[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nix-commits
Subject:    [Nix-commits] [NixOS/nix] 967f23: Add exec primop behind allow-unsafe-native-code-du...
From:       Shea Levy <shea () shealevy ! com>
Date:       2017-03-31 15:23:28
Message-ID: 58de747063e64_527c3fcee1db7c30906b7 () hookshot-fe3-cp1-prd ! iad ! github ! net ! mail
[Download RAW message or body]

Branch: refs/heads/1.11-maintenance
  Home:   https://github.com/NixOS/nix
  Commit: 967f23198101e88d974636e47f359401ee93489b
      https://github.com/NixOS/nix/commit/967f23198101e88d974636e47f359401ee93489b
  Author: Shea Levy <shea@shealevy.com>
  Date:   2017-03-30 (Thu, 30 Mar 2017)

  Changed paths:
    M src/libexpr/primops.cc
    M src/libstore/globals.cc
    M src/libstore/globals.hh

  Log Message:
  -----------
  Add exec primop behind allow-unsafe-native-code-during-evaluation.

Execute a given program with the (optional) given arguments as the
user running the evaluation, parsing stdout as an expression to be
evaluated.

There are many use cases for nix that would benefit from being able to
run arbitrary code during evaluation, including but not limited to:

* Automatic git fetching to get a sha256 from a git revision
* git rev-parse HEAD
* Automatic extraction of information from build specifications from
  other tools, particularly language-specific package managers like
  cabal or npm
* Secrets decryption (e.g. with nixops)
* Private repository fetching

Ideally, we would add this functionality in a more principled way to
nix, but in the mean time 'builtins.exec' can be used to get these
tasks done.

The primop is only available when the
'allow-unsafe-native-code-during-evaluation' nix option is true. That
flag also enables the 'importNative' primop, which is strictly more
powerful but less convenient (since it requires compiling a plugin
against the running version of nix).

(cherry picked from commit 0bb8db257d98a32abde759f4d07d28b5178bd3bf)




_______________________________________________
nix-commits mailing list
nix-commits@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic