ryan77627/guix
1
0
Fork 0
mirror of https://git.in.rschanz.org/ryan77627/guix.git synced 2024-12-25 22:08:16 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

gexp: Add #:disallowed-references.

Browse source 
* guix/gexp.scm (gexp->derivation): Add #:disallowed-references and
honor it.
* tests/gexp.scm ("gexp->derivation #:disallowed-references, allowed")
("gexp->derivation #:disallowed-references"): New tests.
* doc/guix.texi (G-Expressions): Adjust accordingly.
This commit is contained in:
Ludovic Courtès 2016-03-20 22:44:03 +01:00
parent 35b5ca7869
commit 3f4ecf3229
3 changed files with 36 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
doc/guix.texi
View file

@ -3670,6 +3670,7 @@ information about monads.)
[#:recursive? #f] [#:env-vars '()] [#:modules '()] @ [#:recursive? #f] [#:env-vars '()] [#:modules '()] @
[#:module-path @var{%load-path}] @ [#:module-path @var{%load-path}] @
[#:references-graphs #f] [#:allowed-references #f] @ [#:references-graphs #f] [#:allowed-references #f] @
[#:disallowed-references #f] @
[#:leaked-env-vars #f] @ [#:leaked-env-vars #f] @
[#:script-name (string-append @var{name} "-builder")] @ [#:script-name (string-append @var{name} "-builder")] @
[#:local-build? #f] [#:substitutable? #t] [#:guile-for-build #f] [#:local-build? #f] [#:substitutable? #t] [#:guile-for-build #f]
@ -3707,6 +3708,8 @@ text format.
@var{allowed-references} must be either @code{#f} or a list of output names and packages. @var{allowed-references} must be either @code{#f} or a list of output names and packages.
In the latter case, the list denotes store items that the result is allowed to In the latter case, the list denotes store items that the result is allowed to
refer to. Any reference to another store item will lead to a build error. refer to. Any reference to another store item will lead to a build error.
Similarly for @var{disallowed-references}, which can list items that must not be
referenced by the outputs.
The other arguments are as for @code{derivation} (@pxref{Derivations}). The other arguments are as for @code{derivation} (@pxref{Derivations}).
@end deffn @end deffn

10
guix/gexp.scm
View file

@ -463,7 +463,7 @@ (define* (gexp->derivation name exp
(guile-for-build (%guile-for-build)) (guile-for-build (%guile-for-build))
(graft? (%graft?)) (graft? (%graft?))
references-graphs references-graphs
allowed-references allowed-references disallowed-references
leaked-env-vars leaked-env-vars
local-build? (substitutable? #t) local-build? (substitutable? #t)
(script-name (string-append name "-builder"))) (script-name (string-append name "-builder")))
@ -497,6 +497,8 @@ (define* (gexp->derivation name exp
ALLOWED-REFERENCES must be either #f or a list of output names and packages. ALLOWED-REFERENCES must be either #f or a list of output names and packages.
In the latter case, the list denotes store items that the result is allowed to In the latter case, the list denotes store items that the result is allowed to
refer to. Any reference to another store item will lead to a build error. refer to. Any reference to another store item will lead to a build error.
Similarly for DISALLOWED-REFERENCES, which can list items that must not be
referenced by the outputs.
The other arguments are as for 'derivation'." The other arguments are as for 'derivation'."
(define %modules modules) (define %modules modules)
@ -557,6 +559,11 @@ (define (graphs-file-names graphs)
#:system system #:system system
#:target target) #:target target)
(return #f))) (return #f)))
(disallowed (if disallowed-references
(lower-references disallowed-references
#:system system
#:target target)
(return #f)))
(guile (if guile-for-build (guile (if guile-for-build
(return guile-for-build) (return guile-for-build)
(default-guile-derivation system)))) (default-guile-derivation system))))
@ -585,6 +592,7 @@ (define (graphs-file-names graphs)
#:hash hash #:hash-algo hash-algo #:recursive? recursive? #:hash hash #:hash-algo hash-algo #:recursive? recursive?
#:references-graphs (and=> graphs graphs-file-names) #:references-graphs (and=> graphs graphs-file-names)
#:allowed-references allowed #:allowed-references allowed
#:disallowed-references disallowed
#:leaked-env-vars leaked-env-vars #:leaked-env-vars leaked-env-vars
#:local-build? local-build? #:local-build? local-build?
#:substitutable? substitutable?)))) #:substitutable? substitutable?))))

24
tests/gexp.scm
View file

@ -600,6 +600,30 @@ (define (match-input thing)
(build-derivations %store (list drv)) (build-derivations %store (list drv))
#f))) #f)))
(test-assertm "gexp->derivation #:disallowed-references, allowed"
(mlet %store-monad ((drv (gexp->derivation "disallowed-refs"
#~(begin
(mkdir #$output)
(chdir #$output)
(symlink #$output "self")
(symlink #$%bootstrap-guile
"guile"))
#:disallowed-references '())))
(built-derivations (list drv))))
(test-assert "gexp->derivation #:disallowed-references"
(let ((drv (run-with-store %store
(gexp->derivation "disallowed-refs"
#~(begin
(mkdir #$output)
(chdir #$output)
(symlink #$%bootstrap-guile "guile"))
#:disallowed-references (list %bootstrap-guile)))))
(guard (c ((nix-protocol-error? c) #t))
(build-derivations %store (list drv))
#f)))
(define shebang (define shebang
(string-append "#!" (derivation->output-path (%guile-for-build)) (string-append "#!" (derivation->output-path (%guile-for-build))
"/bin/guile --no-auto-compile")) "/bin/guile --no-auto-compile"))