diff options
author | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2020-11-23 14:52:45 -0500 |
---|---|---|
committer | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2020-11-23 14:52:45 -0500 |
commit | 02725469d7236e116662f5d863a9f34d5a3c616a (patch) | |
tree | 550784e70924e9abfcebed668d901b054fb99651 | |
parent | 1c8579d0ee4684a1e60f8c92abaf8d2c6df2bd36 (diff) | |
download | b4-02725469d7236e116662f5d863a9f34d5a3c616a.tar.gz |
Fix softfail/hardfail messages
Multiple fixes for error messages displayed in softfail and hardfail
modes.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
-rw-r--r-- | b4/__init__.py | 33 | ||||
-rw-r--r-- | b4/attest.py | 33 |
2 files changed, 41 insertions, 25 deletions
diff --git a/b4/__init__.py b/b4/__init__.py index e50c8e3..2069e81 100644 --- a/b4/__init__.py +++ b/b4/__init__.py @@ -540,12 +540,15 @@ class LoreSeries: if attpolicy in ('softfail', 'hardfail'): logger.info(' %s %s', attfail, lmsg.full_subject) failed = list() - if not latt.pv: - failed.append('patch content') - if not latt.pm: - failed.append('commit message') - if not latt.pi: - failed.append('patch metadata') + if latt and latt.lsig and latt.lsig.attestor and latt.lsig.attestor.mode == 'domain': + failed.append(latt.lsig.attestor.get_trailer()) + else: + if not latt.pv: + failed.append('patch content') + if not latt.mv: + failed.append('commit message') + if not latt.iv: + failed.append('patch metadata') atterrors.append('Patch %s/%s failed attestation (%s)' % (at, lmsg.expected, ', '.join(failed))) else: @@ -1473,8 +1476,10 @@ class LoreAttestorDKIM(LoreAttestor): self.mode = 'domain' super().__init__(keyid) - def get_trailer(self, fromaddr): # noqa - return 'DKIM/%s (From: %s)' % (self.keyid, fromaddr) + def get_trailer(self, fromaddr=None): # noqa + if fromaddr: + return 'DKIM/%s (From: %s)' % (self.keyid, fromaddr) + return 'DKIM/%s' % self.keyid class LoreAttestorPGP(LoreAttestor): @@ -1636,6 +1641,9 @@ class LoreAttestationSignatureDKIM(LoreAttestationSignature): # self.native_verify() # return + dks = self.msg.get('dkim-signature') + ddata = get_parts_from_header(dks) + self.attestor = LoreAttestorDKIM(ddata['d']) # Do we have a resolve method? if hasattr(_resolver, 'resolve'): res = dkim.verify(self.msg.as_bytes(), dnsfunc=dkim_get_txt) @@ -1647,9 +1655,6 @@ class LoreAttestationSignatureDKIM(LoreAttestationSignature): self.good = True # Grab toplevel signature that we just verified - dks = self.msg.get('dkim-signature') - ddata = get_parts_from_header(dks) - self.attestor = LoreAttestorDKIM(ddata['d']) self.valid = True self.trusted = True self.passing = True @@ -1763,10 +1768,8 @@ class LoreAttestationSignaturePGP(LoreAttestationSignature): if self.good and self.valid and self.trusted: self.passing = True - - # A couple of final verifications - self.verify_time_drift() - # XXX: Need to verify identity domain + self.verify_time_drift() + # XXX: Need to verify identity domain class LoreAttestation: diff --git a/b4/attest.py b/b4/attest.py index 8ae939e..d7fbc27 100644 --- a/b4/attest.py +++ b/b4/attest.py @@ -114,23 +114,36 @@ def mutt_filter() -> None: if inb.find(b'X-Patch-Sig:') < 0: sys.stdout.buffer.write(inb) return + msg = email.message_from_bytes(inb) try: - msg = email.message_from_bytes(inb) if msg.get('x-patch-sig'): lmsg = b4.LoreMessage(msg) lmsg.load_hashes() latt = lmsg.attestation - if latt and latt.validate(msg): - trailer = latt.lsig.attestor.get_trailer(lmsg.fromemail) - msg.add_header('Attested-By', trailer) - # Delete the x-patch-hashes and x-patch-sig headers so - # they don't boggle up the view - for i in reversed(range(len(msg._headers))): # noqa - hdrName = msg._headers[i][0].lower() # noqa - if hdrName in ('x-patch-hashes', 'x-patch-sig'): - del msg._headers[i] # noqa + if latt: + if latt.validate(msg): + trailer = latt.lsig.attestor.get_trailer(lmsg.fromemail) + msg.add_header('Attested-By', trailer) + elif latt.lsig: + if not latt.lsig.errors: + failed = list() + if not latt.pv: + failed.append('patch content') + if not latt.mv: + failed.append('commit message') + if not latt.iv: + failed.append('patch metadata') + latt.lsig.errors.add('signature failed (%s)' % ', '.join(failed)) + msg.add_header('Attestation-Failed', ', '.join(latt.lsig.errors)) + # Delete the x-patch-hashes and x-patch-sig headers so + # they don't boggle up the view + for i in reversed(range(len(msg._headers))): # noqa + hdrName = msg._headers[i][0].lower() # noqa + if hdrName in ('x-patch-hashes', 'x-patch-sig'): + del msg._headers[i] # noqa except: # noqa # Don't prevent email from being displayed even if we died horribly sys.stdout.buffer.write(inb) return + sys.stdout.buffer.write(msg.as_bytes(policy=b4.emlpolicy)) |