From c43ed8c85f11b041db2624cc249f3f1fb68760b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Na=C3=AFm=20Camille=20Favier?= <n@monade.li>
Date: Thu, 21 Jul 2022 12:27:21 +0200
Subject: [PATCH] Disallow IFD in flakes (#502)

I think it is surprising that `flake-info` tries to build things in
order to index flakes. Hence, forbid IFD.

`--read-only` is for performance, see https://github.com/NixOS/nix/pull/6323
---
 flake-info/src/commands/nix_flake_attrs.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/flake-info/src/commands/nix_flake_attrs.rs b/flake-info/src/commands/nix_flake_attrs.rs
index 068ec35..1d16fca 100644
--- a/flake-info/src/commands/nix_flake_attrs.rs
+++ b/flake-info/src/commands/nix_flake_attrs.rs
@@ -9,7 +9,7 @@ use std::io::Write;
 use std::path::PathBuf;
 
 const SCRIPT: &str = include_str!("flake_info.nix");
-const ARGS: [&str; 3] = ["eval", "--json", "--no-write-lock-file"];
+const ARGS: [&str; 5] = ["eval", "--json", "--no-allow-import-from-derivation", "--read-only", "--no-write-lock-file"];
 
 /// Uses `nix` to fetch the provided flake and read general information
 /// about it using `nix flake info`