From 2bda47f8e9db4d5e46191f415d7c455255696740 Mon Sep 17 00:00:00 2001
From: Jacob Bachmeyer <jcb@gnu.org>
Date: Tue, 18 Oct 2022 22:54:29 -0500
Subject: [PATCH] Rearrange validation checks in read_directive_file

This also resolves a TODO item in the testsuite.
---
 gatekeeper.pl                           | 24 ++++++++++++------------
 testsuite/gatekeeper.all/03_triplet.exp |  4 +---
 2 files changed, 13 insertions(+), 15 deletions(-)

diff --git a/gatekeeper.pl b/gatekeeper.pl
index f95372c..c30f7a8 100755
--- a/gatekeeper.pl
+++ b/gatekeeper.pl
@@ -1507,6 +1507,10 @@ sub read_directive_file {
     debug($directive_file_contents, '') if DEBUG;
   }
 
+  # They have to specify a version
+  fatal("no version directive specified in $directive_file",1)
+    unless defined $op_header->{version};
+
   # They have to specify a directory directive.
   unless ($op_header->{directory}) {
     # Send the warning to the upload-ftp script maintainer, and the person who
@@ -1515,6 +1519,14 @@ sub read_directive_file {
     fatal("no directory directive specified in $directive_file",1);
   }
 
+  # Configuration must exist for the package
+  -d $package_config_base . '/' . $op_header->{package}
+    or fatal("no configuration directory for package $op_header->{package}",0);
+
+  # Check that we have a keyring for this package:
+  my @keyrings = keyring_file ($op_header->{package},$op_header->{directory});
+  fatal("no keyring for package $op_header->{package}",0) if ($#keyrings < 0);
+
   # If there is a command in the directive that doesn't require an actual
   # file to work on, we won't require the filename line in the directive
   # file. This will allow people to upload a directive file only to
@@ -1554,14 +1566,6 @@ sub read_directive_file {
     $filename_required = 0;
   }
 
-  # Configuration must exist for the package
-  -d $package_config_base . '/' . $op_header->{package}
-    or fatal("no configuration directory for package $op_header->{package}",0);
-
-  # Check that we have a keyring for this package:
-  my @keyrings = keyring_file ($op_header->{package},$op_header->{directory});
-  fatal("no keyring for package $info{package}",0) if ($#keyrings < 0);
-
   if ($filename_required) {
     # Ben Pfaff <blp@cs.stanford.edu> wrote:
     # First, "gpg -b" doesn't verify that the filename of the signed
@@ -1586,10 +1590,6 @@ sub read_directive_file {
       if ($directive_file ne "$info{filename}{value}.directive.asc");
   }
 
-  # They have to specify a version
-  fatal("no version directive specified in $directive_file",1)
-    unless defined $op_header->{version};
-
   my $retval = verify_keyring($directive_file,$directive_file_contents,
 			      @keyrings);
 
diff --git a/testsuite/gatekeeper.all/03_triplet.exp b/testsuite/gatekeeper.all/03_triplet.exp
index e55980c..3f5715b 100644
--- a/testsuite/gatekeeper.all/03_triplet.exp
+++ b/testsuite/gatekeeper.all/03_triplet.exp
@@ -684,14 +684,12 @@ check_triplet "obsolete: v1.0 format directive" setup {
 	found,foo.bin.directive.asc "found directive in triplet"
 	found-packet,foo.bin.directive.asc:foo.bin.sig:foo.bin \
 	    "found triplet"
-	validate,no-filename "directive file lacking version rejected"
+	validate,no-version "directive file lacking version rejected"
     } email-to {
 	ftp-upload-script@gnu.org foo@example.gnu.org
 	ftp-upload-report@gnu.org foo@example.org foo@example.net
     }
 }
-# TODO:  The above "validate,no-filename" should be "validate,no-version"
-#	 but the script currently does not check these in the proper order.
 
 check_triplet "bogus: duplicated version key" setup {
     packages {
-- 
2.25.1