gatekeeper.git
16 months agoAdd additional file signature check to ensure proper staging master
Jacob Bachmeyer [Sat, 16 Sep 2023 00:38:24 +0000 (19:38 -0500)]
Add additional file signature check to ensure proper staging

There is a (very remote) possibility of the uploaded file being corrupted
while transferring it from the scratch directory to the staging directory,
since this transfer can actually copy data instead of being a simple
rename(2) call.  This commit adds a safeguard against this risk by
rechecking the detached signature after the file pair is moved.

The testsuite is updated accordingly.

16 months agoFix documentation detail
Jacob Bachmeyer [Sat, 16 Sep 2023 00:27:36 +0000 (19:27 -0500)]
Fix documentation detail

16 months agoMove file staging to installation check step
Jacob Bachmeyer [Sat, 16 Sep 2023 00:25:25 +0000 (19:25 -0500)]
Move file staging to installation check step

16 months agoDocument internal Local::Packet::Directive::Upload class
Jacob Bachmeyer [Sat, 16 Sep 2023 00:19:46 +0000 (19:19 -0500)]
Document internal Local::Packet::Directive::Upload class

16 months agoDocument internal Local::Packet::Directive class
Jacob Bachmeyer [Sat, 16 Sep 2023 00:19:25 +0000 (19:19 -0500)]
Document internal Local::Packet::Directive class

16 months agoReorganize and document internal Local::Packet class
Jacob Bachmeyer [Sat, 16 Sep 2023 00:11:22 +0000 (19:11 -0500)]
Reorganize and document internal Local::Packet class

16 months agoTidy POD markup
Jacob Bachmeyer [Fri, 15 Sep 2023 22:53:53 +0000 (17:53 -0500)]
Tidy POD markup

16 months agoMove replay check to operations list handlers
Jacob Bachmeyer [Fri, 8 Sep 2023 23:38:00 +0000 (18:38 -0500)]
Move replay check to operations list handlers

This also splits the test into separate check and update steps, such that
the timestamp ratchet file is no longer updated when a packet is rejected.

17 months agoAdd empty operation list predicate and use it to test for empty directives
Jacob Bachmeyer [Wed, 9 Aug 2023 00:09:36 +0000 (19:09 -0500)]
Add empty operation list predicate and use it to test for empty directives

17 months agoUse packet accessor methods when validating directives
Jacob Bachmeyer [Wed, 9 Aug 2023 00:04:45 +0000 (19:04 -0500)]
Use packet accessor methods when validating directives

Encapsulating the operation list header fields here is a step towards
moving some of that information up to the packet objects.

17 months agoTidy message generation when replacing a file
Jacob Bachmeyer [Tue, 8 Aug 2023 23:48:57 +0000 (18:48 -0500)]
Tidy message generation when replacing a file

17 months agoEliminate directory_keyrings procedure
Jacob Bachmeyer [Tue, 8 Aug 2023 01:24:22 +0000 (20:24 -0500)]
Eliminate directory_keyrings procedure

This was called in exactly one place, where it has been inlined.

17 months agoEliminate undocumented --debug option
Jacob Bachmeyer [Tue, 8 Aug 2023 01:21:22 +0000 (20:21 -0500)]
Eliminate undocumented --debug option

The debugging flag was default-on anyway.  The debugging messages can be
filtered using syslog features if desired, since they are sent to the log
with the appropriate "debug" level.

17 months agoChange handling of utility functions in object classes
Jacob Bachmeyer [Tue, 8 Aug 2023 01:02:00 +0000 (20:02 -0500)]
Change handling of utility functions in object classes

Several utilities are implemented in the main package and used throughout.
This commit replaces direct references to most of them with imports from
the "main" package into the various object class packages.

17 months agoAdd documentation for operation list classes
Jacob Bachmeyer [Sun, 6 Aug 2023 03:07:07 +0000 (22:07 -0500)]
Add documentation for operation list classes

17 months agoMove implementation of most operation list steps to operation list objects
Jacob Bachmeyer [Sat, 5 Aug 2023 03:50:50 +0000 (22:50 -0500)]
Move implementation of most operation list steps to operation list objects

17 months agoMove operation list dispatch into new operation list objects
Jacob Bachmeyer [Sat, 5 Aug 2023 03:28:28 +0000 (22:28 -0500)]
Move operation list dispatch into new operation list objects

17 months agoConvert directive interpretation and validation to method calls
Jacob Bachmeyer [Sat, 5 Aug 2023 00:14:49 +0000 (19:14 -0500)]
Convert directive interpretation and validation to method calls

17 months agoBegin to move specialized helpers into their packet classes
Jacob Bachmeyer [Fri, 4 Aug 2023 23:45:15 +0000 (18:45 -0500)]
Begin to move specialized helpers into their packet classes

17 months agoMove construction of success report message to packet objects
Jacob Bachmeyer [Fri, 4 Aug 2023 23:04:16 +0000 (18:04 -0500)]
Move construction of success report message to packet objects

This also enables additional messages to be included in the report when
processing loose directives.

17 months agoTidy conditional near summary report
Jacob Bachmeyer [Fri, 4 Aug 2023 22:27:37 +0000 (17:27 -0500)]
Tidy conditional near summary report

(Aggregates in Perl, treated as Boolean values, are false if empty.)

17 months agoExplain conditional when attaching key index
Jacob Bachmeyer [Fri, 4 Aug 2023 22:19:56 +0000 (17:19 -0500)]
Explain conditional when attaching key index

17 months agoEnsure key index is ready before processing first packet
Jacob Bachmeyer [Fri, 4 Aug 2023 22:17:56 +0000 (17:17 -0500)]
Ensure key index is ready before processing first packet

The key index is never detached, so all packets after the first were
always processed with the index lock held.  Further, the index is needed
to send a report, so ensuring that it is available before processing the
first packet avoids a potential lost report if it cannot be attached.

18 months agoMove successful completion flag into packet object
Jacob Bachmeyer [Sat, 1 Jul 2023 22:42:56 +0000 (17:42 -0500)]
Move successful completion flag into packet object

18 months agoAdd accessor method for clearsigned message for a packet
Jacob Bachmeyer [Sat, 1 Jul 2023 22:20:53 +0000 (17:20 -0500)]
Add accessor method for clearsigned message for a packet

For directive-based packets, this returns the full text of the directive,
including its enclosing OpenPGP signature.

This commit trades a small amount of efficiency for encapsulation:
one avoidable gpgv run will occur when the directive is signed with a
known key, but not a key authorized for the target directory.

18 months agoAdd accessor method for reporting key fingerprints from valid signatures
Jacob Bachmeyer [Sat, 1 Jul 2023 21:42:24 +0000 (16:42 -0500)]
Add accessor method for reporting key fingerprints from valid signatures

18 months agoMove remaining main processing code to packet objects
Jacob Bachmeyer [Sat, 1 Jul 2023 04:40:20 +0000 (23:40 -0500)]
Move remaining main processing code to packet objects

18 months agoRemove obsolete comment
Jacob Bachmeyer [Sat, 1 Jul 2023 04:08:40 +0000 (23:08 -0500)]
Remove obsolete comment

18 months agoMove pre-install check to execution phase
Jacob Bachmeyer [Sat, 1 Jul 2023 04:07:42 +0000 (23:07 -0500)]
Move pre-install check to execution phase

This prepares for later refactoring to move this check into a packet
object "install" method and expand other checks to approach an atomic
transaction model, where all foreseeable causes of processing errors
are checked prior to executing any step of the operation list.

The testsuite is updated accordingly.

18 months agoMove Automake CVE test to packet object method
Jacob Bachmeyer [Sat, 1 Jul 2023 04:05:00 +0000 (23:05 -0500)]
Move Automake CVE test to packet object method

19 months agoRename 'target_filename' accessor to 'upload_filename'
Jacob Bachmeyer [Fri, 30 Jun 2023 03:28:59 +0000 (22:28 -0500)]
Rename 'target_filename' accessor to 'upload_filename'

This reflects the actual meaning of its return value, although the two
are currently synonymous.  Future plans may enable renaming a file pair
during its installation.  The current plans for autosigning support will
always rename autosign digest files during installation.

19 months agoUse directory name objects
Jacob Bachmeyer [Fri, 30 Jun 2023 03:12:29 +0000 (22:12 -0500)]
Use directory name objects

19 months agoRemove unused helper functions
Jacob Bachmeyer [Fri, 30 Jun 2023 03:05:10 +0000 (22:05 -0500)]
Remove unused helper functions

19 months agoMove package name extraction to directory name object method
Jacob Bachmeyer [Fri, 30 Jun 2023 02:59:25 +0000 (21:59 -0500)]
Move package name extraction to directory name object method

19 months agoAdd convenience object type for directory names
Jacob Bachmeyer [Fri, 30 Jun 2023 02:57:53 +0000 (21:57 -0500)]
Add convenience object type for directory names

19 months agoUpdate POD reflecting change to packet objects
Jacob Bachmeyer [Fri, 30 Jun 2023 02:10:28 +0000 (21:10 -0500)]
Update POD reflecting change to packet objects

19 months agoMove target_filepair accessor to more-specialized class
Jacob Bachmeyer [Fri, 30 Jun 2023 02:04:41 +0000 (21:04 -0500)]
Move target_filepair accessor to more-specialized class

19 months agoClean up scaffolding
Jacob Bachmeyer [Wed, 28 Jun 2023 01:39:57 +0000 (20:39 -0500)]
Clean up scaffolding

19 months agoReplace last top-level use of operation list header with accessor method
Jacob Bachmeyer [Tue, 27 Jun 2023 02:30:37 +0000 (21:30 -0500)]
Replace last top-level use of operation list header with accessor method

19 months agoRemove kludge of storing extra messages in the operation list header
Jacob Bachmeyer [Tue, 27 Jun 2023 01:44:56 +0000 (20:44 -0500)]
Remove kludge of storing extra messages in the operation list header

Packet objects now have a direct facility for storing extra messages.

19 months agoAdd accessor method to packet object for "replace" option
Jacob Bachmeyer [Tue, 27 Jun 2023 01:36:09 +0000 (20:36 -0500)]
Add accessor method to packet object for "replace" option

19 months agoMove authentication and authorization checks to packet objects
Jacob Bachmeyer [Tue, 27 Jun 2023 00:00:19 +0000 (19:00 -0500)]
Move authentication and authorization checks to packet objects

19 months agoMove directive parsing into packet objects
Jacob Bachmeyer [Thu, 22 Jun 2023 04:48:28 +0000 (23:48 -0500)]
Move directive parsing into packet objects

This commit also adds accessor methods for fields previously extracted
from the operation list header and moves all email address collection to
the report phase.

19 months agoDefer packet object initialization
Jacob Bachmeyer [Tue, 20 Jun 2023 03:39:23 +0000 (22:39 -0500)]
Defer packet object initialization

19 months agoChange packet object representation
Jacob Bachmeyer [Tue, 20 Jun 2023 03:34:01 +0000 (22:34 -0500)]
Change packet object representation

19 months agoBegin to collect packet handling into object-oriented classes
Jacob Bachmeyer [Tue, 20 Jun 2023 02:46:28 +0000 (21:46 -0500)]
Begin to collect packet handling into object-oriented classes

19 months agoAdd documentation for exception accessor methods
Jacob Bachmeyer [Sun, 4 Jun 2023 03:32:44 +0000 (22:32 -0500)]
Add documentation for exception accessor methods

19 months agoMake sub throw a class method on all exceptions
Jacob Bachmeyer [Sun, 4 Jun 2023 00:49:00 +0000 (19:49 -0500)]
Make sub throw a class method on all exceptions

The throw sub can still be called as a function, since its syntax is
easily compatible both ways.  When called as a function, the exception
type may be abbreviated.

20 months agoAdd documentation for "split-zone" keymaster command to manual
Jacob Bachmeyer [Sun, 14 May 2023 04:00:32 +0000 (23:00 -0500)]
Add documentation for "split-zone" keymaster command to manual

20 months agoAdd "split-zone" keymaster command
Jacob Bachmeyer [Sat, 13 May 2023 02:36:24 +0000 (21:36 -0500)]
Add "split-zone" keymaster command

21 months agoReplace magic numbers in flock calls with symbolic constants
Jacob Bachmeyer [Sun, 30 Apr 2023 04:29:39 +0000 (23:29 -0500)]
Replace magic numbers in flock calls with symbolic constants

This also fixes a long-standing bug where the serials file was never
actually unlocked until it was closed, at which time the kernel will
implicitly release the lock.  The cause of the bug, simply, was the use
of the wrong number in place of LOCK_UN.  Using the constant fixes this.

21 months agoAdd separate serials flag file for flock in gatekeeper
Jacob Bachmeyer [Sun, 30 Apr 2023 02:59:12 +0000 (21:59 -0500)]
Add separate serials flag file for flock in gatekeeper

The flag file is zero-length and simply exists as a place to use flock.
This will eventually allow maintaining a lock while rewriting the serials
file using the traditional copy-and-rename method.

21 months agoEnsure that directories mentioned in keymaster test configurations exist
Jacob Bachmeyer [Sat, 29 Apr 2023 00:00:32 +0000 (19:00 -0500)]
Ensure that directories mentioned in keymaster test configurations exist

21 months agoCopy filename validation patterns to keymaster
Jacob Bachmeyer [Fri, 28 Apr 2023 23:35:56 +0000 (18:35 -0500)]
Copy filename validation patterns to keymaster

21 months agoAdd direct serials file database checks to timestamp ratchet tests
Jacob Bachmeyer [Fri, 28 Apr 2023 23:30:25 +0000 (18:30 -0500)]
Add direct serials file database checks to timestamp ratchet tests

21 months agoAdd serials file timestamp database checks to upload triplet tests
Jacob Bachmeyer [Fri, 28 Apr 2023 23:24:32 +0000 (18:24 -0500)]
Add serials file timestamp database checks to upload triplet tests

21 months agoAdd testsuite infrastructure for checking use of timestamp database
Jacob Bachmeyer [Fri, 28 Apr 2023 23:18:01 +0000 (18:18 -0500)]
Add testsuite infrastructure for checking use of timestamp database

21 months agoCombine shared testsuite infrastructure code
Jacob Bachmeyer [Fri, 28 Apr 2023 23:15:57 +0000 (18:15 -0500)]
Combine shared testsuite infrastructure code

21 months agoMove testsuite tool init files to dedicated directory
Jacob Bachmeyer [Fri, 7 Apr 2023 03:09:50 +0000 (22:09 -0500)]
Move testsuite tool init files to dedicated directory

21 months agoTidy whitespace
Jacob Bachmeyer [Fri, 7 Apr 2023 03:04:40 +0000 (22:04 -0500)]
Tidy whitespace

21 months agoAdd initial preliminary manual
Jacob Bachmeyer [Wed, 5 Apr 2023 03:31:14 +0000 (22:31 -0500)]
Add initial preliminary manual

21 months agoIgnore generated documentation files
Jacob Bachmeyer [Wed, 5 Apr 2023 02:25:52 +0000 (21:25 -0500)]
Ignore generated documentation files

21 months agoFix misunderstanding in FTP index builder
Jacob Bachmeyer [Tue, 4 Apr 2023 02:12:00 +0000 (21:12 -0500)]
Fix misunderstanding in FTP index builder

21 months agoHandle tainted values if --with-gpgv or --with-lsof options are used
Jacob Bachmeyer [Sun, 2 Apr 2023 01:14:16 +0000 (20:14 -0500)]
Handle tainted values if --with-gpgv or --with-lsof options are used

21 months agoExpand FTP index builder tool
Jacob Bachmeyer [Sun, 2 Apr 2023 01:03:32 +0000 (20:03 -0500)]
Expand FTP index builder tool

21 months agoUse FTP index builder in gatekeeper source tree
Jacob Bachmeyer [Sat, 1 Apr 2023 18:16:15 +0000 (13:16 -0500)]
Use FTP index builder in gatekeeper source tree

21 months agoRemove "send-gpg-public-keys.sh"
Jacob Bachmeyer [Sat, 1 Apr 2023 04:33:32 +0000 (23:33 -0500)]
Remove "send-gpg-public-keys.sh"

With the ongoing attacks on the public synchronizing keyservers, this tool is
no longer useful.

21 months agoRename "generate-ftpindex.sh" to "make-ftpindex.sh"
Jacob Bachmeyer [Sat, 1 Apr 2023 04:31:48 +0000 (23:31 -0500)]
Rename "generate-ftpindex.sh" to "make-ftpindex.sh"

The shorter name fits better in Info menus.

21 months agoDocument "--with-gpg" keymaster option
Jacob Bachmeyer [Sat, 1 Apr 2023 03:41:06 +0000 (22:41 -0500)]
Document "--with-gpg" keymaster option

21 months agoFix documentation error
Jacob Bachmeyer [Fri, 31 Mar 2023 03:00:03 +0000 (22:00 -0500)]
Fix documentation error

22 months agoFix documentation formatting error
Jacob Bachmeyer [Thu, 30 Mar 2023 23:51:51 +0000 (18:51 -0500)]
Fix documentation formatting error

22 months agoRemove "serials" configuration parameter
Jacob Bachmeyer [Wed, 29 Mar 2023 03:06:33 +0000 (22:06 -0500)]
Remove "serials" configuration parameter

The serials file is now always name "serials" in pkgstatedir.

22 months agoRename "maintainermap" configuration item to "maintainerlist"
Jacob Bachmeyer [Wed, 29 Mar 2023 03:05:26 +0000 (22:05 -0500)]
Rename "maintainermap" configuration item to "maintainerlist"

22 months agoUse proper pkgstatedir with testsuite
Jacob Bachmeyer [Wed, 29 Mar 2023 03:04:05 +0000 (22:04 -0500)]
Use proper pkgstatedir with testsuite

22 months agoMove email addresses to configuration file
Jacob Bachmeyer [Tue, 28 Mar 2023 04:35:25 +0000 (23:35 -0500)]
Move email addresses to configuration file

The testsuite is expanded to cover the new options.

22 months agoIgnore default configuration file
Jacob Bachmeyer [Tue, 28 Mar 2023 03:40:40 +0000 (22:40 -0500)]
Ignore default configuration file

This prevents a user's configuration from being picked up into a local
repository and complicating future updates from upstream repositories.

22 months agoEnforce MAX_FILE_NAME_LEN on implied directory names
Jacob Bachmeyer [Tue, 28 Mar 2023 02:06:30 +0000 (21:06 -0500)]
Enforce MAX_FILE_NAME_LEN on implied directory names

A test is added to verify this check.

22 months agoRemove symlinks to gatekeeper
Jacob Bachmeyer [Sun, 26 Mar 2023 01:22:01 +0000 (20:22 -0500)]
Remove symlinks to gatekeeper

22 months agoUpdate online help to reflect move of zones to configuration
Jacob Bachmeyer [Sun, 26 Mar 2023 01:21:35 +0000 (20:21 -0500)]
Update online help to reflect move of zones to configuration

22 months agoImport GNU Free Documentation License 1.3
Jacob Bachmeyer [Sat, 25 Mar 2023 02:39:00 +0000 (21:39 -0500)]
Import GNU Free Documentation License 1.3

22 months agoImport Texinfo macros
Jacob Bachmeyer [Sat, 25 Mar 2023 02:38:29 +0000 (21:38 -0500)]
Import Texinfo macros

22 months agoRemove unneeded "global spawn_id" links in testsuite
Jacob Bachmeyer [Sat, 25 Mar 2023 01:02:22 +0000 (20:02 -0500)]
Remove unneeded "global spawn_id" links in testsuite

22 months agoFix bug in test driver
Jacob Bachmeyer [Sat, 25 Mar 2023 01:02:00 +0000 (20:02 -0500)]
Fix bug in test driver

This bug was exposed in commit fc58d8e82444d9f949f2ac5cbbed928ad6b12c30,
but only affected testsuite runs when coverage data is collected.

The exact cause is unknown, but that commit changed the processing used
for verifying signatures and the bug caused the testsuite to prematurely
declare the gatekeeper run complete and move on to the next test when a
signature was verified.  Presumably, the improved signature verification
somehow interacted poorly with Expect.

Bizarrely, the issue only occurred when Devel::Cover was used to check
the coverage of the testsuite and did not occur under regular testing.
The root cause is surely timing related, since perl is much slower when
collecting code coverage data.  This is also the reason the bug went
unnoticed for so long:  coverage runs are infrequent except when making
improvements to the testsuite.

22 months agoRefactor configuration as constants in the gatekeeper
Jacob Bachmeyer [Fri, 24 Mar 2023 03:02:20 +0000 (22:02 -0500)]
Refactor configuration as constants in the gatekeeper

This commit also allows some parameters to be optional.

22 months agoRevise global storage for serials file name
Jacob Bachmeyer [Thu, 23 Mar 2023 04:06:40 +0000 (23:06 -0500)]
Revise global storage for serials file name

The serials file is now stored in the package state directory and is
named relative to that directory in the configuration.

22 months agoRemove ZONE constant and rename variable
Jacob Bachmeyer [Thu, 23 Mar 2023 03:37:37 +0000 (22:37 -0500)]
Remove ZONE constant and rename variable

22 months agoRemove obsolete "-s" alias for --zone option
Jacob Bachmeyer [Thu, 23 Mar 2023 03:24:13 +0000 (22:24 -0500)]
Remove obsolete "-s" alias for --zone option

22 months agoAdd tests to complete code coverage for configuration parsing
Jacob Bachmeyer [Thu, 23 Mar 2023 03:00:44 +0000 (22:00 -0500)]
Add tests to complete code coverage for configuration parsing

22 months agoAdd overlooked configuration item
Jacob Bachmeyer [Thu, 23 Mar 2023 02:37:48 +0000 (21:37 -0500)]
Add overlooked configuration item

22 months agoAdd tests for gatekeeper configuration parsing
Jacob Bachmeyer [Thu, 23 Mar 2023 02:30:16 +0000 (21:30 -0500)]
Add tests for gatekeeper configuration parsing

22 months agoAdd blank line in testsuite output before version message
Jacob Bachmeyer [Thu, 23 Mar 2023 01:51:25 +0000 (20:51 -0500)]
Add blank line in testsuite output before version message

The keymaster tests already have this line.

22 months agoAdd initial configuration support to gatekeeper
Jacob Bachmeyer [Thu, 23 Mar 2023 01:50:00 +0000 (20:50 -0500)]
Add initial configuration support to gatekeeper

22 months agoAdd options for specifying gpgv and lsof tools
Jacob Bachmeyer [Wed, 22 Mar 2023 03:05:15 +0000 (22:05 -0500)]
Add options for specifying gpgv and lsof tools

This aligns the gatekeeper with the keymaster and permits the external
tools to be placed in a nonstandard location if desired.

22 months agoReport an error if an unrecognized option is given to the gatekeeper
Jacob Bachmeyer [Sun, 19 Mar 2023 04:25:55 +0000 (23:25 -0500)]
Report an error if an unrecognized option is given to the gatekeeper

22 months agoRevise version message in gatekeeper
Jacob Bachmeyer [Sun, 19 Mar 2023 03:54:45 +0000 (22:54 -0500)]
Revise version message in gatekeeper

This brings the output of ./gatekeeper.pl --version in line with current
GNU standards and moves the copyright notice to the top of the file so
Emacs can easily find it for future updates.

22 months agoUpdate copyright notice
Jacob Bachmeyer [Sun, 19 Mar 2023 03:49:11 +0000 (22:49 -0500)]
Update copyright notice

22 months agoRename directive parsing phase and change tag "PV" to "PS"
Jacob Bachmeyer [Sun, 19 Mar 2023 03:48:48 +0000 (22:48 -0500)]
Rename directive parsing phase and change tag "PV" to "PS"

While there is still some syntactic validation performed during this
phase, using the word "validation" for two steps seems likely to risk
confusion, so this phase is renamed in the interests of clarity.

The testsuite is adjusted accordingly.

22 months agoRemove testsuite support for signature verifications during parsing
Jacob Bachmeyer [Fri, 17 Mar 2023 04:29:44 +0000 (23:29 -0500)]
Remove testsuite support for signature verifications during parsing

This was only present to accommodate the extra signature verification
that as previously used to obtain an email address.  The key index now
fills that requirement.

22 months agoAlign actual behavior with stated intent
Jacob Bachmeyer [Fri, 17 Mar 2023 04:20:00 +0000 (23:20 -0500)]
Align actual behavior with stated intent

Any directive with a valid signature from any known key should be sent
to the public archive; the internal archive catches the rest that could
include abusive messages from anonymous parties.  Previously, the code
could only reliably recognize a valid signature if the directive syntax
is valid.  The testsuite is adjusted accordingly.

22 months agoRemove scaffolding that guessed email addresses from signatures
Jacob Bachmeyer [Fri, 17 Mar 2023 03:49:06 +0000 (22:49 -0500)]
Remove scaffolding that guessed email addresses from signatures

The key index is now queried for email addresses associated with the
key used to sign the directive.