Re: [pkg-gnupg-maint] Bug#842291: notmuch processes frequently stuck in select()

2016-11-29 Thread David Bremner 
Werner Koch  writes:

> On Wed, 23 Nov 2016 18:19, d...@fifthhorseman.net said:
>
>>  0) turn off CRL updates entirely during s/mime signature verification
>
> The gpgsm option is --disable-crl-checks.  
>
>>  1) do s/mime signature verification without CRL updates, but schedule
>> CRL checks to happen in the background for dirmngr, so that future
>> verifications will reflect the cert validity

A notmuch user reported on IRC that adding disable-crl-checks to
~/.gnupg/dirmngr.conf eliminated the long pauses when verifying s/mime
signatures.

This will prevent the user from noticing Certificate revokations, so
it's not without cost in security, but perhaps it's temporary workaround
until we figure out some better solution.

d


___
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch

Re: Trouble decrypting multipart/encrypted

2016-11-29 Thread Eric Skoglund 
David Bremner  writes:

> Eric Skoglund  writes:
>
>> David Bremner  writes:
>>
>>>
>>> Yeah, --verify only works with one of the structured output formats
>>> (json or sexp). I suppose that's probably a documentation bug.
>>>
>>> try
>>>
>>> % notmuch show --format=json --verify $message
>>
>> Yes that did work, getting "sigstatus : [ { 'status': 'good'  }]".
>
> OK, so notmuch can talk to gpg. I'm only guessing, but it seems like
> some kind of problem with pinentry, or access to private keys. One
> potential issue is having multiple versions of gpg installed.
>
> %  notmuch config get crypto.gpg_path
>
> should give the same path as the gpg you normally use (so, 2.1.13 as you
> said).
>

Thank you David! Seems like notmuch used the gpg1 binary (that fedora
has installed by default also), I switched the gpg binary to gpg2 and it
now works like a charm!

Thank you so much for your help.

// Eric Skoglund
___
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch

Re: Trouble decrypting multipart/encrypted

2016-11-29 Thread David Bremner 
Eric Skoglund  writes:

> David Bremner  writes:
>
>>
>> Yeah, --verify only works with one of the structured output formats
>> (json or sexp). I suppose that's probably a documentation bug.
>>
>> try
>>
>> % notmuch show --format=json --verify $message
>
> Yes that did work, getting "sigstatus : [ { 'status': 'good'  }]".

OK, so notmuch can talk to gpg. I'm only guessing, but it seems like
some kind of problem with pinentry, or access to private keys. One
potential issue is having multiple versions of gpg installed.

%  notmuch config get crypto.gpg_path

should give the same path as the gpg you normally use (so, 2.1.13 as you
said).

For pinentry issues, my own prejudice is that pinentry-curses is hard to
get working right, and pinentry-gtk usually works more smoothly; I don't
know if that's relevant for you.

d
___
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch

Re: [PATCH 1/2] fix out of tree build for ruby bindings

2016-11-29 Thread David Bremner 
Tomi Ollila  writes:

> From: Tomi Ollila 
>
> Ruby bindings source files had to be copied to the out-of-tree
> target directory -- final obstacle avoiding that was that if
> there were built object files in source directory, new target object
> files were not built (caused link failure, fortunately).
> ---
>
> The ruby-part fix of id:1479146030-17083-1-git-send-email-tomi.oll...@iki.fi
>
>  bindings/Makefile.local  |  2 +-
>  bindings/ruby/extconf.rb | 12 +++-
>  configure|  6 ++
>  3 files changed, 18 insertions(+), 2 deletions(-)
>
> diff --git a/bindings/Makefile.local b/bindings/Makefile.local
> index 11d11d4..61fe412 100644
> --- a/bindings/Makefile.local
> +++ b/bindings/Makefile.local
> @@ -8,7 +8,7 @@ ifeq ($(HAVE_RUBY_DEV),1)
>   cd $(dir)/ruby && \
>   EXTRA_LDFLAGS="$(NO_UNDEFINED_LDFLAGS)" \
>   LIBNOTMUCH="../../lib/$(LINKER_NAME)" \
> - ruby extconf.rb --vendor
> + SRCDIR=$(srcdir) ruby extconf.rb --vendor
>   $(MAKE) -C $(dir)/ruby
>  endif
>  
> diff --git a/bindings/ruby/extconf.rb b/bindings/ruby/extconf.rb
> index ddaa684..ed57d33 100644
> --- a/bindings/ruby/extconf.rb
> +++ b/bindings/ruby/extconf.rb
> @@ -1,11 +1,21 @@
>  #!/usr/bin/env ruby
>  # coding: utf-8
>  # Copyright 2010, 2011, 2012 Ali Polatel 
> +# Out of tree build update: 2016 Tomi Ollila
>  # Distributed under the terms of the GNU General Public License v3
>  
>  require 'mkmf'
>  
> -dir = File.join('..', '..', 'lib')
> +# ENV['SRCDIR'] is build system's vision of source dir...
> +srcroot = ENV['SRCDIR']
> +# ...so fix it; expect hardcoded ../.. to work
> +if srcroot == '.'
> +  srcroot = File.join('..', '..')
> +elsif srcroot[0] != '/'
> +  srcroot = File.join('..', '..', srcroot)
> +end

I guess I have the same question about the non-absolute path case
here. Are we assuming some convention?
___
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch

Re: [PATCH 2/2] fix (rest of the) out of tree build

2016-11-29 Thread David Bremner 
Tomi Ollila  writes:


> +# Like $TEST_DIRECTORY this needs to be absolute as working directories 
> change.
> +SOURCE_DIRECTORY=$(
> + case $NOTMUCH_SRCDIR in /*) cd "$NOTMUCH_SRCDIR" ;;
> +  *) cd "../$NOTMUCH_SRCDIR"
> + esac
> + pwd -P)
> +

I don't understand the second case here.

___
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch