diff options
| -rw-r--r-- | src/libstore/build.cc | 10 | ||||
| -rw-r--r-- | src/libstore/local-store.hh | 1 |
2 files changed, 11 insertions, 0 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index a6f8dfabac00..cca357dfb31b 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -3142,6 +3142,16 @@ void SubstitutionGoal::tryNext() hasSubstitute = true; + /* Bail out early if this substituter lacks a valid + signature. LocalStore::addToStore() also checks for this, but + only after we've downloaded the path. */ + if (worker.store.requireSigs && !info->checkSignatures(worker.store.publicKeys)) { + printMsg(lvlInfo, format("warning: substituter ‘%s’ does not have a valid signature for path ‘%s’") + % sub->getUri() % storePath); + tryNext(); + return; + } + /* To maintain the closure invariant, we first have to realise the paths referenced by this one. */ for (auto & i : info->references) diff --git a/src/libstore/local-store.hh b/src/libstore/local-store.hh index 8de58cea8e43..2a3f452bc5c7 100644 --- a/src/libstore/local-store.hh +++ b/src/libstore/local-store.hh @@ -248,6 +248,7 @@ private: void signPathInfo(ValidPathInfo & info); friend class DerivationGoal; + friend class SubstitutionGoal; }; |