moraxyc/lix
0
0
Fork 0
forked from lix-project/lix
Code Pull requests Activity

Check signatures before downloading the substitute

Browse source
This commit is contained in:
Eelco Dolstra 2016-05-30 15:09:01 +02:00
parent 42ae8d95aa
commit 57d33013ce
2 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/libstore/build.cc
View file

@ -3142,6 +3142,16 @@ void SubstitutionGoal::tryNext()
hasSubstitute = true; hasSubstitute = true;
/* Bail out early if this substituter lacks a valid
signature. LocalStore::addToStore() also checks for this, but
only after we've downloaded the path. */
if (worker.store.requireSigs && !info->checkSignatures(worker.store.publicKeys)) {
printMsg(lvlInfo, format("warning: substituter %s does not have a valid signature for path %s")
% sub->getUri() % storePath);
tryNext();
return;
}
/* To maintain the closure invariant, we first have to realise the /* To maintain the closure invariant, we first have to realise the
paths referenced by this one. */ paths referenced by this one. */
for (auto & i : info->references) for (auto & i : info->references)

1
src/libstore/local-store.hh
View file

@ -248,6 +248,7 @@ private:
void signPathInfo(ValidPathInfo & info); void signPathInfo(ValidPathInfo & info);
friend class DerivationGoal; friend class DerivationGoal;
friend class SubstitutionGoal;
}; };