diff options
author | Ludovic Courtès <ludo@gnu.org> | 2015-08-27 10:58:31 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2015-08-27 10:58:31 +0200 |
commit | ef80ca96faeee8d2a07cf87813ddf8fb0c18d700 (patch) | |
tree | f8af6411b0f483c42dbb5483a7a46baa6fe84348 | |
parent | 54e515eb75491f4d32219c223d4c753afb0d2c48 (diff) | |
download | guix-ef80ca96faeee8d2a07cf87813ddf8fb0c18d700.tar guix-ef80ca96faeee8d2a07cf87813ddf8fb0c18d700.tar.gz |
daemon: Require a signature for imports made by root.
This reinstates commit aa0f8409, which was inadvertently undone in commit
322eeb87.
Running 'guix archive --import' as root would have let corrupt or unauthentic
store items through.
Reported by Eric Hanchrow <eric.hanchrow@gmail.com>
at <http://bugs.gnu.org/21354>.
* nix/nix-daemon/nix-daemon.cc (performOp) <wopImportPaths>: Pass true as the
first argument to 'importPaths'.
-rw-r--r-- | nix/nix-daemon/nix-daemon.cc | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/nix/nix-daemon/nix-daemon.cc b/nix/nix-daemon/nix-daemon.cc index 2b89190dbe..10159db62e 100644 --- a/nix/nix-daemon/nix-daemon.cc +++ b/nix/nix-daemon/nix-daemon.cc @@ -440,7 +440,10 @@ static void performOp(bool trusted, unsigned int clientVersion, case wopImportPaths: { startWork(); TunnelSource source(from); - Paths paths = store->importPaths(!trusted, source); + + /* Unlike Nix, always require a signature, even for "trusted" + users. */ + Paths paths = store->importPaths(true, source); stopWork(); writeStrings(paths, to); break; |