diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2016-05-30T13·09+0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2016-05-30T13·18+0200 |
commit | 57d33013ce58e0cfd31e51dfb57a78f8f2a545fd (patch) | |
tree | c638b464c0811f5eca34391bd70c6531eb7b2505 | |
parent | 42ae8d95aa152b69a8e190772845922ed7681cf5 (diff) |
Check signatures before downloading the substitute
-rw-r--r-- | src/libstore/build.cc | 10 | ||||
-rw-r--r-- | src/libstore/local-store.hh | 1 |
2 files changed, 11 insertions, 0 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index a6f8dfabac00..cca357dfb31b 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -3142,6 +3142,16 @@ void SubstitutionGoal::tryNext() hasSubstitute = true; + /* Bail out early if this substituter lacks a valid + signature. LocalStore::addToStore() also checks for this, but + only after we've downloaded the path. */ + if (worker.store.requireSigs && !info->checkSignatures(worker.store.publicKeys)) { + printMsg(lvlInfo, format("warning: substituter ‘%s’ does not have a valid signature for path ‘%s’") + % sub->getUri() % storePath); + tryNext(); + return; + } + /* To maintain the closure invariant, we first have to realise the paths referenced by this one. */ for (auto & i : info->references) diff --git a/src/libstore/local-store.hh b/src/libstore/local-store.hh index 8de58cea8e43..2a3f452bc5c7 100644 --- a/src/libstore/local-store.hh +++ b/src/libstore/local-store.hh @@ -248,6 +248,7 @@ private: void signPathInfo(ValidPathInfo & info); friend class DerivationGoal; + friend class SubstitutionGoal; }; |