From: Jacob Bachmeyer Date: Thu, 3 Nov 2022 20:13:46 +0000 (-0500) Subject: Add structured exception for directive replay X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=89aa8e47b69c31872f7f85c6281a0662037b0b46;p=gatekeeper.git Add structured exception for directive replay --- diff --git a/gatekeeper.pl b/gatekeeper.pl index f864731..f25e9b4 100755 --- a/gatekeeper.pl +++ b/gatekeeper.pl @@ -565,6 +565,22 @@ BEGIN { { return join("\n", map join(': ', @$_), @{(shift)->{trace}})."\n" } } +{ + package Local::Exception::signature_replay; + {our @ISA = qw(Local::Exception)} + + sub summary { return 'directive signature timestamp older than expected' } + + sub message { my $M = <<'END'; return join(' ', split /\n/, $M); } +GPG signed upload older than/same timestamp as existing version - not +allowed. In other words, the filenames for the triplet you have uploaded +are an exact match for a triplet that has been uploaded in the past, and +the directive file that you just uploaded has been signed before or at the +same time as the directive file for the triplet that was uploaded earlier. +Most likely, you are re-uploading an old triplet. +END +} + { package Local::Exception::unknown_package; {our @ISA = qw(Local::Exception)} @@ -1941,13 +1957,8 @@ sub advance_timestamp_ratchet { if (exists($serials{$full_filename}) && ($serials{$full_filename} >= $new_epoch)) { flock(SERIALS,4); # Release lock - fatal("GPG signed upload older than/same timestamp as existing version " - ."- not allowed. In other words, the filenames for the triplet " - ."you have uploaded are an exact match for a triplet that has " - ."been uploaded in the past, and the directive file that you " - ."just uploaded has been signed before or at the same time as " - ."the directive file for the triplet that was uploaded earlier. " - ."Most likely, you are re-uploading an old triplet.",1); + throw signature_replay => + previous_timestamp => $old_epoch, new_timestamp => $new_epoch } $serials{$full_filename} = $new_epoch; @@ -2609,7 +2620,8 @@ foreach my $packet (@packets) { # each list element is an array reference mail(join("\n",$E->summary,'',$E->trace_msg),1); } elsif ($E->type_p('package_configuration')) { mail($E->summary,0); - } elsif ($E->type_p('unknown_package')) { + } elsif ($E->type_p('signature_replay') + || $E->type_p('unknown_package')) { mail($E->message,1); } } else { diff --git a/testsuite/lib/gatekeeper.exp b/testsuite/lib/gatekeeper.exp index 7700028..41dbc2a 100644 --- a/testsuite/lib/gatekeeper.exp +++ b/testsuite/lib/gatekeeper.exp @@ -761,7 +761,7 @@ proc analyze_log { base_dir name assess } { exp_continue } -re {^gatekeeper\[[0-9]+\]: \(Test\) \[AA\]\ - GPG signed upload older than/same timestamp[^\r\n]+} { + directive signature timestamp older than expected} { # from read_directive_file, if signature timestamp bad set A(validate,older-signature-timestamp) 1 exp_continue