Add attestation checks for b4 pr

We now use similar subroutines for checking signatures on FETCH_HEAD as
we do for patch attestation, making it a convenient operation during the
fetch stage:

$ b4 pr 202003292114.2252CAEF7@keescook
Looking up https://lore.kernel.org/r/202003292114.2252CAEF7@keescook
Grabbing thread from lore.kernel.org
Looking at: [GIT PULL] seccomp updates for v5.7-rc1
  Fetching https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-v5.7-rc1
  ---
  [✓] Attestation-by: Kees Cook <keescook@chromium.org> (pgp: 8972F4DFDC6DC026)
---
Successfully fetched into FETCH_HEAD

Hopefully, I didn't introduce too many bugs into patch attestation,
since I had to rewrite the backend a bit to work for both native git
operations and patch attestation calls.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>

1 files changed, 1 insertions, 1 deletions

diff --git a/b4/attest.py b/b4/attest.py
index 35c062b..5f9a2b4 100644
--- a/b4/attest.py
+++ b/b4/attest.py
@@ -161,7 +161,7 @@ def verify_attestation(cmdargs):
         if ecode != 128:
             ecode = 0
         logger.critical('%s %s', attpass, lmsg.full_subject)
-        attrailers.add(attdoc.attestor.get_trailer(lmsg.fromemail))
+        attrailers.add(attdoc.lsig.attestor.get_trailer(lmsg.fromemail))
 
     logger.critical('---')
     if ecode > 0: