Age | Commit message (Collapse) | Author |
|
Move end-to-end attestation code into its own library: patatt. See
https://git.kernel.org/pub/scm/utils/patatt/patatt.git/about/
It is included into b4 as a submodule, but you will need to init it
first:
git submodule update --init
This change significantly simplifies our attestation code, dropping
thousands of lines of rather hairy code. Notably, patatt-style
attestation is incompatible with previous attestation implementations
done directly in b4, but that's just as well -- we've always marked it
as "experimental" and the lack of adoption was proving that we weren't
on the right path.
Next to come is keyring management and documentation.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
I didn't like it as a separate header, so move it back into the
X-Patch-Hashes header, but only add it if it's present.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Patches created with quilt will have no indexes, so git patch-id is
refusing to generate a hash for them (somehow, though why?). At any
rate, don't give up on attesting these patches even without the git's
patch-id.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Don't display failures if there are no attestations available.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
We shouldn't be using the From: field, as it will not necessarily match
the identity of the person submitting attestation.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Multiple fixes for error messages displayed in softfail and hardfail
modes.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Don't attempt to parse the email if we don't find the x-patch-sig
header.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Only works for x-patch-sig style attestation, as doing DKIM attestation
requires that we unignore all headers, which just junks up the view.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
We've moved some constant declarations around, so fix the code to look
for them in the right places.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
We moved pgp sig verification code around, so fix it for the invocation
in b4 pr.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Rewrite attestation to implement in-header hashing and signing. For now,
just implementing mode=pgp, but other modes are coming next.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
We now use similar subroutines for checking signatures on FETCH_HEAD as
we do for patch attestation, making it a convenient operation during the
fetch stage:
$ b4 pr 202003292114.2252CAEF7@keescook
Looking up https://lore.kernel.org/r/202003292114.2252CAEF7@keescook
Grabbing thread from lore.kernel.org
Looking at: [GIT PULL] seccomp updates for v5.7-rc1
Fetching https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-v5.7-rc1
---
[✓] Attestation-by: Kees Cook <keescook@chromium.org> (pgp: 8972F4DFDC6DC026)
---
Successfully fetched into FETCH_HEAD
Hopefully, I didn't introduce too many bugs into patch attestation,
since I had to rewrite the backend a bit to work for both native git
operations and patch attestation calls.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
This is the beginning of a new tool that inherits from get-lore-mbox and
attest-patches.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|