From c62e785fb19fa72bc016357e209846182dce0f31 Mon Sep 17 00:00:00 2001
From: Arnout Engelen <arnout@bzzt.net>
Date: Wed, 28 Feb 2024 00:45:27 +0100
Subject: [PATCH] Ignore narSize and references when importing signatures

This way systems sharing signatures no longer need to exchange (or
hold on to) the size or references.

They should not matter: the signature is based on the fingerprint
which contains the narSize and references. Mathematically speaking
there could be collisions, but that would essentially mean
sha256/ed25519 is broken, in which case we're in trouble anyway?
---
 src/nix/sigs.cc | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/nix/sigs.cc b/src/nix/sigs.cc
index dfef44869..78186abb2 100644
--- a/src/nix/sigs.cc
+++ b/src/nix/sigs.cc
@@ -63,9 +63,7 @@ struct CmdCopySigs : StorePathsCommand
 
                     /* Don't import signatures that don't match this
                        binary. */
-                    if (info->narHash != info2->narHash ||
-                        info->narSize != info2->narSize ||
-                        info->references != info2->references)
+                    if (info->narHash != info2->narHash)
                         continue;
 
                     for (auto & sig : info2->sigs)