summaryrefslogtreecommitdiff
path: root/patatt
AgeCommit message (Collapse)Author
2021-06-07Update to latest patatt versionKonstantin Ryabitsev
Fixes "NOKEY" vs. "BADSIG" problem (again). Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2021-06-03Update patatt to 0.4.5Konstantin Ryabitsev
Fixes wrong error message for keys coming from default keyring. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2021-06-02Implement trim_body supportKonstantin Ryabitsev
When a message has a developer signature but is failing the signature check, rerun it again with trim_body. If that passes, we know that the signature is failing due to mailing list junk appended to the bottom of the message. In that case, automatically trim the message body so we have exactly what the developer attested and signed. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2021-05-28Update to newer patatt versionKonstantin Ryabitsev
Fixes public key lookups for uncommitted keys. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2021-05-26Check uids on the key when using default keyringKonstantin Ryabitsev
When the signature is validated using the default keyring, run an additional check on the UIDs and show the discrepancy if the identity used in the X-Developer-Signature header is different from the UIDs we have on the key. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2021-05-25Bump patatt to 0.4.2Konstantin Ryabitsev
This version returns a failure early when body modification is recognized. This is especially useful if we have to shell out to gnupg for validation. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2021-05-21Update patatt to 0.4.1Konstantin Ryabitsev
Minor bugfix release with better error messages for installs without any keys and unconfigured git. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2021-05-21Update patatt submodule to version 0.4.0Konstantin Ryabitsev
Not really necessary, but let's keep them synced across major versions. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2021-05-13Update patatt submodule to 0.3.0Konstantin Ryabitsev
Nothing really different in 0.3.0, just a few cleanups. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2021-05-11Reimplement attestation code one more timeKonstantin Ryabitsev
Move end-to-end attestation code into its own library: patatt. See https://git.kernel.org/pub/scm/utils/patatt/patatt.git/about/ It is included into b4 as a submodule, but you will need to init it first: git submodule update --init This change significantly simplifies our attestation code, dropping thousands of lines of rather hairy code. Notably, patatt-style attestation is incompatible with previous attestation implementations done directly in b4, but that's just as well -- we've always marked it as "experimental" and the lack of adoption was proving that we weren't on the right path. Next to come is keyring management and documentation. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>