diff options
author | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2020-02-26 13:11:38 -0500 |
---|---|---|
committer | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2020-02-26 13:11:38 -0500 |
commit | b234a9ecd7b3ce8c75d2bdfabc1e3fd176a0b74e (patch) | |
tree | b6ad8afa7ea2d35a21422c78dd829f9a024d34bd | |
parent | 1d64260e7da5d48ded770a789be82e4de64406c8 (diff) | |
download | korg-helpers-b234a9ecd7b3ce8c75d2bdfabc1e3fd176a0b74e.tar.gz |
Use the UID that matched From in the trailer
Unless we're running with -F that ignores From/UID mismatches, we will
now use the matching UID in the Attestation-by trailer.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
-rwxr-xr-x | attest-patches.py | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/attest-patches.py b/attest-patches.py index 1c0bcf3..dfe05b6 100755 --- a/attest-patches.py +++ b/attest-patches.py @@ -366,14 +366,14 @@ def get_subkey_uids(keyid): return SUBKEY_DATA[keyid] -def check_if_from_matches_uids(keyid, msg): +def get_matching_uid(keyid, msg): uids = get_subkey_uids(keyid) fromaddr = email.utils.getaddresses(msg.get_all('from', []))[0] for uid in uids: if fromaddr[1] == uid[1]: - return True + return '%s <%s>' % uid - return False + return None def verify_attestation(cmdargs): @@ -408,14 +408,17 @@ def verify_attestation(cmdargs): continue for good, valid, trusted, sigkey, siguid in adata: - if cmdargs.ignorefrom or check_if_from_matches_uids(sigkey, msg): + muid = get_matching_uid(sigkey, msg) + if muid is None and cmdargs.ignorefrom: + muid = siguid + if muid is not None: if not trusted: VALIDATION_ERRORS.update(('Insufficient owner trust (model=%s): %s (key=%s)' % (GPGTRUSTMODEL, siguid, sigkey),)) ecode = 128 else: if ecode != 128: - attestors.update(('%s (pgp:%s)' % (siguid, sigkey),)) + attestors.update(('%s (pgp:%s)' % (muid, sigkey),)) ecode = 0 break else: |