diff options
author | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2020-11-20 16:54:49 -0500 |
---|---|---|
committer | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2020-11-20 16:54:49 -0500 |
commit | 379d1d8a7c64f89282eb80edd3da1ba09d50c3f5 (patch) | |
tree | 1d20ec2ba1e692ed11ef1da243530d82ebad0e34 /b4 | |
parent | dd711f894fed036d1e1ffbc52c89a68530cde988 (diff) | |
download | b4-379d1d8a7c64f89282eb80edd3da1ba09d50c3f5.tar.gz |
Add attestation-check-dkim config option
Make it possible to turn off dkim verification entirely, but leave other
attestation modes enabled.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Diffstat (limited to 'b4')
-rw-r--r-- | b4/__init__.py | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/b4/__init__.py b/b4/__init__.py index ac0e85c..e916feb 100644 --- a/b4/__init__.py +++ b/b4/__init__.py @@ -104,9 +104,8 @@ DEFAULT_CONFIG = { 'attestation-uid-match': 'loose', # How many days before we consider attestation too old? 'attestation-staleness-days': '30', - # NB! This whole behaviour will change once public-inbox - # gains support for cross-list searches - 'attestation-query-url': LOREADDR + '/signatures/', + # Should we check DKIM signatures if we don't find any other attestation? + 'attestation-check-dkim': 'yes', # We'll use the default gnupg homedir, unless you set it here 'attestation-gnupghome': None, # Do you like simple or fancy checkmarks? @@ -573,9 +572,9 @@ class LoreSeries: for trailer, attmode in set(attdata): logger.info(' %s %s', attmode, trailer) return mbx - elif not can_dkim_verify: + elif not can_dkim_verify and config.get('attestation-check-dkim') == 'yes': logger.info(' ---') - logger.info(' NOTE: install dkimpy for DKIM signature attestation.') + logger.info(' NOTE: install dkimpy for DKIM signature verification') errors = set(atterrors) for attdoc in ATTESTATIONS: @@ -1806,8 +1805,9 @@ class LoreAttestation: hhdr = msg.get(HDR_PATCH_HASHES) if hhdr is None: # Do we have a dkim signature header? - if msg.get('DKIM-Signature'): - if can_dkim_verify: + if can_dkim_verify and msg.get('DKIM-Signature'): + config = get_main_config() + if config.get('attestation-check-dkim') == 'yes': self.lsig = LoreAttestationSignatureDKIM(msg) if self.lsig.passing: self.passing = True |