From cbf792796cdf7124d91f549e8f65f7da8a10d2e7 Mon Sep 17 00:00:00 2001 From: Konstantin Ryabitsev Date: Tue, 11 May 2021 15:41:32 -0400 Subject: Reimplement attestation-staleness-days Looks like we lost this feature in the rewrite, so reimplement it again. This commit also removes obsolete configuration options and sets the default attestation check level at "softfail". Signed-off-by: Konstantin Ryabitsev --- b4/__init__.py | 25 +++++++++++---------- man/b4.5 | 68 ++++++++++++++++++++++++---------------------------------- man/b4.5.rst | 20 ++++------------- 3 files changed, 46 insertions(+), 67 deletions(-) diff --git a/b4/__init__.py b/b4/__init__.py index b757780..7d689a0 100644 --- a/b4/__init__.py +++ b/b4/__init__.py @@ -97,12 +97,7 @@ DEFAULT_CONFIG = { # check: print an attaboy when attestation is found # softfail: print a warning when no attestation found # hardfail: exit with an error when no attestation found - 'attestation-policy': 'check', - # "gpg" (whatever gpg is configured to do) or "tofu" to force tofu mode - 'attestation-trust-model': 'gpg', - # strict: must match one of the uids on the key to pass - # loose: any valid and trusted key will be accepted - 'attestation-uid-match': 'loose', + 'attestation-policy': 'softfail', # How many days before we consider attestation too old? 'attestation-staleness-days': '30', # Should we check DKIM signatures if we don't find any other attestation? @@ -499,6 +494,11 @@ class LoreSeries: addmysob = False attpolicy = config['attestation-policy'] + try: + maxdays = int(config['attestation-staleness-days']) + except ValueError: + logger.info('WARNING: attestation-staleness-days must be an int') + maxdays = 0 # Loop through all patches and see if attestation is the same for all of them, # since it usually is @@ -513,7 +513,7 @@ class LoreSeries: attsame = False break - checkmark, trailers, attcrit = lmsg.get_attestation_trailers(attpolicy) + checkmark, trailers, attcrit = lmsg.get_attestation_trailers(attpolicy, maxdays) if attref is None: attref = trailers attmark = checkmark @@ -551,7 +551,7 @@ class LoreSeries: logger.info(' %s', lmsg.full_subject) else: - checkmark, trailers, critical = lmsg.get_attestation_trailers(attpolicy) + checkmark, trailers, critical = lmsg.get_attestation_trailers(attpolicy, maxdays) logger.info(' %s %s', checkmark, lmsg.full_subject) for trailer in trailers: logger.info(' %s', trailer) @@ -1022,11 +1022,14 @@ class LoreMessage: attestor = LoreAttestorPatatt(passing, identity, signtime, keysrc, keyalgo, errors) self._attestors.append(attestor) - def get_attestation_trailers(self, attpolicy: str) -> Tuple[str, list, bool]: + def get_attestation_trailers(self, attpolicy: str, maxdays: int = 0) -> Tuple[str, list, bool]: trailers = list() checkmark = None critical = False for attestor in self.attestors: + if maxdays and not attestor.check_time_drift(self.date, maxdays): + logger.debug('The time drift is too much, marking as non-passing') + attestor.passing = False if not attestor.passing: # Is it a person-trailer for which we have a key? if attestor.level == 'person': @@ -1540,12 +1543,12 @@ class LoreAttestor: return '%s/%s' % (mode, self.identity) - def check_time_drift(self, emldate, maxdays: int = 7) -> bool: + def check_time_drift(self, emldate, maxdays: int = 30) -> bool: if not self.passing or self.signtime is None: return False try: - sigdate = datetime.datetime.utcfromtimestamp(int(self.signtime)) + sigdate = datetime.datetime.utcfromtimestamp(int(self.signtime)).replace(tzinfo=datetime.timezone.utc) except: # noqa self.errors.append('failed parsing signature date: %s' % self.signtime) return False diff --git a/man/b4.5 b/man/b4.5 index 496525d..fabacc0 100644 --- a/man/b4.5 +++ b/man/b4.5 @@ -85,19 +85,19 @@ msgid Message ID to process, or pipe a raw message .B \-h\fP,\fB \-\-help show this help message and exit .TP -.BI \-o \ OUTDIR\fP,\fB \ \-\-outdir \ OUTDIR +.BI \-o \ OUTDIR\fR,\fB \ \-\-outdir \ OUTDIR Output into this directory (or use \- to output mailbox contents to stdout) .TP -.BI \-p \ USEPROJECT\fP,\fB \ \-\-use\-project \ USEPROJECT +.BI \-p \ USEPROJECT\fR,\fB \ \-\-use\-project \ USEPROJECT Use a specific project instead of guessing (linux\-mm, linux\-hardening, etc) .TP .B \-c\fP,\fB \-\-check\-newer\-revisions Check if newer patch revisions exist .TP -.BI \-n \ WANTNAME\fP,\fB \ \-\-mbox\-name \ WANTNAME +.BI \-n \ WANTNAME\fR,\fB \ \-\-mbox\-name \ WANTNAME Filename to name the mbox file .TP -.BI \-m \ LOCALMBOX\fP,\fB \ \-\-use\-local\-mbox \ LOCALMBOX +.BI \-m \ LOCALMBOX\fR,\fB \ \-\-use\-local\-mbox \ LOCALMBOX Instead of grabbing a thread from lore, process this mbox file .TP .B \-C\fP,\fB \-\-no\-cache @@ -124,25 +124,25 @@ msgid Message ID to process, or pipe a raw message .B \-h\fP,\fB \-\-help show this help message and exit .TP -.BI \-o \ OUTDIR\fP,\fB \ \-\-outdir \ OUTDIR +.BI \-o \ OUTDIR\fR,\fB \ \-\-outdir \ OUTDIR Output into this directory (or use \- to output mailbox contents to stdout) .TP -.BI \-p \ USEPROJECT\fP,\fB \ \-\-use\-project \ USEPROJECT +.BI \-p \ USEPROJECT\fR,\fB \ \-\-use\-project \ USEPROJECT Use a specific project instead of guessing (linux\-mm, linux\-hardening, etc) .TP .B \-c\fP,\fB \-\-check\-newer\-revisions Check if newer patch revisions exist .TP -.BI \-n \ WANTNAME\fP,\fB \ \-\-mbox\-name \ WANTNAME +.BI \-n \ WANTNAME\fR,\fB \ \-\-mbox\-name \ WANTNAME Filename to name the mbox file .TP -.BI \-m \ LOCALMBOX\fP,\fB \ \-\-use\-local\-mbox \ LOCALMBOX +.BI \-m \ LOCALMBOX\fR,\fB \ \-\-use\-local\-mbox \ LOCALMBOX Instead of grabbing a thread from lore, process this mbox file .TP .B \-C\fP,\fB \-\-no\-cache Do not use local cache .TP -.BI \-v \ WANTVER\fP,\fB \ \-\-use\-version \ WANTVER +.BI \-v \ WANTVER\fR,\fB \ \-\-use\-version \ WANTVER Get a specific version of the patch/series .TP .B \-t\fP,\fB \-\-apply\-cover\-trailers @@ -163,7 +163,7 @@ Add a lore.kernel.org/r/ link to every patch .B \-Q\fP,\fB \-\-quilt\-ready Save mbox patches in a quilt\-ready folder .TP -.BI \-P \ CHERRYPICK\fP,\fB \ \-\-cherry\-pick \ CHERRYPICK +.BI \-P \ CHERRYPICK\fR,\fB \ \-\-cherry\-pick \ CHERRYPICK Cherry\-pick a subset of patches (e.g. "\-P 1\-2,4,6\-", "\-P _" to use just the msgid specified, or "\-P *globbing*" to match on commit subject) .TP .B \-g\fP,\fB \-\-guess\-base @@ -195,13 +195,13 @@ patchfile Patches to attest .B \-h\fP,\fB \-\-help show this help message and exit .TP -.BI \-f \ SENDER\fP,\fB \ \-\-from \ SENDER +.BI \-f \ SENDER\fR,\fB \ \-\-from \ SENDER OBSOLETE: this option does nothing and will be removed .TP .B \-n\fP,\fB \-\-no\-submit OBSOLETE: this option does nothing and will be removed .TP -.BI \-o \ OUTPUT\fP,\fB \ \-\-output \ OUTPUT +.BI \-o \ OUTPUT\fR,\fB \ \-\-output \ OUTPUT OBSOLETE: this option does nothing and will be removed .UNINDENT .UNINDENT @@ -222,10 +222,10 @@ msgid Message ID to process, or pipe a raw message .B \-h\fP,\fB \-\-help show this help message and exit .TP -.BI \-g \ GITDIR\fP,\fB \ \-\-gitdir \ GITDIR +.BI \-g \ GITDIR\fR,\fB \ \-\-gitdir \ GITDIR Operate on this git tree instead of current dir .TP -.BI \-b \ BRANCH\fP,\fB \ \-\-branch \ BRANCH +.BI \-b \ BRANCH\fR,\fB \ \-\-branch \ BRANCH Check out FETCH_HEAD into this branch after fetching .TP .B \-c\fP,\fB \-\-check @@ -234,7 +234,7 @@ Check if pull request has already been applied .B \-e\fP,\fB \-\-explode Convert a pull request into an mbox full of patches .TP -.BI \-o \ OUTMBOX\fP,\fB \ \-\-output\-mbox \ OUTMBOX +.BI \-o \ OUTMBOX\fR,\fB \ \-\-output\-mbox \ OUTMBOX Save exploded messages into this mailbox (default: msgid.mbx) .UNINDENT .UNINDENT @@ -252,25 +252,25 @@ b4 ty [\-h] [\-g GITDIR] [\-o OUTDIR] [\-l] [\-s SEND [SEND ...]] [\-d DISCARD [ .B \-h\fP,\fB \-\-help show this help message and exit .TP -.BI \-g \ GITDIR\fP,\fB \ \-\-gitdir \ GITDIR +.BI \-g \ GITDIR\fR,\fB \ \-\-gitdir \ GITDIR Operate on this git tree instead of current dir .TP -.BI \-o \ OUTDIR\fP,\fB \ \-\-outdir \ OUTDIR +.BI \-o \ OUTDIR\fR,\fB \ \-\-outdir \ OUTDIR Write thanks files into this dir (default=.) .TP .B \-l\fP,\fB \-\-list List pull requests and patch series you have retrieved .TP -.BI \-s \ SEND\fP,\fB \ \-\-send \ SEND +.BI \-s \ SEND\fR,\fB \ \-\-send \ SEND Generate thankyous for specific entries from \-l (e.g.: 1,3\-5,7\-; or "all") .TP -.BI \-d \ DISCARD\fP,\fB \ \-\-discard \ DISCARD +.BI \-d \ DISCARD\fR,\fB \ \-\-discard \ DISCARD Discard specific messages from \-l (e.g.: 1,3\-5,7\-; or "all") .TP .B \-a\fP,\fB \-\-auto Use the Auto\-Thankanator to figure out what got applied/merged .TP -.BI \-b \ BRANCH\fP,\fB \ \-\-branch \ BRANCH +.BI \-b \ BRANCH\fR,\fB \ \-\-branch \ BRANCH The branch to check against, instead of current .TP .BI \-\-since \ SINCE @@ -296,10 +296,10 @@ optional arguments: .B \-h\fP,\fB \-\-help show this help message and exit .TP -.BI \-g \ GITDIR\fP,\fB \ \-\-gitdir \ GITDIR +.BI \-g \ GITDIR\fR,\fB \ \-\-gitdir \ GITDIR Operate on this git tree instead of current dir .TP -.BI \-p \ USEPROJECT\fP,\fB \ \-\-use\-project \ USEPROJECT +.BI \-p \ USEPROJECT\fR,\fB \ \-\-use\-project \ USEPROJECT Use a specific project instead of guessing (linux\-mm, linux\-hardening, etc) .TP .B \-C\fP,\fB \-\-no\-cache @@ -315,7 +315,7 @@ Compare specific versions instead of latest and one before that, e.g. \-v 3 5 .B \-n\fP,\fB \-\-no\-diff Do not generate a diff, just show the command to do it .TP -.BI \-o \ OUTDIFF\fP,\fB \ \-\-output\-diff \ OUTDIFF +.BI \-o \ OUTDIFF\fR,\fB \ \-\-output\-diff \ OUTDIFF Save diff into this file instead of outputting to stdout .TP .B \-c\fP,\fB \-\-color @@ -334,7 +334,7 @@ Compare two mbx files prepared with "b4 am" .sp B4 configuration is handled via git\-config(1), so you can store it in either the toplevel $HOME/.gitconfig file, or in a per\-repository -.git/config file if your workflow changes per project. +\&.git/config file if your workflow changes per project. .sp Default configuration, with explanations: .INDENT 0.0 @@ -361,25 +361,13 @@ Default configuration, with explanations: # check: print an attaboy when attestation is found # softfail: print a warning when no attestation found # hardfail: exit with an error when no attestation found - attestation\-policy = check + attestation\-policy = softfail # - # Fall back to checking DKIM header if we don\(aqt find any other - # attestations present? + # Perform DKIM attestation? attestation\-check\-dkim = yes # - # "gpg" (whatever gpg is configured to do) or "tofu" to force TOFU mode - # If you don\(aqt already have a carefully maintained web of trust setup, it is - # strongly recommended to set this to "tofu" - attestation\-trust\-model = gpg - # - # How strict should we be when comparing the email address in From to the - # email addresses in the key\(aqs UIDs? - # strict: must match one of the uids on the key to pass - # loose: any valid and trusted key will be accepted - attestation\-uid\-match = loose - # # When showing attestation check results, do you like "fancy" (color, unicode) - # or simple checkmarks? + # or simple markers? attestation\-checkmarks = fancy # # How long before we consider attestation to be too old? @@ -412,7 +400,7 @@ Default configuration, with explanations: .SH SUPPORT .sp Please email \fI\%tools@linux.kernel.org\fP with support requests, -or browse the list archive at \fI\%https://linux.kernel.org/g/tools\fP\&. +or browse the list archive at \fI\%https://lore.kernel.org/tools\fP\&. .SH AUTHOR mricon@kernel.org diff --git a/man/b4.5.rst b/man/b4.5.rst index ee05675..583d6cc 100644 --- a/man/b4.5.rst +++ b/man/b4.5.rst @@ -232,25 +232,13 @@ Default configuration, with explanations:: # check: print an attaboy when attestation is found # softfail: print a warning when no attestation found # hardfail: exit with an error when no attestation found - attestation-policy = check + attestation-policy = softfail # - # Fall back to checking DKIM header if we don't find any other - # attestations present? + # Perform DKIM attestation? attestation-check-dkim = yes # - # "gpg" (whatever gpg is configured to do) or "tofu" to force TOFU mode - # If you don't already have a carefully maintained web of trust setup, it is - # strongly recommended to set this to "tofu" - attestation-trust-model = gpg - # - # How strict should we be when comparing the email address in From to the - # email addresses in the key's UIDs? - # strict: must match one of the uids on the key to pass - # loose: any valid and trusted key will be accepted - attestation-uid-match = loose - # # When showing attestation check results, do you like "fancy" (color, unicode) - # or simple checkmarks? + # or simple markers? attestation-checkmarks = fancy # # How long before we consider attestation to be too old? @@ -281,4 +269,4 @@ Default configuration, with explanations:: SUPPORT ------- Please email tools@linux.kernel.org with support requests, -or browse the list archive at https://linux.kernel.org/g/tools. +or browse the list archive at https://lore.kernel.org/tools. -- cgit v1.2.3