Skip to content

Commit

Permalink
Support builtins.path with disallow-copy-paths
Browse files Browse the repository at this point in the history
  • Loading branch information
roberth committed Oct 24, 2024
1 parent c7cd714 commit e95a4ba
Show file tree
Hide file tree
Showing 4 changed files with 50 additions and 9 deletions.
2 changes: 2 additions & 0 deletions src/libexpr/eval-settings.hh
Original file line number Diff line number Diff line change
Expand Up @@ -255,6 +255,8 @@ struct EvalSettings : Config
This is useful for finding expressions which copy sources, which can slow down evaluation.
You may find copied sources by running `nix` commands with increased verbosity, such as `nix build -vvvv 2>&1 | grep /nix/store`.
After identifying one more more paths, run `nix build --option disallow-copy-paths /nix/store/... --show-trace` to find the expression that copies the path, or add `--debugger`.
A filtering copy is always allowed, such as `builtins.filterSource` or `builtins.path { filter = ...; }`.
)"};
};

Expand Down
3 changes: 2 additions & 1 deletion src/libexpr/eval.cc
Original file line number Diff line number Diff line change
Expand Up @@ -2390,7 +2390,8 @@ StorePath EvalState::fetchToStore(
PathFilter * filter,
RepairFlag repair)
{
checkDisallowCopyPath(path);
if (!filter)
checkDisallowCopyPath(path);
return ::nix::fetchToStore(*store, path, mode, name, method, filter, repair);
}

Expand Down
6 changes: 5 additions & 1 deletion src/libexpr/primops.cc
Original file line number Diff line number Diff line change
Expand Up @@ -2486,8 +2486,12 @@ static void addPath(
path
).atPos(pos).debugThrow();
state.allowAndSetStorePathString(dstPath, v);
} else
} else {
if (!filterFun)
state.checkDisallowCopyPath(path);

state.allowAndSetStorePathString(*expectedStorePath, v);
}
} catch (Error & e) {
e.addTrace(state.positions[pos], "while adding path '%s'", path);
throw;
Expand Down
48 changes: 41 additions & 7 deletions tests/functional/disallow-copy-paths.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,44 @@ clearStoreIfPossible
# shellcheck disable=SC2016
path="$(nix eval --raw --impure --expr '"${./disallow-copy-paths.sh}"')"

# shellcheck disable=SC2016
expectStderr 1 nix-instantiate \
--disallow-copy-paths "$path" \
--expr --strict \
--argstr path "$path" \
'{ path }: "${/. + path}" + "bla bla"' \
| grepQuiet "error.*not allowed to copy.*$path.* due to option.*disallow-copy-paths"
all_tests() {

# shellcheck disable=SC2016
expectStderr 1 nix-instantiate \
--disallow-copy-paths "$path" \
--expr --strict \
--argstr path "$path" \
'{ path }: "${/. + path}" + "bla bla"' \
"$@" \
| grepQuiet "error.*not allowed to copy.*$path.* due to option.*disallow-copy-paths"

# shellcheck disable=SC2016
expectStderr 1 nix-instantiate \
--disallow-copy-paths "$path" \
--expr --strict \
--argstr path "$path" \
"$@" \
'{ path }: builtins.path { path = /. + path; name = "source"; } + "bla bla"' \
| grepQuiet "error.*not allowed to copy.*$path.* due to option.*disallow-copy-paths"

# shellcheck disable=SC2016
expectStderr 1 nix-instantiate \
--disallow-copy-paths "$path" \
--expr --strict \
--argstr path "$path" \
"$@" \
'{ path }: builtins.path { path = path; name = "source"; } + "bla bla"' \
| grepQuiet "error.*not allowed to copy.*$path.* due to option.*disallow-copy-paths"

# shellcheck disable=SC2016
nix-instantiate \
--disallow-copy-paths "$path" \
--expr --eval --strict \
"$@" \
--argstr path "$path" \
'{ path }: builtins.path { path = path; name = "source"; filter = _: _: true; } + "bla bla"' \

}

all_tests
all_tests --readonly-mode

0 comments on commit e95a4ba

Please sign in to comment.