12struct EvalSettings : Config
40 EvalSettings(
bool & readOnlyMode,
LookupPathHooks lookupPathHooks = {});
44 static Strings getDefaultNixPath();
46 static bool isPseudoUrl(std::string_view
s);
48 static Strings parseNixPath(
const std::string &
s);
50 static std::string resolvePseudoUrl(std::string_view url);
54 Setting<bool> enableNativeCode{
this,
false,
"allow-unsafe-native-code-during-evaluation", R
"(
55 Enable built-in functions that allow executing native code.
57 In particular, this adds:
58 - `builtins.importNative` *path* *symbol*
60 Opens dynamic shared object (DSO) at *path*, loads the function with the symbol name *symbol* from it and runs it.
61 The loaded function must have the following signature:
63 extern "C" typedef void (*ValueInitialiser) (EvalState & state, Value & v);
66 The [Nix C++ API documentation](@docroot@/development/documentation.md#api-documentation) has more details on evaluator internals.
68 - `builtins.exec` *arguments*
70 Execute a program, where *arguments* are specified as a list of strings, and parse its output as a Nix expression.
73 Setting<Strings> nixPath{
76 List of search paths to use for [lookup path](@docroot@/language/constructs/lookup-path.md) resolution.
77 This setting determines the value of
78 [`builtins.nixPath`](@docroot@/language/builtins.md#builtins-nixPath) and can be used with [`builtins.findFile`](@docroot@/language/builtins.md#builtins-findFile).
80 - The configuration setting is overridden by the [`NIX_PATH`](@docroot@/command-ref/env-common.md#env-NIX_PATH)
82 - `NIX_PATH` is overridden by [specifying the setting as the command line flag](@docroot@/command-ref/conf-file.md#command-line-flags) `--nix-path`.
83 - Any current value is extended by the [`-I` option](@docroot@/command-ref/opt-common.md#opt-I) or `--extra-nix-path`.
85 If the respective paths are accessible, the default values are:
87 - `$HOME/.nix-defexpr/channels`
89 The [user channel link](@docroot@/command-ref/files/default-nix-expression.md#user-channel-link), pointing to the current state of [channels](@docroot@/command-ref/files/channels.md) for the current user.
91 - `nixpkgs=$NIX_STATE_DIR/profiles/per-user/root/channels/nixpkgs`
93 The current state of the `nixpkgs` channel for the `root` user.
95 - `$NIX_STATE_DIR/profiles/per-user/root/channels`
97 The current state of all channels for the `root` user.
99 These files are set up by the [Nix installer](@docroot@/installation/installing-binary.md).
100 See [`NIX_STATE_DIR`](@docroot@/command-ref/env-common.md#env-NIX_STATE_DIR) for details on the environment variable.
104 > If [restricted evaluation](@docroot@/command-ref/conf-file.md#conf-restrict-eval) is enabled, the default value is empty.
106 > If [pure evaluation](#conf-pure-eval) is enabled, `builtins.nixPath` *always* evaluates to the empty list `[ ]`.
109 Setting<std::string> currentSystem{
110 this,
"",
"eval-system",
113 [`builtins.currentSystem`](@docroot@/language/builtins.md#builtins-currentSystem)
114 in the Nix language if it is set as a non-empty string.
115 Otherwise, if it is defined as the empty string (the default), the value of the
116 [`system` ](#conf-system)
117 configuration setting is used instead.
119 Unlike `system`, this setting does not change what kind of derivations can be built locally.
120 This is useful for evaluating Nix code on one system to produce derivations to be built on another type of system.
129 Setting<bool> restrictEval{
130 this,
false,
"restrict-eval",
132 If set to `true`, the Nix evaluator will not allow access to any
134 [`builtins.nixPath`](@docroot@/language/builtins.md#builtins-nixPath),
135 or to URIs outside of
136 [`allowed-uris`](@docroot@/command-ref/conf-file.md#conf-allowed-uris).
139 Setting<bool> pureEval{this,
false,
"pure-eval",
141 Pure evaluation mode ensures that the result of Nix expressions is fully determined by explicitly declared inputs, and not influenced by external state:
143 - Restrict file system and network access to files specified by cryptographic hash
144 - Disable impure constants:
145 - [`builtins.currentSystem`](@docroot@/language/builtins.md#builtins-currentSystem)
146 - [`builtins.currentTime`](@docroot@/language/builtins.md#builtins-currentTime)
147 - [`builtins.nixPath`](@docroot@/language/builtins.md#builtins-nixPath)
148 - [`builtins.storePath`](@docroot@/language/builtins.md#builtins-storePath)
152 Setting<bool> enableImportFromDerivation{
153 this,
true,
"allow-import-from-derivation",
155 By default, Nix allows [Import from Derivation](@docroot@/language/import-from-derivation.md).
157 With this option set to `false`, Nix will throw an error when evaluating an expression that uses this feature,
158 even when the required store object is readily available.
159 This ensures that evaluation will not require any builds to take place,
160 regardless of the state of the store.
163 Setting<Strings> allowedUris{this, {},
"allowed-uris",
165 A list of URI prefixes to which access is allowed in restricted
166 evaluation mode. For example, when set to
167 `https://github.com/NixOS`, builtin functions such as `fetchGit` are
168 allowed to access `https://github.com/NixOS/patchelf.git`.
170 Access is granted when
171 - the URI is equal to the prefix,
172 - or the URI is a subpath of the prefix,
173 - or the prefix is a URI scheme ended by a colon `:` and the URI has the same scheme.
176 Setting<bool> traceFunctionCalls{this,
false,
"trace-function-calls",
178 If set to `true`, the Nix evaluator will trace every function call.
179 Nix will print a log message at the "vomit" level for every function
180 entrance and function exit.
182 function-trace entered undefined position at 1565795816999559622
183 function-trace exited undefined position at 1565795816999581277
184 function-trace entered /nix/store/.../example.nix:226:41 at 1565795253249935150
185 function-trace exited /nix/store/.../example.nix:226:41 at 1565795253249941684
187 The `undefined position` means the function call is a builtin.
189 Use the `contrib/stack-collapse.py` script distributed with the Nix
190 source code to convert the trace logs in to a format suitable for
194 Setting<bool> useEvalCache{this,
true,
"eval-cache",
196 Whether to use the flake evaluation cache.
197 Certain commands won't have to evaluate when invoked for the second time with a particular version of a flake.
198 Intermediate results are not cached.
201 Setting<bool> ignoreExceptionsDuringTry{this,
false,
"ignore-try",
203 If set to true, ignore exceptions inside 'tryEval' calls when evaluating nix expressions in
204 debug mode (using the --debugger flag). By default the debugger will pause on all exceptions.
207 Setting<bool> traceVerbose{this,
false,
"trace-verbose",
208 "Whether `builtins.traceVerbose` should trace its first argument when evaluated."};
210 Setting<unsigned int> maxCallDepth{
this, 10000,
"max-call-depth",
211 "The maximum function call depth to allow before erroring."};
213 Setting<bool> builtinsTraceDebugger{
this,
false,
"debugger-on-trace",
215 If set to true and the `--debugger` flag is given, the following functions
216 will enter the debugger like [`builtins.break`](@docroot@/language/builtins.md#builtins-break).
218 * [`builtins.trace`](@docroot@/language/builtins.md#builtins-trace)
219 * [`builtins.traceVerbose`](@docroot@/language/builtins.md#builtins-traceVerbose)
220 if [`trace-verbose`](#conf-trace-verbose) is set to true.
221 * [`builtins.warn`](@docroot@/language/builtins.md#builtins-warn)
223 This is useful for debugging warnings in third-party Nix code.
226 Setting<bool> builtinsDebuggerOnWarn{this,
false,
"debugger-on-warn",
228 If set to true and the `--debugger` flag is given, [`builtins.warn`](@docroot@/language/builtins.md#builtins-warn)
229 will enter the debugger like [`builtins.break`](@docroot@/language/builtins.md#builtins-break).
231 This is useful for debugging warnings in third-party Nix code.
233 Use [`debugger-on-trace`](#conf-debugger-on-trace) to also enter the debugger on legacy warnings that are logged with [`builtins.trace`](@docroot@/language/builtins.md#builtins-trace).
236 Setting<bool> builtinsAbortOnWarn{this,
false,
"abort-on-warn",
238 If set to true, [`builtins.warn`](@docroot@/language/builtins.md#builtins-warn) will throw an error when logging a warning.
240 This will give you a stack trace that leads to the location of the warning.
242 This is useful for finding information about warnings in third-party Nix code when you can not start the interactive debugger, such as when Nix is called from a non-interactive script. See [`debugger-on-warn`](#conf-debugger-on-warn).
244 Currently, a stack trace can only be produced when the debugger is enabled, or when evaluation is aborted.
246 This option can be enabled by setting `NIX_ABORT_ON_WARN=1` in the environment.