aboutsummaryrefslogtreecommitdiff
path: root/src/libstore/daemon.cc
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstore/daemon.cc')
-rw-r--r--src/libstore/daemon.cc14
1 files changed, 14 insertions, 0 deletions
diff --git a/src/libstore/daemon.cc b/src/libstore/daemon.cc
index 83f8968b0..ec3391a6d 100644
--- a/src/libstore/daemon.cc
+++ b/src/libstore/daemon.cc
@@ -546,6 +546,20 @@ static void performOp(TunnelLogger * logger, ref<Store> store,
are in fact content-addressed if we don't trust them. */
assert(derivationIsCA(drv.type()) || trusted);
+ /* Recompute the derivation path when we cannot trust the original. */
+ if (!trusted) {
+ /* Recomputing the derivation path for input-address derivations
+ makes it harder to audit them after the fact, since we need the
+ original not-necessarily-resolved derivation to verify the drv
+ derivation as adequate claim to the input-addressed output
+ paths. */
+ assert(derivationIsCA(drv.type()));
+
+ Derivation drv2;
+ static_cast<BasicDerivation &>(drv2) = drv;
+ drvPath = writeDerivation(*store, Derivation { drv2 });
+ }
+
auto res = store->buildDerivation(drvPath, drv, buildMode);
logger->stopWork();
to << res.status << res.errorMsg;