From aa0f8409db9abb4d8d04127b1072f12a64b5f7ee Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Sat, 6 Jun 2015 18:00:58 +0200 Subject: daemon: Always require a signature when importing an archive. * nix/nix-daemon/nix-daemon.cc (performOp): Pass true as the first argument to 'performOp'. --- nix/nix-daemon/nix-daemon.cc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'nix/nix-daemon') diff --git a/nix/nix-daemon/nix-daemon.cc b/nix/nix-daemon/nix-daemon.cc index 2b89190dbe..10159db62e 100644 --- a/nix/nix-daemon/nix-daemon.cc +++ b/nix/nix-daemon/nix-daemon.cc @@ -440,7 +440,10 @@ static void performOp(bool trusted, unsigned int clientVersion, case wopImportPaths: { startWork(); TunnelSource source(from); - Paths paths = store->importPaths(!trusted, source); + + /* Unlike Nix, always require a signature, even for "trusted" + users. */ + Paths paths = store->importPaths(true, source); stopWork(); writeStrings(paths, to); break; -- cgit v1.2.3