* `nix-store --import' now also works in remote mode. The worker

  always requires a signature on the archive.  This is to ensure that
  unprivileged users cannot add Trojan horses to the Nix store.

1 files changed, 35 insertions, 1 deletions

diff --git a/src/nix-worker/nix-worker.cc b/src/nix-worker/nix-worker.cc
index 04578a8b87..6e4c6e4a96 100644
--- a/src/nix-worker/nix-worker.cc
+++ b/src/nix-worker/nix-worker.cc
@@ -187,12 +187,37 @@ struct TunnelSink : Sink
     virtual void operator ()
         (const unsigned char * data, unsigned int len)
     {
-        writeInt(STDERR_DATA, to);
+        writeInt(STDERR_WRITE, to);
         writeString(string((const char *) data, len), to);
     }
 };
 
 
+struct TunnelSource : Source
+{
+    Source & from;
+    TunnelSource(Source & from) : from(from)
+    {
+    }
+    virtual void operator ()
+        (unsigned char * data, unsigned int len)
+    {
+        /* Careful: we're going to receive data from the client now,
+           so we have to disable the SIGPOLL handler. */
+        setSigPollAction(false);
+        canSendStderr = false;
+        
+        writeInt(STDERR_READ, to);
+        writeInt(len, to);
+        string s = readString(from);
+        if (s.size() != len) throw Error("not enough data");
+        memcpy(data, (const unsigned char *) s.c_str(), len);
+
+        startWork();
+    }
+};
+
+
 static void performOp(Source & from, Sink & to, unsigned int op)
 {
     switch (op) {
@@ -289,6 +314,15 @@ static void performOp(Source & from, Sink & to, unsigned int op)
         break;
     }
 
+    case wopImportPath: {
+        startWork();
+        TunnelSource source(from);
+        Path path = store->importPath(true, source);
+        stopWork();
+        writeString(path, to);
+        break;
+    }
+
     case wopBuildDerivations: {
         PathSet drvs = readStorePaths(from);
         startWork();