From 57d33013ce58e0cfd31e51dfb57a78f8f2a545fd Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Mon, 30 May 2016 15:09:01 +0200
Subject: [PATCH] Check signatures before downloading the substitute

---
 src/libstore/build.cc       | 10 ++++++++++
 src/libstore/local-store.hh |  1 +
 2 files changed, 11 insertions(+)

diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index a6f8dfaba..cca357dfb 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -3142,6 +3142,16 @@ void SubstitutionGoal::tryNext()
 
     hasSubstitute = true;
 
+    /* Bail out early if this substituter lacks a valid
+       signature. LocalStore::addToStore() also checks for this, but
+       only after we've downloaded the path. */
+    if (worker.store.requireSigs && !info->checkSignatures(worker.store.publicKeys)) {
+        printMsg(lvlInfo, format("warning: substituter ‘%s’ does not have a valid signature for path ‘%s’")
+            % sub->getUri() % storePath);
+        tryNext();
+        return;
+    }
+
     /* To maintain the closure invariant, we first have to realise the
        paths referenced by this one. */
     for (auto & i : info->references)
diff --git a/src/libstore/local-store.hh b/src/libstore/local-store.hh
index 8de58cea8..2a3f452bc 100644
--- a/src/libstore/local-store.hh
+++ b/src/libstore/local-store.hh
@@ -248,6 +248,7 @@ private:
     void signPathInfo(ValidPathInfo & info);
 
     friend class DerivationGoal;
+    friend class SubstitutionGoal;
 };