From 416206de50794e12452cec91c7abf0e093f3b4ab Mon Sep 17 00:00:00 2001 From: Jacob Bachmeyer Date: Fri, 7 Oct 2022 18:48:00 -0500 Subject: [PATCH] Refactor log style tag into ftp_syslog This removes references to $log_style at every call site and collects a single reference to the renamed $Log_Style global in the ftp_syslog sub. --- gatekeeper.pl | 129 +++++++++++++++++++++++++------------------------- 1 file changed, 64 insertions(+), 65 deletions(-) diff --git a/gatekeeper.pl b/gatekeeper.pl index 95be15c..9faa5a7 100755 --- a/gatekeeper.pl +++ b/gatekeeper.pl @@ -271,9 +271,9 @@ my $email_blacklist = "/home/gatekpr/etc/email_blacklist"; # List of all package maintainers my $maintainers_bypkg = "/home/gatekpr/etc/maintainers.bypkg"; -my $log_style = 'GNU'; -$log_style = 'Alpha' if ($style eq 'alpha'); -$log_style = 'Distros' if ($style eq 'distros'); +my $Log_Style = 'GNU'; +$Log_Style = 'Alpha' if ($style eq 'alpha'); +$Log_Style = 'Distros' if ($style eq 'distros'); # maintainer e-mail address my $maintainer_email = "ftp-upload-report\@gnu.org"; @@ -325,7 +325,7 @@ if (IN_TEST_MODE) { # override the above for testing die "gatekeeper: test mode: TEST_SYSLOG_SOCKET not valid" unless $ENV{TEST_SYSLOG_SOCKET} && -S $ENV{TEST_SYSLOG_SOCKET} && -w _; # override log message tag - $log_style = 'Test'; + $Log_Style = 'Test'; } else { # in production mode # ensure we are using the real gpgv open my $gpgv,'-|',GPGV_BIN, '--version' @@ -353,6 +353,9 @@ sub ftp_syslog { # Collapse the message to a single line for syslog $message =~ s/[\r\n]+/ \/ /g; + # Prepend the log style tag + $message = "($Log_Style) ".$message; + # The syslog function is pretty picky, and (sometimes) dies silently # when using non-valid syslog priorities. # That's why we run it inside an eval, with errors printed to STDERR, @@ -362,7 +365,7 @@ sub ftp_syslog { } sub ftp_warn($) { - ftp_syslog('warning', "($log_style) " . $_[0]); + ftp_syslog('warning', $_[0]); warn $_[0]; } @@ -370,7 +373,7 @@ sub ftp_die($;$) { my $msg = shift; my $exitcode = shift; $exitcode ||= 1; - ftp_syslog('err', "($log_style) " . $msg); + ftp_syslog('err', $msg); exit $exitcode; } @@ -382,7 +385,7 @@ if (IN_TEST_MODE) { setlogsock(unix => $1); } openlog(SYSLOG_APP_IDENT, 'pid', SYSLOG_FACILITY); -ftp_syslog('info', "($log_style) Beginning upload processing run."); +ftp_syslog('info', "Beginning upload processing run."); # # -- Configuration sanity check @@ -418,7 +421,7 @@ sub keyring_file { my $tmp = $directory; while (1) { if (-e "$package_config_base/$tmp/pubring.gpg") { - ftp_syslog('debug', "($log_style) DEBUG: " + ftp_syslog('debug', "DEBUG: " . "found keyring $package_config_base/$tmp/pubring.gpg") if DEBUG; push(@pubrings,"$package_config_base/$tmp/pubring.gpg"); @@ -523,15 +526,15 @@ sub mail { # Something went wrong, but we can't figure out which package this # upload belongs to. Mention that in the logs, and then mail this to # the script maintainer anyway. - ftp_syslog('info', "($log_style) " - ."No uploader e-mail address(es) to report this error to!"); + ftp_syslog('info', + "No uploader e-mail address(es) to report this error to!"); @email_list = ($email_always); } if (NOMAIL) { - ftp_syslog('info', "($log_style) " - ."NOMAIL is set - not sending email to @email_list"); + ftp_syslog('info', + "NOMAIL is set - not sending email to @email_list"); } else { - ftp_syslog('info', "($log_style) Sending email to @email_list"); + ftp_syslog('info', "Sending email to @email_list"); } my $sender = 'ftp-upload-script@gnu.org'; @@ -545,14 +548,14 @@ sub mail { if (NOMAIL) { if ($subject ne '') { - ftp_syslog('info', "($log_style) Subject: '$subject'"); + ftp_syslog('info', "Subject: '$subject'"); } elsif (defined $info{package}) { - ftp_syslog('info', "($log_style) Subject: $info{package}"); + ftp_syslog('info', "Subject: $info{package}"); } else { - ftp_syslog('warning', "($log_style) Error uploading package: $msg"); - ftp_syslog('info', "($log_style) Subject: generic failure"); + ftp_syslog('warning', "Error uploading package: $msg"); + ftp_syslog('info', "Subject: generic failure"); } - ftp_syslog('info', "($log_style) Body: $msg"); + ftp_syslog('info', "Body: $msg"); } else { my $smtp; if (IN_TEST_MODE) { @@ -578,17 +581,17 @@ sub mail { . "\r\n"); if ($subject ne '') { $smtp->datasend ("Subject: [$m_style gnu-ftp-upload] $subject"); - ftp_syslog('info', "($log_style) Subject: '$subject'"); + ftp_syslog('info', "Subject: '$subject'"); } elsif (defined $info{package}) { $smtp->datasend("Subject: [$m_style gnu-ftp-upload] $info{package}"); - ftp_syslog('info', "($log_style) Subject: $info{package}"); + ftp_syslog('info', "Subject: $info{package}"); } else { $smtp->datasend("Subject: [$m_style gnu-ftp-upload] generic failure"); - ftp_syslog('warning', "($log_style) Error uploading package: $msg"); - ftp_syslog('info', "($log_style) Subject: generic failure"); + ftp_syslog('warning', "Error uploading package: $msg"); + ftp_syslog('info', "Subject: generic failure"); } $smtp->datasend ("\n\n"); - ftp_syslog('info', "($log_style) Body: $msg"); + ftp_syslog('info', "Body: $msg"); # Wrap message at 78 characters, this is e-mail... $Text::Wrap::columns=78; @@ -604,9 +607,8 @@ sub debug { my $package_name = shift; if (NOMAIL) { - ftp_syslog('info', "($log_style) " - ."Subject: [$m_style gnu-ftp-debug] " - ."new upload processed: $package_name\nBody: $msg"); + ftp_syslog('info', "Subject: [$m_style gnu-ftp-debug] " + ."new upload processed: $package_name\nBody: $msg"); } else { my $smtp; if (IN_TEST_MODE) { @@ -655,7 +657,7 @@ sub fatal { mail ($directive_file_contents,0,"debug: directive file contents"); } - ftp_syslog('err', "($log_style) $tainted_msg"); + ftp_syslog('err', "$tainted_msg"); # Don't let them do perl or shell quoting tricks, but show everything # that's definitely harmless. @@ -711,7 +713,7 @@ sub scan_incoming { # Don't look at files with really long names, either. next if length ($ent) > 100; - ftp_syslog('debug', "($log_style) DEBUG: " + ftp_syslog('debug', "DEBUG: " ."uploaded file to check: $ent") if DEBUG; $possible{$ent} = 1; } @@ -745,18 +747,18 @@ sub scan_incoming { # On modern (Debian) systems, condition a) is not met. my @lsof_args = (LSOF_BIN, "-Fn", map { "$incoming_dir/$_" } keys %possible); - ftp_syslog('debug', "($log_style) DEBUG: " + ftp_syslog('debug', "DEBUG: " ."lsof command line: " . join(' ',@lsof_args)) if DEBUG; my $pid = open (LSOF, "-|"); if ($pid) { # parent while (defined (my $line = )) { - ftp_syslog('debug', "($log_style) DEBUG: " . "lsof output: $line") + ftp_syslog('debug', "DEBUG: " . "lsof output: $line") if DEBUG; # only look at the name lines. next unless $line =~ /^n${incoming_dir}\/(.+)$/; - ftp_syslog('debug', "($log_style) DEBUG: " + ftp_syslog('debug', "DEBUG: " ."upload in progress for $1, ignoring during this run") if DEBUG; delete ($possible{$1}) @@ -775,7 +777,7 @@ sub scan_incoming { for my $ent (keys %possible) { my @stat = stat($ent); if ($stat[9] >= time - 120) { - ftp_syslog('debug', "($log_style) DEBUG: " + ftp_syslog('debug', "DEBUG: " ."$ent has been modified in the last 2 minutes, skipping") if DEBUG; delete ($possible{$ent}); @@ -791,7 +793,7 @@ sub scan_incoming { my $directive = "$base.directive.asc"; my $bare_base = $base; $bare_base =~ s/\.directive\.asc$//g; - ftp_syslog('debug', "($log_style) DEBUG: " + ftp_syslog('debug', "DEBUG: " ."considering $ent for processing") if DEBUG; # work on this triple, if all three files exist, and the signature @@ -804,7 +806,7 @@ sub scan_incoming { && (-s "$incoming_dir/$sig" < 50*1024)) { push (@ret, { "directive" => $directive, "sig" => $sig, "upload" => $base, "directive_only" => 0 }); - ftp_syslog('info', "($log_style) processing [$directive:$sig:$base]"); + ftp_syslog('info', "processing [$directive:$sig:$base]"); # Do atomic rename to temp incoming directory before reading # anything, for safety. @@ -841,8 +843,8 @@ sub scan_incoming { # Most likely a race condition. We've found a directive file but # not the accompanying file(s). Just ignore this directive file # for now. - ftp_syslog('info',"($log_style) " - ."Found directive file with filename directive ($base), " + ftp_syslog('info', + "Found directive file with filename directive ($base), " ."but no accompanying files. " ."Ignoring directive file in this run."); } else { @@ -859,14 +861,12 @@ sub scan_incoming { delete $possible{$base}; } elsif ((-f $directive) && ((-s $directive) >= 50*1024)) { rename ("$incoming_dir/$directive", "$incoming_dir/.$directive"); - ftp_syslog('info', "($log_style) " - ."directive file ($directive) larger than 50KB"); + ftp_syslog('info', "directive file ($directive) larger than 50KB"); fatal("The directive file $directive is larger than 50KB. " ."This can not be correct, ignoring upload.",0); } elsif ((-f $sig) && ((-s $sig) >= 50*1024)) { rename ("$incoming_dir/$sig", "$incoming_dir/.$sig"); - ftp_syslog('info', "($log_style) " - ."signature file ($sig) larger than 50KB"); + ftp_syslog('info', "signature file ($sig) larger than 50KB"); fatal("The signature file $sig is larger than 50KB. " ."This can not be correct, ignoring upload.",0); } @@ -941,7 +941,7 @@ sub verify_keyring { my @keyrings = @_; my $directive_file_size = -s $directive_file; - ftp_syslog('debug', "($log_style) DEBUG: " + ftp_syslog('debug', "DEBUG: " ."$directive_file size is $directive_file_size") if DEBUG; foreach (@keyrings) { @@ -955,7 +955,7 @@ sub verify_keyring { ($verify_str) = $verify_str =~ /^(.*)$/; - ftp_syslog('debug',"($log_style) DEBUG: gpgv command line: $verify_str\n") + ftp_syslog('debug',"DEBUG: gpgv command line: $verify_str\n") if (DEBUG > 0); my $retval = ''; open (GPGV, "$verify_str|") @@ -972,7 +972,7 @@ sub verify_keyring { 0,'',2); } elsif ($retval =~ /\n0\n$/s) { # We store the return value of gpgv on the last line of the output - ftp_syslog('info', "($log_style) verified against $_\n"); + ftp_syslog('info', "verified against $_\n"); return $retval; # We got return value 0 from gpgv -> key verified! } else { # gpgv returned an error - most likely just key not found. Ignore, @@ -1192,8 +1192,7 @@ sub read_directive_file { if ($directory_command_only == 0) { fatal("no filename directive specified in $directive_file",1) } else { - ftp_syslog('info',"($log_style) " - ."running in legacy v1 compatibility mode"); + ftp_syslog('info',"running in legacy v1 compatibility mode"); } } elsif (!$V1_COMPAT_ALLOWED) { # This is not allowed - we require a filename directive. No backwards compatibility. @@ -1209,7 +1208,7 @@ sub read_directive_file { } $filename_required = 0; } - ftp_syslog('info',"($log_style) not running in legacy v1 mode") + ftp_syslog('info',"not running in legacy v1 mode") if (!$info{'v1_compat_mode'}); # Configuration must exist for the package @@ -1260,7 +1259,7 @@ sub read_directive_file { if (($retval =~ /Signature made (.*)/) && ($filename_required)) { my $timestr = $1; - ftp_syslog('debug', "($log_style) DEBUG: Signature made $1") if DEBUG; + ftp_syslog('debug', "DEBUG: Signature made $1") if DEBUG; # Some versions of GPG also mention the key used to make the signature # on this line, while others do not. The testing mock does. @@ -1362,7 +1361,7 @@ sub automake_tests { # http://thread.gmane.org/gmane.comp.sysutils.autotools.announce/131 if ($upload_file =~ /\.(tar|)(\.|$)|\.t[bglx]z|\.tbz2$/) { # First check if the file contains any Makefile.in files - push(@debug_log,"($log_style) DEBUG: " + push(@debug_log,"DEBUG: " ."testing $upload_file for presence of Makefile.in") if $debug; my $tar_cmd = "/bin/tar -tf $upload_file"; @@ -1381,7 +1380,7 @@ sub automake_tests { return ($error_string, \@debug_log) if (!$found_makefile); # If it does, check inside them - push(@debug_log,"($log_style) DEBUG: found Makefile.in, " + push(@debug_log,"DEBUG: found Makefile.in, " ."testing for CVE-2009-4029 and CVE-2012-3386") if $debug; $tar_cmd = "/bin/tar --to-stdout -x -f $upload_file 'Makefile.in' " @@ -1448,9 +1447,9 @@ sub check_files { my $sig_file_size = -s $sig_file; my $upload_file_size = -s $upload_file; - ftp_syslog('debug', "($log_style) DEBUG: " + ftp_syslog('debug', "DEBUG: " ."$sig_file size is $sig_file_size") if DEBUG; - ftp_syslog('debug', "($log_style) DEBUG: " + ftp_syslog('debug', "DEBUG: " ."$upload_file size is $upload_file_size") if DEBUG; my @keyrings = keyring_file ($info{package},$info{directory}); @@ -1470,7 +1469,7 @@ sub check_files { or fatal("gpg verify of upload file ($upload_file) failed",1); my ($error_string, $error_log_ref) = - check_vulnerabilities($upload_file,$log_style,DEBUG); + check_vulnerabilities($upload_file,$Log_Style,DEBUG); my @error_log = @$error_log_ref; if (DEBUG and $#error_log > -1) { @@ -1481,7 +1480,7 @@ sub check_files { fatal($error_string,1,'',3) if ($error_string ne ''); - ftp_syslog('debug', "($log_style) DEBUG: " + ftp_syslog('debug', "DEBUG: " ."tested negative for CVE-2009-4029 and CVE-2012-3386") if DEBUG; } @@ -1511,8 +1510,8 @@ sub archive { my @mv_args = ("/bin/mv", "$dir/$file", "$olddestfinal/$subdir/$timestamp"."_$file"); fatal("@mv_args failed",0) if system (@mv_args) != 0; - ftp_syslog('info', "($log_style) " - ."archived $dir/$file to $olddestfinal/$subdir/$timestamp" + ftp_syslog('info', + "archived $dir/$file to $olddestfinal/$subdir/$timestamp" ."_$file"); } @@ -1544,7 +1543,7 @@ sub install_files { ."replace the pair please use the 'replace' directive",1); } else { archive($destdir, $info{directory}, $sig_file); - ftp_syslog('info', "($log_style) archived and overwrote " + ftp_syslog('info', "archived and overwrote " ."$destdir/$sig_file with uploaded version"); $t1 = 1; } @@ -1555,7 +1554,7 @@ sub install_files { ."replace the pair please use the 'replace' directive",1); } else { archive($destdir, $info{directory}, $upload_file); - ftp_syslog('info', "($log_style) overwrote " + ftp_syslog('info', "overwrote " ."$destdir/$upload_file with uploaded version"); $t2 = 1; } @@ -1637,7 +1636,7 @@ sub execute_commands { or fatal("creation of symlink $info{$key}{link} " ."to $target in $destdir failed: $!",1); # go back to current working dir - ftp_syslog('info', "($log_style) added symlink $destdir/" + ftp_syslog('info', "added symlink $destdir/" .$info{$key}{link} . " pointing to $destdir/$target"); chdir($cwd) or fatal("chdir to $cwd failed: $!",1); @@ -1646,7 +1645,7 @@ sub execute_commands { unless -l "$destdir/$1"; unlink("$destdir/$1") or fatal("removal of symlink $1 failed: $!",1); - ftp_syslog('info', "($log_style) removed symlink $destdir/$1"); + ftp_syslog('info', "removed symlink $destdir/$1"); } elsif ($key =~ /^archive-(.*)/) { # We now also allow archiving entire directories archive($destdir, $originfo{directory}, "$1.sig") @@ -1699,7 +1698,7 @@ sub cleanup_dir { $file =~ /^(.*)$/; $file = $1; my $mtime = $tmp[9]; $mtime =~ /^(.*)$/; $mtime = $1; - ftp_syslog('debug',"($log_style) DEBUG: " + ftp_syslog('debug',"DEBUG: " ."Removing $file, older than 24 hours (mtime: $tmp[9])\n") if ((time() > ($tmp[9]+24*3600)) && (DEBUG > 0)); unlink ("$dir/.$file"); # don't worry if it doesn't exist @@ -1711,7 +1710,7 @@ sub cleanup_dir { sub cleanup { for my $dir ($incoming_dir, $incoming_tmp, $desttmp) { for my $f (@_) { - ftp_syslog('debug',"($log_style) DEBUG: cleaning up $dir/$f\n") + ftp_syslog('debug',"DEBUG: cleaning up $dir/$f\n") if (DEBUG > 1); # if we quit early enough, they might not be there. next unless defined $f && -e "$dir/$f"; @@ -1740,7 +1739,7 @@ chdir ($incoming_tmp) or ftp_die("FATAL: chdir($incoming_tmp) failed: $!"); for my $files (@incoming) { # each list element is a hash reference. - ftp_syslog('info',"($log_style) found directive: $files->{directive}\n"); + ftp_syslog('info',"found directive: $files->{directive}\n"); # if we die processing a triplet, the eval allows us to move # onto the next triplet. eval { @@ -1772,13 +1771,13 @@ for my $files (@incoming) { # each list element is a hash reference. undef %info; } if ((scalar @incoming) == 0) { - ftp_syslog('info', "($log_style) No files found for processing."); + ftp_syslog('info', "No files found for processing."); } else { - ftp_syslog('info', "($log_style) Processing complete: " + ftp_syslog('info', "Processing complete: " .(scalar @incoming)." uploads processed."); system("/usr/local/bin/generate-ftpindex") unless IN_TEST_MODE; - ftp_syslog('info', "($log_style) Updated ftpindex"); + ftp_syslog('info', "Updated ftpindex"); } # Clean up the incoming directory and the incoming tmp directory - remove files older than a day -- 2.25.1