From 89aa8e47b69c31872f7f85c6281a0662037b0b46 Mon Sep 17 00:00:00 2001
From: Jacob Bachmeyer <jcb@gnu.org>
Date: Thu, 3 Nov 2022 15:13:46 -0500
Subject: [PATCH] Add structured exception for directive replay

---
 gatekeeper.pl                | 28 ++++++++++++++++++++--------
 testsuite/lib/gatekeeper.exp |  2 +-
 2 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/gatekeeper.pl b/gatekeeper.pl
index f864731..f25e9b4 100755
--- a/gatekeeper.pl
+++ b/gatekeeper.pl
@@ -565,6 +565,22 @@ BEGIN {
     { return join("\n", map join(': ', @$_), @{(shift)->{trace}})."\n" }
 }
 
+{
+  package Local::Exception::signature_replay;
+  {our @ISA = qw(Local::Exception)}
+
+  sub summary { return 'directive signature timestamp older than expected' }
+
+  sub message { my $M = <<'END'; return join(' ', split /\n/, $M); }
+GPG signed upload older than/same timestamp as existing version - not
+allowed. In other words, the filenames for the triplet you have uploaded
+are an exact match for a triplet that has been uploaded in the past, and
+the directive file that you just uploaded has been signed before or at the
+same time as the directive file for the triplet that was uploaded earlier.
+Most likely, you are re-uploading an old triplet.
+END
+}
+
 {
   package Local::Exception::unknown_package;
   {our @ISA = qw(Local::Exception)}
@@ -1941,13 +1957,8 @@ sub advance_timestamp_ratchet {
   if (exists($serials{$full_filename})
       && ($serials{$full_filename} >= $new_epoch)) {
     flock(SERIALS,4);		# Release lock
-    fatal("GPG signed upload older than/same timestamp as existing version "
-	  ."- not allowed. In other words, the filenames for the triplet "
-	  ."you have uploaded are an exact match for a triplet that has "
-	  ."been uploaded in the past, and the directive file that you "
-	  ."just uploaded has been signed before or at the same time as "
-	  ."the directive file for the triplet that was uploaded earlier. "
-	  ."Most likely, you are re-uploading an old triplet.",1);
+    throw signature_replay =>
+      previous_timestamp => $old_epoch, new_timestamp => $new_epoch
   }
 
   $serials{$full_filename} = $new_epoch;
@@ -2609,7 +2620,8 @@ foreach my $packet (@packets) {	# each list element is an array reference
 	mail(join("\n",$E->summary,'',$E->trace_msg),1);
       } elsif ($E->type_p('package_configuration')) {
 	mail($E->summary,0);
-      } elsif ($E->type_p('unknown_package')) {
+      } elsif ($E->type_p('signature_replay')
+	       || $E->type_p('unknown_package')) {
 	mail($E->message,1);
       }
     } else {
diff --git a/testsuite/lib/gatekeeper.exp b/testsuite/lib/gatekeeper.exp
index 7700028..41dbc2a 100644
--- a/testsuite/lib/gatekeeper.exp
+++ b/testsuite/lib/gatekeeper.exp
@@ -761,7 +761,7 @@ proc analyze_log { base_dir name assess } {
 		     exp_continue
 		 }
 	-re {^gatekeeper\[[0-9]+\]: \(Test\) \[AA\]\
-		 GPG signed upload older than/same timestamp[^\r\n]+} {
+		 directive signature timestamp older than expected} {
 		     # from read_directive_file, if signature timestamp bad
 		     set A(validate,older-signature-timestamp) 1
 		     exp_continue
-- 
2.25.1