Check signatures before downloading the substitute
This commit is contained in:
parent
42ae8d95aa
commit
57d33013ce
2 changed files with 11 additions and 0 deletions
|
@ -3142,6 +3142,16 @@ void SubstitutionGoal::tryNext()
|
|||
|
||||
hasSubstitute = true;
|
||||
|
||||
/* Bail out early if this substituter lacks a valid
|
||||
signature. LocalStore::addToStore() also checks for this, but
|
||||
only after we've downloaded the path. */
|
||||
if (worker.store.requireSigs && !info->checkSignatures(worker.store.publicKeys)) {
|
||||
printMsg(lvlInfo, format("warning: substituter ‘%s’ does not have a valid signature for path ‘%s’")
|
||||
% sub->getUri() % storePath);
|
||||
tryNext();
|
||||
return;
|
||||
}
|
||||
|
||||
/* To maintain the closure invariant, we first have to realise the
|
||||
paths referenced by this one. */
|
||||
for (auto & i : info->references)
|
||||
|
|
|
@ -248,6 +248,7 @@ private:
|
|||
void signPathInfo(ValidPathInfo & info);
|
||||
|
||||
friend class DerivationGoal;
|
||||
friend class SubstitutionGoal;
|
||||
};
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue