Age | Commit message (Collapse) | Author |
|
Fixes "NOKEY" vs. "BADSIG" problem (again).
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Fixes wrong error message for keys coming from default keyring.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
When a message has a developer signature but is failing the signature
check, rerun it again with trim_body. If that passes, we know that the
signature is failing due to mailing list junk appended to the bottom of
the message. In that case, automatically trim the message body so we
have exactly what the developer attested and signed.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Fixes public key lookups for uncommitted keys.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
When the signature is validated using the default keyring, run an
additional check on the UIDs and show the discrepancy if the identity
used in the X-Developer-Signature header is different from the UIDs we
have on the key.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
This version returns a failure early when body modification is
recognized. This is especially useful if we have to shell out to gnupg
for validation.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Minor bugfix release with better error messages for installs without any
keys and unconfigured git.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Not really necessary, but let's keep them synced across major versions.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Nothing really different in 0.3.0, just a few cleanups.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Move end-to-end attestation code into its own library: patatt. See
https://git.kernel.org/pub/scm/utils/patatt/patatt.git/about/
It is included into b4 as a submodule, but you will need to init it
first:
git submodule update --init
This change significantly simplifies our attestation code, dropping
thousands of lines of rather hairy code. Notably, patatt-style
attestation is incompatible with previous attestation implementations
done directly in b4, but that's just as well -- we've always marked it
as "experimental" and the lack of adoption was proving that we weren't
on the right path.
Next to come is keyring management and documentation.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|