diff options
| author | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2020-02-25 15:27:52 -0500 |
|---|---|---|
| committer | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2020-02-25 15:27:52 -0500 |
| commit | 3634d02460cc8748fb1f5e0e8d24a9d58ff5cc0b (patch) | |
| tree | d265819ea21f37bc96e265c7c39e18dd6183b7f8 | |
| parent | 6dd9008338a24ed31a43a676ced9086a2e85fbf7 (diff) | |
| download | korg-helpers-3634d02460cc8748fb1f5e0e8d24a9d58ff5cc0b.tar.gz | |
Don't use the Date header for attestation
Tools like git-send-email don't preserve the Date: header as in the body
generated by git-format-patch, so we cannot rely on it for attestation
purposes. See:
https://lore.kernel.org/git/20191213015753.GA14249@generichostname/T/#u
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
| -rwxr-xr-x | attest-patches.py | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/attest-patches.py b/attest-patches.py index 73cd3d3..a79dab1 100755 --- a/attest-patches.py +++ b/attest-patches.py @@ -103,9 +103,19 @@ def get_mailinfo_hashes(content): ecode, info = git_run_command(None, cmdargs, content) if ecode > 0: logger.critical('ERROR: Could not get mailinfo') - return None, None, None, None + return None, None, None + logger.debug(info) ihasher = hashlib.sha256() - ihasher.update(info.encode('utf-8')) + for line in info.split('\n'): + # We don't use the "Date:" field because it is likely to be + # mangled between when git-format-patch generates it and + # when it is sent out by git-send-email (or other tools). + # TODO: We can do some basic date sanity checking by + # looking at the PGP signature date and making sure + # that it is within a sane limit compared to the + # commit, though it is unlikely to matter for attestation + if re.search(r'^(Author|Email|Subject):', line): + ihasher.update((line + '\n').encode('utf-8')) ihash = ihasher.hexdigest() with open(msg_out[1], 'r') as mfh: @@ -117,7 +127,10 @@ def get_mailinfo_hashes(content): with open(patch_out[1], 'r') as pfh: patch = pfh.read() - phash = get_patch_hash(patch) + if len(patch.strip()): + phash = get_patch_hash(patch) + else: + phash = None os.unlink(patch_out[1]) return ihash, mhash, phash @@ -351,6 +364,13 @@ def verify_attestation(cmdargs): for msg in mbx: content = msg.as_bytes() ihash, mhash, phash = get_mailinfo_hashes(content) + if not phash: + logger.debug('SKIP | %s', msg['Subject']) + continue + logger.debug('Verifying: %s', msg['Subject']) + logger.debug(' i: %s', ihash) + logger.debug(' m: %s', mhash) + logger.debug(' p: %s', phash) try: adata = get_lore_attestation(ihash, mhash, phash, session) for good, valid, trusted, sigkey, siguid in adata: |