From f38224e924bc38ea2b94930f8d12e29c7c8df7a8 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Tue, 7 Feb 2017 19:23:16 +0100
Subject: [PATCH] copyStorePath(): Don't require signatures for "trusted"
 stores

For example, SSH stores could be trusted.
---
 src/libstore/store-api.cc | 9 +++++++++
 src/libstore/store-api.hh | 4 ++++
 2 files changed, 13 insertions(+)

diff --git a/src/libstore/store-api.cc b/src/libstore/store-api.cc
index f98ba3840..11c2f4b02 100644
--- a/src/libstore/store-api.cc
+++ b/src/libstore/store-api.cc
@@ -529,6 +529,15 @@ void copyStorePath(ref<Store> srcStore, ref<Store> dstStore,
     StringSink sink;
     srcStore->narFromPath({storePath}, sink);
 
+    if (srcStore->isTrusted())
+        dontCheckSigs = true;
+
+    if (!info->narHash && dontCheckSigs) {
+        auto info2 = make_ref<ValidPathInfo>(*info);
+        info2->narHash = hashString(htSHA256, *sink.s);
+        info = info2;
+    }
+
     dstStore->addToStore(*info, sink.s, repair, dontCheckSigs);
 }
 
diff --git a/src/libstore/store-api.hh b/src/libstore/store-api.hh
index 8058daf14..39132be89 100644
--- a/src/libstore/store-api.hh
+++ b/src/libstore/store-api.hh
@@ -562,6 +562,10 @@ public:
 
     const Stats & getStats();
 
+    /* Whether this store paths from this store can be imported even
+       if they lack a signature. */
+    virtual bool isTrusted() { return false; }
+
 protected:
 
     Stats stats;