From 57d33013ce58e0cfd31e51dfb57a78f8f2a545fd Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Mon, 30 May 2016 15:09:01 +0200
Subject: Check signatures before downloading the substitute

---
 src/libstore/build.cc | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'src/libstore/build.cc')

diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index a6f8dfabac00..cca357dfb31b 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -3142,6 +3142,16 @@ void SubstitutionGoal::tryNext()
 
     hasSubstitute = true;
 
+    /* Bail out early if this substituter lacks a valid
+       signature. LocalStore::addToStore() also checks for this, but
+       only after we've downloaded the path. */
+    if (worker.store.requireSigs && !info->checkSignatures(worker.store.publicKeys)) {
+        printMsg(lvlInfo, format("warning: substituter ‘%s’ does not have a valid signature for path ‘%s’")
+            % sub->getUri() % storePath);
+        tryNext();
+        return;
+    }
+
     /* To maintain the closure invariant, we first have to realise the
        paths referenced by this one. */
     for (auto & i : info->references)
-- 
cgit 1.4.1