Age | Commit message (Collapse) | Author |
|
If we clean the to/cc headers to get rid of all unicode escaping, we run
into a Python bug that is unable to properly parse addresses, e.g.:
In [5]: from email import utils
In [6]: utils.getaddresses(['foo <foo@bar.com>'])
Out[6]: [('foo', 'foo@bar.com')]
In [7]: utils.getaddresses(['Shuming [范書銘] <shumingf@realtek.com>'])
Out[7]:
[('', 'Shuming'),
('', ''),
('', '范書銘'),
('', ''),
('', 'shumingf@realtek.com')]
If we store the headers as-is from the original message, we are less
likely to run into this bug, as all non-ascii sequences should be
qp-escaped in the original headers:
=?big5?B?U2h1bWluZyBbrVOu0bvKXQ==?= <shumingf@realtek.com>
This doesn't fix the underlying bug in Python, but works around it.
Reported-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Minor bugfixes.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Public-inbox emits mboxrd, but Python only understands mboxo, so we need
to convert from mboxrd to mboxo before passing the retrieved results to
mailbox.mbox.
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://lore.kernel.org/r/CAHk-=whRm2sKHeY-YQqxEJF=d9fGhnU2ajJs9i7CKC4feuPMTA@mail.gmail.com
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
The reason alsa-devel DKIM verification is failing is because the
List-Archive header is included in the hashed value. This header is
added by public-inbox to all messages retrieved via the API, so try
ejecting those headers and retrying verification.
Link: https://public-inbox.org/meta/20201210202145.7agtcmrtl5jec42d@chatter.i7.local
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
We only need to check against the list of known non-person trailers if
we're looking at follow-up messages. Any trailers we see in the actual
commit messages can be taken at their face value.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Looks like BugLink: is a trailer used by Intel.
Reported-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Using the stable branch for hotfixes to 0.6.y, which I expect will be a
few.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Something I should have found out before I tagged 0.6.0.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
I think it's time to unleash this on the wider audience.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
dkim.verify will only try the topmost DKIM-Signature header, so in case
of a failure, pop the failed header and retry with the next one (if
any).
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
PyCharm is warning that the list item can be None, but we already check
for that, so silence the warning.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
If the message with a follow-up trailer did not include a DKIM
signature, we didn't show it in the report for added trailers (we were
still adding it to the resulting message).
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Some subjects are still too long and hit FS file length limits. Since
they are supposed to be human-friendly anyway, limit them by 100
characters.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
We're no longer returning here, so we need to flip our logic around.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Patches created with quilt will have no indexes, so git patch-id is
refusing to generate a hash for them (somehow, though why?). At any
rate, don't give up on attesting these patches even without the git's
patch-id.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Since we now include the message object into the followup-trailer list
(for DKIM verification purposes), we no longer auto-dedupe duplicate
trailers. Add some extra logic to handle that.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
If we don't have dnspython, then we don't have _resolver. Make sure it
exists and check if it's not None before looking for hasattr.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Make sure we always create a Date: header, and that we're not crashing
when we try to parse a message without a Date: header.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
When passing a local mbox, don't assume that it is going to contain a
strict thread already -- it can be just a local mailbox via something
like mbsync. This grabs actual thread from the mailbox before looking at
individual messages.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
We may have 3 or 4 members in the array, so don't expect always 3.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
When displaying follow-up trailers, also indicate their DKIM status.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
There doesn't seem to be much rhyme or reason for why an address would
be in "To" or "Cc", so use both headers when finding Cc: trailer
recipients.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
By request, add ability to copy all addresses from the email's "Cc"
header into Cc: trailers, unless they are already mentioned in some
other trailer.
Requested-by: Arnaldo Carvalho de Melo <acme@kernel.org>
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
If we're processing a full https URL to the message, then unquote the
message ID before we use it.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Don't use self.expected, but actual array length when preparing
attestation report.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Don't display failures if there are no attestations available.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Multiple fixes for error messages displayed in softfail and hardfail
modes.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
If we don't find a resolve() method in dnspython, just let dkimpy do its
own lookups.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Only works for x-patch-sig style attestation, as doing DKIM attestation
requires that we unignore all headers, which just junks up the view.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
If we find an older dnspython < 2.0, don't crash but let dkim figure out
how it wants to look up TXT records on its own.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Some DKIM keys may not list v=DKIM1.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Make it possible to turn off dkim verification entirely, but leave other
attestation modes enabled.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
We moved pgp sig verification code around, so fix it for the invocation
in b4 pr.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
We're still spending too much time in dns lookups, even though they are
supposed to be cached.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Now that vger is doing a much better job preserving DKIM signatures, it
makes sense to teach b4 to check those. It's still failing for most
mailman lists, but those are fewer than vger sources.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Don't attempt a len() on an object that may be None. This happens when
there are patches prepared with a tool like quilt that don't include
indexes.
Reported-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Use r'' strings uniformly to avoid needing to escape backslashes.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
b4 tries to handle subject lines such as "[PATCHvX]" by replacing
the subject line in situ, but seems to do a rather bad job of it,
resulting in only the first patch of the series being picked up.
Fetching <20201026134931.28246-1-mark.rutland@arm.com> does exhibit
the problem.
Fixing the re.sub() expression allows normal funtionalities to be
restored, and the above series to be fetched.
Fixes: 6bf644f14b3f ("Deal with [PATCHvX] subject")
Signed-off-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Don't crash on incomplete threads when trying to carry over previous
trailers.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
We need to fix all legacy encodings before we pass an email to
git-mailinfo. Additionally, even if that fails, don't crash on a missing
attestation.
Reported-by: Greg Kroah-Hartman <greg@kroah.com>
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
The new attestation code did away with attid, but we still use it for
tracking unchanged patches between series.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Link is a non-person trailer, so should be recognized as such. Cc is a
person-trailer but we always expected that to include <> surrounding the
address, which is not correct in all cases.
Reported-by: Greg Kroah-Hartman <greg@kroah.com>
Reported-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Rewrite attestation to implement in-header hashing and signing. For now,
just implementing mode=pgp, but other modes are coming next.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Handle several corner cases when trying to cherrypick from incomplete
series.
Reported-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Still seeing false-positives for personal follow-up trailers, so tighten
a regex a bit further to make sure we don't match bogus content.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
The combined routine was too broad for parsing follow-up messages, so
this tightens it to avoid too many false positive matches.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
A common request is to support trailers that contain extra data in the
following format:
Reviewed-by: D. Eveloper <d.eveloper@example.com>
[for the code in foo.h]
This should do the right thing now, and moves trailer searching into one
place instead of being reimplemented twice.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Fixes sloppy-trailers.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|