From 812e027e1d5a4f83394069edd67bdf8404ffa2bb Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 30 Oct 2017 12:39:59 +0100 Subject: Add option allowed-uris This allows network access in restricted eval mode. --- doc/manual/command-ref/conf-file.xml | 18 +++++++++++++++++- doc/manual/release-notes/rl-1.12.xml | 8 ++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml index 6b90083f0873..fb4d8cefc4d2 100644 --- a/doc/manual/command-ref/conf-file.xml +++ b/doc/manual/command-ref/conf-file.xml @@ -563,7 +563,8 @@ password my-password If set to true, the Nix evaluator will not allow access to any files outside of the Nix search path (as set via the NIX_PATH environment variable or the - option). The default is + option), or to URIs outside of + . The default is false. @@ -571,6 +572,21 @@ password my-password + allowed-uris + + + + A list of URI prefixes to which access is allowed in + restricted evaluation mode. For example, when set to + https://github.com/NixOS, builtin functions + such as fetchGit are allowed to access + https://github.com/NixOS/patchelf.git. + + + + + + pre-build-hook diff --git a/doc/manual/release-notes/rl-1.12.xml b/doc/manual/release-notes/rl-1.12.xml index 609dcef6b49e..7c9a8b75ecee 100644 --- a/doc/manual/release-notes/rl-1.12.xml +++ b/doc/manual/release-notes/rl-1.12.xml @@ -418,6 +418,14 @@ configureFlags = "--prefix=${placeholder "out"} --includedir=${placeholder "dev" through the MELPA package repository. + + In restricted evaluation mode + (), builtin functions that + download from the network (such as fetchGit) + are permitted to fetch underneath the list of URI prefixes + specified in the option . + + This release has contributions from TBD. -- cgit 1.4.1