Check the signatures when copying store paths around

Broken atm
2025-07-07 01:51:47 +02:00 · 2021-03-08 16:43:11 +01:00 · 2021-03-08 16:43:11 +01:00 · 54ced9072b
commit 54ced9072b
parent 3e6017f911
6 changed files with 53 additions and 2 deletions
--- a/src/libstore/local-store.cc
+++ b/src/libstore/local-store.cc
@ -652,6 +652,14 @@ void LocalStore::checkDerivationOutputs(const StorePath & drvPath, const Derivat
    }
 }

+void LocalStore::registerDrvOutput(const Realisation & info, CheckSigsFlag checkSigs)
+{
+    settings.requireExperimentalFeature("ca-derivations");
+    if (checkSigs == NoCheckSigs || !realisationIsUntrusted(info))
+        registerDrvOutput(info);
+    else
+        throw Error("cannot register realisation '%s' because it lacks a valid signature", info.outPath.to_string());
+}

 void LocalStore::registerDrvOutput(const Realisation & info)
 {
--- a/src/libstore/local-store.hh
+++ b/src/libstore/local-store.hh
@ -203,6 +203,7 @@ public:
    /* Register the store path 'output' as the output named 'outputName' of
       derivation 'deriver'. */
    void registerDrvOutput(const Realisation & info) override;
+    void registerDrvOutput(const Realisation & info, CheckSigsFlag checkSigs) override;
    void cacheDrvOutputMapping(State & state, const uint64_t deriver, const string & outputName, const StorePath & output);

    std::optional<const Realisation> queryRealisation(const DrvOutput&) override;
--- a/src/libstore/store-api.cc
+++ b/src/libstore/store-api.cc
@ -798,7 +798,7 @@ std::map<StorePath, StorePath> copyPaths(ref<Store> srcStore, ref<Store> dstStor
    auto pathsMap = copyPaths(srcStore, dstStore, storePaths, repair, checkSigs, substitute);
    try {
        for (auto & realisation : realisations) {
-            dstStore->registerDrvOutput(realisation);
+            dstStore->registerDrvOutput(realisation, checkSigs);
        }
    } catch (MissingExperimentalFeature & e) {
        // Don't fail if the remote doesn't support CA derivations is it might
--- a/src/libstore/store-api.hh
+++ b/src/libstore/store-api.hh
@ -485,6 +485,8 @@ public:
     */
    virtual void registerDrvOutput(const Realisation & output)
    { unsupported("registerDrvOutput"); }
+    virtual void registerDrvOutput(const Realisation & output, CheckSigsFlag checkSigs)
+    { return registerDrvOutput(output); }

    /* Write a NAR dump of a store path. */
    virtual void narFromPath(const StorePath & path, Sink & sink) = 0;