From 85755f3f3f96f8d7ba8cdf1ac724a112c6ea78cb Mon Sep 17 00:00:00 2001 From: Jacob Bachmeyer Date: Thu, 16 Mar 2023 23:20:00 -0500 Subject: [PATCH] Align actual behavior with stated intent Any directive with a valid signature from any known key should be sent to the public archive; the internal archive catches the rest that could include abusive messages from anonymous parties. Previously, the code could only reliably recognize a valid signature if the directive syntax is valid. The testsuite is adjusted accordingly. --- gatekeeper.pl | 11 ++-- testsuite/gatekeeper.all/01_loose.exp | 36 ++++++------- testsuite/gatekeeper.all/03_triplet.exp | 67 +++++++++++++------------ 3 files changed, 58 insertions(+), 56 deletions(-) diff --git a/gatekeeper.pl b/gatekeeper.pl index 514bb97..9b650f7 100755 --- a/gatekeeper.pl +++ b/gatekeeper.pl @@ -3056,18 +3056,15 @@ foreach my $packet (@packets) { # each list element is an array reference } } - if (($oplist && $have_any_directive_signature) - || (defined $dsig_info - && $dsig_info->{exitcode} == 0 - && !defined $dsig_info->{TILT}) ) { - # The directive was signed with a known key and syntactically valid. + if ($have_any_directive_signature) { + # The directive was signed with a known key. # Send it to the public archive list. report_upload_to_archive($directive_text, defined $op_header->{package} ? $op_header->{package} : ''); } else { - # The directive was either syntactically invalid or not signed with - # any known key. Send it only to the internal inbox. + # The directive was not signed with any known key. To reduce abuse, + # send it only to the internal inbox. mail $directive_text, subject => 'debug: directive file contents' if $directive_text && DEBUG; } diff --git a/testsuite/gatekeeper.all/01_loose.exp b/testsuite/gatekeeper.all/01_loose.exp index 26d1c38..d6d54c5 100644 --- a/testsuite/gatekeeper.all/01_loose.exp +++ b/testsuite/gatekeeper.all/01_loose.exp @@ -170,7 +170,7 @@ check_loose_directive "bogus: signed with no directory specified" { } log { validate,no-directory-given "directive rejected: no directory specified" } email-to { - ftp-upload-script@gnu.org + ftp-upload-script@gnu.org ftp-upload-report@gnu.org foo@example.gnu.org } @@ -205,7 +205,7 @@ check_loose_directive "bogus: signed with wrong key and directory repeated" { } log { validate,bad-directory-repeat "duplicate directory rejected" } email-to { - ftp-upload-script@gnu.org + ftp-upload-script@gnu.org ftp-upload-report@gnu.org foo@example.gnu.org } @@ -223,7 +223,7 @@ check_loose_directive "bogus: signed with wrong key and directory ambiguous" { } log { validate,bad-directory-repeat "ambiguous directory rejected" } email-to { - ftp-upload-script@gnu.org + ftp-upload-script@gnu.org ftp-upload-report@gnu.org foo@example.gnu.org } @@ -240,7 +240,7 @@ check_loose_directive "bogus: signed with wrong key and too deep" { } log { validate,bad-directory-depth "excessively deep directory rejected" } email-to { - ftp-upload-script@gnu.org + ftp-upload-script@gnu.org ftp-upload-report@gnu.org } check_loose_directive "bogus: signed for bogus package" { @@ -365,7 +365,7 @@ check_loose_directive "error: create symlink using /../ in name" { validate,bad-parameter,symlink \ "symlink using /../ in name rejected" } email-to { - ftp-upload-script@gnu.org + ftp-upload-script@gnu.org ftp-upload-report@gnu.org foo@example.org foo@example.gnu.org foo@example.net } @@ -385,7 +385,7 @@ check_loose_directive "error: create symlink using /../ in target" { validate,bad-parameter,symlink \ "symlink using /../ in target rejected" } email-to { - ftp-upload-script@gnu.org + ftp-upload-script@gnu.org ftp-upload-report@gnu.org foo@example.org foo@example.gnu.org foo@example.net } @@ -404,7 +404,7 @@ check_loose_directive "error: create symlink with bogus name" { } log { validate,bad-parameter,symlink "bogus symlink name rejected" } email-to { - ftp-upload-script@gnu.org + ftp-upload-script@gnu.org ftp-upload-report@gnu.org foo@example.org foo@example.gnu.org foo@example.net } @@ -423,7 +423,7 @@ check_loose_directive "error: create symlink with bogus target" { } log { validate,bad-parameter,symlink "bogus symlink target rejected" } email-to { - ftp-upload-script@gnu.org + ftp-upload-script@gnu.org ftp-upload-report@gnu.org foo@example.org foo@example.gnu.org foo@example.net } @@ -442,7 +442,7 @@ check_loose_directive "error: create symlink with absolute name" { } log { validate,bad-parameter,symlink "absolute symlink name rejected" } email-to { - ftp-upload-script@gnu.org + ftp-upload-script@gnu.org ftp-upload-report@gnu.org foo@example.org foo@example.gnu.org foo@example.net } @@ -461,7 +461,7 @@ check_loose_directive "error: create symlink with absolute target" { } log { validate,bad-parameter,symlink "absolute symlink target rejected" } email-to { - ftp-upload-script@gnu.org + ftp-upload-script@gnu.org ftp-upload-report@gnu.org foo@example.org foo@example.gnu.org foo@example.net } @@ -480,7 +480,7 @@ check_loose_directive "error: create symlink with only one parameter" { } log { validate,bad-parameter,symlink "bogus symlink command rejected" } email-to { - ftp-upload-script@gnu.org + ftp-upload-script@gnu.org ftp-upload-report@gnu.org foo@example.org foo@example.gnu.org foo@example.net } @@ -499,7 +499,7 @@ check_loose_directive "error: create symlink with too many parameters" { } log { validate,bad-parameter,symlink "bogus symlink command rejected" } email-to { - ftp-upload-script@gnu.org + ftp-upload-script@gnu.org ftp-upload-report@gnu.org foo@example.org foo@example.gnu.org foo@example.net } @@ -566,7 +566,7 @@ check_loose_directive "error: remove symlink using /../" { validate,bad-parameter,rmsymlink \ "rmsymlink command using /../ rejected" } email-to { - ftp-upload-script@gnu.org + ftp-upload-script@gnu.org ftp-upload-report@gnu.org foo@example.org foo@example.gnu.org foo@example.net } @@ -586,7 +586,7 @@ check_loose_directive "error: remove symlink with bogus name" { validate,bad-parameter,rmsymlink \ "rmsymlink command with bogus filename rejected" } email-to { - ftp-upload-script@gnu.org + ftp-upload-script@gnu.org ftp-upload-report@gnu.org foo@example.org foo@example.gnu.org foo@example.net } @@ -609,7 +609,7 @@ check_loose_directive "error: remove symlink with absolute name" { validate,bad-parameter,rmsymlink \ "rmsymlink command with absolute filename rejected" } email-to { - ftp-upload-script@gnu.org + ftp-upload-script@gnu.org ftp-upload-report@gnu.org foo@example.org foo@example.gnu.org foo@example.net } @@ -629,7 +629,7 @@ check_loose_directive "error: remove symlink with too many parameters" { validate,bad-parameter,rmsymlink \ "rmsymlink command with excess parameters rejected" } email-to { - ftp-upload-script@gnu.org + ftp-upload-script@gnu.org ftp-upload-report@gnu.org foo@example.org foo@example.gnu.org foo@example.net } @@ -809,7 +809,7 @@ check_loose_directive "error: archive bogus name" { validate,bad-parameter,archive \ "archive command with bogus filename rejected" } email-to { - ftp-upload-script@gnu.org + ftp-upload-script@gnu.org ftp-upload-report@gnu.org foo@example.org foo@example.gnu.org foo@example.net } @@ -832,7 +832,7 @@ check_loose_directive "error: archive name using /../" { validate,bad-parameter,archive \ "archive command containing /../ rejected" } email-to { - ftp-upload-script@gnu.org + ftp-upload-script@gnu.org ftp-upload-report@gnu.org foo@example.org foo@example.gnu.org foo@example.net } diff --git a/testsuite/gatekeeper.all/03_triplet.exp b/testsuite/gatekeeper.all/03_triplet.exp index 9eaefc5..2eaa756 100644 --- a/testsuite/gatekeeper.all/03_triplet.exp +++ b/testsuite/gatekeeper.all/03_triplet.exp @@ -256,7 +256,8 @@ check_triplet "bogus: empty directive" setup { found-packet,foo.bin.directive.asc:foo.bin.sig:foo.bin \ "found triplet" } email-to { - ftp-upload-script@gnu.org foo@example.gnu.org + ftp-upload-script@gnu.org ftp-upload-report@gnu.org + foo@example.gnu.org } } @@ -290,8 +291,8 @@ check_triplet "bogus: directive with unknown key" setup { "found triplet" validate,bad-directive-line "bogus directive line detected" } email-to { - ftp-upload-script@gnu.org foo@example.gnu.org - foo@example.org foo@example.net + ftp-upload-script@gnu.org ftp-upload-report@gnu.org + foo@example.gnu.org foo@example.org foo@example.net } } @@ -658,8 +659,8 @@ check_triplet "bogus: version field not a number" setup { "found triplet" validate,bad-version "invalid version rejected" } email-to { - ftp-upload-script@gnu.org foo@example.gnu.org - foo@example.org foo@example.net + ftp-upload-script@gnu.org ftp-upload-report@gnu.org + foo@example.gnu.org foo@example.org foo@example.net } } @@ -692,8 +693,8 @@ check_triplet "bogus: invalid v1.0 format directive" setup { "found triplet" validate,bad-version "invalid version rejected" } email-to { - ftp-upload-script@gnu.org foo@example.gnu.org - foo@example.org foo@example.net + ftp-upload-script@gnu.org ftp-upload-report@gnu.org + foo@example.gnu.org foo@example.org foo@example.net } } @@ -724,8 +725,8 @@ check_triplet "obsolete: v1.0 format directive" setup { "found triplet" validate,no-version "directive file lacking version rejected" } email-to { - ftp-upload-script@gnu.org foo@example.gnu.org - foo@example.org foo@example.net + ftp-upload-script@gnu.org ftp-upload-report@gnu.org + foo@example.gnu.org foo@example.org foo@example.net } } @@ -759,8 +760,8 @@ check_triplet "bogus: duplicated version key" setup { "found triplet" validate,bad-version-repeat "version key repeated" } email-to { - ftp-upload-script@gnu.org foo@example.gnu.org - foo@example.org foo@example.net + ftp-upload-script@gnu.org ftp-upload-report@gnu.org + foo@example.gnu.org foo@example.org foo@example.net } } @@ -794,8 +795,8 @@ check_triplet "bogus: ambiguous version declaration" setup { "found triplet" validate,bad-version-repeat "version key repeated" } email-to { - ftp-upload-script@gnu.org foo@example.gnu.org - foo@example.org foo@example.net + ftp-upload-script@gnu.org ftp-upload-report@gnu.org + foo@example.gnu.org foo@example.org foo@example.net } } @@ -866,8 +867,8 @@ foreach FVER $DIRECTIVE_FORMAT_VERSIONS { validate,bad-filename \ "directive file with bogus filename rejected" } email-to { - ftp-upload-script@gnu.org foo@example.gnu.org - foo@example.org foo@example.net + ftp-upload-script@gnu.org ftp-upload-report@gnu.org + foo@example.gnu.org foo@example.org foo@example.net } } @@ -902,8 +903,8 @@ foreach FVER $DIRECTIVE_FORMAT_VERSIONS { validate,bad-filename-repeat \ "directive file with repeated filename rejected" } email-to { - ftp-upload-script@gnu.org foo@example.gnu.org - foo@example.org foo@example.net + ftp-upload-script@gnu.org ftp-upload-report@gnu.org + foo@example.gnu.org foo@example.org foo@example.net } } @@ -938,8 +939,8 @@ foreach FVER $DIRECTIVE_FORMAT_VERSIONS { validate,bad-filename-repeat \ "directive file with ambiguous filename rejected" } email-to { - ftp-upload-script@gnu.org foo@example.gnu.org - foo@example.org foo@example.net + ftp-upload-script@gnu.org ftp-upload-report@gnu.org + foo@example.gnu.org foo@example.org foo@example.net } } @@ -1007,7 +1008,8 @@ foreach FVER $DIRECTIVE_FORMAT_VERSIONS { validate,no-directory-given \ "directive file with no directory key rejected" } email-to { - ftp-upload-script@gnu.org foo@example.gnu.org + ftp-upload-script@gnu.org ftp-upload-report@gnu.org + foo@example.gnu.org } } @@ -1041,7 +1043,8 @@ foreach FVER $DIRECTIVE_FORMAT_VERSIONS { validate,bad-directory \ "directive file with empty directory key rejected" } email-to { - ftp-upload-script@gnu.org foo@example.gnu.org + ftp-upload-script@gnu.org ftp-upload-report@gnu.org + foo@example.gnu.org } } @@ -1085,7 +1088,8 @@ foreach FVER $DIRECTIVE_FORMAT_VERSIONS { validate,bad-directory \ "directive file with invalid directory $BDIR rejected" } email-to { - ftp-upload-script@gnu.org foo@example.gnu.org + ftp-upload-script@gnu.org ftp-upload-report@gnu.org + foo@example.gnu.org } }] } @@ -1121,7 +1125,8 @@ foreach FVER $DIRECTIVE_FORMAT_VERSIONS { validate,bad-directory-depth \ "directive file with excessively deep directory rejected" } email-to { - ftp-upload-script@gnu.org foo@example.gnu.org + ftp-upload-script@gnu.org ftp-upload-report@gnu.org + foo@example.gnu.org } } @@ -1157,8 +1162,8 @@ foreach FVER $DIRECTIVE_FORMAT_VERSIONS { validate,bad-directory-repeat \ "directive file with repeated directory key rejected" } email-to { - ftp-upload-script@gnu.org foo@example.gnu.org - foo@example.org foo@example.net + ftp-upload-script@gnu.org ftp-upload-report@gnu.org + foo@example.gnu.org foo@example.org foo@example.net } } @@ -1194,8 +1199,8 @@ foreach FVER $DIRECTIVE_FORMAT_VERSIONS { validate,bad-directory-repeat \ "directive file with ambiguous directory key rejected" } email-to { - ftp-upload-script@gnu.org foo@example.gnu.org - foo@example.org foo@example.net + ftp-upload-script@gnu.org ftp-upload-report@gnu.org + foo@example.gnu.org foo@example.org foo@example.net } } @@ -1478,8 +1483,8 @@ check_triplet "bogus: v1.1 format directive to replace file" setup { validate,bad-replace-flag \ "replace flag rejected in v1.1" } email-to { - ftp-upload-script@gnu.org foo@example.gnu.org - foo@example.org foo@example.net + ftp-upload-script@gnu.org ftp-upload-report@gnu.org + foo@example.gnu.org foo@example.org foo@example.net } } @@ -1559,8 +1564,8 @@ check_triplet "bogus: v1.2 format directive with bogus replace value" setup { validate,bad-parameter,replace \ "invalid replace flag value rejected" } email-to { - ftp-upload-script@gnu.org foo@example.gnu.org - foo@example.org foo@example.net + ftp-upload-script@gnu.org ftp-upload-report@gnu.org + foo@example.gnu.org foo@example.org foo@example.net } } -- 2.25.1