From c04681554da812f4ce1bed87c601cd62c663d151 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Thu, 30 Apr 2015 23:51:44 +0200
Subject: derivations: Add #:leaked-env-vars parameter.

Suggested by Joshua Randall <jcrandall@alum.mit.edu>
in <http://bugs.gnu.org/20402>.

* guix/derivations.scm (derivation): Add #:leaked-env-vars parameter.
  [user+system-env-vars]: Honor it.
* guix/gexp.scm (gexp->derivation): Add #:leaked-env-vars and pass it to
  'raw-derivation'.
* doc/guix.texi (Derivations, G-Expressions): Adjust accordingly.
---
 guix/derivations.scm | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'guix/derivations.scm')

diff --git a/guix/derivations.scm b/guix/derivations.scm
index 7737e39b2d..1056caa70a 100644
--- a/guix/derivations.scm
+++ b/guix/derivations.scm
@@ -692,7 +692,7 @@ HASH-ALGO, of the derivation NAME.  RECURSIVE? has the same meaning as for
                      (inputs '()) (outputs '("out"))
                      hash hash-algo recursive?
                      references-graphs allowed-references
-                     local-build?)
+                     leaked-env-vars local-build?)
   "Build a derivation with the given arguments, and return the resulting
 <derivation> object.  When HASH and HASH-ALGO are given, a
 fixed-output derivation is created---i.e., one whose result is known in
@@ -707,6 +707,12 @@ the build environment in the corresponding file, in a simple text format.
 When ALLOWED-REFERENCES is true, it must be a list of store items or outputs
 that the derivation's output may refer to.
 
+When LEAKED-ENV-VARS is true, it must be a list of strings denoting
+environment variables that are allowed to \"leak\" from the daemon's
+environment to the build environment.  This is only applicable to fixed-output
+derivations--i.e., when HASH is true.  The main use is to allow variables such
+as \"http_proxy\" to be passed to derivations that download files.
+
 When LOCAL-BUILD? is true, declare that the derivation is not a good candidate
 for offloading and should rather be built locally.  This is the case for small
 derivations where the costs of data transfers would outweigh the benefits."
@@ -751,6 +757,10 @@ derivations where the costs of data transfers would outweigh the benefits."
                             `(("allowedReferences"
                                . ,(string-join allowed-references)))
                             '())
+                      ,@(if leaked-env-vars
+                            `(("impureEnvVars"
+                               . ,(string-join leaked-env-vars)))
+                            '())
                       ,@env-vars)))
       (match references-graphs
         (((file . path) ...)
-- 
cgit v1.2.3