* List changes
@ 2018-04-15 15:25 Thomas Gleixner
2018-05-01 23:38 ` [MODERATED] " Kees Cook
0 siblings, 1 reply; 5+ messages in thread
From: Thomas Gleixner @ 2018-04-15 15:25 UTC (permalink / raw)
To: speck
Folks!
As you all noticed, the 'schleuder' GPG remailer has some oddities. Aside
of that Konrad managed to crash it with a mail and I found two other ways
to make it explode. The thing is written in ruby and fixing it turned out
to be over my head.
I finally gave up and reused my extensive collection of mail processing
python code to implement a very trivial remailer, which is completetly
config file driven and lacks all the extras of CLI or Web-UI.
The mail you are reading now is from that remailer. If there is anything
wrong with it please let me know.
Here are the differences to the previous thing:
- I failed to make it explode with the mails which brought schleuder
down. There are surely new ones which it can''t handle but that should
be fine.
- The From has changed and gives now the information who sent mail:
From: speck for 'Joe User' <joe@user.com>
- The Received: chain is kept in the mail
- S/MIME support
GPG integration into MUAs is partially cumbersome and some MUAs have better
support for S/MIME.
The remailer can decrypt S/MIME and GPG and remail S/MIME or GPG depending
on the subscriber setting.
If you want to use S/MIME, please get a S/MIME certificate either from
your organization or a free of charge from one of the CAs. The free ones
expired after a year though.
I used this link:
https://secure.comodo.net/products/frontpage?ap=Secorio&area=SecureEmailCertificate&product=9&days=365
The certificate is installed in your browser and can be exported from
there in PKCS12 format. Depending on your MUA you might have to split it
up into the key and the cert part in PEM format.
If you want to use S/MIME rather than GPG let me know and send me
private mail signed with your S/MIME cert.
- The send-key mechanism is not yet working, but that's easy enough to
fix.
- Signed mails are not correclty handled because the recrypting destroys
the signature. Your MUA might complain about a broken
signature. schleuder handled this differently by attaching the full
original mail so the signature was kept intact, but that's a cumbersome
way to deal with. The intent of schleuder is different as it wants
anonymization along with a full trust chain. I rather prefer workable
mail....
I'm planning to remove the signatures completely and rather sign the
recrypted mail with the mailing list key. But that's the least of my
worries right now.
I've looked into patch series sending as well and I think I have an idea. I
could provide a special speck-patchbomb@.... address where you could send
quilt mbox file to. The remailer could simply extract the mbox from the
crypted mail and remail the mails in the mbox as seperate mails. If you
think that's useful, please let me know. It's trivial to implement as I
have mbox handling code around already.
I'll resend Konrads mail which killed schleuder later today as it did not
make it to the list for obvious reasons.
Thanks,
tglx
^ permalink raw reply [flat|nested] 5+ messages in thread
* [MODERATED] Re: List changes
2018-04-15 15:25 List changes Thomas Gleixner
@ 2018-05-01 23:38 ` Kees Cook
2018-05-02 6:46 ` Thomas Gleixner
0 siblings, 1 reply; 5+ messages in thread
From: Kees Cook @ 2018-05-01 23:38 UTC (permalink / raw)
To: speck
On Sun, Apr 15, 2018 at 05:25:09PM +0200, speck for Thomas Gleixner wrote:
> I've looked into patch series sending as well and I think I have an idea. I
> could provide a special speck-patchbomb@.... address where you could send
> quilt mbox file to. The remailer could simply extract the mbox from the
> crypted mail and remail the mails in the mbox as seperate mails. If you
> think that's useful, please let me know. It's trivial to implement as I
> have mbox handling code around already.
Did this address get set up? If not, what's the current workflow for
sending patches? Konrad's steps seemed to be missing some details (and
I don't use quilt).
For now, I'll send manually, since it's only 3 patches...
--
Kees Cook @outflux.net
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: List changes
2018-05-01 23:38 ` [MODERATED] " Kees Cook
@ 2018-05-02 6:46 ` Thomas Gleixner
2018-05-02 10:42 ` Thomas Gleixner
0 siblings, 1 reply; 5+ messages in thread
From: Thomas Gleixner @ 2018-05-02 6:46 UTC (permalink / raw)
To: speck
On Tue, 1 May 2018, speck for Kees Cook wrote:
> On Sun, Apr 15, 2018 at 05:25:09PM +0200, speck for Thomas Gleixner wrote:
> > I've looked into patch series sending as well and I think I have an idea. I
> > could provide a special speck-patchbomb@.... address where you could send
> > quilt mbox file to. The remailer could simply extract the mbox from the
> > crypted mail and remail the mails in the mbox as seperate mails. If you
> > think that's useful, please let me know. It's trivial to implement as I
> > have mbox handling code around already.
>
> Did this address get set up? If not, what's the current workflow for
> sending patches? Konrad's steps seemed to be missing some details (and
> I don't use quilt).
Did not come around yet to set that up. I'll think about it later today
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: List changes
2018-05-02 6:46 ` Thomas Gleixner
@ 2018-05-02 10:42 ` Thomas Gleixner
2018-05-03 1:04 ` [MODERATED] " Kees Cook
0 siblings, 1 reply; 5+ messages in thread
From: Thomas Gleixner @ 2018-05-02 10:42 UTC (permalink / raw)
To: speck
[-- Attachment #1: Type: text/plain, Size: 1686 bytes --]
On Wed, 2 May 2018, speck for Thomas Gleixner wrote:
> On Tue, 1 May 2018, speck for Kees Cook wrote:
>
> > On Sun, Apr 15, 2018 at 05:25:09PM +0200, speck for Thomas Gleixner wrote:
> > > I've looked into patch series sending as well and I think I have an idea. I
> > > could provide a special speck-patchbomb@.... address where you could send
> > > quilt mbox file to. The remailer could simply extract the mbox from the
> > > crypted mail and remail the mails in the mbox as seperate mails. If you
> > > think that's useful, please let me know. It's trivial to implement as I
> > > have mbox handling code around already.
> >
> > Did this address get set up? If not, what's the current workflow for
> > sending patches? Konrad's steps seemed to be missing some details (and
> > I don't use quilt).
>
> Did not come around yet to set that up. I'll think about it later today
Here is at least a simple workaround for now:
# mkdir mail
# mkdir speck
# git format-patch -o mail -n --to speck@linutronix.de --thread --cover-letter v4.17-rc3..
# emacs mail/0000-cover-letter.patch
# speckify-gitmail -s "TEST" mail/ speck/
Now send the mails from speck/ in the way you would send from mail/
speckify-gitmail does the following for every file in mail/
- Put a copy of the original From and Subject into the mail body
- Sets the subject to '$PATCHPREFIX $NEWSUBJECT $N'
e.g. [PATCH 0/3] TEST 0
- Strip Cc's from the mail headers
- Encrypt the mail body with the list key
- Store the encrypted mail in speck/
It does not work with the following git format-patch options:
--inline
--attach
Script attached. Try -h if you need a reminder how it works
Thanks,
tglx
[-- Attachment #2: Type: text/plain, Size: 3301 bytes --]
#!/usr/bin/env python
# SPDX-License-Identifier: GPL2.0
# Copyright Thomas Gleixner <tglx@linutronix.de>
#
# Encrypts all mails in a directory and stores the encrypted results in a
# new directory. Does not work for multipart mails. Only text.plain is supported
# right now. That's good enough to encrypt git mails
#
# mkdir mail
# mkdir speck
# git format-patch -o mail -n --to speck@linutronix.de --thread --cover-letter v4.17-rc3..
# emacs mail/0000-cover-letter.patch
# speckify-gitmail -s "TEST" mail/ speck/
#
from argparse import ArgumentParser
import argparse
import textwrap
import mailbox
import email
import sys
import gpg
import os
# FIXME
mlist = "speck@linutronix.de"
mlistfp = "D52795F28E26A1554E7CD269E23205468C060A6A"
workflow = textwrap.dedent('''\
Workflow example:
# mkdir mail
# mkdir speck
# git format-patch -o mail -n --to speck@linutronix.de --thread --cover-letter v4.17-rc3..
# emacs mail/0000-cover-letter.patch
# speckify-gitmail -s "TEST" mail/ speck/
#
Now send the mails from speck/ in the way you would send from mail/
''')
parser = ArgumentParser(description='Crypt git format-patch generated mails for sending to speck',
epilog=workflow, formatter_class=argparse.RawDescriptionHelpFormatter)
parser.add_argument('indir', metavar='indir', help='Directory which contains the git mails')
parser.add_argument('outdir', metavar='outdir', help='Directory to store the speckified mails')
parser.add_argument('-s', '--subject', metavar='subject', default='Hidden', help='Subject string to add. Default "Hidden"')
args = parser.parse_args()
infiles = []
for root, dirs, files in os.walk(args.indir, topdown=False):
if files:
for f in files:
infiles.append(f)
i = 0
for f in infiles:
ibx = mailbox.mbox(os.path.join(args.indir, f), None, False)
obx = mailbox.mbox(os.path.join(args.outdir, f), None, True)
if obx.__len__() > 0:
sys.stderr.write('Output file %s exists and not empty\n' %os.path.join(args.out, f))
sys.exit(0)
for key, msg in ibx.iteritems():
to = msg.get('To')
if to != mlist:
sys.stderr.write('To: %s != %d\n' %(to, mlist))
sys.exit(0)
if msg.get_content_type() != 'text/plain':
sys.stderr.write("Content-type %s != text/plain\n" %msg.get_content_type())
sys.exit(0)
prefix, subj = msg['Subject'].split(']')
del msg['Subject']
msg['Subject'] = '%s] %s %d' %(prefix, args.subject, i)
i += 1
mfrom = msg.get('From')
if 'Cc' in msg or 'CC'in msg:
del msg['Cc']
del msg['CC']
content = 'From: %s\n' %mfrom
content += 'Subject: %s\n\n' %subj
content += msg.get_payload().encode()
try:
ctx = gpg.Context(armor = True)
key = ctx.get_key(mlistfp)
cipher, res, signres = ctx.encrypt(content, [key], sign = False, always_trust = True)
msg.set_payload(cipher.decode())
obx.add(msg)
except Exception as ex:
sys.stderr.write("Encryption failed %s\n" %ex)
sys.exit(0)
ibx.close()
obx.close()
^ permalink raw reply [flat|nested] 5+ messages in thread
* [MODERATED] Re: List changes
2018-05-02 10:42 ` Thomas Gleixner
@ 2018-05-03 1:04 ` Kees Cook
0 siblings, 0 replies; 5+ messages in thread
From: Kees Cook @ 2018-05-03 1:04 UTC (permalink / raw)
To: speck
On Wed, May 02, 2018 at 12:42:24PM +0200, speck for Thomas Gleixner wrote:
> Here is at least a simple workaround for now:
>
> # mkdir mail
> # mkdir speck
> # git format-patch -o mail -n --to speck@linutronix.de --thread --cover-letter v4.17-rc3..
> # emacs mail/0000-cover-letter.patch
> # speckify-gitmail -s "TEST" mail/ speck/
> Now send the mails from speck/ in the way you would send from mail/
Awesome. Looks like this worked for me! Here are two bug fixes (noticed
after seeing the results on the list), and a documentation expansion...
--- speckify-gitmail.orig 2018-05-02 18:00:54.000000000 -0700
+++ speckify-gitmail 2018-05-02 17:59:25.429715146 -0700
@@ -8,9 +8,10 @@
#
# mkdir mail
# mkdir speck
-# git format-patch -o mail -n --to speck@linutronix.de --thread --cover-letter v4.17-rc3..
+# git format-patch -o mail -n --to speck@linutronix.de --subject-prefix "PATCH THE-THING" --thread --cover-letter v4.17-rc3..
# emacs mail/0000-cover-letter.patch
# speckify-gitmail -s "TEST" mail/ speck/
+# cd speck; for i in 0*.patch; do sendmail -t -i -f SENDER@EMAIL < $i; done
#
from argparse import ArgumentParser
import argparse
@@ -53,7 +54,7 @@
i = 0
-for f in infiles:
+for f in sorted(infiles):
ibx = mailbox.mbox(os.path.join(args.indir, f), None, False)
obx = mailbox.mbox(os.path.join(args.outdir, f), None, True)
@@ -84,7 +85,7 @@
del msg['CC']
content = 'From: %s\n' %mfrom
- content += 'Subject: %s\n\n' %subj
+ content += 'Subject: %s] %s\n\n' %(prefix, subj.strip())
content += msg.get_payload().encode()
try:
--
Kees Cook @outflux.net
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-05-03 1:04 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-04-15 15:25 List changes Thomas Gleixner
2018-05-01 23:38 ` [MODERATED] " Kees Cook
2018-05-02 6:46 ` Thomas Gleixner
2018-05-02 10:42 ` Thomas Gleixner
2018-05-03 1:04 ` [MODERATED] " Kees Cook
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.