From: Jacob Bachmeyer <jcb@gnu.org>
Date: Sat, 22 Oct 2022 03:36:12 +0000 (-0500)
Subject: Revise check_files to use new model
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=dc6b9425e6dba11a7e732221122386205a29b5ed;p=gatekeeper.git

Revise check_files to use new model
---

diff --git a/gatekeeper.pl b/gatekeeper.pl
index 2b743d1..c56a45b 100755
--- a/gatekeeper.pl
+++ b/gatekeeper.pl
@@ -1775,18 +1775,30 @@ sub check_vulnerabilities {
 # - [AZ] Authorization
 #
 
-# Before checking the files, move them to a temporary directory.
-#
-# Check that the key is on the keyring for this package, and that
-# SIG_FILE and UPLOAD_FILE are good.
-#
+=item check_files ( $directory, $oplist_header )
+
+Check the file pair in an upload by verifying the detached signature and
+ensuring that the upload, if a tarball, does not show signs of known
+vulnerabilities.  This function needs only the operation list header hash
+and the directory in which the files are staged.  The allowed keyrings are
+found using information in the operation list header.
+
+The upload file name is taken from the operation list header, where it was
+obtained from the "filename" directive element.  The name of the detached
+signature is constructed by appending a ".sig" suffix, per PGP conventions.
+
+An exception is thrown if any of the checks fail.
+
+=cut
+
 sub check_files {
+  my $directory = shift;
   my $header = shift;
-  my $files = shift;
 
-  my ($sig_file,$upload_file) = ($files->{"sig"}, $files->{"upload"});
-  my $sig_file_size = -s $sig_file;
+  my $upload_file = File::Spec->catfile($directory, $header->{filename});
   my $upload_file_size = -s $upload_file;
+  my $sig_file = File::Spec->catfile($directory, $header->{filename}.'.sig');
+  my $sig_file_size = -s $sig_file;
 
   ftp_syslog('debug', "DEBUG: "
 	     ."$sig_file size is $sig_file_size") if DEBUG;
@@ -1806,8 +1818,8 @@ sub check_files {
       last;
     }
   }
-  $valid
-    or fatal("gpg verify of upload file ($upload_file) failed",1);
+  fatal("gpg verify of upload file ($header->{filename}) failed",1)
+    unless $valid;
 
   my $error_string = check_vulnerabilities($upload_file);
 
@@ -1931,7 +1943,7 @@ sub execute_commands {
   my $destdir = "$destfinal/$header->{directory}";
   foreach my $step (@{$oplist}[1..$#$oplist]) {	# skip the header
     if ($step->[0] eq 'install') {
-      check_files($header, $files);
+      check_files($incoming_tmp, $header);
       install_files($header, $files);
     } elsif ($step->[0] eq 'symlink') {
       my $target = $step->[1];