Revise timestamp check to use new operation list

diff --git a/gatekeeper.pl b/gatekeeper.pl
index 42f142d61433da77248c64c87be0045c148f5987..b50a07f37b35819427f923260c3e9ea2e94df78f 100755 (executable)
--- a/gatekeeper.pl
+++ b/gatekeeper.pl
@@ -1939,12 +1939,11 @@ sub read_directive_file {
     fatal("gpg verify of directive file failed",1,'',2);
   }
 
-  # Now check that the timestamp of signing for the directive is not older
-  # than the one for the last file that was uploaded
-  # This is only relevant when a 'filename' directive is present, hence the
-  # test of the $filename_required variable.
-  if (defined $result->{sig_creation}
-      && (exists($info{filename}))) {
+  # If a file is to be installed, ensure that this directive is newer than
+  # the any previous directive installing a file under the same full name.
+  if (grep $_->[0] eq 'install', @$ops) {
+    fatal("gpg verification problem: could not extract timestamp",1)
+      unless defined $result->{sig_creation};
 
     ftp_syslog('debug', "DEBUG: Signature made "
               .strftime('%a %b %d %H:%M:%S %Y %Z',
@@ -1960,12 +1959,12 @@ sub read_directive_file {
            ."change the filename for your triplet.",1);
     }
 
-    my $full_filename = $info{"directory"} . '/' . $uploaded_file;
-    $full_filename =~ s/\/\//\//g; # Just in case...
 
-    advance_timestamp_ratchet($full_filename, $result->{sig_creation});
-  } elsif (exists($info{filename})) {
-    fatal("gpg verification problem: could not extract timestamp",1);
+    foreach my $installed (map $_->[1], grep $_->[0] eq 'install', @$ops) {
+      my $full_filename = File::Spec::Unix->catfile($op_header->{directory},
+                                                   $installed);
+      advance_timestamp_ratchet($full_filename, $result->{sig_creation});
+    }
   }
 
   return $ops;