Hi, all: I'm gearing up for b4 0.6.0, which adds a handful of new features around attestation. Specifically, it enables DKIM verification if the required library is available. It used to be a futile exercise due to almost every mailing list breaking it in terrible ways, but vger now properly preserves headers so that DKIM signatures verify nearly all the time. Older mailman still not so much, though. Here's an example: ----- b4 am -o/tmp -t 20201120131708.3237864-1-kpsingh@chromium.org Looking up https://lore.kernel.org/r/20201120131708.3237864-1-kpsingh%40chromium.org Grabbing thread from lore.kernel.org/bpf Analyzing 6 messages in the thread --- Writing /tmp/20201120_kpsingh_ima_implement_ima_inode_hash.mbx ✓ [PATCH bpf-next 1/3] ima: Implement ima_inode_hash ✓ [PATCH bpf-next 2/3] bpf: Add a BPF helper for getting the IMA hash of an inode ✓ [PATCH bpf-next 3/3] bpf: Update LSM selftests for bpf_ima_inode_hash + Acked-by: Yonghong Song --- ✓ Attestation-by: DKIM/chromium.org (From: kpsingh@chromium.org) --- Total patches: 3 --- Link: https://lore.kernel.org/r/20201120131708.3237864-1-kpsingh@chromium.org Base: not found git am /tmp/20201120_kpsingh_ima_implement_ima_inode_hash.mbx ----- If you want to try it out, just grab the latest master. You will need to install dkimpy and dnspython either from your distro (I found the necessary versions in debian-unstable as python3-dkim and python3-dnspython), or from pypi: pip install --user dkimpy dnspython If you find this feature annoying or if it's making things unstable, you can turn it off by setting the following in your ~/.gitconfig: [b4] attestation-check-dkim = no If b4 doesn't find dkimpy or dnspython, it won't run the checks anyway. Best regards, -K