From 4dceca51deaffc7140a2b8a19d75c9cfa2d64c48 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 8 Nov 2024 19:27:54 +0100 Subject: [PATCH] Don't allow __final in fetchTree It's now only allowed in fetchFinalTree, which is not exposed to users but only to call-flake.nix. --- src/libexpr/call-flake.nix | 5 ++++- src/libexpr/eval.cc | 12 +++++++++--- src/libexpr/eval.hh | 10 ++++++++++ src/libexpr/primops/fetchTree.cc | 20 ++++++++++++++++++++ src/libflake/flake/flake.cc | 8 +++++--- src/libflake/flake/flake.hh | 7 +++++++ src/nix/flake.md | 2 -- 7 files changed, 55 insertions(+), 9 deletions(-) diff --git a/src/libexpr/call-flake.nix b/src/libexpr/call-flake.nix index 79b3e804e..a008346e5 100644 --- a/src/libexpr/call-flake.nix +++ b/src/libexpr/call-flake.nix @@ -10,6 +10,9 @@ lockFileStr: # unlocked trees. overrides: +# This is `prim_fetchFinalTree`. +fetchTreeFinal: + let lockFile = builtins.fromJSON lockFileStr; @@ -45,7 +48,7 @@ let else # FIXME: remove obsolete node.info. # Note: lock file entries are always final. - fetchTree (node.info or {} // removeAttrs node.locked ["dir"] // { __final = true; }); + fetchTreeFinal (node.info or {} // removeAttrs node.locked ["dir"]); subdir = overrides.${key}.dir or node.locked.dir or ""; diff --git a/src/libexpr/eval.cc b/src/libexpr/eval.cc index e4937735b..03d03e076 100644 --- a/src/libexpr/eval.cc +++ b/src/libexpr/eval.cc @@ -510,9 +510,15 @@ Value * EvalState::addPrimOp(PrimOp && primOp) Value * v = allocValue(); v->mkPrimOp(new PrimOp(primOp)); - staticBaseEnv->vars.emplace_back(envName, baseEnvDispl); - baseEnv.values[baseEnvDispl++] = v; - baseEnv.values[0]->payload.attrs->push_back(Attr(symbols.create(primOp.name), v)); + + if (primOp.internal) + internalPrimOps.emplace(primOp.name, v); + else { + staticBaseEnv->vars.emplace_back(envName, baseEnvDispl); + baseEnv.values[baseEnvDispl++] = v; + baseEnv.values[0]->payload.attrs->push_back(Attr(symbols.create(primOp.name), v)); + } + return v; } diff --git a/src/libexpr/eval.hh b/src/libexpr/eval.hh index f7ed6be83..6b344137f 100644 --- a/src/libexpr/eval.hh +++ b/src/libexpr/eval.hh @@ -107,6 +107,11 @@ struct PrimOp */ std::optional experimentalFeature; + /** + * If true, this primop is not exposed to the user. + */ + bool internal = false; + /** * Validity check to be performed by functions that introduce primops, * such as RegisterPrimOp() and Value::mkPrimOp(). @@ -591,6 +596,11 @@ public: */ std::shared_ptr staticBaseEnv; // !!! should be private + /** + * Internal primops not exposed to the user. + */ + std::unordered_map, std::equal_to, traceable_allocator>> internalPrimOps; + /** * Name and documentation about every constant. * diff --git a/src/libexpr/primops/fetchTree.cc b/src/libexpr/primops/fetchTree.cc index d2266e2bc..c207da8ad 100644 --- a/src/libexpr/primops/fetchTree.cc +++ b/src/libexpr/primops/fetchTree.cc @@ -78,6 +78,7 @@ struct FetchTreeParams { bool emptyRevFallback = false; bool allowNameArgument = false; bool isFetchGit = false; + bool isFinal = false; }; static void fetchTree( @@ -195,6 +196,13 @@ static void fetchTree( state.checkURI(input.toURLString()); + if (params.isFinal) { + input.attrs.insert_or_assign("__final", Explicit(true)); + } else { + if (input.isFinal()) + throw Error("input '%s' is not allowed to use the '__final' attribute", input.to_string()); + } + auto [storePath, input2] = input.fetchToStore(state.store); state.allowPath(storePath); @@ -431,6 +439,18 @@ static RegisterPrimOp primop_fetchTree({ .experimentalFeature = Xp::FetchTree, }); +void prim_fetchFinalTree(EvalState & state, const PosIdx pos, Value * * args, Value & v) +{ + fetchTree(state, pos, args, v, {.isFinal = true}); +} + +static RegisterPrimOp primop_fetchFinalTree({ + .name = "fetchFinalTree", + .args = {"input"}, + .fun = prim_fetchFinalTree, + .internal = true, +}); + static void fetch(EvalState & state, const PosIdx pos, Value * * args, Value & v, const std::string & who, bool unpack, std::string name) { diff --git a/src/libflake/flake/flake.cc b/src/libflake/flake/flake.cc index f6f29f241..edb76f861 100644 --- a/src/libflake/flake/flake.cc +++ b/src/libflake/flake/flake.cc @@ -809,12 +809,14 @@ void callFlake(EvalState & state, auto vCallFlake = state.allocValue(); state.evalFile(state.callFlakeInternal, *vCallFlake); - auto vTmp1 = state.allocValue(); auto vLocks = state.allocValue(); vLocks->mkString(lockFileStr); - state.callFunction(*vCallFlake, *vLocks, *vTmp1, noPos); - state.callFunction(*vTmp1, vOverrides, vRes, noPos); + auto vFetchFinalTree = get(state.internalPrimOps, "fetchFinalTree"); + assert(vFetchFinalTree); + + Value * args[] = {vLocks, &vOverrides, *vFetchFinalTree}; + state.callFunction(*vCallFlake, 3, args, vRes, noPos); } void initLib(const Settings & settings) diff --git a/src/libflake/flake/flake.hh b/src/libflake/flake/flake.hh index 496e18673..cc2bea76e 100644 --- a/src/libflake/flake/flake.hh +++ b/src/libflake/flake/flake.hh @@ -234,4 +234,11 @@ void emitTreeAttrs( bool emptyRevFallback = false, bool forceDirty = false); +/** + * An internal builtin similar to `fetchTree`, except that it + * always treats the input as final (i.e. no attributes can be + * added/removed/changed). + */ +void prim_fetchFinalTree(EvalState & state, const PosIdx pos, Value * * args, Value & v); + } diff --git a/src/nix/flake.md b/src/nix/flake.md index e35b936be..a9b703762 100644 --- a/src/nix/flake.md +++ b/src/nix/flake.md @@ -159,8 +159,6 @@ can occur in *locked* flake references and are available to Nix code: for tarball flakes, it's the most recent timestamp of any file inside the tarball. -Attributes that start with `__` are internal or experimental and may be removed in future versions. - ## Types Currently the `type` attribute can be one of the following: