From 12ddbad45893f125e2ab46c5e26d7c8396b31bdb Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Mon, 30 May 2016 13:44:09 +0200
Subject: [PATCH] LocalStore::addToStore: Verify hash of the imported path

---
 src/libstore/local-store.cc | 5 +++++
 tests/binary-cache.sh       | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc
index acd02eb48..8608b39ec 100644
--- a/src/libstore/local-store.cc
+++ b/src/libstore/local-store.cc
@@ -904,6 +904,11 @@ void LocalStore::invalidatePath(State & state, const Path & path)
 
 void LocalStore::addToStore(const ValidPathInfo & info, const std::string & nar, bool repair)
 {
+    Hash h = hashString(htSHA256, nar);
+    if (h != info.narHash)
+        throw Error(format("hash mismatch importing path ‘%s’; expected hash ‘%s’, got ‘%s’") %
+            info.path % info.narHash.to_string() % h.to_string());
+
     addTempRoot(info.path);
 
     if (repair || !isValidPath(info.path)) {
diff --git a/tests/binary-cache.sh b/tests/binary-cache.sh
index 5f88c595f..cadd634a2 100644
--- a/tests/binary-cache.sh
+++ b/tests/binary-cache.sh
@@ -48,7 +48,7 @@ mkdir -p $TEST_ROOT/empty
 nix-store --dump $TEST_ROOT/empty | xz > $nar
 
 nix-build --option binary-caches "file://$cacheDir" dependencies.nix -o $TEST_ROOT/result 2>&1 | tee $TEST_ROOT/log
-grep -q "hash mismatch in downloaded path" $TEST_ROOT/log
+grep -q "hash mismatch" $TEST_ROOT/log
 
 mv $nar.good $nar