From 451f483ef04552522aa04517a76cee20c053030d Mon Sep 17 00:00:00 2001 From: Seth Flynn Date: Fri, 26 Sep 2025 02:03:50 -0400 Subject: [PATCH] nix-cli: use pure/restricted eval for help pages This avoids any complications that can arise from the environment affecting evaluation of the help pages (which don't need to be calling out to anything external anyways) A recent example of one of these problems is https://github.com/NixOS/nix/issues/14085, which would break help pages by causing them to make invalid calls to the dummy store they're evaluated with Fixes: https://github.com/NixOS/nix/issues/14062 Co-authored-by: Sergei Zimmerman (cherry picked from commit ff82de86da4308b3a79b1c1d1bcb5f33edef066d) --- src/nix/main.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/nix/main.cc b/src/nix/main.cc index a6077f5e9..ed889a189 100644 --- a/src/nix/main.cc +++ b/src/nix/main.cc @@ -226,8 +226,8 @@ static void showHelp(std::vector subcommand, NixArgs & toplevel) auto mdName = subcommand.empty() ? "nix" : fmt("nix3-%s", concatStringsSep("-", subcommand)); - evalSettings.restrictEval = false; - evalSettings.pureEval = false; + evalSettings.restrictEval = true; + evalSettings.pureEval = true; EvalState state({}, openStore("dummy://"), fetchSettings, evalSettings); auto vGenerateManpage = state.allocValue();