From be5138a1dddd26502adc60bdb007106659727d76 Mon Sep 17 00:00:00 2001 From: Jacob Bachmeyer Date: Fri, 15 Sep 2023 19:38:24 -0500 Subject: [PATCH] Add additional file signature check to ensure proper staging There is a (very remote) possibility of the uploaded file being corrupted while transferring it from the scratch directory to the staging directory, since this transfer can actually copy data instead of being a simple rename(2) call. This commit adds a safeguard against this risk by rechecking the detached signature after the file pair is moved. The testsuite is updated accordingly. --- gatekeeper.pl | 13 +++++++++++++ testsuite/lib/tool/gatekeeper.exp | 6 +++--- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/gatekeeper.pl b/gatekeeper.pl index 3b1f991..09f5733 100755 --- a/gatekeeper.pl +++ b/gatekeeper.pl @@ -2435,6 +2435,19 @@ order. (CONF_DIR_Scratch, $self->upload_filename, CONF_DIR_Staging); # Staging the file now should avoid the (remote) possibility of # encountering ENOSPC during installation. + + # Recheck the detached signature to be certain that the file was + # transferred successfully. + my $fsig_info = verify_detached_signature + (map(File::Spec->catfile(CONF_DIR_Staging, $_), + $self->target_filepair), + $self->auth_keyrings); + + die 'GPG signature found to be invalid after staging file' + unless $fsig_info->{exitcode} == 0 && !defined $fsig_info->{TILT}; + # This is a simple error instead of a structured exception because it + # indicates a problem with the server. + } sub install { diff --git a/testsuite/lib/tool/gatekeeper.exp b/testsuite/lib/tool/gatekeeper.exp index 1a57962..d72ccc9 100644 --- a/testsuite/lib/tool/gatekeeper.exp +++ b/testsuite/lib/tool/gatekeeper.exp @@ -638,18 +638,18 @@ proc analyze_log { base_dir name assess } { exp_continue } - -re {^gatekeeper\[[0-9]+\]: \(Test\) \[(?:AA|RP)\]\ + -re {^gatekeeper\[[0-9]+\]: \(Test\) \[(?:AA|EX|RP)\]\ DEBUG: [^ ]+ size is [[:digit:]]+} { # from verify_keyring, upon entry # also from check_files, twice, upon entry exp_continue } - -re {^gatekeeper\[[0-9]+\]: \(Test\) \[(?:AA|RP)\]\ + -re {^gatekeeper\[[0-9]+\]: \(Test\) \[(?:AA|EX|RP)\]\ DEBUG: gpgv command line: [^\r\n]+} { # from verify_keyring, tracing gpgv call exp_continue } - -re {^gatekeeper\[[0-9]+\]: \(Test\) \[(?:AA|RP)\]\ + -re {^gatekeeper\[[0-9]+\]: \(Test\) \[(?:AA|EX|RP)\]\ gpgv exited ([[:digit:]]+)} { # from verify_keyring, when closing pipe from gpgv set A(gpgv,exitcode,$expect_out(1,string)) 1 -- 2.25.1