mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-27 00:06:16 +02:00
* Don't check the signature unless we have to.
This commit is contained in:
parent
2ea3bebc23
commit
b4a040e52b
1 changed files with 20 additions and 18 deletions
|
@ -840,6 +840,7 @@ Path LocalStore::importPath(bool requireSignature, Source & source)
|
|||
if (haveSignature) {
|
||||
string signature = readString(hashAndReadSource);
|
||||
|
||||
if (requireSignature) {
|
||||
Path sigFile = tmpDir + "/sig";
|
||||
writeStringToFile(sigFile, signature);
|
||||
|
||||
|
@ -853,8 +854,8 @@ Path LocalStore::importPath(bool requireSignature, Source & source)
|
|||
args.push_back(sigFile);
|
||||
string hash2 = runProgram("openssl", true, args);
|
||||
|
||||
/* Note: runProgram() throws an exception if the signature is
|
||||
invalid. */
|
||||
/* Note: runProgram() throws an exception if the signature
|
||||
is invalid. */
|
||||
|
||||
if (printHash(hash) != hash2)
|
||||
throw Error(
|
||||
|
@ -862,6 +863,7 @@ Path LocalStore::importPath(bool requireSignature, Source & source)
|
|||
"archive; archive could be corrupt, or someone is trying "
|
||||
"to import a Trojan horse");
|
||||
}
|
||||
}
|
||||
|
||||
/* Do the actual import. */
|
||||
|
||||
|
|
Loading…
Reference in a new issue