Sending patches with usp email

30 Mar 2026 - Tags: email and patches

Using the email proxy

For developers using USP email accounts, the standard “App Password” or “Less Secure App” methods are no longer viable due to security lockdowns following the 2025 attacks. Since git send-email is essential for maintaining code integrity during submission, switching to OAuth 2.0—via a git credential helper or an email proxy—is the best workaround

Setting up the proxy

First, we cloned the repo

git clone https://github.com/davidbtadokoro/emailproxy-container.git
cd emailproxy-container

Then we edited the email config:

[Account setup]

[<FILL-HERE-USP-EMAIL-ADDRESS>]
permission_url = https://accounts.google.com/o/oauth2/auth
token_url = https://oauth2.googleapis.com/token
oauth2_scope = https://mail.google.com/
redirect_uri = http://localhost
client_id = <FILL-HERE-CLIENT-ID>
client_secret = <FILL-HERE-CLIENT-SECRET>

We used the client_id and client_secret present in the pad.

Since docker was not installed, the following tutorial was necessary: https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-20-04

We lauched the container with:

sudo docker compose up --build -d

# enter the container and star the proxy:
sudo docker exec -it emailproxy-container-server-1 /bin/bash
emailproxy --no-gui --external-auth --config-file /app/emailproxy.config

We kept this terminal running, since the proxy must be active to send patches.

Configuring git with kw

kw send-patch --setup --name 'Your Name'
kw send-patch --setup --email 'yourname@usp.br'
kw send-patch --setup --smtpuser 'yourname@usp.br'
kw send-patch --setup --smtpserver '127.0.0.1'
kw send-patch --setup --smtpserverport '2587'

kw send-patch --list # to check configs

Testing

kw send-patch --send -1 --private --simulate --to='<EMAIL-ADDRESS-1>','<EMAIL-ADDRESS-2>' ...
kw send-patch --send --private --to 'natalia.andre@ime.usp.br','dsl26oauthproxy@gmail.com'

The Authentication Handshake:

Password Prompt: When kw asks for a password, type anything. This is just a local password for the proxy, not your USP password.
The URL: Go to the terminal where the proxy is running. You will see a long Google URL.
The Browser: Copy that URL into your browser, log in, and “allow” the app.
The Loop: You will eventually hit an “Unable to connect” or “localhost” error page. This is normal. 5. Final Step: Copy the entire URL from your browser’s address bar (starting with http://localhost/…) and paste it back into the proxy terminal.

Natália Salvino