puck/lix
0
0
Fork 0
forked from lix-project/lix
Code Pull requests Activity

* Don't check the signature unless we have to.

Browse source
This commit is contained in:
Eelco Dolstra 2007-03-01 12:30:24 +00:00
parent 2ea3bebc23
commit b4a040e52b
1 changed files with 20 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
src/libstore/local-store.cc
View file

@ -840,27 +840,29 @@ Path LocalStore::importPath(bool requireSignature, Source & source)
if (haveSignature) { if (haveSignature) {
string signature = readString(hashAndReadSource); string signature = readString(hashAndReadSource);
Path sigFile = tmpDir + "/sig"; if (requireSignature) {
writeStringToFile(sigFile, signature); Path sigFile = tmpDir + "/sig";
writeStringToFile(sigFile, signature);
Strings args; Strings args;
args.push_back("rsautl"); args.push_back("rsautl");
args.push_back("-verify"); args.push_back("-verify");
args.push_back("-inkey"); args.push_back("-inkey");
args.push_back(nixConfDir + "/signing-key.pub"); args.push_back(nixConfDir + "/signing-key.pub");
args.push_back("-pubin"); args.push_back("-pubin");
args.push_back("-in"); args.push_back("-in");
args.push_back(sigFile); args.push_back(sigFile);
string hash2 = runProgram("openssl", true, args); string hash2 = runProgram("openssl", true, args);
/* Note: runProgram() throws an exception if the signature is /* Note: runProgram() throws an exception if the signature
invalid. */ is invalid. */
if (printHash(hash) != hash2) if (printHash(hash) != hash2)
throw Error( throw Error(
"signed hash doesn't match actual contents of imported " "signed hash doesn't match actual contents of imported "
"archive; archive could be corrupt, or someone is trying " "archive; archive could be corrupt, or someone is trying "
"to import a Trojan horse"); "to import a Trojan horse");
}
} }
/* Do the actual import. */ /* Do the actual import. */