tools.linux.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Konstantin Ryabitsev" <konstantin@linuxfoundation.org>
To: tools@linux.kernel.org
Subject: b4: DKIM verification available
Date: Fri, 20 Nov 2020 17:17:31 -0500	[thread overview]
Message-ID: <20201120221731.ktof3h4yejunkc4a@chatter.i7.local> (raw)

[-- Attachment #1: Type: text/plain, Size: 1846 bytes --]

Hi, all:

I'm gearing up for b4 0.6.0, which adds a handful of new features around
attestation. Specifically, it enables DKIM verification if the required
library is available. It used to be a futile exercise due to almost
every mailing list breaking it in terrible ways, but vger now properly
preserves headers so that DKIM signatures verify nearly all the time. 

Older mailman still not so much, though.

Here's an example:

-----

b4 am -o/tmp -t 20201120131708.3237864-1-kpsingh@chromium.org
Looking up https://lore.kernel.org/r/20201120131708.3237864-1-kpsingh%40chromium.org
Grabbing thread from lore.kernel.org/bpf
Analyzing 6 messages in the thread
---
Writing /tmp/20201120_kpsingh_ima_implement_ima_inode_hash.mbx
  ✓ [PATCH bpf-next 1/3] ima: Implement ima_inode_hash
  ✓ [PATCH bpf-next 2/3] bpf: Add a BPF helper for getting the IMA hash of an inode
  ✓ [PATCH bpf-next 3/3] bpf: Update LSM selftests for bpf_ima_inode_hash
    + Acked-by: Yonghong Song <yhs@fb.com>
  ---
  ✓ Attestation-by: DKIM/chromium.org (From: kpsingh@chromium.org)
---
Total patches: 3
---
 Link: https://lore.kernel.org/r/20201120131708.3237864-1-kpsingh@chromium.org
 Base: not found
       git am /tmp/20201120_kpsingh_ima_implement_ima_inode_hash.mbx

-----

If you want to try it out, just grab the latest master. You will need to
install dkimpy and dnspython either from your distro (I found the
necessary versions in debian-unstable as python3-dkim and
python3-dnspython), or from pypi:

  pip install --user dkimpy dnspython

If you find this feature annoying or if it's making things unstable, you
can turn it off by setting the following in your ~/.gitconfig:

[b4]
  attestation-check-dkim = no

If b4 doesn't find dkimpy or dnspython, it won't run the checks anyway.

Best regards,
-K

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 235 bytes --]

                 reply	other threads:[~2020-11-20 22:17 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201120221731.ktof3h4yejunkc4a@chatter.i7.local \
    --to=konstantin@linuxfoundation.org \
    --cc=tools@linux.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).