From 403142cb0cbb24ba380a44de1c8d32fa263084c7 Mon Sep 17 00:00:00 2001
From: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Date: Fri, 20 Nov 2020 17:41:21 -0500
Subject: Fix DNS lookup failure

Some DKIM keys may not list v=DKIM1.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
---
 b4/__init__.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/b4/__init__.py b/b4/__init__.py
index e916feb..d21aab2 100644
--- a/b4/__init__.py
+++ b/b4/__init__.py
@@ -1637,6 +1637,7 @@ class LoreAttestationSignatureDKIM(LoreAttestationSignature):
         # return
 
         if not dkim.verify(self.msg.as_bytes(), dnsfunc=dkim_get_txt):
+            logger.debug('DKIM signature did NOT verify')
             return
         self.good = True
 
@@ -2344,13 +2345,12 @@ def dkim_get_txt(name: bytes, timeout: int = 5):
         logger.debug('DNS-lookup: %s', lookup)
         try:
             a = _resolver.resolve(lookup, dns.rdatatype.TXT, raise_on_no_answer=False, lifetime=timeout, search=True)
-            # Find v=DKIM1
             for r in a.response.answer:
                 if r.rdtype == dns.rdatatype.TXT:
                     for item in r.items:
                         # Concatenate all strings
                         txtdata = b''.join(item.strings)
-                        if txtdata.find(b'v=DKIM1') >= 0:
+                        if txtdata.find(b'p=') >= 0:
                             _DKIM_DNS_CACHE[name] = txtdata
                             return txtdata
         except dns.resolver.NXDOMAIN:
-- 
cgit v1.2.3