mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-12-02 10:26:16 +02:00
* Don't check the signature unless we have to.
This commit is contained in:
parent
2ea3bebc23
commit
b4a040e52b
1 changed files with 20 additions and 18 deletions
|
@ -840,6 +840,7 @@ Path LocalStore::importPath(bool requireSignature, Source & source)
|
||||||
if (haveSignature) {
|
if (haveSignature) {
|
||||||
string signature = readString(hashAndReadSource);
|
string signature = readString(hashAndReadSource);
|
||||||
|
|
||||||
|
if (requireSignature) {
|
||||||
Path sigFile = tmpDir + "/sig";
|
Path sigFile = tmpDir + "/sig";
|
||||||
writeStringToFile(sigFile, signature);
|
writeStringToFile(sigFile, signature);
|
||||||
|
|
||||||
|
@ -853,8 +854,8 @@ Path LocalStore::importPath(bool requireSignature, Source & source)
|
||||||
args.push_back(sigFile);
|
args.push_back(sigFile);
|
||||||
string hash2 = runProgram("openssl", true, args);
|
string hash2 = runProgram("openssl", true, args);
|
||||||
|
|
||||||
/* Note: runProgram() throws an exception if the signature is
|
/* Note: runProgram() throws an exception if the signature
|
||||||
invalid. */
|
is invalid. */
|
||||||
|
|
||||||
if (printHash(hash) != hash2)
|
if (printHash(hash) != hash2)
|
||||||
throw Error(
|
throw Error(
|
||||||
|
@ -862,6 +863,7 @@ Path LocalStore::importPath(bool requireSignature, Source & source)
|
||||||
"archive; archive could be corrupt, or someone is trying "
|
"archive; archive could be corrupt, or someone is trying "
|
||||||
"to import a Trojan horse");
|
"to import a Trojan horse");
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* Do the actual import. */
|
/* Do the actual import. */
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue