Nix 2.26.3
Nix, the purely functional package manager; unstable internal interfaces
 
Loading...
Searching...
No Matches
eval-settings.hh
Go to the documentation of this file.
1#pragma once
3
4#include "config.hh"
5#include "ref.hh"
6#include "source-path.hh"
7
8namespace nix {
9
10class EvalState;
11
12struct EvalSettings : Config
13{
23 using LookupPathHook = std::optional<SourcePath>(EvalState & state, std::string_view);
24
38 using LookupPathHooks = std::map<std::string, std::function<LookupPathHook>>;
39
40 EvalSettings(bool & readOnlyMode, LookupPathHooks lookupPathHooks = {});
41
42 bool & readOnlyMode;
43
44 static Strings getDefaultNixPath();
45
46 static bool isPseudoUrl(std::string_view s);
47
48 static Strings parseNixPath(const std::string & s);
49
50 static std::string resolvePseudoUrl(std::string_view url);
51
52 LookupPathHooks lookupPathHooks;
53
54 Setting<bool> enableNativeCode{this, false, "allow-unsafe-native-code-during-evaluation", R"(
55 Enable built-in functions that allow executing native code.
56
57 In particular, this adds:
58 - `builtins.importNative` *path* *symbol*
59
60 Opens dynamic shared object (DSO) at *path*, loads the function with the symbol name *symbol* from it and runs it.
61 The loaded function must have the following signature:
62 ```cpp
63 extern "C" typedef void (*ValueInitialiser) (EvalState & state, Value & v);
64 ```
65
66 The [Nix C++ API documentation](@docroot@/development/documentation.md#api-documentation) has more details on evaluator internals.
67
68 - `builtins.exec` *arguments*
69
70 Execute a program, where *arguments* are specified as a list of strings, and parse its output as a Nix expression.
71 )"};
72
73 Setting<Strings> nixPath{
74 this, {}, "nix-path",
75 R"(
76 List of search paths to use for [lookup path](@docroot@/language/constructs/lookup-path.md) resolution.
77 This setting determines the value of
78 [`builtins.nixPath`](@docroot@/language/builtins.md#builtins-nixPath) and can be used with [`builtins.findFile`](@docroot@/language/builtins.md#builtins-findFile).
79
80 - The configuration setting is overridden by the [`NIX_PATH`](@docroot@/command-ref/env-common.md#env-NIX_PATH)
81 environment variable.
82 - `NIX_PATH` is overridden by [specifying the setting as the command line flag](@docroot@/command-ref/conf-file.md#command-line-flags) `--nix-path`.
83 - Any current value is extended by the [`-I` option](@docroot@/command-ref/opt-common.md#opt-I) or `--extra-nix-path`.
84
85 If the respective paths are accessible, the default values are:
86
87 - `$HOME/.nix-defexpr/channels`
88
89 The [user channel link](@docroot@/command-ref/files/default-nix-expression.md#user-channel-link), pointing to the current state of [channels](@docroot@/command-ref/files/channels.md) for the current user.
90
91 - `nixpkgs=$NIX_STATE_DIR/profiles/per-user/root/channels/nixpkgs`
92
93 The current state of the `nixpkgs` channel for the `root` user.
94
95 - `$NIX_STATE_DIR/profiles/per-user/root/channels`
96
97 The current state of all channels for the `root` user.
98
99 These files are set up by the [Nix installer](@docroot@/installation/installing-binary.md).
100 See [`NIX_STATE_DIR`](@docroot@/command-ref/env-common.md#env-NIX_STATE_DIR) for details on the environment variable.
101
102 > **Note**
103 >
104 > If [restricted evaluation](@docroot@/command-ref/conf-file.md#conf-restrict-eval) is enabled, the default value is empty.
105 >
106 > If [pure evaluation](#conf-pure-eval) is enabled, `builtins.nixPath` *always* evaluates to the empty list `[ ]`.
107 )", {}, false};
108
109 Setting<std::string> currentSystem{
110 this, "", "eval-system",
111 R"(
112 This option defines
113 [`builtins.currentSystem`](@docroot@/language/builtins.md#builtins-currentSystem)
114 in the Nix language if it is set as a non-empty string.
115 Otherwise, if it is defined as the empty string (the default), the value of the
116 [`system` ](#conf-system)
117 configuration setting is used instead.
118
119 Unlike `system`, this setting does not change what kind of derivations can be built locally.
120 This is useful for evaluating Nix code on one system to produce derivations to be built on another type of system.
121 )"};
122
127 const std::string & getCurrentSystem() const;
128
129 Setting<bool> restrictEval{
130 this, false, "restrict-eval",
131 R"(
132 If set to `true`, the Nix evaluator will not allow access to any
133 files outside of
134 [`builtins.nixPath`](@docroot@/language/builtins.md#builtins-nixPath),
135 or to URIs outside of
136 [`allowed-uris`](@docroot@/command-ref/conf-file.md#conf-allowed-uris).
137 )"};
138
139 Setting<bool> pureEval{this, false, "pure-eval",
140 R"(
141 Pure evaluation mode ensures that the result of Nix expressions is fully determined by explicitly declared inputs, and not influenced by external state:
142
143 - Restrict file system and network access to files specified by cryptographic hash
144 - Disable impure constants:
145 - [`builtins.currentSystem`](@docroot@/language/builtins.md#builtins-currentSystem)
146 - [`builtins.currentTime`](@docroot@/language/builtins.md#builtins-currentTime)
147 - [`builtins.nixPath`](@docroot@/language/builtins.md#builtins-nixPath)
148 - [`builtins.storePath`](@docroot@/language/builtins.md#builtins-storePath)
149 )"
150 };
151
152 Setting<bool> enableImportFromDerivation{
153 this, true, "allow-import-from-derivation",
154 R"(
155 By default, Nix allows [Import from Derivation](@docroot@/language/import-from-derivation.md).
156
157 With this option set to `false`, Nix will throw an error when evaluating an expression that uses this feature,
158 even when the required store object is readily available.
159 This ensures that evaluation will not require any builds to take place,
160 regardless of the state of the store.
161 )"};
162
163 Setting<Strings> allowedUris{this, {}, "allowed-uris",
164 R"(
165 A list of URI prefixes to which access is allowed in restricted
166 evaluation mode. For example, when set to
167 `https://github.com/NixOS`, builtin functions such as `fetchGit` are
168 allowed to access `https://github.com/NixOS/patchelf.git`.
169
170 Access is granted when
171 - the URI is equal to the prefix,
172 - or the URI is a subpath of the prefix,
173 - or the prefix is a URI scheme ended by a colon `:` and the URI has the same scheme.
174 )"};
175
176 Setting<bool> traceFunctionCalls{this, false, "trace-function-calls",
177 R"(
178 If set to `true`, the Nix evaluator will trace every function call.
179 Nix will print a log message at the "vomit" level for every function
180 entrance and function exit.
181
182 function-trace entered undefined position at 1565795816999559622
183 function-trace exited undefined position at 1565795816999581277
184 function-trace entered /nix/store/.../example.nix:226:41 at 1565795253249935150
185 function-trace exited /nix/store/.../example.nix:226:41 at 1565795253249941684
186
187 The `undefined position` means the function call is a builtin.
188
189 Use the `contrib/stack-collapse.py` script distributed with the Nix
190 source code to convert the trace logs in to a format suitable for
191 `flamegraph.pl`.
192 )"};
193
194 Setting<bool> useEvalCache{this, true, "eval-cache",
195 R"(
196 Whether to use the flake evaluation cache.
197 Certain commands won't have to evaluate when invoked for the second time with a particular version of a flake.
198 Intermediate results are not cached.
199 )"};
200
201 Setting<bool> ignoreExceptionsDuringTry{this, false, "ignore-try",
202 R"(
203 If set to true, ignore exceptions inside 'tryEval' calls when evaluating nix expressions in
204 debug mode (using the --debugger flag). By default the debugger will pause on all exceptions.
205 )"};
206
207 Setting<bool> traceVerbose{this, false, "trace-verbose",
208 "Whether `builtins.traceVerbose` should trace its first argument when evaluated."};
209
210 Setting<unsigned int> maxCallDepth{this, 10000, "max-call-depth",
211 "The maximum function call depth to allow before erroring."};
212
213 Setting<bool> builtinsTraceDebugger{this, false, "debugger-on-trace",
214 R"(
215 If set to true and the `--debugger` flag is given, the following functions
216 will enter the debugger like [`builtins.break`](@docroot@/language/builtins.md#builtins-break).
217
218 * [`builtins.trace`](@docroot@/language/builtins.md#builtins-trace)
219 * [`builtins.traceVerbose`](@docroot@/language/builtins.md#builtins-traceVerbose)
220 if [`trace-verbose`](#conf-trace-verbose) is set to true.
221 * [`builtins.warn`](@docroot@/language/builtins.md#builtins-warn)
222
223 This is useful for debugging warnings in third-party Nix code.
224 )"};
225
226 Setting<bool> builtinsDebuggerOnWarn{this, false, "debugger-on-warn",
227 R"(
228 If set to true and the `--debugger` flag is given, [`builtins.warn`](@docroot@/language/builtins.md#builtins-warn)
229 will enter the debugger like [`builtins.break`](@docroot@/language/builtins.md#builtins-break).
230
231 This is useful for debugging warnings in third-party Nix code.
232
233 Use [`debugger-on-trace`](#conf-debugger-on-trace) to also enter the debugger on legacy warnings that are logged with [`builtins.trace`](@docroot@/language/builtins.md#builtins-trace).
234 )"};
235
236 Setting<bool> builtinsAbortOnWarn{this, false, "abort-on-warn",
237 R"(
238 If set to true, [`builtins.warn`](@docroot@/language/builtins.md#builtins-warn) will throw an error when logging a warning.
239
240 This will give you a stack trace that leads to the location of the warning.
241
242 This is useful for finding information about warnings in third-party Nix code when you can not start the interactive debugger, such as when Nix is called from a non-interactive script. See [`debugger-on-warn`](#conf-debugger-on-warn).
243
244 Currently, a stack trace can only be produced when the debugger is enabled, or when evaluation is aborted.
245
246 This option can be enabled by setting `NIX_ABORT_ON_WARN=1` in the environment.
247 )"};
248};
249
253Path getNixDefExpr();
254
255}
Definition eval.hh:182
Definition config.hh:320
return s
Definition lexer.l:459
std::map< std::string, std::function< LookupPathHook > > LookupPathHooks
Definition lexer.l:8047
SourcePath.
std::map< std::string, std::function< LookupPathHook > > LookupPathHooks
Definition eval-settings.hh:38
std::optional< SourcePath >(EvalState &state, std::string_view) LookupPathHook
Definition eval-settings.hh:23
const std::string & getCurrentSystem() const
Definition eval-settings.cc:93
std::string Path
Definition types.hh:22