Add structured exception for GPG signature verification errors

This commit also adjusts check_files to use the package configuration
exception at the check for a lack of keyrings and tidies the syntax for a
similar check at top-level.

diff --git a/gatekeeper.pl b/gatekeeper.pl
index d6676f66a7dc9cb21b4977f0456ba482267e5a86..1e7ee35427e6c1573b3e344c2fee928779e71281 100755 (executable)
--- a/gatekeeper.pl
+++ b/gatekeeper.pl
@@ -609,6 +609,13 @@ END
   }
 }
 
+{
+  package Local::Exception::signature_error;
+  {our @ISA = qw(Local::Exception)}
+
+  sub sig_info { (shift)->{sig_info} }
+}
+
 {
   package Local::Exception::signature_from_future;
   {our @ISA = qw(Local::Exception)}
@@ -2277,7 +2284,9 @@ sub check_files {
             ."$upload_file size is $upload_file_size") if DEBUG;
 
   my @keyrings = directory_keyrings($header->{directory});
-  fatal("no keyring for package $header->{package}",0) if ($#keyrings < 0);
+  throw package_configuration => package_name => $header->{package},
+    summary => "no keyring for package $header->{package}"
+      unless @keyrings;
 
   my $valid = 0;
   foreach my $keyring (@keyrings) {
@@ -2288,8 +2297,9 @@ sub check_files {
       last;
     }
   }
-  fatal("gpg verify of upload file ($header->{filename}) failed",1)
-    unless $valid;
+  throw signature_error => sig_info => undef,
+    summary => "gpg verify of upload file ($header->{filename}) failed"
+      unless $valid;
 
   check_vulnerabilities($upload_file);
 
@@ -2620,17 +2630,18 @@ foreach my $packet (@packets) { # each list element is an array reference
     my @keyrings = directory_keyrings($op_header->{directory});
     unless (@keyrings) {
       my $package = directory_package_name($op_header->{directory});
-      throw package_configuration =>
-       summary => "no keyring for package $package",
-       package_name => directory_package_name($op_header->{directory})
+      throw package_configuration => package_name => $package,
+       summary => "no keyring for package $package"
     }
 
     $sig_info = verify_clearsigned_message($directive_text, @keyrings);
 
-    fatal("gpg verify of directive file failed",1,'',2)
-      if $sig_info->{exitcode} != 0 || defined $sig_info->{TILT};
-    fatal("gpg verification problem: could not extract timestamp",1)
-      unless defined $sig_info->{sig_creation};
+    throw signature_error => sig_info => $sig_info,
+      summary => "gpg verify of directive file failed"
+       if $sig_info->{exitcode} != 0 || defined $sig_info->{TILT};
+    throw signature_error => sig_info => $sig_info,
+      summary => "gpg verification problem: could not extract timestamp"
+       unless defined $sig_info->{sig_creation};
 
     check_replay($oplist, $sig_info->{sig_creation});
 
@@ -2671,6 +2682,8 @@ foreach my $packet (@packets) {   # each list element is an array reference
        mail(join("\n",$E->summary,'',$E->trace_msg),1);
       } elsif ($E->type_p('package_configuration')) {
        mail($E->summary,0);
+      } elsif ($E->type_p('signature_error')) {
+       mail($E->summary,1);
       } elsif (UNIVERSAL::can($E, 'message')) {
        # catch-all for exceptions carrying long-form messages
        mail($E->message,1);