mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2025-01-13 06:36:37 -05:00
gexp: Add #:allowed-references parameter to 'gexp->derivation'.
* guix/gexp.scm (lower-references): New procedure. (gexp->derivation): Add #:allowed-references and honor it. * tests/gexp.scm ("gexp->derivation #:allowed-references", "gexp->derivation #:allowed-references, disallowed"): New tests. * doc/guix.texi (G-Expressions): Update 'gexp->derivation' doc.
This commit is contained in:
parent
aee6180c10
commit
c8351d9a40
3 changed files with 64 additions and 4 deletions
|
@ -2583,8 +2583,8 @@ information about monads.)
|
||||||
[#:hash #f] [#:hash-algo #f] @
|
[#:hash #f] [#:hash-algo #f] @
|
||||||
[#:recursive? #f] [#:env-vars '()] [#:modules '()] @
|
[#:recursive? #f] [#:env-vars '()] [#:modules '()] @
|
||||||
[#:module-path @var{%load-path}] @
|
[#:module-path @var{%load-path}] @
|
||||||
[#:references-graphs #f] [#:local-build? #f] @
|
[#:references-graphs #f] [#:allowed-references #f] @
|
||||||
[#:guile-for-build #f]
|
[#:local-build? #f] [#:guile-for-build #f]
|
||||||
Return a derivation @var{name} that runs @var{exp} (a gexp) with
|
Return a derivation @var{name} that runs @var{exp} (a gexp) with
|
||||||
@var{guile-for-build} (a derivation) on @var{system}. When @var{target}
|
@var{guile-for-build} (a derivation) on @var{system}. When @var{target}
|
||||||
is true, it is used as the cross-compilation target triplet for packages
|
is true, it is used as the cross-compilation target triplet for packages
|
||||||
|
@ -2612,6 +2612,10 @@ an input of the build process of @var{exp}. In the build environment, each
|
||||||
@var{file-name} contains the reference graph of the corresponding item, in a simple
|
@var{file-name} contains the reference graph of the corresponding item, in a simple
|
||||||
text format.
|
text format.
|
||||||
|
|
||||||
|
@var{allowed-references} must be either @code{#f} or a list of output names and packages.
|
||||||
|
In the latter case, the list denotes store items that the result is allowed to
|
||||||
|
refer to. Any reference to another store item will lead to a build error.
|
||||||
|
|
||||||
The other arguments are as for @code{derivation} (@pxref{Derivations}).
|
The other arguments are as for @code{derivation} (@pxref{Derivations}).
|
||||||
@end deffn
|
@end deffn
|
||||||
|
|
||||||
|
|
|
@ -118,6 +118,29 @@ (define* (lower-reference-graphs graphs #:key system target)
|
||||||
#:target target)))
|
#:target target)))
|
||||||
(return (map cons file-names inputs))))))
|
(return (map cons file-names inputs))))))
|
||||||
|
|
||||||
|
(define* (lower-references lst #:key system target)
|
||||||
|
"Based on LST, a list of output names and packages, return a list of output
|
||||||
|
names and file names suitable for the #:allowed-references argument to
|
||||||
|
'derivation'."
|
||||||
|
;; XXX: Currently outputs other than "out" are not supported, and things
|
||||||
|
;; other than packages aren't either.
|
||||||
|
(with-monad %store-monad
|
||||||
|
(define lower
|
||||||
|
(match-lambda
|
||||||
|
((? string? output)
|
||||||
|
(return output))
|
||||||
|
((? package? package)
|
||||||
|
(mlet %store-monad ((drv
|
||||||
|
(if target
|
||||||
|
(package->cross-derivation package target
|
||||||
|
#:system system
|
||||||
|
#:graft? #f)
|
||||||
|
(package->derivation package system
|
||||||
|
#:graft? #f))))
|
||||||
|
(return (derivation->output-path drv))))))
|
||||||
|
|
||||||
|
(sequence %store-monad (map lower lst))))
|
||||||
|
|
||||||
(define* (gexp->derivation name exp
|
(define* (gexp->derivation name exp
|
||||||
#:key
|
#:key
|
||||||
system (target 'current)
|
system (target 'current)
|
||||||
|
@ -127,6 +150,7 @@ (define* (gexp->derivation name exp
|
||||||
(module-path %load-path)
|
(module-path %load-path)
|
||||||
(guile-for-build (%guile-for-build))
|
(guile-for-build (%guile-for-build))
|
||||||
references-graphs
|
references-graphs
|
||||||
|
allowed-references
|
||||||
local-build?)
|
local-build?)
|
||||||
"Return a derivation NAME that runs EXP (a gexp) with GUILE-FOR-BUILD (a
|
"Return a derivation NAME that runs EXP (a gexp) with GUILE-FOR-BUILD (a
|
||||||
derivation) on SYSTEM. When TARGET is true, it is used as the
|
derivation) on SYSTEM. When TARGET is true, it is used as the
|
||||||
|
@ -151,8 +175,9 @@ (define* (gexp->derivation name exp
|
||||||
FILE-NAME contains the reference graph of the corresponding item, in a simple
|
FILE-NAME contains the reference graph of the corresponding item, in a simple
|
||||||
text format.
|
text format.
|
||||||
|
|
||||||
In that case, the reference graph of each store path is exported in
|
ALLOWED-REFERENCES must be either #f or a list of output names and packages.
|
||||||
the build environment in the corresponding file, in a simple text format.
|
In the latter case, the list denotes store items that the result is allowed to
|
||||||
|
refer to. Any reference to another store item will lead to a build error.
|
||||||
|
|
||||||
The other arguments are as for 'derivation'."
|
The other arguments are as for 'derivation'."
|
||||||
(define %modules modules)
|
(define %modules modules)
|
||||||
|
@ -207,6 +232,11 @@ (define (graphs-file-names graphs)
|
||||||
#:system system
|
#:system system
|
||||||
#:target target)
|
#:target target)
|
||||||
(return #f)))
|
(return #f)))
|
||||||
|
(allowed (if allowed-references
|
||||||
|
(lower-references allowed-references
|
||||||
|
#:system system
|
||||||
|
#:target target)
|
||||||
|
(return #f)))
|
||||||
(guile (if guile-for-build
|
(guile (if guile-for-build
|
||||||
(return guile-for-build)
|
(return guile-for-build)
|
||||||
(package->derivation (default-guile)
|
(package->derivation (default-guile)
|
||||||
|
@ -233,6 +263,7 @@ (define (graphs-file-names graphs)
|
||||||
(_ '())))
|
(_ '())))
|
||||||
#:hash hash #:hash-algo hash-algo #:recursive? recursive?
|
#:hash hash #:hash-algo hash-algo #:recursive? recursive?
|
||||||
#:references-graphs (and=> graphs graphs-file-names)
|
#:references-graphs (and=> graphs graphs-file-names)
|
||||||
|
#:allowed-references allowed
|
||||||
#:local-build? local-build?)))
|
#:local-build? local-build?)))
|
||||||
|
|
||||||
(define* (gexp-inputs exp #:optional (references gexp-references))
|
(define* (gexp-inputs exp #:optional (references gexp-references))
|
||||||
|
|
|
@ -27,6 +27,7 @@ (define-module (test-gexp)
|
||||||
#:use-module (gnu packages base)
|
#:use-module (gnu packages base)
|
||||||
#:use-module (gnu packages bootstrap)
|
#:use-module (gnu packages bootstrap)
|
||||||
#:use-module (srfi srfi-1)
|
#:use-module (srfi srfi-1)
|
||||||
|
#:use-module (srfi srfi-34)
|
||||||
#:use-module (srfi srfi-64)
|
#:use-module (srfi srfi-64)
|
||||||
#:use-module (rnrs io ports)
|
#:use-module (rnrs io ports)
|
||||||
#:use-module (ice-9 match)
|
#:use-module (ice-9 match)
|
||||||
|
@ -396,6 +397,30 @@ (define (match-input thing)
|
||||||
(equal? (call-with-input-file g-guile read)
|
(equal? (call-with-input-file g-guile read)
|
||||||
(list (derivation->output-path guile-drv)))))))
|
(list (derivation->output-path guile-drv)))))))
|
||||||
|
|
||||||
|
(test-assertm "gexp->derivation #:allowed-references"
|
||||||
|
(mlet %store-monad ((drv (gexp->derivation "allowed-refs"
|
||||||
|
#~(begin
|
||||||
|
(mkdir #$output)
|
||||||
|
(chdir #$output)
|
||||||
|
(symlink #$output "self")
|
||||||
|
(symlink #$%bootstrap-guile
|
||||||
|
"guile"))
|
||||||
|
#:allowed-references
|
||||||
|
(list "out" %bootstrap-guile))))
|
||||||
|
(built-derivations (list drv))))
|
||||||
|
|
||||||
|
(test-assert "gexp->derivation #:allowed-references, disallowed"
|
||||||
|
(let ((drv (run-with-store %store
|
||||||
|
(gexp->derivation "allowed-refs"
|
||||||
|
#~(begin
|
||||||
|
(mkdir #$output)
|
||||||
|
(chdir #$output)
|
||||||
|
(symlink #$%bootstrap-guile "guile"))
|
||||||
|
#:allowed-references '()))))
|
||||||
|
(guard (c ((nix-protocol-error? c) #t))
|
||||||
|
(build-derivations %store (list drv))
|
||||||
|
#f)))
|
||||||
|
|
||||||
(define shebang
|
(define shebang
|
||||||
(string-append "#!" (derivation->output-path (%guile-for-build))
|
(string-append "#!" (derivation->output-path (%guile-for-build))
|
||||||
"/bin/guile --no-auto-compile"))
|
"/bin/guile --no-auto-compile"))
|
||||||
|
|
Loading…
Reference in a new issue