derivations: Add #:leaked-env-vars parameter.

Suggested by Joshua Randall <jcrandall@alum.mit.edu>
in <http://bugs.gnu.org/20402>.

* guix/derivations.scm (derivation): Add #:leaked-env-vars parameter.
  [user+system-env-vars]: Honor it.
* guix/gexp.scm (gexp->derivation): Add #:leaked-env-vars and pass it to
  'raw-derivation'.
* doc/guix.texi (Derivations, G-Expressions): Adjust accordingly.
This commit is contained in:
Ludovic Courtès 2015-04-30 23:51:44 +02:00
parent d17551d943
commit c04681554d
3 changed files with 22 additions and 2 deletions

View file

@ -2187,7 +2187,7 @@ a derivation is the @code{derivation} procedure:
@var{args} [#:outputs '("out")] [#:hash #f] [#:hash-algo #f] @
[#:recursive? #f] [#:inputs '()] [#:env-vars '()] @
[#:system (%current-system)] [#:references-graphs #f] @
[#:allowed-references #f] [#:local-build? #f]
[#:allowed-references #f] [#:leaked-env-vars #f] [#:local-build? #f]
Build a derivation with the given arguments, and return the resulting
@code{<derivation>} object.
@ -2206,6 +2206,13 @@ a simple text format.
When @var{allowed-references} is true, it must be a list of store items
or outputs that the derivation's output may refer to.
When @var{leaked-env-vars} is true, it must be a list of strings
denoting environment variables that are allowed to ``leak'' from the
daemon's environment to the build environment. This is only applicable
to fixed-output derivations---i.e., when @var{hash} is true. The main
use is to allow variables such as @code{http_proxy} to be passed to
derivations that download files.
When @var{local-build?} is true, declare that the derivation is not a
good candidate for offloading and should rather be built locally
(@pxref{Daemon Offload Setup}). This is the case for small derivations
@ -2728,6 +2735,7 @@ information about monads.)
[#:recursive? #f] [#:env-vars '()] [#:modules '()] @
[#:module-path @var{%load-path}] @
[#:references-graphs #f] [#:allowed-references #f] @
[#:leaked-env-vars #f] @
[#:local-build? #f] [#:guile-for-build #f]
Return a derivation @var{name} that runs @var{exp} (a gexp) with
@var{guile-for-build} (a derivation) on @var{system}. When @var{target}

View file

@ -692,7 +692,7 @@ (define* (derivation store name builder args
(inputs '()) (outputs '("out"))
hash hash-algo recursive?
references-graphs allowed-references
local-build?)
leaked-env-vars local-build?)
"Build a derivation with the given arguments, and return the resulting
<derivation> object. When HASH and HASH-ALGO are given, a
fixed-output derivation is created---i.e., one whose result is known in
@ -707,6 +707,12 @@ (define* (derivation store name builder args
When ALLOWED-REFERENCES is true, it must be a list of store items or outputs
that the derivation's output may refer to.
When LEAKED-ENV-VARS is true, it must be a list of strings denoting
environment variables that are allowed to \"leak\" from the daemon's
environment to the build environment. This is only applicable to fixed-output
derivations--i.e., when HASH is true. The main use is to allow variables such
as \"http_proxy\" to be passed to derivations that download files.
When LOCAL-BUILD? is true, declare that the derivation is not a good candidate
for offloading and should rather be built locally. This is the case for small
derivations where the costs of data transfers would outweigh the benefits."
@ -751,6 +757,10 @@ (define (user+system-env-vars)
`(("allowedReferences"
. ,(string-join allowed-references)))
'())
,@(if leaked-env-vars
`(("impureEnvVars"
. ,(string-join leaked-env-vars)))
'())
,@env-vars)))
(match references-graphs
(((file . path) ...)

View file

@ -282,6 +282,7 @@ (define* (gexp->derivation name exp
(graft? (%graft?))
references-graphs
allowed-references
leaked-env-vars
local-build?)
"Return a derivation NAME that runs EXP (a gexp) with GUILE-FOR-BUILD (a
derivation) on SYSTEM. When TARGET is true, it is used as the
@ -400,6 +401,7 @@ (define (graphs-file-names graphs)
#:hash hash #:hash-algo hash-algo #:recursive? recursive?
#:references-graphs (and=> graphs graphs-file-names)
#:allowed-references allowed
#:leaked-env-vars leaked-env-vars
#:local-build? local-build?))))
(define* (gexp-inputs exp #:key native?)