about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--perl/lib/Nix/Store.xs4
-rwxr-xr-xscripts/build-remote.pl.in2
-rwxr-xr-xscripts/nix-copy-closure.in2
-rw-r--r--src/libstore/binary-cache-store.cc3
-rw-r--r--src/libstore/binary-cache-store.hh2
-rw-r--r--src/libstore/export-import.cc4
-rw-r--r--src/libstore/local-store.cc5
-rw-r--r--src/libstore/local-store.hh2
-rw-r--r--src/libstore/remote-store.cc3
-rw-r--r--src/libstore/remote-store.hh2
-rw-r--r--src/libstore/store-api.hh6
-rw-r--r--src/nix-store/nix-store.cc2
12 files changed, 20 insertions, 17 deletions
diff --git a/perl/lib/Nix/Store.xs b/perl/lib/Nix/Store.xs
index ee60ce13011d..7a5458113675 100644
--- a/perl/lib/Nix/Store.xs
+++ b/perl/lib/Nix/Store.xs
@@ -182,11 +182,11 @@ void exportPaths(int fd, ...)
         }
 
 
-void importPaths(int fd)
+void importPaths(int fd, int dontCheckSigs)
     PPCODE:
         try {
             FdSource source(fd);
-            store()->importPaths(source, 0);
+            store()->importPaths(source, 0, dontCheckSigs);
         } catch (Error & e) {
             croak("%s", e.what());
         }
diff --git a/scripts/build-remote.pl.in b/scripts/build-remote.pl.in
index 4bf42941116f..b5fc629eb499 100755
--- a/scripts/build-remote.pl.in
+++ b/scripts/build-remote.pl.in
@@ -271,5 +271,5 @@ if (scalar @outputs2 > 0) {
     writeInt(0, $to); # don't sign
     writeStrings(\@outputs2, $to);
     $ENV{'NIX_HELD_LOCKS'} = "@outputs2"; # FIXME: ugly
-    importPaths(fileno($from));
+    importPaths(fileno($from), 1);
 }
diff --git a/scripts/nix-copy-closure.in b/scripts/nix-copy-closure.in
index 0078d7267353..af1d30919263 100755
--- a/scripts/nix-copy-closure.in
+++ b/scripts/nix-copy-closure.in
@@ -97,7 +97,7 @@ else { # Copy FROM the remote machine.
         writeInt(5, $to); # == cmdExportPaths
         writeInt(0, $to); # obsolete
         writeStrings(\@missing, $to);
-        importPaths(fileno($from));
+        importPaths(fileno($from), 1);
     }
 
 }
diff --git a/src/libstore/binary-cache-store.cc b/src/libstore/binary-cache-store.cc
index 58cb87a516b9..1a95e01a5e26 100644
--- a/src/libstore/binary-cache-store.cc
+++ b/src/libstore/binary-cache-store.cc
@@ -63,7 +63,8 @@ Path BinaryCacheStore::narInfoFileFor(const Path & storePath)
     return storePathToHash(storePath) + ".narinfo";
 }
 
-void BinaryCacheStore::addToStore(const ValidPathInfo & info, const std::string & nar, bool repair)
+void BinaryCacheStore::addToStore(const ValidPathInfo & info, const std::string & nar,
+    bool repair, bool dontCheckSigs)
 {
     if (!repair && isValidPath(info.path)) return;
 
diff --git a/src/libstore/binary-cache-store.hh b/src/libstore/binary-cache-store.hh
index c14ab8676a9c..bedb4c9f0c9f 100644
--- a/src/libstore/binary-cache-store.hh
+++ b/src/libstore/binary-cache-store.hh
@@ -84,7 +84,7 @@ public:
     bool wantMassQuery() { return wantMassQuery_; }
 
     void addToStore(const ValidPathInfo & info, const std::string & nar,
-        bool repair = false) override;
+        bool repair = false, bool dontCheckSigs = false) override;
 
     Path addToStore(const string & name, const Path & srcPath,
         bool recursive = true, HashType hashAlgo = htSHA256,
diff --git a/src/libstore/export-import.cc b/src/libstore/export-import.cc
index 4ec01add3026..12b194643b12 100644
--- a/src/libstore/export-import.cc
+++ b/src/libstore/export-import.cc
@@ -82,7 +82,7 @@ struct NopSink : ParseSink
 {
 };
 
-Paths Store::importPaths(Source & source, std::shared_ptr<FSAccessor> accessor)
+Paths Store::importPaths(Source & source, std::shared_ptr<FSAccessor> accessor, bool dontCheckSigs)
 {
     Paths res;
     while (true) {
@@ -117,7 +117,7 @@ Paths Store::importPaths(Source & source, std::shared_ptr<FSAccessor> accessor)
         if (readInt(source) == 1)
             readString(source);
 
-        addToStore(info, *tee.data);
+        addToStore(info, *tee.data, false, dontCheckSigs);
 
         // FIXME: implement accessors?
         assert(!accessor);
diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc
index b44384957ca6..cd3a74d80d82 100644
--- a/src/libstore/local-store.cc
+++ b/src/libstore/local-store.cc
@@ -904,14 +904,15 @@ void LocalStore::invalidatePath(State & state, const Path & path)
 }
 
 
-void LocalStore::addToStore(const ValidPathInfo & info, const std::string & nar, bool repair)
+void LocalStore::addToStore(const ValidPathInfo & info, const std::string & nar,
+    bool repair, bool dontCheckSigs)
 {
     Hash h = hashString(htSHA256, nar);
     if (h != info.narHash)
         throw Error(format("hash mismatch importing path ‘%s’; expected hash ‘%s’, got ‘%s’") %
             info.path % info.narHash.to_string() % h.to_string());
 
-    if (requireSigs && !info.checkSignatures(publicKeys))
+    if (requireSigs && !dontCheckSigs && !info.checkSignatures(publicKeys))
         throw Error(format("cannot import path ‘%s’ because it lacks a valid signature") % info.path);
 
     addTempRoot(info.path);
diff --git a/src/libstore/local-store.hh b/src/libstore/local-store.hh
index 2a3f452bc5c7..231ae65a31ef 100644
--- a/src/libstore/local-store.hh
+++ b/src/libstore/local-store.hh
@@ -117,7 +117,7 @@ public:
         SubstitutablePathInfos & infos) override;
 
     void addToStore(const ValidPathInfo & info, const std::string & nar,
-        bool repair) override;
+        bool repair, bool dontCheckSigs) override;
 
     Path addToStore(const string & name, const Path & srcPath,
         bool recursive = true, HashType hashAlgo = htSHA256,
diff --git a/src/libstore/remote-store.cc b/src/libstore/remote-store.cc
index 9a00a6ed9910..48653595f0e8 100644
--- a/src/libstore/remote-store.cc
+++ b/src/libstore/remote-store.cc
@@ -326,7 +326,8 @@ Path RemoteStore::queryPathFromHashPart(const string & hashPart)
 }
 
 
-void RemoteStore::addToStore(const ValidPathInfo & info, const std::string & nar, bool repair)
+void RemoteStore::addToStore(const ValidPathInfo & info, const std::string & nar,
+    bool repair, bool dontCheckSigs)
 {
     throw Error("RemoteStore::addToStore() not implemented");
 }
diff --git a/src/libstore/remote-store.hh b/src/libstore/remote-store.hh
index 0757f82e8964..3e0fc4e04f41 100644
--- a/src/libstore/remote-store.hh
+++ b/src/libstore/remote-store.hh
@@ -52,7 +52,7 @@ public:
         SubstitutablePathInfos & infos) override;
 
     void addToStore(const ValidPathInfo & info, const std::string & nar,
-        bool repair) override;
+        bool repair, bool dontCheckSigs) override;
 
     Path addToStore(const string & name, const Path & srcPath,
         bool recursive = true, HashType hashAlgo = htSHA256,
diff --git a/src/libstore/store-api.hh b/src/libstore/store-api.hh
index 8c618bf3e771..ab7baf82d5f8 100644
--- a/src/libstore/store-api.hh
+++ b/src/libstore/store-api.hh
@@ -257,7 +257,7 @@ public:
 
     /* Import a path into the store. */
     virtual void addToStore(const ValidPathInfo & info, const std::string & nar,
-        bool repair = false) = 0;
+        bool repair = false, bool dontCheckSigs = false) = 0;
 
     /* Copy the contents of a path to the store and register the
        validity the resulting path.  The resulting path is returned.
@@ -398,8 +398,8 @@ public:
        the Nix store. Optionally, the contents of the NARs are
        preloaded into the specified FS accessor to speed up subsequent
        access. */
-    Paths importPaths(Source & source,
-        std::shared_ptr<FSAccessor> accessor);
+    Paths importPaths(Source & source, std::shared_ptr<FSAccessor> accessor,
+        bool dontCheckSigs = false);
 
     struct Stats
     {
diff --git a/src/nix-store/nix-store.cc b/src/nix-store/nix-store.cc
index 0038fff036a1..1fd8a148e472 100644
--- a/src/nix-store/nix-store.cc
+++ b/src/nix-store/nix-store.cc
@@ -901,7 +901,7 @@ static void opServe(Strings opFlags, Strings opArgs)
 
             case cmdImportPaths: {
                 if (!writeAllowed) throw Error("importing paths is not allowed");
-                store->importPaths(in, 0);
+                store->importPaths(in, 0, true); // FIXME: should we skip sig checking?
                 out << 1; // indicate success
                 break;
             }