2023-07-31 16:19:19 +03:00
|
|
|
#pragma once
|
2023-10-25 07:43:36 +03:00
|
|
|
///@file
|
|
|
|
|
2023-07-31 16:19:19 +03:00
|
|
|
#include "config.hh"
|
|
|
|
|
|
|
|
namespace nix {
|
|
|
|
|
|
|
|
struct EvalSettings : Config
|
|
|
|
{
|
|
|
|
EvalSettings();
|
|
|
|
|
|
|
|
static Strings getDefaultNixPath();
|
|
|
|
|
|
|
|
static bool isPseudoUrl(std::string_view s);
|
|
|
|
|
|
|
|
static std::string resolvePseudoUrl(std::string_view url);
|
|
|
|
|
|
|
|
Setting<bool> enableNativeCode{this, false, "allow-unsafe-native-code-during-evaluation",
|
|
|
|
"Whether builtin functions that allow executing native code should be enabled."};
|
|
|
|
|
|
|
|
Setting<Strings> nixPath{
|
|
|
|
this, getDefaultNixPath(), "nix-path",
|
|
|
|
R"(
|
|
|
|
List of directories to be searched for `<...>` file references
|
|
|
|
|
2023-09-07 16:13:22 +03:00
|
|
|
In particular, outside of [pure evaluation mode](#conf-pure-eval), this determines the value of
|
2023-07-31 16:19:19 +03:00
|
|
|
[`builtins.nixPath`](@docroot@/language/builtin-constants.md#builtins-nixPath).
|
|
|
|
)"};
|
|
|
|
|
|
|
|
Setting<bool> restrictEval{
|
|
|
|
this, false, "restrict-eval",
|
|
|
|
R"(
|
|
|
|
If set to `true`, the Nix evaluator will not allow access to any
|
2023-10-07 04:20:20 +03:00
|
|
|
files outside of
|
|
|
|
[`builtins.nixPath`](@docroot@/language/builtin-constants.md#builtins-nixPath),
|
|
|
|
or to URIs outside of
|
|
|
|
[`allowed-uris`](@docroot@/command-ref/conf-file.md#conf-allowed-uris).
|
|
|
|
|
|
|
|
Also the default value for [`nix-path`](#conf-nix-path) is ignored, such that only explicitly set search path entries are taken into account.
|
2023-07-31 16:19:19 +03:00
|
|
|
)"};
|
|
|
|
|
|
|
|
Setting<bool> pureEval{this, false, "pure-eval",
|
|
|
|
R"(
|
|
|
|
Pure evaluation mode ensures that the result of Nix expressions is fully determined by explicitly declared inputs, and not influenced by external state:
|
|
|
|
|
|
|
|
- Restrict file system and network access to files specified by cryptographic hash
|
2023-10-07 04:12:21 +03:00
|
|
|
- Disable impure constants:
|
|
|
|
- [`bultins.currentSystem`](@docroot@/language/builtin-constants.md#builtins-currentSystem)
|
|
|
|
- [`builtins.currentTime`](@docroot@/language/builtin-constants.md#builtins-currentTime)
|
|
|
|
- [`builtins.nixPath`](@docroot@/language/builtin-constants.md#builtins-nixPath)
|
2023-07-31 16:19:19 +03:00
|
|
|
)"
|
|
|
|
};
|
|
|
|
|
|
|
|
Setting<bool> enableImportFromDerivation{
|
|
|
|
this, true, "allow-import-from-derivation",
|
|
|
|
R"(
|
2023-09-26 04:49:03 +03:00
|
|
|
By default, Nix allows [Import from Derivation](@docroot@/language/import-from-derivation.md).
|
|
|
|
|
|
|
|
With this option set to `false`, Nix will throw an error when evaluating an expression that uses this feature,
|
|
|
|
even when the required store object is readily available.
|
|
|
|
This ensures that evaluation will not require any builds to take place,
|
|
|
|
regardless of the state of the store.
|
2023-07-31 16:19:19 +03:00
|
|
|
)"};
|
|
|
|
|
|
|
|
Setting<Strings> allowedUris{this, {}, "allowed-uris",
|
|
|
|
R"(
|
|
|
|
A list of URI prefixes to which access is allowed in restricted
|
|
|
|
evaluation mode. For example, when set to
|
|
|
|
`https://github.com/NixOS`, builtin functions such as `fetchGit` are
|
|
|
|
allowed to access `https://github.com/NixOS/patchelf.git`.
|
2023-12-06 16:27:29 +02:00
|
|
|
|
|
|
|
Access is granted when
|
|
|
|
- the URI is equal to the prefix,
|
|
|
|
- or the URI is a subpath of the prefix,
|
|
|
|
- or the prefix is a URI scheme ended by a colon `:` and the URI has the same scheme.
|
2023-07-31 16:19:19 +03:00
|
|
|
)"};
|
|
|
|
|
|
|
|
Setting<bool> traceFunctionCalls{this, false, "trace-function-calls",
|
|
|
|
R"(
|
|
|
|
If set to `true`, the Nix evaluator will trace every function call.
|
|
|
|
Nix will print a log message at the "vomit" level for every function
|
|
|
|
entrance and function exit.
|
|
|
|
|
|
|
|
function-trace entered undefined position at 1565795816999559622
|
|
|
|
function-trace exited undefined position at 1565795816999581277
|
|
|
|
function-trace entered /nix/store/.../example.nix:226:41 at 1565795253249935150
|
|
|
|
function-trace exited /nix/store/.../example.nix:226:41 at 1565795253249941684
|
|
|
|
|
|
|
|
The `undefined position` means the function call is a builtin.
|
|
|
|
|
|
|
|
Use the `contrib/stack-collapse.py` script distributed with the Nix
|
|
|
|
source code to convert the trace logs in to a format suitable for
|
|
|
|
`flamegraph.pl`.
|
|
|
|
)"};
|
|
|
|
|
|
|
|
Setting<bool> useEvalCache{this, true, "eval-cache",
|
|
|
|
"Whether to use the flake evaluation cache."};
|
|
|
|
|
|
|
|
Setting<bool> ignoreExceptionsDuringTry{this, false, "ignore-try",
|
|
|
|
R"(
|
|
|
|
If set to true, ignore exceptions inside 'tryEval' calls when evaluating nix expressions in
|
|
|
|
debug mode (using the --debugger flag). By default the debugger will pause on all exceptions.
|
|
|
|
)"};
|
|
|
|
|
|
|
|
Setting<bool> traceVerbose{this, false, "trace-verbose",
|
|
|
|
"Whether `builtins.traceVerbose` should trace its first argument when evaluated."};
|
|
|
|
};
|
|
|
|
|
|
|
|
extern EvalSettings evalSettings;
|
|
|
|
|
2023-07-24 21:02:05 +03:00
|
|
|
/**
|
|
|
|
* Conventionally part of the default nix path in impure mode.
|
|
|
|
*/
|
|
|
|
Path getNixDefExpr();
|
|
|
|
|
2023-07-31 16:19:19 +03:00
|
|
|
}
|