From: Kees Cook <kees@outflux.net>
To: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Cc: users@linux.kernel.org, tools@linux.kernel.org
Subject: Re: [kernel.org users] b4: DKIM verification available
Date: Sun, 22 Nov 2020 09:51:24 -0800 [thread overview]
Message-ID: <20201122175124.GA5416@outflux.net> (raw)
In-Reply-To: <20201122173859.mueoi5o7p4x53cx5@chatter.i7.local>
On Sun, Nov 22, 2020 at 12:38:59PM -0500, Konstantin Ryabitsev wrote:
> On Sat, Nov 21, 2020 at 04:28:08PM -0800, Kees Cook wrote:
> > On Fri, Nov 20, 2020 at 05:15:30PM -0500, Konstantin Ryabitsev wrote:
> > > I'm gearing up for b4 0.6.0, which adds a handful of new features around
> > > attestation. Specifically, it enables DKIM verification if the required
> > > library is available. It used to be a futile exercise due to almost
> > > every mailing list breaking it in terrible ways, but vger now properly
> > > preserves headers so that DKIM signatures verify nearly all the time.
> >
> > Nice! This works for me.
> >
> > I wanted to look at X-Patch-Sig verification too, but realized I couldn't
> > actually search lore for an arbitrary header to find an example. And so
> > I went to the lore git, and from a worktree, I found no one using the
> > new b4 GPG attestation yet ("git log -S X-Patch-Sig").
>
> Well, it's not in any released version yet, so it's not surprising. :)
> You can test it on some of my bogus series posts:
>
> b4 am -o/tmp 20201120212731.1645654-1-konstantin@linuxfoundation.org
>
> The 0.6 release will only support mode=pgp in addition to plain DKIM.
Excellent!
>
> > (I was hoping to have my own series up to use as an example, but I
> > mucked up the order of operations. Next one should include it,
> > though!)
>
> Basically, you just run "b4 attest *.patch" before running "git
> send-email". You can actually do this via adding the following to
Yeah, that's what I discovered (I hadn't realized it had switch to using
injected headers).
> .git/hooks/sendemail-validate:
>
> #!/bin/sh
> /path/to/your/b4/b4.sh attest $1
>
> I'll add documentation for this before 0.6 is out.
Ah, nice; that's cleaner than what I was doing.
> Thanks for willing to be my test subject. :)
Thanks for writing all this! :)
--
Kees Cook @outflux.net
next prev parent reply other threads:[~2020-11-22 17:51 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20201120221530.mfwn72nr6lqr2qqs@chatter.i7.local>
[not found] ` <20201122002808.GA20499@outflux.net>
2020-11-22 17:38 ` [kernel.org users] b4: DKIM verification available Konstantin Ryabitsev
2020-11-22 17:51 ` Kees Cook [this message]
[not found] ` <20201123154841.GU244516@ziepe.ca>
[not found] ` <1dccb9ac431b854ba4f7a72f6e7b90baecdacbe1.camel@HansenPartnership.com>
[not found] ` <20201123164220.GW244516@ziepe.ca>
2020-11-23 18:17 ` Konstantin Ryabitsev
2020-11-23 18:28 ` Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201122175124.GA5416@outflux.net \
--to=kees@outflux.net \
--cc=konstantin@linuxfoundation.org \
--cc=tools@linux.kernel.org \
--cc=users@linux.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.