From 9738d15196598af065a326afd21c8f01e7b940b5 Mon Sep 17 00:00:00 2001
From: Jacob Bachmeyer <jcb@gnu.org>
Date: Mon, 31 Oct 2022 23:51:35 -0500
Subject: [PATCH] Add processing phase tag "EX" for execution phase

---
 gatekeeper.pl                |  5 ++-
 testsuite/lib/gatekeeper.exp | 59 +++++++++++++++++++-----------------
 2 files changed, 35 insertions(+), 29 deletions(-)

diff --git a/gatekeeper.pl b/gatekeeper.pl
index 63339fa..6dce906 100755
--- a/gatekeeper.pl
+++ b/gatekeeper.pl
@@ -2102,6 +2102,8 @@ An exception is thrown if any of the checks fail.
 
 =cut
 
+# TODO: this is currently invoked during EX phase; should be moved to VL
+#	phase and signature check factored out to AA phase
 sub check_files {
   my $directory = shift;
   my $header = shift;
@@ -2456,10 +2458,11 @@ foreach my $packet (@packets) {	# each list element is an array reference
 
     check_replay($oplist, $sig_info->{sig_creation});
 
+    local $Phase = 'EX';
     # do the work
     execute_commands($oplist);
 
-    local $Phase = 'RP';	# temporary;    TODO:  move to after eval {}
+    $Phase = 'RP';	# temporary;    TODO:  move to after eval {}
     # report success
     if (!$directive_only) {
       success_upload($sig_file, $upload_file, $directive_file);
diff --git a/testsuite/lib/gatekeeper.exp b/testsuite/lib/gatekeeper.exp
index f997f50..dc6370a 100644
--- a/testsuite/lib/gatekeeper.exp
+++ b/testsuite/lib/gatekeeper.exp
@@ -486,13 +486,13 @@ proc analyze_log { base_dir name assess } {
 		     # running time for the generate-ftpindex tool
 		 }
 
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\) \[EX\]\
 		 [^ ]+ does not exist - can not archive} {
 		     # from archive, when target does not exist
 		     set A(action,archive-failure,not-found) 1
 		     exp_continue
 		 }
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\) \[EX\]\
 		 archived [^ ]+ to [^\r\n]+} {
 		     # from archive, upon success
 		     set A(action,archive-item) 1
@@ -501,7 +501,7 @@ proc analyze_log { base_dir name assess } {
 		     exp_continue
 		 }
 
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\) \[EX\]\
 		 added symlink [^ ]+ pointing to [^\r\n]+} {
 		     # from execute_commands, creating a symlink
 		     set A(action,make-symlink) 1
@@ -509,7 +509,7 @@ proc analyze_log { base_dir name assess } {
 		     # include a file name relative to the test base
 		     exp_continue
 		 }
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\) \[EX\]\
 		 creation of symlink [^ ]+ to [^ ]+ in [^ ]+ failed[^\r\n]+} {
 		     # from execute_commands, when the symlink builtin fails
 		     set A(action,make-symlink-failure) 1
@@ -517,14 +517,14 @@ proc analyze_log { base_dir name assess } {
 		     # include a file name relative to the test base
 		     exp_continue
 		 }
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\) \[EX\]\
 		 refusing to remove a non-symlink file} {
 		     # from execute_commands, when an item to be removed is
 		     # not a symlink after all
 		     set A(action,rm-symlink-failure,not-link) 1
 		     exp_continue
 		 }
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\) \[EX\]\
 		 removed symlink [^\r\n]+} {
 		     # from execute_commands, removing a symlink
 		     set A(action,rm-symlink) 1
@@ -606,7 +606,7 @@ proc analyze_log { base_dir name assess } {
 		     exp_continue
 		 }
 
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\)(?: \[(?:AA|EX)\])?\
 		 DEBUG: found keyring [^\r\n]+} {
 		     # from keyring_file, while searching for keyrings
 		     exp_continue
@@ -770,24 +770,24 @@ proc analyze_log { base_dir name assess } {
 		     exp_continue
 		 }
 
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\)(?: \[(?:AA|EX)\])?\
 		 DEBUG: [^ ]+ size is [[:digit:]]+} {
 		     # from verify_keyring, upon entry
 		     # also from check_files, twice, upon entry
 		     exp_continue
 		 }
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\)(?: \[(?:AA|EX)\])?\
 		 DEBUG: gpgv command line: [^\r\n]+} {
 		     # from verify_keyring, tracing gpgv call
 		     exp_continue
 		 }
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\)(?: \[(?:AA|EX)\])?\
 		 gpgv exited ([[:digit:]]+)} {
 		     # from verify_keyring, when closing pipe from gpgv
 		     set A(gpgv,exitcode,$expect_out(1,string)) 1
 		     exp_continue
 		 }
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\)(?: \[(?:AA|EX)\])?\
 		 verified against ([^\r\n]+)} {
 		     # from verify_keyring, upon success
 		     exp_continue
@@ -795,107 +795,110 @@ proc analyze_log { base_dir name assess } {
 		     # is likely to be removed when gpgv is given multiple
 		     # keyrings instead of being run repeatedly
 		 }
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\)(?: \[(?:AA|EX)\])?\
 		 gpg verify of directive file failed} {
 		     # from verify_keyring, when no keys match
 		     set A(gpgv,directive-verify-failed) 1
 		     exp_continue
 		 }
 
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\) \[EX\]\
 		 gpg verify of upload file [(]([^)]+)\) failed} {
 		     # from check_files, when no keys match
 		     set A(gpgv,upload-verify-failed) 1
 		     set A(gpgv,upload-verify-failed,$expect_out(1,string)) 1
 		     exp_continue
 		 }
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\) \[EX\]\
 		 DEBUG: tested negative for CVE-[^\r\n]+} {
 		     # from check_files, when checks for known issues pass
 		     exp_continue
 		     # tests are not sensitive to this message because it
 		     # is likely to be revised as part of other refactoring
 		 }
+	# TODO: move check_files to VL phase and factor out signature check
+	#	to AA phase
 
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\) \[EX\]\
 		 DEBUG: testing .+ for presence of Makefile.in} {
 		     # from check_vulnerabilities via check_files
 		     set A(exploit-check,check-Makefile.in) 1
 		     exp_continue
 		 }
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\) \[EX\]\
 		 DEBUG: found Makefile.in, testing for [^\r\n]+} {
 		     # from check_vulnerabilities via check_files
 		     set A(exploit-check,found-Makefile.in) 1
 		     exp_continue
 		 }
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\) \[EX\]\
 		 file rejected: [^()]+\((CVE-[0-9-]+)\)[^\r\n]+} {
 		     # from check_vulnerabilities via check_files
 		     set A(exploit-check-fail,$expect_out(1,string)) 1
 		     exp_continue
 		 }
+	# TODO:  move CVE checks to VL phase
 
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\) \[EX\]\
 		 This signature file exists: [^\r\n]+} {
 		     # from install_files, if target exists and replace not set
 		     set A(install,target-signature-exists) 1
 		     exp_continue
 		 }
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\) \[EX\]\
 		 This file exists: [^\r\n]+} {
 		     # from install_files, if target exists and replace not set
 		     set A(install,target-file-exists) 1
 		     exp_continue
 		 }
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\) \[EX\]\
 		 archived and overwrote [^\r\n]+} {
 		     # from install_files, if target signature replaced
 		     set A(install,target-signature-replaced) 1
 		     exp_continue
 		 }
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\) \[EX\]\
 		 overwrote [^\r\n]+} {
 		     # from install_files, if target replaced
 		     set A(install,target-file-replaced) 1
 		     exp_continue
 		 }
 
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\)(?: \[..\])?\
 		 \(in [^()]+\) [^\r\n]+} {
 		     # from fatal, just before calling ftp_die which exits
 		     exp_continue
 		 }
 
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)(?: \[RP\])?\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\)(?: \[(?:RP|EX)\])?\
 		 No uploader e-mail address\(es\) to report this error to!} {
 		     # from mail, when no email address is provided
 		     set A(mail,no-known-address) 1
 		     exp_continue
 		 }
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)(?: \[RP\])?\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\)(?: \[(?:RP|EX)\])?\
 		 NOMAIL is set - not sending email to [^\r\n]+} {
 		     # from mail, when mail is inhibited
 		     set A(mail,inhibited) 1
 		     exp_continue
 		 }
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)(?: \[RP\])?\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\)(?: \[(?:RP|EX)\])?\
 		 Sending email to [^\r\n]+} {
 		     # from mail, recording address list
 		     set A(mail,addresses) 1
 		     exp_continue
 		 }
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)(?: \[RP\])?\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\)(?: \[(?:RP|EX)\])?\
 		 Subject: [^\r\n]+} {
 		     # from mail, outgoing Subject line
 		     exp_continue
 		 }
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)(?: \[RP\])?\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\)(?: \[(?:RP|EX)\])?\
 		 Error uploading package: [^\r\n]+} {
 		     # from mail, when a generic failure is reported
 		     exp_continue
 		 }
-	-re {^gatekeeper\[[0-9]+\]: \(Test\)(?: \[RP\])?\
+	-re {^gatekeeper\[[0-9]+\]: \(Test\)(?: \[(?:RP|EX)\])?\
 		 Body: [^\r\n]+} {
 		     # from mail, recording outgoing message body
 		     exp_continue
-- 
2.25.1