b4: DKIM verification available

b4: DKIM verification available

[Konstantin Ryabitsev]

[-- Attachment #1: Type: text/plain, Size: 1846 bytes --]

Hi, all:

I'm gearing up for b4 0.6.0, which adds a handful of new features around
attestation. Specifically, it enables DKIM verification if the required
library is available. It used to be a futile exercise due to almost
every mailing list breaking it in terrible ways, but vger now properly
preserves headers so that DKIM signatures verify nearly all the time. 

Older mailman still not so much, though.

Here's an example:

-----

b4 am -o/tmp -t 20201120131708.3237864-1-kpsingh@chromium.org
Looking up https://lore.kernel.org/r/20201120131708.3237864-1-kpsingh%40chromium.org
Grabbing thread from lore.kernel.org/bpf
Analyzing 6 messages in the thread
---
Writing /tmp/20201120_kpsingh_ima_implement_ima_inode_hash.mbx
  ✓ [PATCH bpf-next 1/3] ima: Implement ima_inode_hash
  ✓ [PATCH bpf-next 2/3] bpf: Add a BPF helper for getting the IMA hash of an inode
  ✓ [PATCH bpf-next 3/3] bpf: Update LSM selftests for bpf_ima_inode_hash
    + Acked-by: Yonghong Song <yhs@fb.com>
  ---
  ✓ Attestation-by: DKIM/chromium.org (From: kpsingh@chromium.org)
---
Total patches: 3
---
 Link: https://lore.kernel.org/r/20201120131708.3237864-1-kpsingh@chromium.org
 Base: not found
       git am /tmp/20201120_kpsingh_ima_implement_ima_inode_hash.mbx

-----

If you want to try it out, just grab the latest master. You will need to
install dkimpy and dnspython either from your distro (I found the
necessary versions in debian-unstable as python3-dkim and
python3-dnspython), or from pypi:

  pip install --user dkimpy dnspython

If you find this feature annoying or if it's making things unstable, you
can turn it off by setting the following in your ~/.gitconfig:

[b4]
  attestation-check-dkim = no

If b4 doesn't find dkimpy or dnspython, it won't run the checks anyway.

Best regards,
-K

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 235 bytes --]