Check signatures before downloading the substitute

author: Eelco Dolstra <eelco.dolstra@logicblox.com> 2016-05-30 15:09:01 +0200
committer: Eelco Dolstra <eelco.dolstra@logicblox.com> 2016-05-30 15:18:12 +0200
commit: 57d33013ce58e0cfd31e51dfb57a78f8f2a545fd (patch)
tree: c638b464c0811f5eca34391bd70c6531eb7b2505
parent: 42ae8d95aa152b69a8e190772845922ed7681cf5 (diff)
2 files changed, 11 insertions, 0 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index a6f8dfaba..cca357dfb 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -3142,6 +3142,16 @@ void SubstitutionGoal::tryNext()
 
     hasSubstitute = true;
 
+    /* Bail out early if this substituter lacks a valid
+       signature. LocalStore::addToStore() also checks for this, but
+       only after we've downloaded the path. */
+    if (worker.store.requireSigs && !info->checkSignatures(worker.store.publicKeys)) {
+        printMsg(lvlInfo, format("warning: substituter ‘%s’ does not have a valid signature for path ‘%s’")
+            % sub->getUri() % storePath);
+        tryNext();
+        return;
+    }
+
     /* To maintain the closure invariant, we first have to realise the
        paths referenced by this one. */
     for (auto & i : info->references)
diff --git a/src/libstore/local-store.hh b/src/libstore/local-store.hh
index 8de58cea8..2a3f452bc 100644
--- a/src/libstore/local-store.hh
+++ b/src/libstore/local-store.hh
@@ -248,6 +248,7 @@ private:
     void signPathInfo(ValidPathInfo & info);
 
     friend class DerivationGoal;
+    friend class SubstitutionGoal;
 };
author	Eelco Dolstra <eelco.dolstra@logicblox.com>	2016-05-30 15:09:01 +0200
committer	Eelco Dolstra <eelco.dolstra@logicblox.com>	2016-05-30 15:18:12 +0200
commit	57d33013ce58e0cfd31e51dfb57a78f8f2a545fd (patch)
tree	c638b464c0811f5eca34391bd70c6531eb7b2505
parent	42ae8d95aa152b69a8e190772845922ed7681cf5 (diff)