* Don't check the signature unless we have to.

author: Eelco Dolstra <e.dolstra@tudelft.nl> 2007-03-01 12:30:24 +0000
committer: Eelco Dolstra <e.dolstra@tudelft.nl> 2007-03-01 12:30:24 +0000
commit: b4a040e52b607e019515e9339f90a2e5c6c21ad5 (patch)
tree: 3f8a53ac66cdab51f6f8314aaba95bcccb5ef011 /src/libstore/local-store.cc
parent: 2ea3bebc23b2d13475c00191f6005740fbdc7771 (diff)
1 files changed, 23 insertions, 21 deletions
diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc
index dce2b449e..edbe567f4 100644
--- a/src/libstore/local-store.cc
+++ b/src/libstore/local-store.cc
@@ -840,27 +840,29 @@ Path LocalStore::importPath(bool requireSignature, Source & source)
     if (haveSignature) {
         string signature = readString(hashAndReadSource);
 
-        Path sigFile = tmpDir + "/sig";
-        writeStringToFile(sigFile, signature);
-
-        Strings args;
-        args.push_back("rsautl");
-        args.push_back("-verify");
-        args.push_back("-inkey");
-        args.push_back(nixConfDir + "/signing-key.pub");
-        args.push_back("-pubin");
-        args.push_back("-in");
-        args.push_back(sigFile);
-        string hash2 = runProgram("openssl", true, args);
-
-        /* Note: runProgram() throws an exception if the signature is
-           invalid. */
-
-        if (printHash(hash) != hash2)
-            throw Error(
-                "signed hash doesn't match actual contents of imported "
-                "archive; archive could be corrupt, or someone is trying "
-                "to import a Trojan horse");
+        if (requireSignature) {
+            Path sigFile = tmpDir + "/sig";
+            writeStringToFile(sigFile, signature);
+
+            Strings args;
+            args.push_back("rsautl");
+            args.push_back("-verify");
+            args.push_back("-inkey");
+            args.push_back(nixConfDir + "/signing-key.pub");
+            args.push_back("-pubin");
+            args.push_back("-in");
+            args.push_back(sigFile);
+            string hash2 = runProgram("openssl", true, args);
+
+            /* Note: runProgram() throws an exception if the signature
+               is invalid. */
+
+            if (printHash(hash) != hash2)
+                throw Error(
+                    "signed hash doesn't match actual contents of imported "
+                    "archive; archive could be corrupt, or someone is trying "
+                    "to import a Trojan horse");
+        }
     }
 
     /* Do the actual import. */
author	Eelco Dolstra <e.dolstra@tudelft.nl>	2007-03-01 12:30:24 +0000
committer	Eelco Dolstra <e.dolstra@tudelft.nl>	2007-03-01 12:30:24 +0000
commit	b4a040e52b607e019515e9339f90a2e5c6c21ad5 (patch)
tree	3f8a53ac66cdab51f6f8314aaba95bcccb5ef011 /src/libstore/local-store.cc
parent	2ea3bebc23b2d13475c00191f6005740fbdc7771 (diff)