mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-09-23 01:38:04 +03:00
ac89bb064a
All OS and IO operations should be moved out, leaving only some misc portable pure functions. This is useful to avoid copious CPP when doing things like Windows and Emscripten ports. Newly exposed functions to break cycles: - `restoreSignals` - `updateWindowSize`
112 lines
4.5 KiB
C++
112 lines
4.5 KiB
C++
#pragma once
|
|
///@file
|
|
|
|
#include "config.hh"
|
|
|
|
namespace nix {
|
|
|
|
struct EvalSettings : Config
|
|
{
|
|
EvalSettings();
|
|
|
|
static Strings getDefaultNixPath();
|
|
|
|
static bool isPseudoUrl(std::string_view s);
|
|
|
|
static std::string resolvePseudoUrl(std::string_view url);
|
|
|
|
Setting<bool> enableNativeCode{this, false, "allow-unsafe-native-code-during-evaluation",
|
|
"Whether builtin functions that allow executing native code should be enabled."};
|
|
|
|
Setting<Strings> nixPath{
|
|
this, getDefaultNixPath(), "nix-path",
|
|
R"(
|
|
List of directories to be searched for `<...>` file references
|
|
|
|
In particular, outside of [pure evaluation mode](#conf-pure-eval), this determines the value of
|
|
[`builtins.nixPath`](@docroot@/language/builtin-constants.md#builtins-nixPath).
|
|
)"};
|
|
|
|
Setting<bool> restrictEval{
|
|
this, false, "restrict-eval",
|
|
R"(
|
|
If set to `true`, the Nix evaluator will not allow access to any
|
|
files outside of
|
|
[`builtins.nixPath`](@docroot@/language/builtin-constants.md#builtins-nixPath),
|
|
or to URIs outside of
|
|
[`allowed-uris`](@docroot@/command-ref/conf-file.md#conf-allowed-uris).
|
|
|
|
Also the default value for [`nix-path`](#conf-nix-path) is ignored, such that only explicitly set search path entries are taken into account.
|
|
)"};
|
|
|
|
Setting<bool> pureEval{this, false, "pure-eval",
|
|
R"(
|
|
Pure evaluation mode ensures that the result of Nix expressions is fully determined by explicitly declared inputs, and not influenced by external state:
|
|
|
|
- Restrict file system and network access to files specified by cryptographic hash
|
|
- Disable impure constants:
|
|
- [`bultins.currentSystem`](@docroot@/language/builtin-constants.md#builtins-currentSystem)
|
|
- [`builtins.currentTime`](@docroot@/language/builtin-constants.md#builtins-currentTime)
|
|
- [`builtins.nixPath`](@docroot@/language/builtin-constants.md#builtins-nixPath)
|
|
)"
|
|
};
|
|
|
|
Setting<bool> enableImportFromDerivation{
|
|
this, true, "allow-import-from-derivation",
|
|
R"(
|
|
By default, Nix allows [Import from Derivation](@docroot@/language/import-from-derivation.md).
|
|
|
|
With this option set to `false`, Nix will throw an error when evaluating an expression that uses this feature,
|
|
even when the required store object is readily available.
|
|
This ensures that evaluation will not require any builds to take place,
|
|
regardless of the state of the store.
|
|
)"};
|
|
|
|
Setting<Strings> allowedUris{this, {}, "allowed-uris",
|
|
R"(
|
|
A list of URI prefixes to which access is allowed in restricted
|
|
evaluation mode. For example, when set to
|
|
`https://github.com/NixOS`, builtin functions such as `fetchGit` are
|
|
allowed to access `https://github.com/NixOS/patchelf.git`.
|
|
)"};
|
|
|
|
Setting<bool> traceFunctionCalls{this, false, "trace-function-calls",
|
|
R"(
|
|
If set to `true`, the Nix evaluator will trace every function call.
|
|
Nix will print a log message at the "vomit" level for every function
|
|
entrance and function exit.
|
|
|
|
function-trace entered undefined position at 1565795816999559622
|
|
function-trace exited undefined position at 1565795816999581277
|
|
function-trace entered /nix/store/.../example.nix:226:41 at 1565795253249935150
|
|
function-trace exited /nix/store/.../example.nix:226:41 at 1565795253249941684
|
|
|
|
The `undefined position` means the function call is a builtin.
|
|
|
|
Use the `contrib/stack-collapse.py` script distributed with the Nix
|
|
source code to convert the trace logs in to a format suitable for
|
|
`flamegraph.pl`.
|
|
)"};
|
|
|
|
Setting<bool> useEvalCache{this, true, "eval-cache",
|
|
"Whether to use the flake evaluation cache."};
|
|
|
|
Setting<bool> ignoreExceptionsDuringTry{this, false, "ignore-try",
|
|
R"(
|
|
If set to true, ignore exceptions inside 'tryEval' calls when evaluating nix expressions in
|
|
debug mode (using the --debugger flag). By default the debugger will pause on all exceptions.
|
|
)"};
|
|
|
|
Setting<bool> traceVerbose{this, false, "trace-verbose",
|
|
"Whether `builtins.traceVerbose` should trace its first argument when evaluated."};
|
|
};
|
|
|
|
extern EvalSettings evalSettings;
|
|
|
|
/**
|
|
* Conventionally part of the default nix path in impure mode.
|
|
*/
|
|
Path getNixDefExpr();
|
|
|
|
}
|