From: Jacob Bachmeyer <jcb@gnu.org>
Date: Thu, 27 Oct 2022 04:59:32 +0000 (-0500)
Subject: Accept failure to verify signature during speculative check
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=f9e77b3dd2d94986ff095abd4c50fb957196b05b;p=gatekeeper.git

Accept failure to verify signature during speculative check

Previously, the tool would stop before examining the directive file if the
signature did not match a keyring somewhere.  Plans to replace this check
with a single check against the collected master keyring ran afoul of plans
to eliminate the collected master keyring.  Current future plans are to use
an index mapping long key IDs to email addresses to replace this, since GPG
will report the long key ID used to produce a signature even if the key is
not in the available keyrings.

This changed the email sent in two cases in the testsuite, which has been
adjusted accordingly in this commit.  Concerns about unauthorized parties
abusing the mechanism to spam ftp-upload-report are not relevant here,
since a reuse of a valid directive with a bogus file would be sufficient
to cause mail to be sent to that box.  In short, that is a separate issue.
---

diff --git a/gatekeeper.pl b/gatekeeper.pl
index 1a002f1..3db6fc7 100755
--- a/gatekeeper.pl
+++ b/gatekeeper.pl
@@ -1906,13 +1906,10 @@ sub read_directive_file {
     my $tmp_result = verify_clearsigned_message
       ($directive_file_contents, @tmp_keyrings);
 
-    if ($tmp_result->{exitcode} != 0 || defined $tmp_result->{TILT}) {
-      guess_uploader_email($directive_file_contents);
-      fatal("gpg verify of directive file failed",1,'',2);
+    unless ($tmp_result->{exitcode} != 0 || defined $tmp_result->{TILT}) {
+      if (($tmp_result->{raw_log} =~ /Good signature from .*?<(.*?)>/))
+	{ push(@{$info{email}},$1) }
     }
-
-    push(@{$info{email}},$1)
-      if ($tmp_result->{raw_log} =~ /Good signature from .*?<(.*?)>/);
   }
 
   my $ops = interpret_directive($directive, $directive_file_contents);
diff --git a/testsuite/gatekeeper.all/03_triplet.exp b/testsuite/gatekeeper.all/03_triplet.exp
index 250d7c0..80f6bd4 100644
--- a/testsuite/gatekeeper.all/03_triplet.exp
+++ b/testsuite/gatekeeper.all/03_triplet.exp
@@ -115,6 +115,7 @@ check_triplet "bogus: signature from unknown key in directive" setup {
 	gpgv,directive-verify-failed "incorrect signature rejected"
     } email-to {
 	ftp-upload-script@gnu.org foo@example.org foo@example.net
+	ftp-upload-report@gnu.org
     }
 }
 
@@ -190,6 +191,7 @@ check_triplet "bogus: bad signature in directive" setup {
 	gpgv,directive-verify-failed "incorrect signature rejected"
     } email-to {
 	ftp-upload-script@gnu.org foo@example.org foo@example.net
+	ftp-upload-report@gnu.org
     }
 }