mirror of
https://github.com/NixOS/nix.git
synced 2024-11-22 06:42:28 +00:00
94e91566ed
Add a new experimental `impure-env` setting that is a key-value list of environment variables to inject into FOD derivations that specify the corresponding `impureEnvVars`. This allows clients to make use of this feature (without having to change the environment of the daemon itself) and might eventually deprecate the current behaviour (pick whatever is in the environment of the daemon) as it's more principled and might prevent information leakage.
34 lines
833 B
Bash
34 lines
833 B
Bash
source common.sh
|
|
|
|
# Needs the config option 'impure-env' to work
|
|
requireDaemonNewerThan "2.18.0pre20230816"
|
|
|
|
enableFeatures "configurable-impure-env"
|
|
restartDaemon
|
|
|
|
varTest() {
|
|
local var="$1"; shift
|
|
local value="$1"; shift
|
|
nix build --no-link -vL --argstr var "$var" --argstr value "$value" --impure "$@" --file impure-env.nix
|
|
clearStore
|
|
}
|
|
|
|
clearStore
|
|
startDaemon
|
|
|
|
varTest env_name value --impure-env env_name=value
|
|
|
|
echo 'impure-env = set_in_config=config_value' >> "$NIX_CONF_DIR/nix.conf"
|
|
set_in_config=daemon_value restartDaemon
|
|
|
|
varTest set_in_config config_value
|
|
varTest set_in_config client_value --impure-env set_in_config=client_value
|
|
|
|
sed -i -e '/^trusted-users =/d' "$NIX_CONF_DIR/nix.conf"
|
|
|
|
env_name=daemon_value restartDaemon
|
|
|
|
varTest env_name daemon_value --impure-env env_name=client_value
|
|
|
|
killDaemon
|