mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 21:38:07 -05:00
derivations: Add #:leaked-env-vars parameter.
Suggested by Joshua Randall <jcrandall@alum.mit.edu> in <http://bugs.gnu.org/20402>. * guix/derivations.scm (derivation): Add #:leaked-env-vars parameter. [user+system-env-vars]: Honor it. * guix/gexp.scm (gexp->derivation): Add #:leaked-env-vars and pass it to 'raw-derivation'. * doc/guix.texi (Derivations, G-Expressions): Adjust accordingly.
This commit is contained in:
parent
d17551d943
commit
c04681554d
3 changed files with 22 additions and 2 deletions
|
@ -2187,7 +2187,7 @@ a derivation is the @code{derivation} procedure:
|
|||
@var{args} [#:outputs '("out")] [#:hash #f] [#:hash-algo #f] @
|
||||
[#:recursive? #f] [#:inputs '()] [#:env-vars '()] @
|
||||
[#:system (%current-system)] [#:references-graphs #f] @
|
||||
[#:allowed-references #f] [#:local-build? #f]
|
||||
[#:allowed-references #f] [#:leaked-env-vars #f] [#:local-build? #f]
|
||||
Build a derivation with the given arguments, and return the resulting
|
||||
@code{<derivation>} object.
|
||||
|
||||
|
@ -2206,6 +2206,13 @@ a simple text format.
|
|||
When @var{allowed-references} is true, it must be a list of store items
|
||||
or outputs that the derivation's output may refer to.
|
||||
|
||||
When @var{leaked-env-vars} is true, it must be a list of strings
|
||||
denoting environment variables that are allowed to ``leak'' from the
|
||||
daemon's environment to the build environment. This is only applicable
|
||||
to fixed-output derivations---i.e., when @var{hash} is true. The main
|
||||
use is to allow variables such as @code{http_proxy} to be passed to
|
||||
derivations that download files.
|
||||
|
||||
When @var{local-build?} is true, declare that the derivation is not a
|
||||
good candidate for offloading and should rather be built locally
|
||||
(@pxref{Daemon Offload Setup}). This is the case for small derivations
|
||||
|
@ -2728,6 +2735,7 @@ information about monads.)
|
|||
[#:recursive? #f] [#:env-vars '()] [#:modules '()] @
|
||||
[#:module-path @var{%load-path}] @
|
||||
[#:references-graphs #f] [#:allowed-references #f] @
|
||||
[#:leaked-env-vars #f] @
|
||||
[#:local-build? #f] [#:guile-for-build #f]
|
||||
Return a derivation @var{name} that runs @var{exp} (a gexp) with
|
||||
@var{guile-for-build} (a derivation) on @var{system}. When @var{target}
|
||||
|
|
|
@ -692,7 +692,7 @@ (define* (derivation store name builder args
|
|||
(inputs '()) (outputs '("out"))
|
||||
hash hash-algo recursive?
|
||||
references-graphs allowed-references
|
||||
local-build?)
|
||||
leaked-env-vars local-build?)
|
||||
"Build a derivation with the given arguments, and return the resulting
|
||||
<derivation> object. When HASH and HASH-ALGO are given, a
|
||||
fixed-output derivation is created---i.e., one whose result is known in
|
||||
|
@ -707,6 +707,12 @@ (define* (derivation store name builder args
|
|||
When ALLOWED-REFERENCES is true, it must be a list of store items or outputs
|
||||
that the derivation's output may refer to.
|
||||
|
||||
When LEAKED-ENV-VARS is true, it must be a list of strings denoting
|
||||
environment variables that are allowed to \"leak\" from the daemon's
|
||||
environment to the build environment. This is only applicable to fixed-output
|
||||
derivations--i.e., when HASH is true. The main use is to allow variables such
|
||||
as \"http_proxy\" to be passed to derivations that download files.
|
||||
|
||||
When LOCAL-BUILD? is true, declare that the derivation is not a good candidate
|
||||
for offloading and should rather be built locally. This is the case for small
|
||||
derivations where the costs of data transfers would outweigh the benefits."
|
||||
|
@ -751,6 +757,10 @@ (define (user+system-env-vars)
|
|||
`(("allowedReferences"
|
||||
. ,(string-join allowed-references)))
|
||||
'())
|
||||
,@(if leaked-env-vars
|
||||
`(("impureEnvVars"
|
||||
. ,(string-join leaked-env-vars)))
|
||||
'())
|
||||
,@env-vars)))
|
||||
(match references-graphs
|
||||
(((file . path) ...)
|
||||
|
|
|
@ -282,6 +282,7 @@ (define* (gexp->derivation name exp
|
|||
(graft? (%graft?))
|
||||
references-graphs
|
||||
allowed-references
|
||||
leaked-env-vars
|
||||
local-build?)
|
||||
"Return a derivation NAME that runs EXP (a gexp) with GUILE-FOR-BUILD (a
|
||||
derivation) on SYSTEM. When TARGET is true, it is used as the
|
||||
|
@ -400,6 +401,7 @@ (define (graphs-file-names graphs)
|
|||
#:hash hash #:hash-algo hash-algo #:recursive? recursive?
|
||||
#:references-graphs (and=> graphs graphs-file-names)
|
||||
#:allowed-references allowed
|
||||
#:leaked-env-vars leaked-env-vars
|
||||
#:local-build? local-build?))))
|
||||
|
||||
(define* (gexp-inputs exp #:key native?)
|
||||
|
|
Loading…
Reference in a new issue