nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-11-15 06:52:43 +01:00
Code Activity

Fix #1921

Browse source 
(cherry picked from commit d34fa2bcc3)
Signed-off-by: Domen Kožar <domen@dev.si>
This commit is contained in:
Eelco Dolstra 2018-04-13 15:42:35 +02:00 committed by Domen Kožar
parent dab3a9d37b
commit 444b921fcb
No known key found for this signature in database
GPG key ID: C2FFBCAFD2C24246
3 changed files with 14 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/libstore/build.cc
View file

@ -3680,7 +3680,7 @@ void SubstitutionGoal::tryNext()
only after we've downloaded the path. */ only after we've downloaded the path. */
if (worker.store.requireSigs if (worker.store.requireSigs
&& !sub->isTrusted && !sub->isTrusted
&& !info->checkSignatures(worker.store, worker.store.publicKeys)) && !info->checkSignatures(worker.store, worker.store.getPublicKeys()))
{ {
printError("warning: substituter '%s' does not have a valid signature for path '%s'", printError("warning: substituter '%s' does not have a valid signature for path '%s'",
sub->getUri(), storePath); sub->getUri(), storePath);

12
src/libstore/local-store.cc
View file

@ -53,7 +53,6 @@ LocalStore::LocalStore(const Params & params)
, trashDir(realStoreDir + "/trash") , trashDir(realStoreDir + "/trash")
, tempRootsDir(stateDir + "/temproots") , tempRootsDir(stateDir + "/temproots")
, fnTempRoots(fmt("%s/%d", tempRootsDir, getpid())) , fnTempRoots(fmt("%s/%d", tempRootsDir, getpid()))
, publicKeys(getDefaultPublicKeys())
{ {
auto state(_state.lock()); auto state(_state.lock());
@ -964,6 +963,15 @@ void LocalStore::invalidatePath(State & state, const Path & path)
} }
const PublicKeys & LocalStore::getPublicKeys()
{
auto state(_state.lock());
if (!state->publicKeys)
state->publicKeys = std::make_unique<PublicKeys>(getDefaultPublicKeys());
return *state->publicKeys;
}
void LocalStore::addToStore(const ValidPathInfo & info, const ref<std::string> & nar, void LocalStore::addToStore(const ValidPathInfo & info, const ref<std::string> & nar,
RepairFlag repair, CheckSigsFlag checkSigs, std::shared_ptr<FSAccessor> accessor) RepairFlag repair, CheckSigsFlag checkSigs, std::shared_ptr<FSAccessor> accessor)
{ {
@ -978,7 +986,7 @@ void LocalStore::addToStore(const ValidPathInfo & info, const ref<std::string> &
throw Error("size mismatch importing path '%s'; expected %s, got %s", throw Error("size mismatch importing path '%s'; expected %s, got %s",
info.path, info.narSize, nar->size()); info.path, info.narSize, nar->size());
if (requireSigs && checkSigs && !info.checkSignatures(*this, publicKeys)) if (requireSigs && checkSigs && !info.checkSignatures(*this, getPublicKeys()))
throw Error("cannot add path '%s' because it lacks a valid signature", info.path); throw Error("cannot add path '%s' because it lacks a valid signature", info.path);
addTempRoot(info.path); addTempRoot(info.path);

4
src/libstore/local-store.hh
View file

@ -77,6 +77,8 @@ private:
minFree but not much below availAfterGC, then there is no minFree but not much below availAfterGC, then there is no
point in starting a new GC. */ point in starting a new GC. */
uint64_t availAfterGC = std::numeric_limits<uint64_t>::max(); uint64_t availAfterGC = std::numeric_limits<uint64_t>::max();
std::unique_ptr<PublicKeys> publicKeys;
}; };
Sync<State, std::recursive_mutex> _state; Sync<State, std::recursive_mutex> _state;
@ -100,7 +102,7 @@ private:
settings.requireSigs, settings.requireSigs,
"require-sigs", "whether store paths should have a trusted signature on import"}; "require-sigs", "whether store paths should have a trusted signature on import"};
PublicKeys publicKeys; const PublicKeys & getPublicKeys();
public: public: