daemon: Require a signature for imports made by root.

This reinstates commit aa0f8409, which was inadvertently undone in commit 322eeb87. Running 'guix archive --import' as root would have let corrupt or unauthentic store items through. Reported by Eric Hanchrow <eric.hanchrow@gmail.com> at <http://bugs.gnu.org/21354>. * nix/nix-daemon/nix-daemon.cc (performOp) <wopImportPaths>: Pass true as the first argument to 'importPaths'.
2015-08-27 10:58:31 +02:00 · 2015-08-27 10:58:31 +02:00 · ef80ca96fa
parent 54e515eb75
commit ef80ca96fa
1 changed files with 4 additions and 1 deletions
--- a/nix/nix-daemon/nix-daemon.cc
+++ b/nix/nix-daemon/nix-daemon.cc
@ -440,7 +440,10 @@ static void performOp(bool trusted, unsigned int clientVersion,
    case wopImportPaths: {
        startWork();
        TunnelSource source(from);
-        Paths paths = store->importPaths(!trusted, source);
+
+	/* Unlike Nix, always require a signature, even for "trusted"
+	   users.  */
+        Paths paths = store->importPaths(true, source);
        stopWork();
        writeStrings(paths, to);
        break;