diff options
author | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2020-11-20 16:04:44 -0500 |
---|---|---|
committer | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2020-11-20 16:04:44 -0500 |
commit | ef3e6ea50b1740dcda53ee8dc065611896b3a7db (patch) | |
tree | 3af1a3b92be1149bd7d3d26159ddd71ec758716e /b4/pr.py | |
parent | 48c1995118741eab177cbf47d22647be87a08ea9 (diff) | |
download | b4-ef3e6ea50b1740dcda53ee8dc065611896b3a7db.tar.gz |
Fix signature verification for b4 pr
We moved pgp sig verification code around, so fix it for the invocation
in b4 pr.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Diffstat (limited to 'b4/pr.py')
-rw-r--r-- | b4/pr.py | 14 |
1 files changed, 8 insertions, 6 deletions
@@ -127,27 +127,29 @@ def attest_fetch_head(gitdir, lmsg): ecode, out = b4.git_run_command(gitdir, ['verify-tag', '--raw', 'FETCH_HEAD'], logstderr=True) elif otype == 'commit': ecode, out = b4.git_run_command(gitdir, ['verify-commit', '--raw', 'FETCH_HEAD'], logstderr=True) - lsig = b4.LoreAttestationSignature(out, 'git') - if lsig.good and lsig.valid and lsig.trusted: + + good, valid, trusted, attestor, sigdate, errors = b4.validate_gpg_signature(out, 'pgp') + + if good and valid and trusted: passing = True out = out.strip() if not len(out) and attpolicy != 'check': - lsig.errors.add('Remote %s is not signed!' % otype) + errors.add('Remote %s is not signed!' % otype) if passing: - trailer = lsig.attestor.get_trailer(lmsg.fromemail) + trailer = attestor.get_trailer(lmsg.fromemail) logger.info(' ---') logger.info(' %s %s', attpass, trailer) return - if lsig.errors: + if errors: logger.critical(' ---') if len(out): logger.critical(' Pull request is signed, but verification did not succeed:') else: logger.critical(' Pull request verification did not succeed:') - for error in lsig.errors: + for error in errors: logger.critical(' %s %s', attfail, error) if attpolicy == 'hardfail': |