On Fri, 25 Nov 2011 13:43:35 -0500, David Bremner <da...@tethera.net> wrote:
> Just confirm, all the crypto tests pass with this patch? In that case,
> can we have the patch (preferably as generated by git-send-email)? Or
> did I miss it somewhere in this thread?

I don't believe the patch ever made it to the list, I can't find it in
my own archive.  From the changelog here:

  http://koji.fedoraproject.org/koji/buildinfo?buildID=269819

  it looks like Karel Klíč of Red Hat created it back in July, I assume
that's when Fedora moved to the later GMime version.

The patch itself looks like it's a straight re-mapping of the 2.4
GMimeSignatureValidity to the 2.5+ equivalent along with some
deprecation of GMimeSession, so just applying the patch will break
compilation for anyone < 2.5.

Also, three of the crypto tests relating to signature validation /do/
fail, although it looks like that may simply be down to changes in the
output format and so just need updated test cases.

I've attached the patch as-is to this mail for reference purposes, but
based on the above it'll need a bit of tweaking before it's useful to
the wider group.

diff -up notmuch-0.6.1/notmuch-client.h.gmime notmuch-0.6.1/notmuch-client.h
--- notmuch-0.6.1/notmuch-client.h.gmime	2011-07-17 16:20:51.000000000 +0200
+++ notmuch-0.6.1/notmuch-client.h	2011-07-28 17:24:16.904949635 +0200
@@ -68,7 +68,7 @@ typedef struct notmuch_show_format {
     void (*part_start) (GMimeObject *part,
 			int *part_count);
     void (*part_encstatus) (int status);
-    void (*part_sigstatus) (const GMimeSignatureValidity* validity);
+    void (*part_sigstatus) (GMimeSignatureList *siglist);
     void (*part_content) (GMimeObject *part);
     void (*part_end) (GMimeObject *part);
     const char *part_sep;
@@ -82,7 +82,7 @@ typedef struct notmuch_show_params {
     int entire_thread;
     int raw;
     int part;
-    GMimeCipherContext* cryptoctx;
+    GMimeCryptoContext* cryptoctx;
     int decrypt;
 } notmuch_show_params_t;
 
diff -up notmuch-0.6.1/notmuch-reply.c.gmime notmuch-0.6.1/notmuch-reply.c
--- notmuch-0.6.1/notmuch-reply.c.gmime	2011-07-17 16:20:51.000000000 +0200
+++ notmuch-0.6.1/notmuch-reply.c	2011-07-28 17:24:16.904949635 +0200
@@ -610,13 +610,10 @@ notmuch_reply_command (void *ctx, int ar
 	    }
 	} else if ((STRNCMP_LITERAL (argv[i], "--decrypt") == 0)) {
 	    if (params.cryptoctx == NULL) {
-		GMimeSession* session = g_object_new(g_mime_session_get_type(), NULL);
-		if (NULL == (params.cryptoctx = g_mime_gpg_context_new(session, "gpg")))
+		if (NULL == (params.cryptoctx = g_mime_gpg_context_new(NULL, "gpg")))
 		    fprintf (stderr, "Failed to construct gpg context.\n");
 		else
 		    g_mime_gpg_context_set_always_trust((GMimeGpgContext*)params.cryptoctx, FALSE);
-		g_object_unref (session);
-		session = NULL;
 	    }
 	} else {
 	    fprintf (stderr, "Unrecognized option: %s\n", argv[i]);
diff -up notmuch-0.6.1/notmuch-show.c.gmime notmuch-0.6.1/notmuch-show.c
--- notmuch-0.6.1/notmuch-show.c.gmime	2011-07-17 16:20:51.000000000 +0200
+++ notmuch-0.6.1/notmuch-show.c	2011-07-28 17:24:16.905949620 +0200
@@ -70,7 +70,7 @@ static void
 format_part_encstatus_json (int status);
 
 static void
-format_part_sigstatus_json (const GMimeSignatureValidity* validity);
+format_part_sigstatus_json (GMimeSignatureList *siglist);
 
 static void
 format_part_content_json (GMimeObject *part);
@@ -420,16 +420,14 @@ show_text_part_content (GMimeObject *par
 }
 
 static const char*
-signer_status_to_string (GMimeSignerStatus x)
+signature_status_to_string (GMimeSignatureStatus x)
 {
     switch (x) {
-    case GMIME_SIGNER_STATUS_NONE:
-	return "none";
-    case GMIME_SIGNER_STATUS_GOOD:
+    case GMIME_SIGNATURE_STATUS_GOOD:
 	return "good";
-    case GMIME_SIGNER_STATUS_BAD:
+    case GMIME_SIGNATURE_STATUS_BAD:
 	return "bad";
-    case GMIME_SIGNER_STATUS_ERROR:
+    case GMIME_SIGNATURE_STATUS_ERROR:
 	return "error";
     }
     return "unknown";
@@ -524,59 +522,65 @@ format_part_encstatus_json (int status)
 }
 
 static void
-format_part_sigstatus_json (const GMimeSignatureValidity* validity)
+format_part_sigstatus_json (GMimeSignatureList *siglist)
 {
     printf (", \"sigstatus\": [");
 
-    if (!validity) {
+    if (!siglist) {
 	printf ("]");
 	return;
     }
 
-    const GMimeSigner *signer = g_mime_signature_validity_get_signers (validity);
-    int first = 1;
     void *ctx_quote = talloc_new (NULL);
+    int i;
+    for (i = 0; i < g_mime_signature_list_length (siglist); ++i) {
+	GMimeSignature *signature = g_mime_signature_list_get_signature (siglist, i);
 
-    while (signer) {
-	if (first)
-	    first = 0;
-	else
+	if (i > 0)
 	    printf (", ");
-
 	printf ("{");
 
 	/* status */
+	GMimeSignatureStatus status = g_mime_signature_get_status (signature);
 	printf ("\"status\": %s",
 		json_quote_str (ctx_quote,
-				signer_status_to_string (signer->status)));
+				signature_status_to_string (status)));
 
-	if (signer->status == GMIME_SIGNER_STATUS_GOOD)
+	GMimeCertificate *certificate = g_mime_signature_get_certificate (signature);
+	if (status == GMIME_SIGNATURE_STATUS_GOOD)
 	{
-	    if (signer->fingerprint)
-		printf (", \"fingerprint\": %s", json_quote_str (ctx_quote, signer->fingerprint));
+	    if (certificate)
+		printf (", \"fingerprint\": %s", json_quote_str (ctx_quote, g_mime_certificate_get_fingerprint (certificate)));
 	    /* these dates are seconds since the epoch; should we
 	     * provide a more human-readable format string? */
-	    if (signer->created)
-		printf (", \"created\": %d", (int) signer->created);
-	    if (signer->expires)
-		printf (", \"expires\": %d", (int) signer->expires);
+	    time_t created = g_mime_signature_get_created (signature);
+	    if (created != -1)
+		printf (", \"created\": %d", (int) created);
+	    time_t expires = g_mime_signature_get_expires (signature);
+	    if (expires != -1)
+		printf (", \"expires\": %d", (int) expires);
 	    /* output user id only if validity is FULL or ULTIMATE. */
 	    /* note that gmime is using the term "trust" here, which
 	     * is WRONG.  It's actually user id "validity". */
-	    if ((signer->name) && (signer->trust)) {
-		if ((signer->trust == GMIME_SIGNER_TRUST_FULLY) || (signer->trust == GMIME_SIGNER_TRUST_ULTIMATE))
-		    printf (", \"userid\": %s", json_quote_str (ctx_quote, signer->name));
+	    if (certificate)
+	    {
+		const char *name = g_mime_certificate_get_issuer_name (certificate);
+		GMimeCertificateTrust trust = g_mime_certificate_get_trust (certificate);
+		if (name && (trust == GMIME_CERTIFICATE_TRUST_FULLY || trust == GMIME_CERTIFICATE_TRUST_ULTIMATE))
+		    printf (", \"userid\": %s", json_quote_str (ctx_quote, name));
            }
-       } else {
-           if (signer->keyid)
-               printf (", \"keyid\": %s", json_quote_str (ctx_quote, signer->keyid));
-       }
-       if (signer->errors != GMIME_SIGNER_ERROR_NONE) {
-           printf (", \"errors\": %x", signer->errors);
-       }
+	} else if (certificate) {
+	    const char *key_id = g_mime_certificate_get_key_id (certificate);
+	    if (key_id)
+		printf (", \"keyid\": %s", json_quote_str (ctx_quote, key_id));
+	}
+
+	GMimeSignatureError errors = g_mime_signature_get_errors (signature);
+	if (errors != GMIME_SIGNATURE_ERROR_NONE) {
+	    printf (", \"errors\": %x", errors);
+	}
 
-       printf ("}");
-       signer = signer->next;
+	printf ("}");
     }
 
     printf ("]");
@@ -899,13 +903,10 @@ notmuch_show_command (void *ctx, unused 
 	} else if ((STRNCMP_LITERAL (argv[i], "--verify") == 0) ||
 		   (STRNCMP_LITERAL (argv[i], "--decrypt") == 0)) {
 	    if (params.cryptoctx == NULL) {
-		GMimeSession* session = g_object_new(g_mime_session_get_type(), NULL);
-		if (NULL == (params.cryptoctx = g_mime_gpg_context_new(session, "gpg")))
+		if (NULL == (params.cryptoctx = g_mime_gpg_context_new(NULL, "gpg")))
 		    fprintf (stderr, "Failed to construct gpg context.\n");
 		else
 		    g_mime_gpg_context_set_always_trust((GMimeGpgContext*)params.cryptoctx, FALSE);
-		g_object_unref (session);
-		session = NULL;
 	    }
 	    if (STRNCMP_LITERAL (argv[i], "--decrypt") == 0)
 		params.decrypt = 1;
diff -up notmuch-0.6.1/show-message.c.gmime notmuch-0.6.1/show-message.c
--- notmuch-0.6.1/show-message.c.gmime	2011-07-17 16:20:51.000000000 +0200
+++ notmuch-0.6.1/show-message.c	2011-07-28 17:27:12.295304742 +0200
@@ -68,15 +68,16 @@ show_message_part (GMimeObject *part,
 			 g_mime_multipart_get_count (multipart));
 	    } else {
 		GMimeMultipartEncrypted *encrypteddata = GMIME_MULTIPART_ENCRYPTED (part);
-		decryptedpart = g_mime_multipart_encrypted_decrypt (encrypteddata, params->cryptoctx, &err);
+		GMimeDecryptResult *decrypt_result = g_mime_decrypt_result_new ();
+		decryptedpart = g_mime_multipart_encrypted_decrypt (encrypteddata, params->cryptoctx, &decrypt_result, &err);
 		if (decryptedpart) {
 		    if ((selected || state->in_zone) && format->part_encstatus)
 			format->part_encstatus (1);
-		    const GMimeSignatureValidity *sigvalidity = g_mime_multipart_encrypted_get_signature_validity (encrypteddata);
-		    if (!sigvalidity)
-			fprintf (stderr, "Failed to verify signed part: %s\n", (err ? err->message : "no error explanation given"));
+		    GMimeSignatureList *siglist = g_mime_decrypt_result_get_signatures (decrypt_result);
+		    if (!siglist)
+			fprintf (stderr, "Failed to get signatures: %s\n", (err ? err->message : "no error explanation given"));
 		    if ((selected || state->in_zone) && format->part_sigstatus)
-			format->part_sigstatus (sigvalidity);
+			format->part_sigstatus (siglist);
 		} else {
 		    fprintf (stderr, "Failed to decrypt part: %s\n", (err ? err->message : "no error explanation given"));
 		    if ((selected || state->in_zone) && format->part_encstatus)
@@ -92,20 +93,14 @@ show_message_part (GMimeObject *part,
 			 "Error: %d part(s) for a multipart/signed message (should be exactly 2)\n",
 			 g_mime_multipart_get_count (multipart));
 	    } else {
-		/* For some reason the GMimeSignatureValidity returned
-		 * here is not a const (inconsistent with that
-		 * returned by
-		 * g_mime_multipart_encrypted_get_signature_validity,
-		 * and therefore needs to be properly disposed of.
-		 * Hopefully the API will become more consistent. */
-		GMimeSignatureValidity *sigvalidity = g_mime_multipart_signed_verify (GMIME_MULTIPART_SIGNED (part), params->cryptoctx, &err);
-		if (!sigvalidity) {
+		GMimeSignatureList *siglist = g_mime_multipart_signed_verify (GMIME_MULTIPART_SIGNED (part), params->cryptoctx, &err);
+		if (!siglist) {
 		    fprintf (stderr, "Failed to verify signed part: %s\n", (err ? err->message : "no error explanation given"));
 		}
 		if ((selected || state->in_zone) && format->part_sigstatus)
-		    format->part_sigstatus (sigvalidity);
-		if (sigvalidity)
-		    g_mime_signature_validity_free (sigvalidity);
+		    format->part_sigstatus (siglist);
+		if (siglist)
+		    g_object_unref (siglist);
 	    }
 	}
 

Attachment: pgpjWmGwktFEC.pgp
Description: PGP signature

_______________________________________________
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Reply via email to