[bug#55231] Prevent possible copyright violations caused by initrd changes.
Commit Message
This commit changes the conditions under which derivations, as constructed by the `derivation` function, are made substitutable, to prevent potential copyright violations related to the construction of substitutable initrds including non-substitutable derivations (in particular, ZFS).
This change prevents such copyright violations by only marking a derivation as substitutable if it is marked substitutable and all of its inputs are marked as substitutable. This means that non-substitutable derivations have a "poisoning" effect, preventing derivations which take them as input from being substitutable.
Change-Id: I80ba4a371ee0c55a1294aff311d4e7b151055fac
---
guix/derivations.scm | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
base-commit: b30669e15d2e8c3d1b74b32f77e2095682aab4ca
prerequisite-patch-id: 45b81fb0e4b05258028b424c6faa9ce11db81572
prerequisite-patch-id: 73d157f088f6ec9e9feece25a7ba6a0c890d6343
@@ -868,6 +868,10 @@ (define* (derivation store name builder args
env-vars)
#f)))))
+ (define inputs-substitutable? (every substitutable-derivation?
+ (map derivation-input-derivation
+ (filter derivation-input? inputs))))
+
(define (user+system-env-vars)
;; Some options are passed to the build daemon via the env. vars of
;; derivations (urgh!). We hide that from our API, but here is the place
@@ -875,7 +879,7 @@ (define* (derivation store name builder args
(let ((env-vars `(,@(if local-build?
`(("preferLocalBuild" . "1"))
'())
- ,@(if (not substitutable?)
+ ,@(if (not (and substitutable? inputs-substitutable?))
`(("allowSubstitutes" . "0"))
'())
,@(if allowed-references