New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add user-defined extra builtins. #1844
Conversation
To enable quick iteration on builtin functions, or adding builtins that aren't suitable for inclusion upstream (due to limited audience or proprietary code), without the security concerns entailed by enabling 'allow-unsafe-native-code-during-evaluation', users can now define a function in a nix expression at the path specified by the 'extra-builtins-file' nix setting (default $NIX_CONF_DIR/extra-builtins.nix). That function takes a set containing at least the 'exec' and 'importNative' attributes, corresponding to the relevant builtins, even when 'allow-unsafe-native-code-during-evaluation' is false, and the result is available as 'builtins.extraBuiltins'. See tests/extra-builtins/extra-builtins.nix for an example, and the nix manual for full details.
|
re #1841 |
Fetchers aren't trivial... I'm not sure what value would be added by having another example here over what's in Fetchers defined in |
For the first point, I didn't mean to say fetcher, but also I completely missed (due to how short it is!) the example in the test. Very cool! For the second point, I wanted to be sure a user builtin couldn't lie about the contents of a file and put data in the store where it doesn't belong. From IRC, the answer is no. Nice! |
I much prefer having a |
@edolstra it does seem like the laziness @shlevy is talking about in the comments below the one you linked to is appealing. My dream is for Couldn't we just support both mechanisms? It does seem appealing to split out the |
Another issue is that there is no guarantee that the plugins from |
Working on plugins now, @copumpkin my first plugin will be one to support extraBuiltins 😉 |
@edolstra True, though that doesn't apply to extraBuiltins defined with builtins.exec. |
And we have use cases to support besides NixOS |
@copumpkin https://github.com/shlevy/nix-plugins/tree/nix-2x-plugins has an implementation of extra-builtins on top of #1855, though it doesn't add the setting (you have to use $NIX_CONF_DIR/extra-builtins.nix, but you can set NIX_CONF_DIR so...) |
For anyone following along confused, we got this through #1854 instead. |
Oops, sorry, thanks! |
To enable quick iteration on builtin functions, or adding builtins
that aren't suitable for inclusion upstream (due to limited audience
or proprietary code), without the security concerns entailed by
enabling 'allow-unsafe-native-code-during-evaluation', users can now
define a function in a nix expression at the path specified by the
'extra-builtins-file' nix setting (default
$NIX_CONF_DIR/extra-builtins.nix). That function takes a set
containing at least the 'exec' and 'importNative' attributes,
corresponding to the relevant builtins, even when
'allow-unsafe-native-code-during-evaluation' is false, and the result
is available as 'builtins.extraBuiltins'.
See tests/extra-builtins/extra-builtins.nix for an example, and the
nix manual for full details.