From 8de4298b5c39ef177cdf33975cccd09c9ea2899c Mon Sep 17 00:00:00 2001 From: aszlig Date: Tue, 3 Apr 2018 02:29:28 +0200 Subject: call-machine: Allow to work in restrict-eval mode It's a bit unfortunate that I removed the extraConfig attribute from back then (49dc58c6f8d72a4e142176f25da52666ef9ae268). Now we could have used this argument to pass the nixpkgs path from release.nix back into call-machine.nix, but introducing that extra argument again would break the configs of all of the systems using Vuizvui. So instead, I've added a function exposed by call-machine called withPkgs, which overrides the whole attribute set returned by callMachine to use nixpkgs from the given argument. This allows us to run in restricted evaluation mode as enforced by Hydra and Nix 2.0 and while we could simply disable restricted eval, it's even better if we comply with it. Unfortunately I lied a bit, because we've been running in restricted eval mode before. This time however it seems that some change in Nix has caused this to be even more restrictive because now Nix search paths are not allowed as well. Relying on those within a Hydra jobset however is discouraged anyway. Signed-off-by: aszlig --- release.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'release.nix') diff --git a/release.nix b/release.nix index 2b74f2e5..46e1edf2 100644 --- a/release.nix +++ b/release.nix @@ -38,7 +38,10 @@ let root = import vuizvui { inherit system; }; mpath = if vuizvuiSrc == null then ./machines else "${vuizvui}/machines"; - allMachines = import mpath; + + allMachines = with pkgsUpstream.lib; let + wrapPkgs = machine: machine.withPkgsPath nixpkgs; + in mapAttrsRecursiveCond (m: !(m ? eval)) (const wrapPkgs) (import mpath); allTests = with import ./lib; getVuizvuiTests ({ inherit system nixpkgs; -- cgit 1.4.1