From aa0f8409db9abb4d8d04127b1072f12a64b5f7ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Sat, 6 Jun 2015 18:00:58 +0200
Subject: [PATCH] daemon: Always require a signature when importing an archive.

* nix/nix-daemon/nix-daemon.cc (performOp): Pass true as the first argument to
  'performOp'.
---
 nix/nix-daemon/nix-daemon.cc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/nix/nix-daemon/nix-daemon.cc b/nix/nix-daemon/nix-daemon.cc
index 2b89190dbe0..10159db62e0 100644
--- a/nix/nix-daemon/nix-daemon.cc
+++ b/nix/nix-daemon/nix-daemon.cc
@@ -440,7 +440,10 @@ static void performOp(bool trusted, unsigned int clientVersion,
     case wopImportPaths: {
         startWork();
         TunnelSource source(from);
-        Paths paths = store->importPaths(!trusted, source);
+
+	/* Unlike Nix, always require a signature, even for "trusted"
+	   users.  */
+        Paths paths = store->importPaths(true, source);
         stopWork();
         writeStrings(paths, to);
         break;
-- 
GitLab