Add possibility to define run-post-link-scripts="insecure" in manifest file

[sapetnioc]

Problem description

The recent configuration option run-post-link makes it possible to execute pre and post link scripts from Conda packages. AFAIK (sorry if I am wrong) it is not possible to define a project using this option with simply a manifest file. It requires user intervention such as calling pixi config --local run-post-link-scripts insecure. In a context where we're deploying various environments with just pixi.toml files, this makes the process more complex when run-post-link=insecure is required. What's more, our users have got into the (perhaps bad) habit of deleting the .pixi directory and recreating it with pixi. As the local configuration is lost in this case, the recreated environment will also lost the run-post-link=insecure option.

Would it be possible to add the run-post-link option in manifest file ?

[Hofer-Julian]

What's more, our users have got into the (perhaps bad) habit of deleting the .pixi directory and recreating it with pixi

Since our template puts .pixi in .gitignore, we could also consider to moving the local config to a different folder.

[phreed]

What's more, our users have got into the (perhaps bad) habit of deleting the .pixi directory and recreating it with pixi

Since our template puts .pixi in .gitignore, we could also consider to moving the local config to a different folder.

Or put pixi.config.toml (or 'pixi.config') next to pixi.toml, making a triple: pixi.toml, pixi.lock, pixi.config.

[gzm55]

is it possible to list only some trusted packages to enable run-post-link-scripts?