List changes

List changes

[Thomas Gleixner]

Folks!

As you all noticed, the 'schleuder' GPG remailer has some oddities. Aside
of that Konrad managed to crash it with a mail and I found two other ways
to make it explode. The thing is written in ruby and fixing it turned out
to be over my head.

I finally gave up and reused my extensive collection of mail processing
python code to implement a very trivial remailer, which is completetly
config file driven and lacks all the extras of CLI or Web-UI.

The mail you are reading now is from that remailer. If there is anything
wrong with it please let me know.

Here are the differences to the previous thing:

 - I failed to make it explode with the mails which brought schleuder
   down. There are surely new ones which it can''t handle but that should
   be fine.

 - The From has changed and gives now the information who sent mail:

       From: speck for 'Joe User' <joe@user.com>

 - The Received: chain is kept in the mail

 - S/MIME support

   GPG integration into MUAs is partially cumbersome and some MUAs have better
   support for S/MIME.

   The remailer can decrypt S/MIME and GPG and remail S/MIME or GPG depending
   on the subscriber setting.

   If you want to use S/MIME, please get a S/MIME certificate either from
   your organization or a free of charge from one of the CAs. The free ones
   expired after a year though.

   I used this link:

     https://secure.comodo.net/products/frontpage?ap=Secorio&area=SecureEmailCertificate&product=9&days=365

   The certificate is installed in your browser and can be exported from
   there in PKCS12 format. Depending on your MUA you might have to split it
   up into the key and the cert part in PEM format.

   If you want to use S/MIME rather than GPG let me know and send me
   private mail signed with your S/MIME cert.

 - The send-key mechanism is not yet working, but that's easy enough to
   fix.
 
 - Signed mails are not correclty handled because the recrypting destroys
   the signature. Your MUA might complain about a broken
   signature. schleuder handled this differently by attaching the full
   original mail so the signature was kept intact, but that's a cumbersome
   way to deal with. The intent of schleuder is different as it wants
   anonymization along with a full trust chain. I rather prefer workable
   mail....

   I'm planning to remove the signatures completely and rather sign the
   recrypted mail with the mailing list key. But that's the least of my
   worries right now.

I've looked into patch series sending as well and I think I have an idea. I
could provide a special speck-patchbomb@.... address where you could send
quilt mbox file to. The remailer could simply extract the mbox from the
crypted mail and remail the mails in the mbox as seperate mails. If you
think that's useful, please let me know. It's trivial to implement as I
have mbox handling code around already.

I'll resend Konrads mail which killed schleuder later today as it did not
make it to the list for obvious reasons.

Thanks,

	tglx

   

[MODERATED] Re: List changes

[Kees Cook]

On Sun, Apr 15, 2018 at 05:25:09PM +0200, speck for Thomas Gleixner wrote:
> I've looked into patch series sending as well and I think I have an idea. I
> could provide a special speck-patchbomb@.... address where you could send
> quilt mbox file to. The remailer could simply extract the mbox from the
> crypted mail and remail the mails in the mbox as seperate mails. If you
> think that's useful, please let me know. It's trivial to implement as I
> have mbox handling code around already.

Did this address get set up? If not, what's the current workflow for
sending patches? Konrad's steps seemed to be missing some details (and
I don't use quilt).

For now, I'll send manually, since it's only 3 patches...

-- 
Kees Cook                                            @outflux.net

Re: List changes

[Thomas Gleixner]

On Tue, 1 May 2018, speck for Kees Cook wrote:

> On Sun, Apr 15, 2018 at 05:25:09PM +0200, speck for Thomas Gleixner wrote:
> > I've looked into patch series sending as well and I think I have an idea. I
> > could provide a special speck-patchbomb@.... address where you could send
> > quilt mbox file to. The remailer could simply extract the mbox from the
> > crypted mail and remail the mails in the mbox as seperate mails. If you
> > think that's useful, please let me know. It's trivial to implement as I
> > have mbox handling code around already.
> 
> Did this address get set up? If not, what's the current workflow for
> sending patches? Konrad's steps seemed to be missing some details (and
> I don't use quilt).

Did not come around yet to set that up. I'll think about it later today

Re: List changes

[Thomas Gleixner]

[-- Attachment #1: Type: text/plain, Size: 1686 bytes --]

On Wed, 2 May 2018, speck for Thomas Gleixner wrote:
> On Tue, 1 May 2018, speck for Kees Cook wrote:
> 
> > On Sun, Apr 15, 2018 at 05:25:09PM +0200, speck for Thomas Gleixner wrote:
> > > I've looked into patch series sending as well and I think I have an idea. I
> > > could provide a special speck-patchbomb@.... address where you could send
> > > quilt mbox file to. The remailer could simply extract the mbox from the
> > > crypted mail and remail the mails in the mbox as seperate mails. If you
> > > think that's useful, please let me know. It's trivial to implement as I
> > > have mbox handling code around already.
> > 
> > Did this address get set up? If not, what's the current workflow for
> > sending patches? Konrad's steps seemed to be missing some details (and
> > I don't use quilt).
> 
> Did not come around yet to set that up. I'll think about it later today

Here is at least a simple workaround for now:

# mkdir mail
# mkdir speck
# git format-patch -o mail -n --to speck@linutronix.de --thread --cover-letter v4.17-rc3..
# emacs mail/0000-cover-letter.patch
# speckify-gitmail -s "TEST" mail/ speck/
Now send the mails from speck/ in the way you would send from mail/

speckify-gitmail does the following for every file in mail/

 - Put a copy of the original From and Subject into the mail body

 - Sets the subject to '$PATCHPREFIX $NEWSUBJECT $N'

   e.g. [PATCH 0/3] TEST 0

 - Strip Cc's from the mail headers

 - Encrypt the mail body with the list key

 - Store the encrypted mail in speck/

It does not work with the following git format-patch options:
   --inline
   --attach

Script attached. Try -h if you need a reminder how it works

Thanks,

	tglx

[-- Attachment #2: Type: text/plain, Size: 3301 bytes --]

#!/usr/bin/env python
# SPDX-License-Identifier: GPL2.0
# Copyright Thomas Gleixner <tglx@linutronix.de>
#
# Encrypts all mails in a directory and stores the encrypted results in a
# new directory. Does not work for multipart mails. Only text.plain is supported
# right now. That's good enough to encrypt git mails
#
# mkdir mail
# mkdir speck
# git format-patch -o mail -n --to speck@linutronix.de --thread --cover-letter v4.17-rc3..
# emacs mail/0000-cover-letter.patch
# speckify-gitmail -s "TEST" mail/ speck/
#
from argparse import ArgumentParser
import argparse
import textwrap
import mailbox
import email
import sys
import gpg
import os

# FIXME
mlist = "speck@linutronix.de"
mlistfp = "D52795F28E26A1554E7CD269E23205468C060A6A"

workflow = textwrap.dedent('''\
	Workflow example:

	# mkdir mail
	# mkdir speck
	# git format-patch -o mail -n --to speck@linutronix.de --thread --cover-letter v4.17-rc3..
	# emacs mail/0000-cover-letter.patch
	# speckify-gitmail -s "TEST" mail/ speck/
	# 
	Now send the mails from speck/ in the way you would send from mail/
	''')

parser = ArgumentParser(description='Crypt git format-patch generated mails for sending to speck',
                        epilog=workflow, formatter_class=argparse.RawDescriptionHelpFormatter)
parser.add_argument('indir', metavar='indir', help='Directory which contains the git mails')
parser.add_argument('outdir', metavar='outdir', help='Directory to store the speckified mails')
parser.add_argument('-s', '--subject', metavar='subject', default='Hidden', help='Subject string to add. Default "Hidden"')

args = parser.parse_args()

infiles = []
for root, dirs, files in os.walk(args.indir, topdown=False):
    if files:
        for f in files:
            infiles.append(f)

i = 0

for f in infiles:
    ibx = mailbox.mbox(os.path.join(args.indir, f), None, False)
    obx = mailbox.mbox(os.path.join(args.outdir, f), None, True)

    if obx.__len__() > 0:
        sys.stderr.write('Output file %s exists and not empty\n' %os.path.join(args.out, f))
        sys.exit(0)

    for key, msg in ibx.iteritems():

        to = msg.get('To')
        if to != mlist:
    	    sys.stderr.write('To: %s != %d\n' %(to, mlist))	
	    sys.exit(0)

        if msg.get_content_type() != 'text/plain':
    	    sys.stderr.write("Content-type %s != text/plain\n" %msg.get_content_type())
            sys.exit(0)

        prefix, subj = msg['Subject'].split(']')
        del msg['Subject']
        msg['Subject'] = '%s] %s %d' %(prefix, args.subject, i)
        i += 1

        mfrom = msg.get('From')

        if 'Cc' in msg or 'CC'in msg:
            del msg['Cc']
            del msg['CC']

        content = 'From: %s\n' %mfrom
        content += 'Subject: %s\n\n' %subj
        content += msg.get_payload().encode()
        
        try:
            ctx = gpg.Context(armor = True)
            key = ctx.get_key(mlistfp)
            cipher, res, signres = ctx.encrypt(content, [key], sign = False, always_trust = True)
            msg.set_payload(cipher.decode())
            obx.add(msg)
        except Exception as ex:
            sys.stderr.write("Encryption failed %s\n" %ex)
            sys.exit(0)

    ibx.close()
    obx.close()

[MODERATED] Re: List changes

[Kees Cook]

On Wed, May 02, 2018 at 12:42:24PM +0200, speck for Thomas Gleixner wrote:
> Here is at least a simple workaround for now:
> 
> # mkdir mail
> # mkdir speck
> # git format-patch -o mail -n --to speck@linutronix.de --thread --cover-letter v4.17-rc3..
> # emacs mail/0000-cover-letter.patch
> # speckify-gitmail -s "TEST" mail/ speck/
> Now send the mails from speck/ in the way you would send from mail/

Awesome. Looks like this worked for me! Here are two bug fixes (noticed
after seeing the results on the list), and a documentation expansion...


--- speckify-gitmail.orig	2018-05-02 18:00:54.000000000 -0700
+++ speckify-gitmail	2018-05-02 17:59:25.429715146 -0700
@@ -8,9 +8,10 @@
 #
 # mkdir mail
 # mkdir speck
-# git format-patch -o mail -n --to speck@linutronix.de --thread --cover-letter v4.17-rc3..
+# git format-patch -o mail -n --to speck@linutronix.de --subject-prefix "PATCH THE-THING" --thread --cover-letter v4.17-rc3..
 # emacs mail/0000-cover-letter.patch
 # speckify-gitmail -s "TEST" mail/ speck/
+# cd speck; for i in 0*.patch; do sendmail -t -i -f SENDER@EMAIL < $i; done
 #
 from argparse import ArgumentParser
 import argparse
@@ -53,7 +54,7 @@
 
 i = 0
 
-for f in infiles:
+for f in sorted(infiles):
     ibx = mailbox.mbox(os.path.join(args.indir, f), None, False)
     obx = mailbox.mbox(os.path.join(args.outdir, f), None, True)
 
@@ -84,7 +85,7 @@
             del msg['CC']
 
         content = 'From: %s\n' %mfrom
-        content += 'Subject: %s\n\n' %subj
+        content += 'Subject: %s] %s\n\n' %(prefix, subj.strip())
         content += msg.get_payload().encode()
         
         try:

-- 
Kees Cook                                            @outflux.net