo gitInfo;
+      gitInfo.rev = "0000000000000000000000000000000000000000";
+      gitInfo.shortRev = std::string(gitInfo.rev, 0, 7);
+
+      auto files = tokenizeString<std::set<std::string>>(
+          runProgram("git", true, {"-C", uri, "ls-files", "-z"}), "\0"s);
+
+      PathFilter filter = [&](const Path& p) -> bool {
+        assert(hasPrefix(p, uri));
+        std::string file(p, uri.size() + 1);
+
+        auto st = lstat(p);
+
+        if (S_ISDIR(st.st_mode)) {
+          auto prefix = file + "/";
+          auto i = files.lower_bound(prefix);
+          return i != files.end() && hasPrefix(*i, prefix);
+        }
+
+        return files.count(file);
+      };
+
+      gitInfo.storePath =
+          store->addToStore("source", uri, true, htSHA256, filter);
+
+      return gitInfo;
+    }
+
+    // clean working tree, but no ref or rev specified.  Use 'HEAD'.
+    rev = chomp(runProgram("git", true, {"-C", uri, "rev-parse", "HEAD"}));
+    ref = "HEAD"s;
+  }
+
+  if (!ref) {
+    ref = "HEAD"s;
+  }
+
+  if (rev != "" && !std::regex_match(rev, revRegex))
+    throw Error("invalid Git revision '%s'", rev);
+
+  deletePath(getCacheDir() + "/nix/git");
+
+  Path cacheDir = getCacheDir() + "/nix/gitv2/" +
+                  hashString(htSHA256, uri).to_string(Base32, false);
+
+  if (!pathExists(cacheDir)) {
+    createDirs(dirOf(cacheDir));
+    runProgram("git", true, {"init", "--bare", cacheDir});
+  }
+
+  Path localRefFile;
+  if (ref->compare(0, 5, "refs/") == 0)
+    localRefFile = cacheDir + "/" + *ref;
+  else
+    localRefFile = cacheDir + "/refs/heads/" + *ref;
+
+  bool doFetch;
+  time_t now = time(0);
+  /* If a rev was specified, we need to fetch if it's not in the
+     repo. */
+  if (rev != "") {
+    try {
+      runProgram("git", true, {"-C", cacheDir, "cat-file", "-e", rev});
+      doFetch = false;
+    } catch (ExecError& e) {
+      if (WIFEXITED(e.status)) {
+        doFetch = true;
+      } else {
+        throw;
+      }
+    }
+  } else {
+    /* If the local ref is older than ‘tarball-ttl’ seconds, do a
+       git fetch to update the local ref to the remote ref. */
+    struct stat st;
+    doFetch = stat(localRefFile.c_str(), &st) != 0 ||
+              (uint64_t)st.st_mtime + settings.tarballTtl <= (uint64_t)now;
+  }
+  if (doFetch) {
+    DLOG(INFO) << "fetching Git repository '" << uri << "'";
+
+    // FIXME: git stderr messes up our progress indicator, so
+    // we're using --quiet for now. Should process its stderr.
+    runProgram("git", true,
+               {"-C", cacheDir, "fetch", "--quiet", "--force", "--", uri,
+                fmt("%s:%s", *ref, *ref)});
+
+    struct timeval times[2];
+    times[0].tv_sec = now;
+    times[0].tv_usec = 0;
+    times[1].tv_sec = now;
+    times[1].tv_usec = 0;
+
+    utimes(localRefFile.c_str(), times);
+  }
+
+  // FIXME: check whether rev is an ancestor of ref.
+  GitInfo gitInfo;
+  gitInfo.rev = rev != "" ? rev : chomp(readFile(localRefFile));
+  gitInfo.shortRev = std::string(gitInfo.rev, 0, 7);
+
+  DLOG(INFO) << "using revision " << gitInfo.rev << " of repo '" << uri << "'";
+
+  std::string storeLinkName =
+      hashString(htSHA512, name + std::string("\0"s) + gitInfo.rev)
+          .to_string(Base32, false);
+  Path storeLink = cacheDir + "/" + storeLinkName + ".link";
+  PathLocks storeLinkLock({storeLink}, fmt("waiting for lock on '%1%'...",
+                                           storeLink));  // FIXME: broken
+
+  try {
+    auto json = nlohmann::json::parse(readFile(storeLink));
+
+    assert(json["name"] == name && json["rev"] == gitInfo.rev);
+
+    gitInfo.storePath = json["storePath"];
+
+    if (store->isValidPath(gitInfo.storePath)) {
+      gitInfo.revCount = json["revCount"];
+      return gitInfo;
+    }
+
+  } catch (SysError& e) {
+    if (e.errNo != ENOENT) {
+      throw;
+    }
+  }
+
+  // FIXME: should pipe this, or find some better way to extract a
+  // revision.
+  auto tar = runProgram("git", true, {"-C", cacheDir, "archive", gitInfo.rev});
+
+  Path tmpDir = createTempDir();
+  AutoDelete delTmpDir(tmpDir, true);
+
+  runProgram("tar", true, {"x", "-C", tmpDir}, tar);
+
+  gitInfo.storePath = store->addToStore(name, tmpDir);
+
+  gitInfo.revCount = std::stoull(runProgram(
+      "git", true, {"-C", cacheDir, "rev-list", "--count", gitInfo.rev}));
+
+  nlohmann::json json;
+  json["storePath"] = gitInfo.storePath;
+  json["uri"] = uri;
+  json["name"] = name;
+  json["rev"] = gitInfo.rev;
+  json["revCount"] = gitInfo.revCount;
+
+  writeFile(storeLink, json.dump());
+
+  return gitInfo;
+}
+
+static void prim_fetchGit(EvalState& state, const Pos& pos, Value** args,
+                          Value& v) {
+  std::string url;
+  std::optional<std::string> ref;
+  std::string rev;
+  std::string name = "source";
+  PathSet context;
+
+  state.forceValue(*args[0]);
+
+  if (args[0]->type == tAttrs) {
+    state.forceAttrs(*args[0], pos);
+
+    for (auto& attr_iter : *args[0]->attrs) {
+      auto& attr = attr_iter.second;
+      std::string n(attr.name);
+      if (n == "url")
+        url =
+            state.coerceToString(*attr.pos, *attr.value, context, false, false);
+      else if (n == "ref")
+        ref = state.forceStringNoCtx(*attr.value, *attr.pos);
+      else if (n == "rev")
+        rev = state.forceStringNoCtx(*attr.value, *attr.pos);
+      else if (n == "name")
+        name = state.forceStringNoCtx(*attr.value, *attr.pos);
+      else
+        throw EvalError("unsupported argument '%s' to 'fetchGit', at %s",
+                        attr.name, *attr.pos);
+    }
+
+    if (url.empty())
+      throw EvalError(format("'url' argument required, at %1%") % pos);
+
+  } else {
+    url = state.coerceToString(pos, *args[0], context, false, false);
+  }
+
+  // FIXME: git externals probably can be used to bypass the URI
+  // whitelist. Ah well.
+  state.checkURI(url);
+
+  auto gitInfo = exportGit(state.store, url, ref, rev, name);
+
+  state.mkAttrs(v, 8);
+  mkString(*state.allocAttr(v, state.sOutPath), gitInfo.storePath,
+           PathSet({gitInfo.storePath}));
+  mkString(*state.allocAttr(v, state.symbols.Create("rev")), gitInfo.rev);
+  mkString(*state.allocAttr(v, state.symbols.Create("shortRev")),
+           gitInfo.shortRev);
+  mkInt(*state.allocAttr(v, state.symbols.Create("revCount")),
+        gitInfo.revCount);
+
+  if (state.allowedPaths) {
+    state.allowedPaths->insert(state.store->toRealPath(gitInfo.storePath));
+  }
+}
+
+static RegisterPrimOp r("fetchGit", 1, prim_fetchGit);
+
+}  // namespace nix
diff --git a/third_party/nix/src/libexpr/primops/fetchMercurial.cc b/third_party/nix/src/libexpr/primops/fetchMercurial.cc
new file mode 100644
index 000000000000..9223f1c3ca99
--- /dev/null
+++ b/third_party/nix/src/libexpr/primops/fetchMercurial.cc
@@ -0,0 +1,237 @@
+#include <nlohmann/json.hpp>
+#include <regex>
+
+#include <glog/logging.h>
+#include <sys/time.h>
+
+#include "download.hh"
+#include "eval-inline.hh"
+#include "pathlocks.hh"
+#include "primops.hh"
+#include "store-api.hh"
+
+using namespace std::string_literals;
+
+namespace nix {
+
+struct HgInfo {
+  Path storePath;
+  std::string branch;
+  std::string rev;
+  uint64_t revCount = 0;
+};
+
+std::regex commitHashRegex("^[0-9a-fA-F]{40}$");
+
+HgInfo exportMercurial(ref<Store> store, const std::string& uri,
+                       std::string rev, const std::string& name) {
+  if (evalSettings.pureEval && rev == "")
+    throw Error(
+        "in pure evaluation mode, 'fetchMercurial' requires a Mercurial "
+        "revision");
+
+  if (rev == "" && hasPrefix(uri, "/") && pathExists(uri + "/.hg")) {
+    bool clean = runProgram("hg", true,
+                            {"status", "-R", uri, "--modified", "--added",
+                             "--removed"}) == "";
+
+    if (!clean) {
+      /* This is an unclean working tree. So copy all tracked
+         files. */
+
+      DLOG(INFO) << "copying unclean Mercurial working tree '" << uri << "'";
+
+      HgInfo hgInfo;
+      hgInfo.rev = "0000000000000000000000000000000000000000";
+      hgInfo.branch = chomp(runProgram("hg", true, {"branch", "-R", uri}));
+
+      auto files = tokenizeString<std::set<std::string>>(
+          runProgram("hg", true,
+                     {"status", "-R", uri, "--clean", "--modified", "--added",
+                      "--no-status", "--print0"}),
+          "\0"s);
+
+      PathFilter filter = [&](const Path& p) -> bool {
+        assert(hasPrefix(p, uri));
+        std::string file(p, uri.size() + 1);
+
+        auto st = lstat(p);
+
+        if (S_ISDIR(st.st_mode)) {
+          auto prefix = file + "/";
+          auto i = files.lower_bound(prefix);
+          return i != files.end() && hasPrefix(*i, prefix);
+        }
+
+        return files.count(file);
+      };
+
+      hgInfo.storePath =
+          store->addToStore("source", uri, true, htSHA256, filter);
+
+      return hgInfo;
+    }
+  }
+
+  if (rev == "") {
+    rev = "default";
+  }
+
+  Path cacheDir = fmt("%s/nix/hg/%s", getCacheDir(),
+                      hashString(htSHA256, uri).to_string(Base32, false));
+
+  Path stampFile = fmt("%s/.hg/%s.stamp", cacheDir,
+                       hashString(htSHA512, rev).to_string(Base32, false));
+
+  /* If we haven't pulled this repo less than ‘tarball-ttl’ seconds,
+     do so now. */
+  time_t now = time(0);
+  struct stat st;
+  if (stat(stampFile.c_str(), &st) != 0 ||
+      (uint64_t)st.st_mtime + settings.tarballTtl <= (uint64_t)now) {
+    /* Except that if this is a commit hash that we already have,
+       we don't have to pull again. */
+    if (!(std::regex_match(rev, commitHashRegex) && pathExists(cacheDir) &&
+          runProgram(RunOptions("hg", {"log", "-R", cacheDir, "-r", rev,
+                                       "--template", "1"})
+                         .killStderr(true))
+                  .second == "1")) {
+      DLOG(INFO) << "fetching Mercurial repository '" << uri << "'";
+
+      if (pathExists(cacheDir)) {
+        try {
+          runProgram("hg", true, {"pull", "-R", cacheDir, "--", uri});
+        } catch (ExecError& e) {
+          std::string transJournal = cacheDir + "/.hg/store/journal";
+          /* hg throws "abandoned transaction" error only if this file exists */
+          if (pathExists(transJournal)) {
+            runProgram("hg", true, {"recover", "-R", cacheDir});
+            runProgram("hg", true, {"pull", "-R", cacheDir, "--", uri});
+          } else {
+            throw ExecError(e.status,
+                            fmt("'hg pull' %s", statusToString(e.status)));
+          }
+        }
+      } else {
+        createDirs(dirOf(cacheDir));
+        runProgram("hg", true, {"clone", "--noupdate", "--", uri, cacheDir});
+      }
+    }
+
+    writeFile(stampFile, "");
+  }
+
+  auto tokens = tokenizeString<std::vector<std::string>>(
+      runProgram("hg", true,
+                 {"log", "-R", cacheDir, "-r", rev, "--template",
+                  "{node} {rev} {branch}"}));
+  assert(tokens.size() == 3);
+
+  HgInfo hgInfo;
+  hgInfo.rev = tokens[0];
+  hgInfo.revCount = std::stoull(tokens[1]);
+  hgInfo.branch = tokens[2];
+
+  std::string storeLinkName =
+      hashString(htSHA512, name + std::string("\0"s) + hgInfo.rev)
+          .to_string(Base32, false);
+  Path storeLink = fmt("%s/.hg/%s.link", cacheDir, storeLinkName);
+
+  try {
+    auto json = nlohmann::json::parse(readFile(storeLink));
+
+    assert(json["name"] == name && json["rev"] == hgInfo.rev);
+
+    hgInfo.storePath = json["storePath"];
+
+    if (store->isValidPath(hgInfo.storePath)) {
+      DLOG(INFO) << "using cached Mercurial store path '" << hgInfo.storePath
+                 << "'";
+      return hgInfo;
+    }
+
+  } catch (SysError& e) {
+    if (e.errNo != ENOENT) {
+      throw;
+    }
+  }
+
+  Path tmpDir = createTempDir();
+  AutoDelete delTmpDir(tmpDir, true);
+
+  runProgram("hg", true, {"archive", "-R", cacheDir, "-r", rev, tmpDir});
+
+  deletePath(tmpDir + "/.hg_archival.txt");
+
+  hgInfo.storePath = store->addToStore(name, tmpDir);
+
+  nlohmann::json json;
+  json["storePath"] = hgInfo.storePath;
+  json["uri"] = uri;
+  json["name"] = name;
+  json["branch"] = hgInfo.branch;
+  json["rev"] = hgInfo.rev;
+  json["revCount"] = hgInfo.revCount;
+
+  writeFile(storeLink, json.dump());
+
+  return hgInfo;
+}
+
+static void prim_fetchMercurial(EvalState& state, const Pos& pos, Value** args,
+                                Value& v) {
+  std::string url;
+  std::string rev;
+  std::string name = "source";
+  PathSet context;
+
+  state.forceValue(*args[0]);
+
+  if (args[0]->type == tAttrs) {
+    state.forceAttrs(*args[0], pos);
+
+    for (auto& attr_iter : *args[0]->attrs) {
+      auto& attr = attr_iter.second;
+      std::string n(attr.name);
+      if (n == "url")
+        url =
+            state.coerceToString(*attr.pos, *attr.value, context, false, false);
+      else if (n == "rev")
+        rev = state.forceStringNoCtx(*attr.value, *attr.pos);
+      else if (n == "name")
+        name = state.forceStringNoCtx(*attr.value, *attr.pos);
+      else
+        throw EvalError("unsupported argument '%s' to 'fetchMercurial', at %s",
+                        attr.name, *attr.pos);
+    }
+
+    if (url.empty())
+      throw EvalError(format("'url' argument required, at %1%") % pos);
+
+  } else {
+    url = state.coerceToString(pos, *args[0], context, false, false);
+  }
+
+  // FIXME: git externals probably can be used to bypass the URI
+  // whitelist. Ah well.
+  state.checkURI(url);
+
+  auto hgInfo = exportMercurial(state.store, url, rev, name);
+
+  state.mkAttrs(v, 8);
+  mkString(*state.allocAttr(v, state.sOutPath), hgInfo.storePath,
+           PathSet({hgInfo.storePath}));
+  mkString(*state.allocAttr(v, state.symbols.Create("branch")), hgInfo.branch);
+  mkString(*state.allocAttr(v, state.symbols.Create("rev")), hgInfo.rev);
+  mkString(*state.allocAttr(v, state.symbols.Create("shortRev")),
+           std::string(hgInfo.rev, 0, 12));
+  mkInt(*state.allocAttr(v, state.symbols.Create("revCount")), hgInfo.revCount);
+
+  if (state.allowedPaths) {
+    state.allowedPaths->insert(state.store->toRealPath(hgInfo.storePath));
+  }
+}
+
+static RegisterPrimOp r("fetchMercurial", 1, prim_fetchMercurial);
+
+}  // namespace nix
diff --git a/third_party/nix/src/libexpr/primops/fromTOML.cc b/third_party/nix/src/libexpr/primops/fromTOML.cc
new file mode 100644
index 000000000000..cc7b3cfcc33e
--- /dev/null
+++ b/third_party/nix/src/libexpr/primops/fromTOML.cc
@@ -0,0 +1,88 @@
+#include "cpptoml/cpptoml.h"
+#include "eval-inline.hh"
+#include "primops.hh"
+
+namespace nix {
+
+static void prim_fromTOML(EvalState& state, const Pos& pos, Value** args,
+                          Value& v) {
+  using namespace cpptoml;
+
+  auto toml = state.forceStringNoCtx(*args[0], pos);
+
+  std::istringstream tomlStream(toml);
+
+  std::function<void(Value&, std::shared_ptr<base>)> visit;
+
+  visit = [&](Value& v, std::shared_ptr<base> t) {
+    if (auto t2 = t->as_table()) {
+      size_t size = 0;
+      for (auto& i : *t2) {
+        (void)i;
+        size++;
+      }
+
+      state.mkAttrs(v, size);
+
+      for (auto& i : *t2) {
+        auto& v2 = *state.allocAttr(v, state.symbols.Create(i.first));
+
+        if (auto i2 = i.second->as_table_array()) {
+          size_t size2 = i2->get().size();
+          state.mkList(v2, size2);
+          for (size_t j = 0; j < size2; ++j)
+            visit(*(v2.listElems()[j] = state.allocValue()), i2->get()[j]);
+        } else
+          visit(v2, i.second);
+      }
+    }
+
+    else if (auto t2 = t->as_array()) {
+      size_t size = t2->get().size();
+
+      state.mkList(v, size);
+
+      for (size_t i = 0; i < size; ++i)
+        visit(*(v.listElems()[i] = state.allocValue()), t2->get()[i]);
+    }
+
+    // Handle cases like 'a = [[{ a = true }]]', which IMHO should be
+    // parsed as a array containing an array containing a table,
+    // but instead are parsed as an array containing a table array
+    // containing a table.
+    else if (auto t2 = t->as_table_array()) {
+      size_t size = t2->get().size();
+
+      state.mkList(v, size);
+
+      for (size_t j = 0; j < size; ++j)
+        visit(*(v.listElems()[j] = state.allocValue()), t2->get()[j]);
+    }
+
+    else if (t->is_value()) {
+      if (auto val = t->as<int64_t>())
+        mkInt(v, val->get());
+      else if (auto val = t->as<NixFloat>())
+        mkFloat(v, val->get());
+      else if (auto val = t->as<bool>())
+        mkBool(v, val->get());
+      else if (auto val = t->as<std::string>())
+        mkString(v, val->get());
+      else
+        throw EvalError("unsupported value type in TOML");
+    }
+
+    else
+      abort();
+  };
+
+  try {
+    visit(v, parser(tomlStream).parse());
+  } catch (std::runtime_error& e) {
+    throw EvalError("while parsing a TOML string at %s: %s", pos, e.what());
+  }
+}
+
+static RegisterPrimOp r("fromTOML", 1, prim_fromTOML);
+
+}  // namespace nix