From 9a8f93645d0fb2934af6aa5036621965db97d470 Mon Sep 17 00:00:00 2001
From: mutantmonkey <hello@mutantmonkey.mx>
Date: Mon, 19 Aug 2024 20:13:59 -0700
Subject: [PATCH] autosign-receiver: bail out when sig missing

We claimed to bail out, but we weren't. Now we do.
---
 autosign/cmd/autosign-receiver/process.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/autosign/cmd/autosign-receiver/process.go b/autosign/cmd/autosign-receiver/process.go
index d9eb3e1..35643a4 100644
--- a/autosign/cmd/autosign-receiver/process.go
+++ b/autosign/cmd/autosign-receiver/process.go
@@ -74,10 +74,9 @@ func ProcessIncoming(config Config) error {
 			continue
 		}
 
-		// XXX: use fs.Stat(fileSystem, filename + ".sig") here instead?
-		// github.com/jszwec/s3fs implements StatFS
 		if _, err := os.Stat(incomingFilepath + ".sig"); err != nil {
 			log.Printf("Warning: skipping %q because signature was not present", filename)
+			continue
 		}
 
 		// verify attestation