This reinstates commit
aa0f8409, which was inadvertently undone in commit
322eeb87.
Running 'guix archive --import' as root would have let corrupt or unauthentic
store items through.
Reported by Eric Hanchrow <eric.hanchrow@gmail.com>
at <http://bugs.gnu.org/21354>.
* nix/nix-daemon/nix-daemon.cc (performOp) <wopImportPaths>: Pass true as the
first argument to 'importPaths'.
case wopImportPaths: {
startWork();
TunnelSource source(from);
- Paths paths = store->importPaths(!trusted, source);
+
+ /* Unlike Nix, always require a signature, even for "trusted"
+ users. */
+ Paths paths = store->importPaths(true, source);
stopWork();
writeStrings(paths, to);
break;