# - [AZ] Authorization
#
-# Before checking the files, move them to a temporary directory.
-#
-# Check that the key is on the keyring for this package, and that
-# SIG_FILE and UPLOAD_FILE are good.
-#
+=item check_files ( $directory, $oplist_header )
+
+Check the file pair in an upload by verifying the detached signature and
+ensuring that the upload, if a tarball, does not show signs of known
+vulnerabilities. This function needs only the operation list header hash
+and the directory in which the files are staged. The allowed keyrings are
+found using information in the operation list header.
+
+The upload file name is taken from the operation list header, where it was
+obtained from the "filename" directive element. The name of the detached
+signature is constructed by appending a ".sig" suffix, per PGP conventions.
+
+An exception is thrown if any of the checks fail.
+
+=cut
+
sub check_files {
+ my $directory = shift;
my $header = shift;
- my $files = shift;
- my ($sig_file,$upload_file) = ($files->{"sig"}, $files->{"upload"});
- my $sig_file_size = -s $sig_file;
+ my $upload_file = File::Spec->catfile($directory, $header->{filename});
my $upload_file_size = -s $upload_file;
+ my $sig_file = File::Spec->catfile($directory, $header->{filename}.'.sig');
+ my $sig_file_size = -s $sig_file;
ftp_syslog('debug', "DEBUG: "
."$sig_file size is $sig_file_size") if DEBUG;
last;
}
}
- $valid
- or fatal("gpg verify of upload file ($upload_file) failed",1);
+ fatal("gpg verify of upload file ($header->{filename}) failed",1)
+ unless $valid;
my $error_string = check_vulnerabilities($upload_file);
my $destdir = "$destfinal/$header->{directory}";
foreach my $step (@{$oplist}[1..$#$oplist]) { # skip the header
if ($step->[0] eq 'install') {
- check_files($header, $files);
+ check_files($incoming_tmp, $header);
install_files($header, $files);
} elsif ($step->[0] eq 'symlink') {
my $target = $step->[1];
projects / gatekeeper.git / commitdiff