Hi,

This is the latest update in the Thunderbird / Enigmail changes that are
happening in jessie. I have built a series of test packages, partly from
stretch (gnupg2, enigmail) and partly from backports (libassuan,
libgcrypt, libgpg-error, npth) and uploaded them here:

https://people.debian.org/~anarcat/debian/jessie-lts/

I need people to test those packages, and not just enigmail users. Some
of those packages have pernicious and deep ramifications. I am
particularly worried about libgcrypt, which is used for example by
cryptsetup.

I am also concerned about the interactions between gpg2 and legacy gpg
1.4. I have made sure that gpg binaries are not clobbered by gpg2, which
means it *should* be possible to run both side by side. But this does
mean having multiple key storage at once when gpg2 is in used, something
we have managed to avoid in the 1.4 -> 2.x migration in stretch so
far. I am also specifically concerned about statements such as "[even
though co-installability was considered while designing 2.1, in practice
1.4 and 2.1+ don't mix well][gnupg]" that were said elsewhere.

 [gnupg]: 
https://lists.gnupg.org/pipermail/gnupg-users/2018-February/059988.html

Nevertheless, I have gone through the process of testing the packages
against their dependencies in a jessie virtual machine, as much as
possible. The following tools were tested, based on [advice from dkg][]:

 * cryptsetup: no build-time test suite, smoke-tested (luksFormat/Open +
   mkfs + edit file / close loop), main related change is libgpgerror
   and libgcrypt bumps

 * gpgme: build-time test suite passes, no further direct test although
   covered by later mutt tests, i believe

 * gmime: untested
 
 * libotr: depends on libgcrypt11, so presumed not affected. built, but
   no build-time test suite
      
 * mutt: no test suite, segfaults when hitting "enter" when no key
   match, but bug already present in jessie before proposed
   changes. other smoke tests seem okay.
      
 * claws: untested

 * mcabber: untested

 * enigmail: self-test suite passes at build time, had several problems
   during account setup (revocation cert failed to create during key
   init; can encrypt to a client, but not sign or decrypt. so something
   definitely wrong), related to missing pinentry packages. once
   pinentry is installed, all functionality seems to be working,
   including receiving and sending encrypted+signed and encrypted
   emails. autocrypt not tested.

Regarding the latter, it seems like autocrypt caused some problems at
least with the [Tails team][15923]. It might be advisable to upgrade
to Enigmail 2.0.9 in stretch and jessie before completing this work, as
it seems to address those issues specifically.

 [advice from dkg]: https://lists.debian.org/87ftvrnbyb....@fifthhorseman.net
 [15923]: https://redmine.tails.boum.org/code/issues/15923

I would appreciate code reviews, although the changes to perform the
backports are generally trivial: downgrade debhelper from 10 to 9,
delete the dh-strip --dbgsym-migration overrides, remove the mingw
packages, etc. Those who want to review the changes in code might want
to use the git repositories on salsa, because all packages are
conveniently available there. I created a debian/jessie-security branch
on every repository I had write access to, or on a fork in my own
namespace otherwise:

https://salsa.debian.org/debian/enigmail
https://salsa.debian.org/debian/gnupg2
https://salsa.debian.org/debian/libassuan
https://salsa.debian.org/anarcat/libgcrypt
https://salsa.debian.org/debian/libgpg-error
https://salsa.debian.org/anarcat/npth

Unless I get significant pushback on this, I plan on uploading those
packages next tuesday.

Phew! Maybe we'll get through that one at last. :)

A.

-- 
Seul a un caractère scientifique ce qui peut être réfuté. Ce qui n'est
pas réfutable relève de la magie ou de la mystique.
                        - Karl Popper

Reply via email to