summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKonstantin Ryabitsev <konstantin@linuxfoundation.org>2021-05-17 13:54:15 -0400
committerKonstantin Ryabitsev <konstantin@linuxfoundation.org>2021-05-17 13:54:15 -0400
commit9f55eb98f036616f6611c5d605072008d5855356 (patch)
treedef2950fbaeb8f18a628261e53c3f8e8bcda31fc
parentf6f46cd221e35bf80d3b7c24ec4b4d799446399f (diff)
downloadb4-9f55eb98f036616f6611c5d605072008d5855356.tar.gz
Perform mboxo unescaping before DKIM check
Python's mailbox will not automatically remove mboxo escaping, so perform this manually before passing the message to dkim for verification. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
-rw-r--r--b4/__init__.py5
1 files changed, 3 insertions, 2 deletions
diff --git a/b4/__init__.py b/b4/__init__.py
index 1418641..7e4295e 100644
--- a/b4/__init__.py
+++ b/b4/__init__.py
@@ -1011,6 +1011,7 @@ class LoreMessage:
if config['attestation-policy'] == 'off':
return self._attestors
+ logger.debug('Loading attestation: %s', self.full_subject)
if self.msg.get(DEVSIG_HDR):
self._load_patatt_attestors()
if self.msg.get('dkim-signature') and config['attestation-check-dkim'] == 'yes':
@@ -1052,7 +1053,7 @@ class LoreMessage:
signtime = self.date
self.msg._headers.append((hn, hval)) # noqa
- res = dkim.verify(self.msg.as_bytes())
+ res = dkim.verify(self.msg.as_bytes().replace(b'\n>From ', b'\nFrom '))
attestor = LoreAttestorDKIM(res, identity, signtime, errors)
logger.debug('DKIM verify results: %s=%s', identity, res)
@@ -1099,7 +1100,7 @@ class LoreMessage:
checkmark = None
critical = False
for attestor in self.attestors:
- if maxdays and not attestor.check_time_drift(self.date, maxdays):
+ if attestor.passing and maxdays and not attestor.check_time_drift(self.date, maxdays):
logger.debug('The time drift is too much, marking as non-passing')
attestor.passing = False
if not attestor.passing: