Add additional file signature check to ensure proper staging master
authorJacob Bachmeyer <jcb@gnu.org>
Sat, 16 Sep 2023 00:38:24 +0000 (19:38 -0500)
committerJacob Bachmeyer <jcb@gnu.org>
Sat, 16 Sep 2023 00:38:24 +0000 (19:38 -0500)
There is a (very remote) possibility of the uploaded file being corrupted
while transferring it from the scratch directory to the staging directory,
since this transfer can actually copy data instead of being a simple
rename(2) call.  This commit adds a safeguard against this risk by
rechecking the detached signature after the file pair is moved.

The testsuite is updated accordingly.

gatekeeper.pl
testsuite/lib/tool/gatekeeper.exp

index 3b1f991fa1007192f2909612678abdf502996798..09f573388cab7a2d07eb42fd820d51b95349bb1d 100755 (executable)
@@ -2435,6 +2435,19 @@ order.
       (CONF_DIR_Scratch, $self->upload_filename, CONF_DIR_Staging);
     # Staging the file now should avoid the (remote) possibility of
     # encountering ENOSPC during installation.
       (CONF_DIR_Scratch, $self->upload_filename, CONF_DIR_Staging);
     # Staging the file now should avoid the (remote) possibility of
     # encountering ENOSPC during installation.
+
+    # Recheck the detached signature to be certain that the file was
+    # transferred successfully.
+    my $fsig_info = verify_detached_signature
+      (map(File::Spec->catfile(CONF_DIR_Staging, $_),
+          $self->target_filepair),
+       $self->auth_keyrings);
+
+    die 'GPG signature found to be invalid after staging file'
+      unless $fsig_info->{exitcode} == 0 && !defined $fsig_info->{TILT};
+    # This is a simple error instead of a structured exception because it
+    # indicates a problem with the server.
+
   }
 
   sub install {
   }
 
   sub install {
index 1a57962f2717f6b42ff9853f02c230cba3340662..d72ccc9033d053ca0143394d1b22b9cd36f8ddb0 100644 (file)
@@ -638,18 +638,18 @@ proc analyze_log { base_dir name assess } {
                     exp_continue
                 }
 
                     exp_continue
                 }
 
-       -re {^gatekeeper\[[0-9]+\]: \(Test\) \[(?:AA|RP)\]\
+       -re {^gatekeeper\[[0-9]+\]: \(Test\) \[(?:AA|EX|RP)\]\
                 DEBUG: [^ ]+ size is [[:digit:]]+} {
                     # from verify_keyring, upon entry
                     # also from check_files, twice, upon entry
                     exp_continue
                 }
                 DEBUG: [^ ]+ size is [[:digit:]]+} {
                     # from verify_keyring, upon entry
                     # also from check_files, twice, upon entry
                     exp_continue
                 }
-       -re {^gatekeeper\[[0-9]+\]: \(Test\) \[(?:AA|RP)\]\
+       -re {^gatekeeper\[[0-9]+\]: \(Test\) \[(?:AA|EX|RP)\]\
                 DEBUG: gpgv command line: [^\r\n]+} {
                     # from verify_keyring, tracing gpgv call
                     exp_continue
                 }
                 DEBUG: gpgv command line: [^\r\n]+} {
                     # from verify_keyring, tracing gpgv call
                     exp_continue
                 }
-       -re {^gatekeeper\[[0-9]+\]: \(Test\) \[(?:AA|RP)\]\
+       -re {^gatekeeper\[[0-9]+\]: \(Test\) \[(?:AA|EX|RP)\]\
                 gpgv exited ([[:digit:]]+)} {
                     # from verify_keyring, when closing pipe from gpgv
                     set A(gpgv,exitcode,$expect_out(1,string)) 1
                 gpgv exited ([[:digit:]]+)} {
                     # from verify_keyring, when closing pipe from gpgv
                     set A(gpgv,exitcode,$expect_out(1,string)) 1