Age | Commit message (Collapse) | Author |
|
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Something I should have found out before I tagged 0.6.0.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
I think it's time to unleash this on the wider audience.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
dkim.verify will only try the topmost DKIM-Signature header, so in case
of a failure, pop the failed header and retry with the next one (if
any).
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
PyCharm is warning that the list item can be None, but we already check
for that, so silence the warning.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
If the message with a follow-up trailer did not include a DKIM
signature, we didn't show it in the report for added trailers (we were
still adding it to the resulting message).
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Some subjects are still too long and hit FS file length limits. Since
they are supposed to be human-friendly anyway, limit them by 100
characters.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
I didn't like it as a separate header, so move it back into the
X-Patch-Hashes header, but only add it if it's present.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
We're no longer returning here, so we need to flip our logic around.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Patches created with quilt will have no indexes, so git patch-id is
refusing to generate a hash for them (somehow, though why?). At any
rate, don't give up on attesting these patches even without the git's
patch-id.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Since we now include the message object into the followup-trailer list
(for DKIM verification purposes), we no longer auto-dedupe duplicate
trailers. Add some extra logic to handle that.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
If we don't have dnspython, then we don't have _resolver. Make sure it
exists and check if it's not None before looking for hasattr.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
When I changed auto_locate_series to return the exact patch number in
addition to the matching commit_id, I introduced an off-by-one that
caused all tracked series to start matching.
Reported-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Make sure we always create a Date: header, and that we're not crashing
when we try to parse a message without a Date: header.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Now that we always create a strict-threaded file, always clean it up
after we are done.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
When passing a local mbox, don't assume that it is going to contain a
strict thread already -- it can be just a local mailbox via something
like mbsync. This grabs actual thread from the mailbox before looking at
individual messages.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
We may have 3 or 4 members in the array, so don't expect always 3.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
When displaying follow-up trailers, also indicate their DKIM status.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Don't forget to increment where we are when doing "continue".
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
There doesn't seem to be much rhyme or reason for why an address would
be in "To" or "Cc", so use both headers when finding Cc: trailer
recipients.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
By request, add ability to copy all addresses from the email's "Cc"
header into Cc: trailers, unless they are already mentioned in some
other trailer.
Requested-by: Arnaldo Carvalho de Melo <acme@kernel.org>
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Now that we do our best to track incomplete series, don't crash when we
come across one.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Record patch counters when we start tracking series so we properly
indicate in the thank-you note which ones got applied. Additionally,
indicate in the subject when we're reporting on a subset of a larger
series.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
If we're processing a full https URL to the message, then unquote the
message ID before we use it.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Don't use self.expected, but actual array length when preparing
attestation report.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Don't display failures if there are no attestations available.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
We shouldn't be using the From: field, as it will not necessarily match
the identity of the person submitting attestation.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Multiple fixes for error messages displayed in softfail and hardfail
modes.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Don't attempt to parse the email if we don't find the x-patch-sig
header.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
If we don't find a resolve() method in dnspython, just let dkimpy do its
own lookups.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Only works for x-patch-sig style attestation, as doing DKIM attestation
requires that we unignore all headers, which just junks up the view.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
If we find an older dnspython < 2.0, don't crash but let dkim figure out
how it wants to look up TXT records on its own.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Some DKIM keys may not list v=DKIM1.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Make it possible to turn off dkim verification entirely, but leave other
attestation modes enabled.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
We've moved some constant declarations around, so fix the code to look
for them in the right places.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
We moved pgp sig verification code around, so fix it for the invocation
in b4 pr.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
We're still spending too much time in dns lookups, even though they are
supposed to be cached.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Now that vger is doing a much better job preserving DKIM signatures, it
makes sense to teach b4 to check those. It's still failing for most
mailman lists, but those are fewer than vger sources.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
We're only doing this as part of b4 am now, so remove the obsolete
attverify command.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Don't attempt a len() on an object that may be None. This happens when
there are patches prepared with a tool like quilt that don't include
indexes.
Reported-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Use r'' strings uniformly to avoid needing to escape backslashes.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
b4 tries to handle subject lines such as "[PATCHvX]" by replacing
the subject line in situ, but seems to do a rather bad job of it,
resulting in only the first patch of the series being picked up.
Fetching <20201026134931.28246-1-mark.rutland@arm.com> does exhibit
the problem.
Fixing the re.sub() expression allows normal funtionalities to be
restored, and the above series to be fetched.
Fixes: 6bf644f14b3f ("Deal with [PATCHvX] subject")
Signed-off-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Don't crash on incomplete threads when trying to carry over previous
trailers.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
We need to fix all legacy encodings before we pass an email to
git-mailinfo. Additionally, even if that fails, don't crash on a missing
attestation.
Reported-by: Greg Kroah-Hartman <greg@kroah.com>
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
The new attestation code did away with attid, but we still use it for
tracking unchanged patches between series.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Link is a non-person trailer, so should be recognized as such. Cc is a
person-trailer but we always expected that to include <> surrounding the
address, which is not correct in all cases.
Reported-by: Greg Kroah-Hartman <greg@kroah.com>
Reported-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
It seems we don't have much control over what as_bytes() does, so switch
to using as_string(), setting our policy, and making sure that
content-transfer-encoding is set to 8bit.
Reported-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Rewrite attestation to implement in-header hashing and signing. For now,
just implementing mode=pgp, but other modes are coming next.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Handle several corner cases when trying to cherrypick from incomplete
series.
Reported-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Error out when we don't find any patches in an mbox when trying to diff
series.
Reported-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|