mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-27 00:06:16 +02:00
Whitelist commit-lockfile-summary in flake nixConfig
This commit is contained in:
parent
b41f739068
commit
bfc558c972
2 changed files with 4 additions and 4 deletions
|
@ -31,7 +31,7 @@ static void writeTrustedList(const TrustedList & trustedList)
|
|||
|
||||
void ConfigFile::apply()
|
||||
{
|
||||
std::set<std::string> whitelist{"bash-prompt", "bash-prompt-prefix", "bash-prompt-suffix", "flake-registry"};
|
||||
std::set<std::string> whitelist{"bash-prompt", "bash-prompt-prefix", "bash-prompt-suffix", "flake-registry", "commit-lockfile-summary"};
|
||||
|
||||
for (auto & [name, value] : settings) {
|
||||
|
||||
|
|
|
@ -382,9 +382,9 @@ The following attributes are supported in `flake.nix`:
|
|||
* `nixConfig`: a set of `nix.conf` options to be set when evaluating any
|
||||
part of a flake. In the interests of security, only a small set of
|
||||
whitelisted options (currently `bash-prompt`, `bash-prompt-prefix`,
|
||||
`bash-prompt-suffix`, and `flake-registry`) are allowed to be set without
|
||||
confirmation so long as `accept-flake-config` is not set in the global
|
||||
configuration.
|
||||
`bash-prompt-suffix`, `flake-registry`, and `commit-lockfile-summary`)
|
||||
are allowed to be set without confirmation so long as `accept-flake-config`
|
||||
is not set in the global configuration.
|
||||
|
||||
## Flake inputs
|
||||
|
||||
|
|
Loading…
Reference in a new issue