projects / gatekeeper.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 599d6fb)
Accept failure to verify signature during speculative check
authorJacob Bachmeyer <jcb@gnu.org>
Thu, 27 Oct 2022 04:59:32 +0000 (23:59 -0500)
committerJacob Bachmeyer <jcb@gnu.org>
Thu, 27 Oct 2022 04:59:32 +0000 (23:59 -0500)
Previously, the tool would stop before examining the directive file if the
signature did not match a keyring somewhere.  Plans to replace this check
with a single check against the collected master keyring ran afoul of plans
to eliminate the collected master keyring.  Current future plans are to use
an index mapping long key IDs to email addresses to replace this, since GPG
will report the long key ID used to produce a signature even if the key is
not in the available keyrings.

This changed the email sent in two cases in the testsuite, which has been
adjusted accordingly in this commit.  Concerns about unauthorized parties
abusing the mechanism to spam ftp-upload-report are not relevant here,
since a reuse of a valid directive with a bogus file would be sufficient
to cause mail to be sent to that box.  In short, that is a separate issue.

gatekeeper.pl patch | blob | blame | history
testsuite/gatekeeper.all/03_triplet.exp patch | blob | blame | history

diff --git a/gatekeeper.pl b/gatekeeper.pl
index 1a002f1f9f30f493dc4dbc90789199da0e259773..3db6fc7e8d1bf298241f935efc8aef6f98e1da8d 100755 (executable)
--- a/gatekeeper.pl
+++ b/gatekeeper.pl
@@ -1906,13 +1906,10 @@ sub read_directive_file {
     my $tmp_result = verify_clearsigned_message
       ($directive_file_contents, @tmp_keyrings);
 
-    if ($tmp_result->{exitcode} != 0 || defined $tmp_result->{TILT}) {
-      guess_uploader_email($directive_file_contents);
-      fatal("gpg verify of directive file failed",1,'',2);
+    unless ($tmp_result->{exitcode} != 0 || defined $tmp_result->{TILT}) {
+      if (($tmp_result->{raw_log} =~ /Good signature from .*?<(.*?)>/))
+       { push(@{$info{email}},$1) }
     }
-
-    push(@{$info{email}},$1)
-      if ($tmp_result->{raw_log} =~ /Good signature from .*?<(.*?)>/);
   }
 
   my $ops = interpret_directive($directive, $directive_file_contents);
diff --git a/testsuite/gatekeeper.all/03_triplet.exp b/testsuite/gatekeeper.all/03_triplet.exp
index 250d7c02d24f5b40e8e4236abdec69df5875b8a6..80f6bd41b510afa096dbf4f6abb013322bf88542 100644 (file)
--- a/testsuite/gatekeeper.all/03_triplet.exp
+++ b/testsuite/gatekeeper.all/03_triplet.exp
@@ -115,6 +115,7 @@ check_triplet "bogus: signature from unknown key in directive" setup {
        gpgv,directive-verify-failed "incorrect signature rejected"
     } email-to {
        ftp-upload-script@gnu.org foo@example.org foo@example.net
+       ftp-upload-report@gnu.org
     }
 }
 
@@ -190,6 +191,7 @@ check_triplet "bogus: bad signature in directive" setup {
        gpgv,directive-verify-failed "incorrect signature rejected"
     } email-to {
        ftp-upload-script@gnu.org foo@example.org foo@example.net
+       ftp-upload-report@gnu.org
     }
 }