Linux maintainer tooling and workflows
 help / color / Atom feed
* b4: DKIM verification available
@ 2020-11-20 22:17 Konstantin Ryabitsev
  0 siblings, 0 replies; only message in thread
From: Konstantin Ryabitsev @ 2020-11-20 22:17 UTC (permalink / raw)
  To: tools


[-- Attachment #1: Type: text/plain, Size: 1846 bytes --]

Hi, all:

I'm gearing up for b4 0.6.0, which adds a handful of new features around
attestation. Specifically, it enables DKIM verification if the required
library is available. It used to be a futile exercise due to almost
every mailing list breaking it in terrible ways, but vger now properly
preserves headers so that DKIM signatures verify nearly all the time. 

Older mailman still not so much, though.

Here's an example:

-----

b4 am -o/tmp -t 20201120131708.3237864-1-kpsingh@chromium.org
Looking up https://lore.kernel.org/r/20201120131708.3237864-1-kpsingh%40chromium.org
Grabbing thread from lore.kernel.org/bpf
Analyzing 6 messages in the thread
---
Writing /tmp/20201120_kpsingh_ima_implement_ima_inode_hash.mbx
  ✓ [PATCH bpf-next 1/3] ima: Implement ima_inode_hash
  ✓ [PATCH bpf-next 2/3] bpf: Add a BPF helper for getting the IMA hash of an inode
  ✓ [PATCH bpf-next 3/3] bpf: Update LSM selftests for bpf_ima_inode_hash
    + Acked-by: Yonghong Song <yhs@fb.com>
  ---
  ✓ Attestation-by: DKIM/chromium.org (From: kpsingh@chromium.org)
---
Total patches: 3
---
 Link: https://lore.kernel.org/r/20201120131708.3237864-1-kpsingh@chromium.org
 Base: not found
       git am /tmp/20201120_kpsingh_ima_implement_ima_inode_hash.mbx

-----

If you want to try it out, just grab the latest master. You will need to
install dkimpy and dnspython either from your distro (I found the
necessary versions in debian-unstable as python3-dkim and
python3-dnspython), or from pypi:

  pip install --user dkimpy dnspython

If you find this feature annoying or if it's making things unstable, you
can turn it off by setting the following in your ~/.gitconfig:

[b4]
  attestation-check-dkim = no

If b4 doesn't find dkimpy or dnspython, it won't run the checks anyway.

Best regards,
-K

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 235 bytes --]

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, back to index

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-20 22:17 b4: DKIM verification available Konstantin Ryabitsev

Linux maintainer tooling and workflows

Archives are clonable:
	git clone --mirror https://lore.kernel.org/tools/0 tools/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 tools tools/ https://lore.kernel.org/tools \
		tools@linux.kernel.org
	public-inbox-index tools

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.linux.tools


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git