summary refs log tree commit diff
path: root/nix/nix-daemon/nix-daemon.cc
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2015-06-06 18:00:58 +0200
committerLudovic Courtès <ludo@gnu.org>2015-06-06 18:58:55 +0200
commitaa0f8409db9abb4d8d04127b1072f12a64b5f7ee (patch)
treef24e5dd174f749cacd4d1971beba4b95c05f4667 /nix/nix-daemon/nix-daemon.cc
parentd2aa12250ece6d71ef1edee2ea2a69ccf70ac354 (diff)
downloadguix-aa0f8409db9abb4d8d04127b1072f12a64b5f7ee.tar.gz
daemon: Always require a signature when importing an archive.
* nix/nix-daemon/nix-daemon.cc (performOp): Pass true as the first argument to
  'performOp'.
Diffstat (limited to 'nix/nix-daemon/nix-daemon.cc')
-rw-r--r--nix/nix-daemon/nix-daemon.cc5
1 files changed, 4 insertions, 1 deletions
diff --git a/nix/nix-daemon/nix-daemon.cc b/nix/nix-daemon/nix-daemon.cc
index 2b89190dbe..10159db62e 100644
--- a/nix/nix-daemon/nix-daemon.cc
+++ b/nix/nix-daemon/nix-daemon.cc
@@ -440,7 +440,10 @@ static void performOp(bool trusted, unsigned int clientVersion,
     case wopImportPaths: {
         startWork();
         TunnelSource source(from);
-        Paths paths = store->importPaths(!trusted, source);
+
+	/* Unlike Nix, always require a signature, even for "trusted"
+	   users.  */
+        Paths paths = store->importPaths(true, source);
         stopWork();
         writeStrings(paths, to);
         break;