Add a special type of context for the result of toString

When you apply `builtins.toString` to a path value representing a path in the Nix store (as is the case with flake inputs), historically you got a string without context (e.g. `/nix/store/...-source`). This is broken, since it allows you to pass a store path to a derivation/toFile without a proper store reference. This is especially a problem with lazy trees, since the store path is a virtual path that doesn't exist and can be different every time. For backwards compatibility, and to warn users about this unsafe use of `toString`, we now keep track of such strings as a special type of context.
2025-12-10 11:01:03 +01:00 · 2025-05-07 18:53:39 +02:00 · 2025-05-07 18:53:39 +02:00 · 2a35d8f800
commit 2a35d8f800
parent 8c568277fd
10 changed files with 129 additions and 10 deletions
--- a/src/libexpr/value-to-json.cc
+++ b/src/libexpr/value-to-json.cc
@ -7,9 +7,10 @@
 #include <iomanip>
 #include <nlohmann/json.hpp>

-
 namespace nix {
+
 using json = nlohmann::json;
+
 json printValueAsJSON(EvalState & state, bool strict,
    Value & v, const PosIdx pos, NixStringContext & context, bool copyToStore)
 {
@ -33,6 +34,8 @@ json printValueAsJSON(EvalState & state, bool strict,
            copyContext(v, context);
            // FIXME: only use the context from `v`.
            // FIXME: make devirtualization configurable?
+            // FIXME: don't devirtualize here? It's redundant if
+            // 'toFile' or 'derivation' also do it.
            out = state.devirtualize(v.c_str(), context);
            break;