From 62d43bf4ab770f22c295f3a54c3bedd36f64253a Mon Sep 17 00:00:00 2001 From: Jacob Bachmeyer Date: Wed, 26 Oct 2022 19:29:13 -0500 Subject: [PATCH] Revise timestamp check to use new operation list --- gatekeeper.pl | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/gatekeeper.pl b/gatekeeper.pl index 42f142d..b50a07f 100755 --- a/gatekeeper.pl +++ b/gatekeeper.pl @@ -1939,12 +1939,11 @@ sub read_directive_file { fatal("gpg verify of directive file failed",1,'',2); } - # Now check that the timestamp of signing for the directive is not older - # than the one for the last file that was uploaded - # This is only relevant when a 'filename' directive is present, hence the - # test of the $filename_required variable. - if (defined $result->{sig_creation} - && (exists($info{filename}))) { + # If a file is to be installed, ensure that this directive is newer than + # the any previous directive installing a file under the same full name. + if (grep $_->[0] eq 'install', @$ops) { + fatal("gpg verification problem: could not extract timestamp",1) + unless defined $result->{sig_creation}; ftp_syslog('debug', "DEBUG: Signature made " .strftime('%a %b %d %H:%M:%S %Y %Z', @@ -1960,12 +1959,12 @@ sub read_directive_file { ."change the filename for your triplet.",1); } - my $full_filename = $info{"directory"} . '/' . $uploaded_file; - $full_filename =~ s/\/\//\//g; # Just in case... - advance_timestamp_ratchet($full_filename, $result->{sig_creation}); - } elsif (exists($info{filename})) { - fatal("gpg verification problem: could not extract timestamp",1); + foreach my $installed (map $_->[1], grep $_->[0] eq 'install', @$ops) { + my $full_filename = File::Spec::Unix->catfile($op_header->{directory}, + $installed); + advance_timestamp_ratchet($full_filename, $result->{sig_creation}); + } } return $ops; -- 2.25.1