From: Jacob Bachmeyer <jcb@gnu.org>
Date: Thu, 27 Oct 2022 00:29:13 +0000 (-0500)
Subject: Revise timestamp check to use new operation list
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=62d43bf4ab770f22c295f3a54c3bedd36f64253a;p=gatekeeper.git

Revise timestamp check to use new operation list
---

diff --git a/gatekeeper.pl b/gatekeeper.pl
index 42f142d..b50a07f 100755
--- a/gatekeeper.pl
+++ b/gatekeeper.pl
@@ -1939,12 +1939,11 @@ sub read_directive_file {
     fatal("gpg verify of directive file failed",1,'',2);
   }
 
-  # Now check that the timestamp of signing for the directive is not older
-  # than the one for the last file that was uploaded
-  # This is only relevant when a 'filename' directive is present, hence the
-  # test of the $filename_required variable.
-  if (defined $result->{sig_creation}
-      && (exists($info{filename}))) {
+  # If a file is to be installed, ensure that this directive is newer than
+  # the any previous directive installing a file under the same full name.
+  if (grep $_->[0] eq 'install', @$ops) {
+    fatal("gpg verification problem: could not extract timestamp",1)
+      unless defined $result->{sig_creation};
 
     ftp_syslog('debug', "DEBUG: Signature made "
 	       .strftime('%a %b %d %H:%M:%S %Y %Z',
@@ -1960,12 +1959,12 @@ sub read_directive_file {
 	    ."change the filename for your triplet.",1);
     }
 
-    my $full_filename = $info{"directory"} . '/' . $uploaded_file;
-    $full_filename =~ s/\/\//\//g; # Just in case...
 
-    advance_timestamp_ratchet($full_filename, $result->{sig_creation});
-  } elsif (exists($info{filename})) {
-    fatal("gpg verification problem: could not extract timestamp",1);
+    foreach my $installed (map $_->[1], grep $_->[0] eq 'install', @$ops) {
+      my $full_filename = File::Spec::Unix->catfile($op_header->{directory},
+						    $installed);
+      advance_timestamp_ratchet($full_filename, $result->{sig_creation});
+    }
   }
 
   return $ops;