From b4a040e52b607e019515e9339f90a2e5c6c21ad5 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 1 Mar 2007 12:30:24 +0000 Subject: [PATCH] * Don't check the signature unless we have to. --- src/libstore/local-store.cc | 38 +++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc index dce2b449e..edbe567f4 100644 --- a/src/libstore/local-store.cc +++ b/src/libstore/local-store.cc @@ -840,27 +840,29 @@ Path LocalStore::importPath(bool requireSignature, Source & source) if (haveSignature) { string signature = readString(hashAndReadSource); - Path sigFile = tmpDir + "/sig"; - writeStringToFile(sigFile, signature); + if (requireSignature) { + Path sigFile = tmpDir + "/sig"; + writeStringToFile(sigFile, signature); - Strings args; - args.push_back("rsautl"); - args.push_back("-verify"); - args.push_back("-inkey"); - args.push_back(nixConfDir + "/signing-key.pub"); - args.push_back("-pubin"); - args.push_back("-in"); - args.push_back(sigFile); - string hash2 = runProgram("openssl", true, args); + Strings args; + args.push_back("rsautl"); + args.push_back("-verify"); + args.push_back("-inkey"); + args.push_back(nixConfDir + "/signing-key.pub"); + args.push_back("-pubin"); + args.push_back("-in"); + args.push_back(sigFile); + string hash2 = runProgram("openssl", true, args); - /* Note: runProgram() throws an exception if the signature is - invalid. */ + /* Note: runProgram() throws an exception if the signature + is invalid. */ - if (printHash(hash) != hash2) - throw Error( - "signed hash doesn't match actual contents of imported " - "archive; archive could be corrupt, or someone is trying " - "to import a Trojan horse"); + if (printHash(hash) != hash2) + throw Error( + "signed hash doesn't match actual contents of imported " + "archive; archive could be corrupt, or someone is trying " + "to import a Trojan horse"); + } } /* Do the actual import. */