diff options
| author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2016-05-30 13:44:09 +0200 |
|---|---|---|
| committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2016-05-30 15:18:12 +0200 |
| commit | 12ddbad45893f125e2ab46c5e26d7c8396b31bdb (patch) | |
| tree | ca1536ed40b613bed58f49f90b9e1ec199ca769a | |
| parent | e2224844019d58fc947ce00e18e9fa9974d2c8b5 (diff) | |
LocalStore::addToStore: Verify hash of the imported path
| -rw-r--r-- | src/libstore/local-store.cc | 5 | ||||
| -rw-r--r-- | tests/binary-cache.sh | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc index acd02eb48..8608b39ec 100644 --- a/src/libstore/local-store.cc +++ b/src/libstore/local-store.cc @@ -904,6 +904,11 @@ void LocalStore::invalidatePath(State & state, const Path & path) void LocalStore::addToStore(const ValidPathInfo & info, const std::string & nar, bool repair) { + Hash h = hashString(htSHA256, nar); + if (h != info.narHash) + throw Error(format("hash mismatch importing path ‘%s’; expected hash ‘%s’, got ‘%s’") % + info.path % info.narHash.to_string() % h.to_string()); + addTempRoot(info.path); if (repair || !isValidPath(info.path)) { diff --git a/tests/binary-cache.sh b/tests/binary-cache.sh index 5f88c595f..cadd634a2 100644 --- a/tests/binary-cache.sh +++ b/tests/binary-cache.sh @@ -48,7 +48,7 @@ mkdir -p $TEST_ROOT/empty nix-store --dump $TEST_ROOT/empty | xz > $nar nix-build --option binary-caches "file://$cacheDir" dependencies.nix -o $TEST_ROOT/result 2>&1 | tee $TEST_ROOT/log -grep -q "hash mismatch in downloaded path" $TEST_ROOT/log +grep -q "hash mismatch" $TEST_ROOT/log mv $nar.good $nar |