Jacob Bachmeyer [Thu, 17 Nov 2022 03:28:36 +0000 (21:28 -0600)]
Revise ftp_abort and add POD block
The second argument is no longer used and is redundant with the
$AbortExitCode global variable, so it is removed.
Jacob Bachmeyer [Thu, 17 Nov 2022 03:18:56 +0000 (21:18 -0600)]
Add POD block for report_upload_to_archive procedure
Jacob Bachmeyer [Thu, 17 Nov 2022 03:14:42 +0000 (21:14 -0600)]
Remove quasi-global %info hash
Jacob Bachmeyer [Thu, 17 Nov 2022 03:11:16 +0000 (21:11 -0600)]
Revise mail to remove use of quasi-global %info hash
Jacob Bachmeyer [Thu, 17 Nov 2022 02:52:11 +0000 (20:52 -0600)]
Revise reporting of replaced files
Jacob Bachmeyer [Thu, 17 Nov 2022 02:17:45 +0000 (20:17 -0600)]
Fix message describing replacement of a file
This message is written to the log before the file has even been moved to
the staging directory, therefore it should not be past tense.
Jacob Bachmeyer [Wed, 16 Nov 2022 03:37:22 +0000 (21:37 -0600)]
Add detail when reporting inability to exec GPG
Jacob Bachmeyer [Wed, 16 Nov 2022 01:01:46 +0000 (19:01 -0600)]
Improve reporting of overwrites when installing files
The reported name is now the logical name in the published tree instead of
the actual name on the server's filesystem.
Jacob Bachmeyer [Wed, 16 Nov 2022 00:52:30 +0000 (18:52 -0600)]
Rename debug procedure to reflect its actual usage and simplify call
Jacob Bachmeyer [Wed, 16 Nov 2022 00:45:45 +0000 (18:45 -0600)]
Tidy configured email address
Jacob Bachmeyer [Wed, 16 Nov 2022 00:45:24 +0000 (18:45 -0600)]
Rename variables holding email addresses to better describe their uses
Jacob Bachmeyer [Wed, 16 Nov 2022 00:26:42 +0000 (18:26 -0600)]
Merge success_upload and success_directive into top-level
Jacob Bachmeyer [Wed, 16 Nov 2022 00:14:45 +0000 (18:14 -0600)]
Move all collection of email addresses to top-level
The 'email' and 'package' keys in the quasi-global %info hash remain as
implicit arguments to mail for the time being.
Jacob Bachmeyer [Wed, 16 Nov 2022 00:10:50 +0000 (18:10 -0600)]
Add target directory to directive_syntax exceptions
This will allow the exception handling to easily look up the email
addresses that are to be notified, since a directive_syntax exception can
be thrown before the normal processing collects this information.
Jacob Bachmeyer [Tue, 15 Nov 2022 23:13:45 +0000 (17:13 -0600)]
Remove directive text parameter to interpret_directive
Jacob Bachmeyer [Tue, 15 Nov 2022 04:27:28 +0000 (22:27 -0600)]
Improve error handling when running gpgv
This commit harmonizes the exit status used when the child process fails
to exec gpgv with that used by posix_spawn, and ensures that the child
process is reaped when the exec fails.
Jacob Bachmeyer [Sun, 13 Nov 2022 05:53:35 +0000 (23:53 -0600)]
Rename validate_commands to validate_directive
A new validate_commands procedure is planned that runs during VL phase.
Jacob Bachmeyer [Sun, 13 Nov 2022 05:38:28 +0000 (23:38 -0600)]
Fix error message for future signature timestamp
Jacob Bachmeyer [Sun, 13 Nov 2022 05:30:20 +0000 (23:30 -0600)]
Add test for rejection of uploaded file with future timestamp
Jacob Bachmeyer [Sun, 13 Nov 2022 05:28:08 +0000 (23:28 -0600)]
Factor signature timestamp validation out of check_replay
The main code now also checks the signature timestamp on an uploaded file;
previously this was not checked at all.
Jacob Bachmeyer [Sun, 13 Nov 2022 05:12:33 +0000 (23:12 -0600)]
Fix search/replace error
Jacob Bachmeyer [Sun, 13 Nov 2022 05:08:23 +0000 (23:08 -0600)]
Add checks that the rename builtin works as expected
The tool assumes that the Perl rename builtin can atomically move files
from the inbox to the scratchpad directory and among the staging, public,
and archive directories. This commit extends the configuration checks
to confirm that the system can actually move files as expected.
Jacob Bachmeyer [Sun, 13 Nov 2022 04:17:17 +0000 (22:17 -0600)]
Change storage of other mode flags to constants
This eliminates the global variables previously used to indicate if the
--help and/or --version flags had been specified and allows the relevant
conditionals to be resolved during the compilation phase.
Jacob Bachmeyer [Sun, 13 Nov 2022 04:11:22 +0000 (22:11 -0600)]
Change current zone from a global variable to a constant
Only one zone is processed on each run of the tool, and the zone does not
change after the command arguments are parsed, so this is appropriate.
Jacob Bachmeyer [Sun, 13 Nov 2022 04:06:00 +0000 (22:06 -0600)]
Change terminology: "style" is now "zone"
The zone definitions will eventually be sections in a configuration file,
instead of being hardwired in the tool. Backwards compatibility at the
command line for the old short option (which was used at the GNU FTP site)
has been preserved for now, although this support is undocumented and
therefore deprecated.
Jacob Bachmeyer [Sat, 12 Nov 2022 05:14:15 +0000 (23:14 -0600)]
Simplify return sequence in signature verification
Jacob Bachmeyer [Sat, 12 Nov 2022 05:06:27 +0000 (23:06 -0600)]
Factor out similar code for spawning gpgv subprocess
Jacob Bachmeyer [Sat, 12 Nov 2022 04:29:33 +0000 (22:29 -0600)]
Rename automake_tests to check_automake_vulnerabilities and simplify
This also moves the checks for known GNU Automake CVE issues to the
top-level, and eliminates the now-otherwise-useless check_vulnerabilities
and check_files procedures. The major impetus for this simplification
of the call graph was the observation that check_vulnerabilities, while
named generically, was associated with a log message citing specifically
CVE-2009-4029 and CVE-2012-3386, combined with noticing that all other
functionality had been factored out of check_files.
Jacob Bachmeyer [Sat, 12 Nov 2022 04:03:44 +0000 (22:03 -0600)]
Factor uploaded file signature check up to top-level
Jacob Bachmeyer [Sat, 12 Nov 2022 03:21:56 +0000 (21:21 -0600)]
Use new detached signature verification
Jacob Bachmeyer [Sat, 12 Nov 2022 03:21:30 +0000 (21:21 -0600)]
Add verify_detached_signature
Jacob Bachmeyer [Sat, 12 Nov 2022 02:28:16 +0000 (20:28 -0600)]
Factor analysis out of verify_clearsigned_message
This is in preparation for also using --status-fd when verifying detached
signatures for uploaded files.
Jacob Bachmeyer [Sat, 12 Nov 2022 02:24:28 +0000 (20:24 -0600)]
Add check for scalar context in find_directive_elements
This avoids building a list when the only important detail is whether a key
is present in the directive.
Jacob Bachmeyer [Wed, 9 Nov 2022 00:45:56 +0000 (18:45 -0600)]
Add check for existence when removing a symlink
While the later check to verify that the symlink to be removed actually is
a symlink will also fail if no such file exists, this produces a message
that confusingly reports a refusal to remove a non-symlink file.
Jacob Bachmeyer [Wed, 9 Nov 2022 00:43:10 +0000 (18:43 -0600)]
Remove use of Cwd module
Since all file manipulations now use absolute file names, there is no
longer any need to query the current working directory.
Jacob Bachmeyer [Sat, 5 Nov 2022 22:46:56 +0000 (17:46 -0500)]
Remove use of chdir
All file manipulations now use absolute file names.
Jacob Bachmeyer [Sat, 5 Nov 2022 22:46:23 +0000 (17:46 -0500)]
Use File::Spec when reading directive file at top-level
Jacob Bachmeyer [Sat, 5 Nov 2022 22:45:35 +0000 (17:45 -0500)]
Use File::Spec in success_upload and success_directive
Jacob Bachmeyer [Sat, 5 Nov 2022 22:44:55 +0000 (17:44 -0500)]
Revise and document cleanup_dir and cleanup
Jacob Bachmeyer [Sat, 5 Nov 2022 22:07:48 +0000 (17:07 -0500)]
Remove leftover variable in execute_commands
Jacob Bachmeyer [Sat, 5 Nov 2022 22:05:05 +0000 (17:05 -0500)]
Tidy comment left when removing fatal
Jacob Bachmeyer [Sat, 5 Nov 2022 22:03:50 +0000 (17:03 -0500)]
Revise exception handling
The directive processed is now still emailed if a simple exception
terminates processing a packet. Previously, the directive text was only
emailed during normal processing or if a structured exception was thrown.
Jacob Bachmeyer [Sat, 5 Nov 2022 22:01:21 +0000 (17:01 -0500)]
Remove fatal
The uses of fatal have been entirely converted to simple and structured
exceptions, allowing the gatekeeper to continue processing after a bad
upload is encountered.
Jacob Bachmeyer [Sat, 5 Nov 2022 21:52:52 +0000 (16:52 -0500)]
Normalize simple exception messages
Jacob Bachmeyer [Sat, 5 Nov 2022 21:52:24 +0000 (16:52 -0500)]
Remove remaining calls to fatal
These reflect system errors and are replaced with simple exceptions.
Jacob Bachmeyer [Sat, 5 Nov 2022 21:28:00 +0000 (16:28 -0500)]
Use structured exception to report an unsigned directive
Jacob Bachmeyer [Sat, 5 Nov 2022 21:14:16 +0000 (16:14 -0500)]
Use structured exceptions in execute_commands
Jacob Bachmeyer [Sat, 5 Nov 2022 21:13:12 +0000 (16:13 -0500)]
Fix incorrect error messages for empty directives
Jacob Bachmeyer [Sat, 5 Nov 2022 21:02:36 +0000 (16:02 -0500)]
Revise install_files
- eliminate unneeded intermediate variable
- add separate variable for external public file name
- adjust layout
- replace call to fatal with structured exception
The message produced for an existing file is changed and shortened;
the testsuite is adjusted accordingly.
Jacob Bachmeyer [Sat, 5 Nov 2022 20:48:12 +0000 (15:48 -0500)]
Rearrange comment to match pattern
Jacob Bachmeyer [Sat, 5 Nov 2022 20:34:43 +0000 (15:34 -0500)]
Use new mkdir_p helper in install_files
Instead of using File::Path or invokgin the system mkdir, we now emulate
"mkdir -p" using about 5 lines of Perl elsewhere in the script.
Jacob Bachmeyer [Sat, 5 Nov 2022 20:33:11 +0000 (15:33 -0500)]
Tidy split line that now fits on one line
Jacob Bachmeyer [Sat, 5 Nov 2022 20:31:15 +0000 (15:31 -0500)]
Fix example given in comment
Jacob Bachmeyer [Sat, 5 Nov 2022 04:20:08 +0000 (23:20 -0500)]
Revise archive procedure in gatekeeper
- a structured exception for general processing errors is added
- the archive sub is renamed to archive_filepair
- a file and its detached signature are now archived together
- the archived filename now contains an extra number beyond the timestamp
only if actually needed for uniqueness
- the extra number, if used, matches between a file and its signature
- the archived filename is claimed by creating an "archive stamp" file
- the option to archive and overwrite a file using "replace" now handles
the file and its signature as a pair
- the system mkdir(1) and mv(1) commands are no longer invoked here
- the testsuite is adjusted accordingly
Jacob Bachmeyer [Sat, 5 Nov 2022 04:09:45 +0000 (23:09 -0500)]
Add helper procedure implementing "mkdir -p" in Perl
Jacob Bachmeyer [Sat, 5 Nov 2022 04:05:40 +0000 (23:05 -0500)]
Use File::Spec for symlink operations
Jacob Bachmeyer [Fri, 4 Nov 2022 00:03:40 +0000 (19:03 -0500)]
Use structured exceptions for empty directive
Jacob Bachmeyer [Thu, 3 Nov 2022 22:48:48 +0000 (17:48 -0500)]
Add structured exception for GPG signature verification errors
This commit also adjusts check_files to use the package configuration
exception at the check for a lack of keyrings and tidies the syntax for a
similar check at top-level.
Jacob Bachmeyer [Thu, 3 Nov 2022 22:37:07 +0000 (17:37 -0500)]
Add structured exception for known Automake vulnerabilities
Jacob Bachmeyer [Thu, 3 Nov 2022 20:48:48 +0000 (15:48 -0500)]
Add structured exception for invalid signature timestamp
Jacob Bachmeyer [Thu, 3 Nov 2022 20:41:12 +0000 (15:41 -0500)]
Add structured exception for filename mismatch
This commit also changes the exception handling for exceptions carrying
long-form messages, instead of continuing to list their types individually
and removes testsuite support for a long-obsolete log message that could
never actually be produced.
Jacob Bachmeyer [Thu, 3 Nov 2022 20:13:46 +0000 (15:13 -0500)]
Add structured exception for directive replay
Jacob Bachmeyer [Thu, 3 Nov 2022 20:09:45 +0000 (15:09 -0500)]
Add structured exception for unknown package error and move email check
The check for a missing per-package email list had to be moved to
validate_commands to allow the unknown package exception to be thrown.
This now makes the server misconfiguration scenario of a missing email
list distinguishable from the user error scenario of an unknown package.
The testsuite is adjusted accordingly.
Jacob Bachmeyer [Thu, 3 Nov 2022 04:00:32 +0000 (23:00 -0500)]
Add structured exception for package configuration errors
Jacob Bachmeyer [Thu, 3 Nov 2022 03:48:48 +0000 (22:48 -0500)]
Factor directory_package_name out of directory_email_addresses
Jacob Bachmeyer [Thu, 3 Nov 2022 02:55:21 +0000 (21:55 -0500)]
Move check for missing "directory" element to interpret_directive
This is now considered a directive syntax error and detected earlier;
the testsuite is adjusted accordingly.
Jacob Bachmeyer [Thu, 3 Nov 2022 02:24:48 +0000 (21:24 -0500)]
Send the summary for a structured exception to syslog
Jacob Bachmeyer [Thu, 3 Nov 2022 02:19:00 +0000 (21:19 -0500)]
Add structured exception for directive syntax errors
This also improves the reporting of these errors, with a highlight line
inserted for each error encountered, in context.
Jacob Bachmeyer [Thu, 3 Nov 2022 02:17:48 +0000 (21:17 -0500)]
Add initial structured exception infrastructure
Jacob Bachmeyer [Wed, 2 Nov 2022 23:47:32 +0000 (18:47 -0500)]
Revise fatal to throw an exception and move report phase accordingly
This is an intermediate step towards collecting reporting at top-level.
This commit also enables the cleanup processing that has long been present,
but was skipped due to fatal calling exit instead of throwing an exception.
The testsuite is adjusted accordingly.
Jacob Bachmeyer [Wed, 2 Nov 2022 22:02:16 +0000 (17:02 -0500)]
Add final section dividers to older testsuite files
Jacob Bachmeyer [Wed, 2 Nov 2022 04:52:36 +0000 (23:52 -0500)]
Fix oversight in find_directory
An empty "directory" element would cause a warning from perl due to the
first element in the @values array being undefined.
Jacob Bachmeyer [Wed, 2 Nov 2022 02:57:26 +0000 (21:57 -0500)]
Rename configurable directory variables and convert them to globals
Uploads arrive in Inbox_dir and are atomically transferred to Scratch_dir
for processing. Uploaded files to be published are copied to Stage_dir
and atomically transferred to locations underneath Public_dir, while files
withdrawn from publication are atomically transferred to locations
underneath Archive_dir. The new variable names better describe the
purposes of these directories.
These variables are also converted from file-scope lexicals to true global
variables, with access scoped lexically using Perl's "our" feature.
Jacob Bachmeyer [Wed, 2 Nov 2022 02:21:30 +0000 (21:21 -0500)]
Remove testsuite logic that supported optional processing phase tags
All relevant messages now have phase tags in all cases.
Jacob Bachmeyer [Wed, 2 Nov 2022 02:02:32 +0000 (21:02 -0500)]
Add processing phase tag "PV" for directive parsing and validation phase
Jacob Bachmeyer [Wed, 2 Nov 2022 01:42:00 +0000 (20:42 -0500)]
Add processing phase tag "AA" for authentication/authorization phase
Jacob Bachmeyer [Tue, 1 Nov 2022 04:51:35 +0000 (23:51 -0500)]
Add processing phase tag "EX" for execution phase
Jacob Bachmeyer [Tue, 1 Nov 2022 04:11:00 +0000 (23:11 -0500)]
Add processing phase tag "RP" for report phase
Jacob Bachmeyer [Tue, 1 Nov 2022 04:04:16 +0000 (23:04 -0500)]
Add processing phase tag "SC" for scan phase
Jacob Bachmeyer [Tue, 1 Nov 2022 03:50:26 +0000 (22:50 -0500)]
Add infrastructure to support logging current processing phase
This also collects the definition of $Log_Style to the Logging group in
preparation for future documentation improvements.
Jacob Bachmeyer [Tue, 1 Nov 2022 03:29:29 +0000 (22:29 -0500)]
Replace ftp_warn with general warning handler in gatekeeper
This also sends any warnings generated by perl itself to syslog, which
will cause random test failures with the current testsuite, thus ensuring
that all such warnings will be fixed.
Jacob Bachmeyer [Tue, 1 Nov 2022 03:23:24 +0000 (22:23 -0500)]
Fix use of uninitialized values in interpret_directive
Jacob Bachmeyer [Sun, 30 Oct 2022 04:44:48 +0000 (23:44 -0500)]
Move test for missing version to interpret_directive
This changes the handling for this type of invalid directive. These are
no longer sent to the ftp-upload-report address, but instead go only to
the ftp-upload-script box. The testsuite is adjusted accordingly.
Jacob Bachmeyer [Sun, 30 Oct 2022 03:28:04 +0000 (22:28 -0500)]
Regularize mail sent by debug as compared to mail sent by mail
Jacob Bachmeyer [Sun, 30 Oct 2022 03:26:24 +0000 (22:26 -0500)]
Factor SMTP client out of mail and debug
Jacob Bachmeyer [Sun, 30 Oct 2022 02:04:48 +0000 (21:04 -0500)]
Fix bug in find_directory
Contrary to documentation, the return value was tainted.
Jacob Bachmeyer [Sat, 29 Oct 2022 04:28:14 +0000 (23:28 -0500)]
Remove useless check of operation list
The interpret_directive function either returns an operation list or
throws an exception, so testing the returned value is silly. This code
had been carried over from previous refactoring when the return value of
read_directive_file was changed to an operation list; it had been a flag
nominally, but was actually a constant in read_directive_file.
Jacob Bachmeyer [Sat, 29 Oct 2022 04:22:55 +0000 (23:22 -0500)]
Revise main code to prepare for future improvements
Jacob Bachmeyer [Sat, 29 Oct 2022 03:08:16 +0000 (22:08 -0500)]
Use File::Spec in validate_commands
Jacob Bachmeyer [Sat, 29 Oct 2022 03:06:24 +0000 (22:06 -0500)]
Remove temporary scaffolding
Jacob Bachmeyer [Sat, 29 Oct 2022 03:04:16 +0000 (22:04 -0500)]
Split read_directive_file into smaller functions
The overall logic was pulled up to top-level, while most of the code is now
in new functions without side-effects.
Jacob Bachmeyer [Sat, 29 Oct 2022 01:52:52 +0000 (20:52 -0500)]
Remove old model in interpret_directive
This removes most of the keys stored in the quasi-global %info hash, but
the current package and collection of email addresses remain to resolve.
Jacob Bachmeyer [Fri, 28 Oct 2022 23:46:23 +0000 (18:46 -0500)]
Revise directory_email_addresses
Addresses are now collected in an array; repeated addresses are accepted at
this stage, and filtered out in the mail function.
Jacob Bachmeyer [Fri, 28 Oct 2022 23:38:46 +0000 (18:38 -0500)]
Add central email address non-repetition filter
Jacob Bachmeyer [Fri, 28 Oct 2022 23:37:48 +0000 (18:37 -0500)]
Revise exclude_mail_blacklist
Jacob Bachmeyer [Fri, 28 Oct 2022 22:44:44 +0000 (17:44 -0500)]
Add tests for email address handling
Jacob Bachmeyer [Fri, 28 Oct 2022 22:43:15 +0000 (17:43 -0500)]
Add testsuite infrastructure for detecting repeated email addresses
Jacob Bachmeyer [Fri, 28 Oct 2022 22:42:45 +0000 (17:42 -0500)]
Fix emission of repeated email addresses
This bug was discovered when support for checking for repeated email
addresses was developed for the testsuite.
Jacob Bachmeyer [Fri, 28 Oct 2022 21:48:16 +0000 (16:48 -0500)]
Reject blatantly invalid email addresses
This was added after discovering that, while the maintainers file and
regular email lists were screened for validity, the addresses reported
by GPG were not. Tests for this will soon be added to the testsuite.
Jacob Bachmeyer [Fri, 28 Oct 2022 04:13:55 +0000 (23:13 -0500)]
Revise email_addresses and rename it to directory_email_addresses
This also adds a new feature: email addresses can be registered only for
certain subdirectories belonging to a package if desired, by listing them
in an "email" file at the corresponding location in the configuration tree.
This uses the same code as is used to locate authorized keyrings.
The use of pattern matching to extract email addresses is a precaution,
although observant readers may notice that the patterns are very lax.
Perl taint mode checks do not require this, since the email addresses will
be written to a socket rather than passed as command arguments, and hash
keys, used here for efficient de-duplication, do not carry taintedness.