From e340a263f9a41b02cfaf82fe8a5368b589853842 Mon Sep 17 00:00:00 2001 From: Jacob Bachmeyer Date: Thu, 6 Oct 2022 22:33:34 -0500 Subject: [PATCH] Revise syslog initialization in gatekeeper script This reflects the renaming of the script and moves the syslog details to one place nearer the top of the file. The "ndelay" option could be added to the openlog call, but would be redundant, as the script immediately logs its own startup. --- gatekeeper.pl | 11 +-- testsuite/lib/gatekeeper.exp | 138 +++++++++++++++++------------------ 2 files changed, 75 insertions(+), 74 deletions(-) diff --git a/gatekeeper.pl b/gatekeeper.pl index d7983ca..40b13e4 100755 --- a/gatekeeper.pl +++ b/gatekeeper.pl @@ -312,14 +312,15 @@ my $serials_path = "/home/gatekpr/etc/upload-ftp-serials.txt"; my $email_always = 'ftp-upload-script@gnu.org'; # e.g., ftp-upload@gnu.org # syslog destination -my $facility = "LOCAL5"; +use constant SYSLOG_APP_IDENT => 'gatekeeper'; +use constant SYSLOG_FACILITY => 'LOCAL5'; if (IN_TEST_MODE) { # override the above for testing # override file paths to our testcase environment { # Again, the test environment is trusted, but we still run in taint mode. $ENV{TEST_BASE_DIR} =~ m/^([[:graph:] ]+$)/ && -d $1 - or die "ftp-upload: test mode: TEST_BASE_DIR not valid"; + or die "gatekeeper: test mode: TEST_BASE_DIR not valid"; my $base = $1; # untainted $package_config_base = File::Spec->catdir($base, 'packages'); @@ -346,11 +347,11 @@ if (IN_TEST_MODE) { # override the above for testing close $gpgv; } # verify configuration for mock smtpd - die "ftp-upload: test mode: TEST_SMTP_PORT not valid" + die "gatekeeper: test mode: TEST_SMTP_PORT not valid" unless $ENV{TEST_SMTP_PORT} && $ENV{TEST_SMTP_PORT} =~ m/^(\d+)$/; $ENV{TEST_SMTP_PORT} = $1; # untaint the test SMTP port number # verify configuration for mock syslog - die "ftp-upload: test mode: TEST_SYSLOG_SOCKET not valid" + die "gatekeeper: test mode: TEST_SYSLOG_SOCKET not valid" unless $ENV{TEST_SYSLOG_SOCKET} && -S $ENV{TEST_SYSLOG_SOCKET} && -w _; # override log message tag $log_style = 'Test'; @@ -374,7 +375,7 @@ if (IN_TEST_MODE) { -S $1 or die "test syslog socket is not a socket"; setlogsock(unix => $1); } -openlog("ftp-upload", 'pid', $facility); +openlog(SYSLOG_APP_IDENT, 'pid', SYSLOG_FACILITY); ftp_syslog('info', "($log_style) Beginning upload processing run."); # make sure our directories all exist, or it's hopeless. diff --git a/testsuite/lib/gatekeeper.exp b/testsuite/lib/gatekeeper.exp index 6086ced..1d0ab0b 100644 --- a/testsuite/lib/gatekeeper.exp +++ b/testsuite/lib/gatekeeper.exp @@ -450,25 +450,25 @@ proc analyze_log { base_dir name assess } { -re {^minlogd\[[0-9]+\]: begin logging} { exp_continue } -re {^minlogd\[[0-9]+\]: shutting down} { exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ Beginning upload processing run.} { # from main script, upon opening syslog channel set A(start) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ found directive: ([^\r\n]+)} { # from main script, top of file processing loop set A(found,$expect_out(1,string)) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ No files found for processing.} { # from main script, exiting when nothing was done set A(nowork) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ Processing complete: ([[:digit:]]+) uploads processed.} { # from main script, exiting after processing directives set A(workdone) 1 @@ -476,7 +476,7 @@ proc analyze_log { base_dir name assess } { # set both to allow tests to check or ignore the number exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ Updated ftpindex} { # from main script, exiting after processing directives exp_continue @@ -485,13 +485,13 @@ proc analyze_log { base_dir name assess } { # running time for the generate-ftpindex tool } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ [^ ]+ does not exist - can not archive} { # from archive, when target does not exist set A(action,archive-failure,not-found) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ archived [^ ]+ to [^\r\n]+} { # from archive, upon success set A(action,archive-item) 1 @@ -500,7 +500,7 @@ proc analyze_log { base_dir name assess } { exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ added symlink [^ ]+ pointing to [^\r\n]+} { # from execute_commands, creating a symlink set A(action,make-symlink) 1 @@ -508,7 +508,7 @@ proc analyze_log { base_dir name assess } { # include a file name relative to the test base exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ creation of symlink [^ ]+ to [^ ]+ in [^ ]+ failed[^\r\n]+} { # from execute_commands, when the symlink builtin fails set A(action,make-symlink-failure) 1 @@ -516,14 +516,14 @@ proc analyze_log { base_dir name assess } { # include a file name relative to the test base exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ refusing to remove a non-symlink file} { # from execute_commands, when an item to be removed is # not a symlink after all set A(action,rm-symlink-failure,not-link) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ removed symlink [^\r\n]+} { # from execute_commands, removing a symlink set A(action,rm-symlink) 1 @@ -532,49 +532,49 @@ proc analyze_log { base_dir name assess } { exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ DEBUG: uploaded file to check: ([^\r\n]+)} { # from scan_incoming readdir loop set A(scan,$expect_out(1,string)) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ DEBUG: lsof command line: [^\r\n]*} { # from scan_incoming, tracing lsof call exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ DEBUG: lsof output: [^\r\n]*} { # from scan_incoming, tracing lsof output exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ DEBUG: upload in progress for ([^,]+),\ ignoring during this run} { # from scan_incoming, when lsof reports file still open set A(open,$expect_out(1,string)) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ DEBUG: ([^ ]+) has[^,]+, skipping} { # from scan_incoming, when recent mtime excludes a file set A(recent,$expect_out(1,string)) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ DEBUG: considering ([^ ]+) for processing.} { # from scan_incoming, top of triplet checking loop set A(consider,$expect_out(1,string)) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ processing [[]([^]]+)\]} { # from scan_incoming, when a triplet is found set A(found-triplet) 1 set A(found-triplet,$expect_out(1,string)) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ Found directive file with filename directive \(([^ ]+)\),\ but no accompanying files.\ Ignoring directive file in this run.} { @@ -582,38 +582,38 @@ proc analyze_log { base_dir name assess } { set A(skip-loose,$expect_out(1,string)) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ directive file \(([^ ]+)\) larger than[^\r\n]+} { # from scan_incoming, on finding an oversize directive set A(oversize-directive,$expect_out(1,string)) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ The directive file [^ ]+ is larger than[^\r\n]+} { # from scan_incoming, on finding an oversize directive # already noted above; both messages are produced exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ signature file \(([^ ]+)\) larger than[^\r\n]+} { # from scan_incoming, on finding an oversize signature set A(oversize-signature,$expect_out(1,string)) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ The signature file [^ ]+ is larger than[^\r\n]+} { # from scan_incoming, on finding an oversize signature # already noted above; both messages are produced exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ DEBUG: found keyring [^\r\n]+} { # from keyring_file, while searching for keyrings exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ The directory line should start with the name of the package\ for which you are trying to upload a file[^\r\n]+} { # from email_addresses, when the list cannot be opened @@ -622,69 +622,69 @@ proc analyze_log { base_dir name assess } { } # TODO: This should be validate,package-no-email instead. - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ invalid directory[^\r\n]+} { # from parse_directory_line, when the pattern match fails set A(validate,bad-directory) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ ([0-9]+) slashes is too many, in [^\r\n]+} { # from parse_directory_line, when the directory is too deep set A(validate,bad-directory-depth) 1 set A(validate,bad-directory-depth,$expect_out(1,string)) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ Only one directory directive is allowed per [^\r\n]+} { # from parse_directory_line, if directory repeated set A(validate,bad-directory-repeat) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ invalid directive 'replace', not supported[^\r\n]+} { # from read_directive_file, if replace used in v1.1 set A(validate,bad-replace-flag) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ no directory directive specified in [^\r\n]+} { # from read_directive_file, if no directory key found set A(validate,no-directory-given) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ nothing to do - no commands in directive file} { # from read_directive_file, if no action specified set A(validate,no-op) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ not running in legacy v1 mode} { # from read_directive_file, after determining mode # TODO: will be removed with other v1 compatibility code exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ invalid version [0-9.]+, not supported} { # from read_directive_file, if unsupported version set A(validate,bad-version) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ invalid version [^\r\n]+} { # from read_directive_file, if unparsable version set A(validate,bad-version) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ invalid second version ([^,]+), have ([^\r\n]+)} { # from read_directive_file, if version repeated set A(validate,bad-version-repeat) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ no version directive specified in ([^\r\n]+)} { # from read_directive_file, if no version given # This was valid in v1 but v1 is now obsolete. @@ -692,32 +692,32 @@ proc analyze_log { base_dir name assess } { set A(validate,no-version,$expect_out(1,string)) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ invalid filename [^\r\n]+} { # from read_directive_file, if filename is bogus set A(validate,bad-filename) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ Only one filename directive is allowed per [^\r\n]+} { # from read_directive_file, if filename repeated set A(validate,bad-filename-repeat) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ invalid parameters for ([^ ]+) command[^\r\n]+} { # from read_directive_file, when most commands have # unrecognized or invalid parameters set A(validate,bad-parameter,$expect_out(1,string)) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ Invalid directive line:[^\r\n]+} { # from read_directive_file, if a line is unrecognized set A(validate,bad-directive-line) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ no filename directive specified in ([^\r\n]+)[.]\ Upgrade to the latest version![^\r\n]+} { # from read_directive_file, if no filename given @@ -726,63 +726,63 @@ proc analyze_log { base_dir name assess } { set A(validate,no-filename,$expect_out(1,string)) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ no configuration directory for package ([^\r\n]+)} { # from read_directive_file, if package config not found set A(validate,package-no-config) 1 exp_continue } # TODO: validate,package-no-config should be unknown-package - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ no keyring for package ([^\r\n]+)} { # from read_directive_file, if package keyring not found set A(validate,package-no-keys) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ The filename directive does not match name of the\ uploaded file.[^\r\n]+} { # from read_directive_file, on name mismatch set A(validate,filename-mismatch) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ filename [^\r\n]+ does not match name of directive[^\r\n]+} { # from read_directive_file, on name mismatch set A(validate,filename-mismatch-directive) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ DEBUG: Signature made [^\r\n]+} { # from read_directive_file, reporting signature timestamp set A(validate,signature-timestamp) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ GPG signed upload from the future - not allowed[^\r\n]+} { # from read_directive_file, if signature timestamp bad set A(validate,future-signature-timestamp) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ DEBUG: [^ ]+ size is [[:digit:]]+} { # from verify_keyring, upon entry # also from check_files, twice, upon entry exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ DEBUG: gpgv command line: [^\r\n]+} { # from verify_keyring, tracing gpgv call exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ gpgv exited ([[:digit:]]+)} { # from verify_keyring, when closing pipe from gpgv set A(gpgv,exitcode,$expect_out(1,string)) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ verified against ([^\r\n]+)} { # from verify_keyring, upon success exp_continue @@ -790,21 +790,21 @@ proc analyze_log { base_dir name assess } { # is likely to be removed when gpgv is given multiple # keyrings instead of being run repeatedly } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ gpg verify of directive file failed} { # from verify_keyring, when no keys match set A(gpgv,directive-verify-failed) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ gpg verify of upload file [(]([^)]+)\) failed} { # from check_files, when no keys match set A(gpgv,upload-verify-failed) 1 set A(gpgv,upload-verify-failed,$expect_out(1,string)) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ DEBUG: tested negative for CVE-[^\r\n]+} { # from check_files, when checks for known issues pass exp_continue @@ -812,91 +812,91 @@ proc analyze_log { base_dir name assess } { # is likely to be revised as part of other refactoring } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ DEBUG: testing .+ for presence of Makefile.in} { # from check_vulnerabilities via check_files set A(exploit-check,check-Makefile.in) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ DEBUG: found Makefile.in, testing for [^\r\n]+} { # from check_vulnerabilities via check_files set A(exploit-check,found-Makefile.in) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ file rejected: [^()]+\((CVE-[0-9-]+)\)[^\r\n]+} { # from check_vulnerabilities via check_files set A(exploit-check-fail,$expect_out(1,string)) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ This signature file exists: [^\r\n]+} { # from install_files, if target exists and replace not set set A(install,target-signature-exists) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ This file exists: [^\r\n]+} { # from install_files, if target exists and replace not set set A(install,target-file-exists) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ archived and overwrote [^\r\n]+} { # from install_files, if target signature replaced set A(install,target-signature-replaced) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ overwrote [^\r\n]+} { # from install_files, if target replaced set A(install,target-file-replaced) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ \(in [^()]+\) [^\r\n]+} { # from fatal, just before calling ftp_die which exits exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ No uploader e-mail address\(es\) to report this error to!} { # from mail, when no email address is provided set A(mail,no-known-address) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ NOMAIL is set - not sending email to [^\r\n]+} { # from mail, when mail is inhibited set A(mail,inhibited) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ Sending email to [^\r\n]+} { # from mail, recording address list set A(mail,addresses) 1 exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ Subject: [^\r\n]+} { # from mail, outgoing Subject line exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ Error uploading package: [^\r\n]+} { # from mail, when a generic failure is reported exp_continue } - -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + -re {^gatekeeper\[[0-9]+\]: \(Test\)\ Body: [^\r\n]+} { # from mail, recording outgoing message body exp_continue } } -# -re {^ftp-upload\[[0-9]+\]: \(Test\)\ +# -re {^gatekeeper\[[0-9]+\]: \(Test\)\ # } { # exp_continue # } -- 2.25.1