stdenv/check-meta: add note for Flake usage

Flake users that use a command like `nix build nixpkgs#hello` on a broken/insecure package will not be able to use an environment variable to override that behavior, unless they pass `--impure` to the command. Co-authored-by: pkharvey <kayharvey@protonmail.com>
2021-11-13 04:47:23 +00:00 · 2021-11-13 04:47:23 +00:00 · 7bea56b425
commit 7bea56b425
parent 1705882eb6
1 changed files with 9 additions and 2 deletions
--- a/pkgs/stdenv/generic/check-meta.nix
+++ b/pkgs/stdenv/generic/check-meta.nix
@ -119,13 +119,20 @@ let
        }
    '';

+    # flakeNote will be printed in the remediation messages below.
+    flakeNote = "
+ Note: For `nix shell`, `nix build`, `nix develop` or any other Nix 2.4+
+ (Flake) command, `--impure` must be passed in order to read this
+ environment variable.
+    ";
+
  remediate_allowlist = allow_attr: rebuild_amendment: attrs:
    ''
      a) To temporarily allow ${remediation_phrase allow_attr}, you can use an environment variable
         for a single invocation of the nix tools.

           $ export ${remediation_env_var allow_attr}=1
-
+           ${flakeNote}
      b) For `nixos-rebuild` you can set
        { nixpkgs.config.allow${allow_attr} = true; }
      in configuration.nix to override this.
@ -148,7 +155,7 @@ let
           variable for a single invocation of the nix tools:

             $ export NIXPKGS_ALLOW_INSECURE=1
-
+             ${flakeNote}
        b) for `nixos-rebuild` you can add ‘${getName attrs}’ to
           `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
           like so: