Check signatures before downloading the substitute
This commit is contained in:
Eelco Dolstra
parent
42ae8d95aa
commit
57d33013ce
2 changed files with 11 additions and 0 deletions
|
|
@ -3142,6 +3142,16 @@ void SubstitutionGoal::tryNext()
|
||||||
|
|
||||||
hasSubstitute = true;
|
hasSubstitute = true;
|
||||||
|
|
||||||
|
/* Bail out early if this substituter lacks a valid
|
||||||
|
signature. LocalStore::addToStore() also checks for this, but
|
||||||
|
only after we've downloaded the path. */
|
||||||
|
if (worker.store.requireSigs && !info->checkSignatures(worker.store.publicKeys)) {
|
||||||
|
printMsg(lvlInfo, format("warning: substituter ‘%s’ does not have a valid signature for path ‘%s’")
|
||||||
|
% sub->getUri() % storePath);
|
||||||
|
tryNext();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
/* To maintain the closure invariant, we first have to realise the
|
/* To maintain the closure invariant, we first have to realise the
|
||||||
paths referenced by this one. */
|
paths referenced by this one. */
|
||||||
for (auto & i : info->references)
|
for (auto & i : info->references)
|
||||||
|
|
|
||||||
|
|
@ -248,6 +248,7 @@ private:
|
||||||
void signPathInfo(ValidPathInfo & info);
|
void signPathInfo(ValidPathInfo & info);
|
||||||
|
|
||||||
friend class DerivationGoal;
|
friend class DerivationGoal;
|
||||||
|
friend class SubstitutionGoal;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue