mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-24 14:56:15 +02:00
Merge pull request #14 from eclairevoyant/reject-nixconfig
feat: add reject-flake-config setting to reject all nix config from flakes
This commit is contained in:
commit
924eb1127a
3 changed files with 14 additions and 0 deletions
|
@ -27,6 +27,11 @@ The following experimental features are enabled by default:
|
|||
- `repl-flake` (`Xp::ReplFlake`)
|
||||
- `fetch-tree` (`Xp::FetchTree`)
|
||||
|
||||
### Additional settings
|
||||
|
||||
The following settings are added to this fork:
|
||||
- `reject-flake-config`: rejects all flake configuration (including whitelisted settings) and warns about it
|
||||
|
||||
### Full thunk evaluation in `flake.nix`
|
||||
|
||||
In stock Nix, only the outputs section of `flake.nix` is able to make full use of the Nix language.
|
||||
|
|
|
@ -51,6 +51,11 @@ void ConfigFile::apply()
|
|||
else
|
||||
assert(false);
|
||||
|
||||
if (nix::fetchSettings.rejectFlakeConfig) {
|
||||
warn("ignoring untrusted flake configuration setting '%s' due to the '%s' setting.", name, "reject-flake-config");
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!whitelist.count(baseName) && !nix::fetchSettings.acceptFlakeConfig) {
|
||||
bool trusted = false;
|
||||
auto trustedList = readTrustedList();
|
||||
|
|
|
@ -87,6 +87,10 @@ struct FetchSettings : public Config
|
|||
"Whether to accept nix configuration from a flake without prompting.",
|
||||
{}, true, Xp::Flakes};
|
||||
|
||||
Setting<bool> rejectFlakeConfig{this, false, "reject-flake-config",
|
||||
"Whether to reject nix configuration (including whitelisted settings) from a flake without prompting.",
|
||||
{}, true, Xp::Flakes};
|
||||
|
||||
Setting<std::string> commitLockFileSummary{
|
||||
this, "", "commit-lockfile-summary",
|
||||
R"(
|
||||
|
|
Loading…
Reference in a new issue