diff options
| author | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2021-05-11 15:41:32 -0400 |
|---|---|---|
| committer | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2021-05-11 15:41:32 -0400 |
| commit | cbf792796cdf7124d91f549e8f65f7da8a10d2e7 (patch) | |
| tree | 9270b0fef9c4677f3e3d85b7937974ea485d3b7d /b4/__init__.py | |
| parent | 41f0167aa3eccff64a543d2adae4e9c7be64a7d5 (diff) | |
| download | b4-cbf792796cdf7124d91f549e8f65f7da8a10d2e7.tar.gz | |
Reimplement attestation-staleness-days
Looks like we lost this feature in the rewrite, so reimplement it again.
This commit also removes obsolete configuration options and sets the
default attestation check level at "softfail".
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Diffstat (limited to 'b4/__init__.py')
| -rw-r--r-- | b4/__init__.py | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/b4/__init__.py b/b4/__init__.py index b757780..7d689a0 100644 --- a/b4/__init__.py +++ b/b4/__init__.py @@ -97,12 +97,7 @@ DEFAULT_CONFIG = { # check: print an attaboy when attestation is found # softfail: print a warning when no attestation found # hardfail: exit with an error when no attestation found - 'attestation-policy': 'check', - # "gpg" (whatever gpg is configured to do) or "tofu" to force tofu mode - 'attestation-trust-model': 'gpg', - # strict: must match one of the uids on the key to pass - # loose: any valid and trusted key will be accepted - 'attestation-uid-match': 'loose', + 'attestation-policy': 'softfail', # How many days before we consider attestation too old? 'attestation-staleness-days': '30', # Should we check DKIM signatures if we don't find any other attestation? @@ -499,6 +494,11 @@ class LoreSeries: addmysob = False attpolicy = config['attestation-policy'] + try: + maxdays = int(config['attestation-staleness-days']) + except ValueError: + logger.info('WARNING: attestation-staleness-days must be an int') + maxdays = 0 # Loop through all patches and see if attestation is the same for all of them, # since it usually is @@ -513,7 +513,7 @@ class LoreSeries: attsame = False break - checkmark, trailers, attcrit = lmsg.get_attestation_trailers(attpolicy) + checkmark, trailers, attcrit = lmsg.get_attestation_trailers(attpolicy, maxdays) if attref is None: attref = trailers attmark = checkmark @@ -551,7 +551,7 @@ class LoreSeries: logger.info(' %s', lmsg.full_subject) else: - checkmark, trailers, critical = lmsg.get_attestation_trailers(attpolicy) + checkmark, trailers, critical = lmsg.get_attestation_trailers(attpolicy, maxdays) logger.info(' %s %s', checkmark, lmsg.full_subject) for trailer in trailers: logger.info(' %s', trailer) @@ -1022,11 +1022,14 @@ class LoreMessage: attestor = LoreAttestorPatatt(passing, identity, signtime, keysrc, keyalgo, errors) self._attestors.append(attestor) - def get_attestation_trailers(self, attpolicy: str) -> Tuple[str, list, bool]: + def get_attestation_trailers(self, attpolicy: str, maxdays: int = 0) -> Tuple[str, list, bool]: trailers = list() checkmark = None critical = False for attestor in self.attestors: + if maxdays and not attestor.check_time_drift(self.date, maxdays): + logger.debug('The time drift is too much, marking as non-passing') + attestor.passing = False if not attestor.passing: # Is it a person-trailer for which we have a key? if attestor.level == 'person': @@ -1540,12 +1543,12 @@ class LoreAttestor: return '%s/%s' % (mode, self.identity) - def check_time_drift(self, emldate, maxdays: int = 7) -> bool: + def check_time_drift(self, emldate, maxdays: int = 30) -> bool: if not self.passing or self.signtime is None: return False try: - sigdate = datetime.datetime.utcfromtimestamp(int(self.signtime)) + sigdate = datetime.datetime.utcfromtimestamp(int(self.signtime)).replace(tzinfo=datetime.timezone.utc) except: # noqa self.errors.append('failed parsing signature date: %s' % self.signtime) return False |