From: Jacob Bachmeyer Date: Wed, 19 Oct 2022 03:54:29 +0000 (-0500) Subject: Rearrange validation checks in read_directive_file X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=2bda47f8e9db4d5e46191f415d7c455255696740;p=gatekeeper.git Rearrange validation checks in read_directive_file This also resolves a TODO item in the testsuite. --- diff --git a/gatekeeper.pl b/gatekeeper.pl index f95372c..c30f7a8 100755 --- a/gatekeeper.pl +++ b/gatekeeper.pl @@ -1507,6 +1507,10 @@ sub read_directive_file { debug($directive_file_contents, '') if DEBUG; } + # They have to specify a version + fatal("no version directive specified in $directive_file",1) + unless defined $op_header->{version}; + # They have to specify a directory directive. unless ($op_header->{directory}) { # Send the warning to the upload-ftp script maintainer, and the person who @@ -1515,6 +1519,14 @@ sub read_directive_file { fatal("no directory directive specified in $directive_file",1); } + # Configuration must exist for the package + -d $package_config_base . '/' . $op_header->{package} + or fatal("no configuration directory for package $op_header->{package}",0); + + # Check that we have a keyring for this package: + my @keyrings = keyring_file ($op_header->{package},$op_header->{directory}); + fatal("no keyring for package $op_header->{package}",0) if ($#keyrings < 0); + # If there is a command in the directive that doesn't require an actual # file to work on, we won't require the filename line in the directive # file. This will allow people to upload a directive file only to @@ -1554,14 +1566,6 @@ sub read_directive_file { $filename_required = 0; } - # Configuration must exist for the package - -d $package_config_base . '/' . $op_header->{package} - or fatal("no configuration directory for package $op_header->{package}",0); - - # Check that we have a keyring for this package: - my @keyrings = keyring_file ($op_header->{package},$op_header->{directory}); - fatal("no keyring for package $info{package}",0) if ($#keyrings < 0); - if ($filename_required) { # Ben Pfaff wrote: # First, "gpg -b" doesn't verify that the filename of the signed @@ -1586,10 +1590,6 @@ sub read_directive_file { if ($directive_file ne "$info{filename}{value}.directive.asc"); } - # They have to specify a version - fatal("no version directive specified in $directive_file",1) - unless defined $op_header->{version}; - my $retval = verify_keyring($directive_file,$directive_file_contents, @keyrings); diff --git a/testsuite/gatekeeper.all/03_triplet.exp b/testsuite/gatekeeper.all/03_triplet.exp index e55980c..3f5715b 100644 --- a/testsuite/gatekeeper.all/03_triplet.exp +++ b/testsuite/gatekeeper.all/03_triplet.exp @@ -684,14 +684,12 @@ check_triplet "obsolete: v1.0 format directive" setup { found,foo.bin.directive.asc "found directive in triplet" found-packet,foo.bin.directive.asc:foo.bin.sig:foo.bin \ "found triplet" - validate,no-filename "directive file lacking version rejected" + validate,no-version "directive file lacking version rejected" } email-to { ftp-upload-script@gnu.org foo@example.gnu.org ftp-upload-report@gnu.org foo@example.org foo@example.net } } -# TODO: The above "validate,no-filename" should be "validate,no-version" -# but the script currently does not check these in the proper order. check_triplet "bogus: duplicated version key" setup { packages {