diff options
author | Ludovic Courtès <ludo@gnu.org> | 2015-04-30 23:51:44 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2015-05-01 00:06:17 +0200 |
commit | c04681554da812f4ce1bed87c601cd62c663d151 (patch) | |
tree | 159f4fd6f0953f18357c38846ecbcd8eda3513aa | |
parent | d17551d9438c6fe5c9bc3674e39345f15dc0c0ac (diff) | |
download | gnu-guix-c04681554da812f4ce1bed87c601cd62c663d151.tar gnu-guix-c04681554da812f4ce1bed87c601cd62c663d151.tar.gz |
derivations: Add #:leaked-env-vars parameter.
Suggested by Joshua Randall <jcrandall@alum.mit.edu>
in <http://bugs.gnu.org/20402>.
* guix/derivations.scm (derivation): Add #:leaked-env-vars parameter.
[user+system-env-vars]: Honor it.
* guix/gexp.scm (gexp->derivation): Add #:leaked-env-vars and pass it to
'raw-derivation'.
* doc/guix.texi (Derivations, G-Expressions): Adjust accordingly.
-rw-r--r-- | doc/guix.texi | 10 | ||||
-rw-r--r-- | guix/derivations.scm | 12 | ||||
-rw-r--r-- | guix/gexp.scm | 2 |
3 files changed, 22 insertions, 2 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 4269d4fa5f..dd6af80965 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -2187,7 +2187,7 @@ a derivation is the @code{derivation} procedure: @var{args} [#:outputs '("out")] [#:hash #f] [#:hash-algo #f] @ [#:recursive? #f] [#:inputs '()] [#:env-vars '()] @ [#:system (%current-system)] [#:references-graphs #f] @ - [#:allowed-references #f] [#:local-build? #f] + [#:allowed-references #f] [#:leaked-env-vars #f] [#:local-build? #f] Build a derivation with the given arguments, and return the resulting @code{<derivation>} object. @@ -2206,6 +2206,13 @@ a simple text format. When @var{allowed-references} is true, it must be a list of store items or outputs that the derivation's output may refer to. +When @var{leaked-env-vars} is true, it must be a list of strings +denoting environment variables that are allowed to ``leak'' from the +daemon's environment to the build environment. This is only applicable +to fixed-output derivations---i.e., when @var{hash} is true. The main +use is to allow variables such as @code{http_proxy} to be passed to +derivations that download files. + When @var{local-build?} is true, declare that the derivation is not a good candidate for offloading and should rather be built locally (@pxref{Daemon Offload Setup}). This is the case for small derivations @@ -2728,6 +2735,7 @@ information about monads.) [#:recursive? #f] [#:env-vars '()] [#:modules '()] @ [#:module-path @var{%load-path}] @ [#:references-graphs #f] [#:allowed-references #f] @ + [#:leaked-env-vars #f] @ [#:local-build? #f] [#:guile-for-build #f] Return a derivation @var{name} that runs @var{exp} (a gexp) with @var{guile-for-build} (a derivation) on @var{system}. When @var{target} diff --git a/guix/derivations.scm b/guix/derivations.scm index 7737e39b2d..1056caa70a 100644 --- a/guix/derivations.scm +++ b/guix/derivations.scm @@ -692,7 +692,7 @@ HASH-ALGO, of the derivation NAME. RECURSIVE? has the same meaning as for (inputs '()) (outputs '("out")) hash hash-algo recursive? references-graphs allowed-references - local-build?) + leaked-env-vars local-build?) "Build a derivation with the given arguments, and return the resulting <derivation> object. When HASH and HASH-ALGO are given, a fixed-output derivation is created---i.e., one whose result is known in @@ -707,6 +707,12 @@ the build environment in the corresponding file, in a simple text format. When ALLOWED-REFERENCES is true, it must be a list of store items or outputs that the derivation's output may refer to. +When LEAKED-ENV-VARS is true, it must be a list of strings denoting +environment variables that are allowed to \"leak\" from the daemon's +environment to the build environment. This is only applicable to fixed-output +derivations--i.e., when HASH is true. The main use is to allow variables such +as \"http_proxy\" to be passed to derivations that download files. + When LOCAL-BUILD? is true, declare that the derivation is not a good candidate for offloading and should rather be built locally. This is the case for small derivations where the costs of data transfers would outweigh the benefits." @@ -751,6 +757,10 @@ derivations where the costs of data transfers would outweigh the benefits." `(("allowedReferences" . ,(string-join allowed-references))) '()) + ,@(if leaked-env-vars + `(("impureEnvVars" + . ,(string-join leaked-env-vars))) + '()) ,@env-vars))) (match references-graphs (((file . path) ...) diff --git a/guix/gexp.scm b/guix/gexp.scm index a2da72e76c..b08a361232 100644 --- a/guix/gexp.scm +++ b/guix/gexp.scm @@ -282,6 +282,7 @@ names and file names suitable for the #:allowed-references argument to (graft? (%graft?)) references-graphs allowed-references + leaked-env-vars local-build?) "Return a derivation NAME that runs EXP (a gexp) with GUILE-FOR-BUILD (a derivation) on SYSTEM. When TARGET is true, it is used as the @@ -400,6 +401,7 @@ The other arguments are as for 'derivation'." #:hash hash #:hash-algo hash-algo #:recursive? recursive? #:references-graphs (and=> graphs graphs-file-names) #:allowed-references allowed + #:leaked-env-vars leaked-env-vars #:local-build? local-build?)))) (define* (gexp-inputs exp #:key native?) |