M doc/guix.texi => doc/guix.texi +3 -0
@@ 3670,6 3670,7 @@ information about monads.)
[#:recursive? #f] [#:env-vars '()] [#:modules '()] @
[#:module-path @var{%load-path}] @
[#:references-graphs #f] [#:allowed-references #f] @
+ [#:disallowed-references #f] @
[#:leaked-env-vars #f] @
[#:script-name (string-append @var{name} "-builder")] @
[#:local-build? #f] [#:substitutable? #t] [#:guile-for-build #f]
@@ 3707,6 3708,8 @@ text format.
@var{allowed-references} must be either @code{#f} or a list of output names and packages.
In the latter case, the list denotes store items that the result is allowed to
refer to. Any reference to another store item will lead to a build error.
+Similarly for @var{disallowed-references}, which can list items that must not be
+referenced by the outputs.
The other arguments are as for @code{derivation} (@pxref{Derivations}).
@end deffn
M guix/gexp.scm => guix/gexp.scm +9 -1
@@ 463,7 463,7 @@ names and file names suitable for the #:allowed-references argument to
(guile-for-build (%guile-for-build))
(graft? (%graft?))
references-graphs
- allowed-references
+ allowed-references disallowed-references
leaked-env-vars
local-build? (substitutable? #t)
(script-name (string-append name "-builder")))
@@ 497,6 497,8 @@ text format.
ALLOWED-REFERENCES must be either #f or a list of output names and packages.
In the latter case, the list denotes store items that the result is allowed to
refer to. Any reference to another store item will lead to a build error.
+Similarly for DISALLOWED-REFERENCES, which can list items that must not be
+referenced by the outputs.
The other arguments are as for 'derivation'."
(define %modules modules)
@@ 557,6 559,11 @@ The other arguments are as for 'derivation'."
#:system system
#:target target)
(return #f)))
+ (disallowed (if disallowed-references
+ (lower-references disallowed-references
+ #:system system
+ #:target target)
+ (return #f)))
(guile (if guile-for-build
(return guile-for-build)
(default-guile-derivation system))))
@@ 585,6 592,7 @@ The other arguments are as for 'derivation'."
#:hash hash #:hash-algo hash-algo #:recursive? recursive?
#:references-graphs (and=> graphs graphs-file-names)
#:allowed-references allowed
+ #:disallowed-references disallowed
#:leaked-env-vars leaked-env-vars
#:local-build? local-build?
#:substitutable? substitutable?))))
M tests/gexp.scm => tests/gexp.scm +24 -0
@@ 600,6 600,30 @@
(build-derivations %store (list drv))
#f)))
+(test-assertm "gexp->derivation #:disallowed-references, allowed"
+ (mlet %store-monad ((drv (gexp->derivation "disallowed-refs"
+ #~(begin
+ (mkdir #$output)
+ (chdir #$output)
+ (symlink #$output "self")
+ (symlink #$%bootstrap-guile
+ "guile"))
+ #:disallowed-references '())))
+ (built-derivations (list drv))))
+
+
+(test-assert "gexp->derivation #:disallowed-references"
+ (let ((drv (run-with-store %store
+ (gexp->derivation "disallowed-refs"
+ #~(begin
+ (mkdir #$output)
+ (chdir #$output)
+ (symlink #$%bootstrap-guile "guile"))
+ #:disallowed-references (list %bootstrap-guile)))))
+ (guard (c ((nix-protocol-error? c) #t))
+ (build-derivations %store (list drv))
+ #f)))
+
(define shebang
(string-append "#!" (derivation->output-path (%guile-for-build))
"/bin/guile --no-auto-compile"))