Re: [PATCH v2] configure: Ensure that GMime can extract session keys
On Mon 2019-05-20 16:46:23 -0300, David Bremner wrote: > I pushed this, and broke travis. Can you please have a look at > > https://travis-ci.org/notmuch/notmuch/builds/534979532 Sorry about this, the flaw was a difference between the ubuntu and debian linker default behavior. I've responded over at id:20190520205201.12883-1-...@fifthhorseman.net --dkg signature.asc Description: PGP signature ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH v2] configure: Ensure that GMime can extract session keys
Daniel Kahn Gillmor writes: > GMime 3.0 and higher can extract session keys, but it will *not* > extract session keys if it was built with --disable-crypto, or if it > was built against GPGME version < 1.8.0. > > Notmuch currently expects to be able to extract session keys, and > tests will fail if it is not possible, so we ensure that this is the > case during ./configure time. > > Part of this feels awkward because notmuch doesn't directly depend on > gpg at all. Rather, it depends on GMime, and the current > implementation of GMime depends on GPGME for its crypto, and GPGME in > turn depends on gpg. > > So the use of gpg in ./configure isn't actually introducing a new > dependency, though if a future version of GMime were ever to move away > from GnuPG, we might need to reconsider. > > Note that this changeset depends on > id:20190506174327.13457-1-...@fifthhorseman.net , which supplies the > rfc822 message test/corpora/crypto/basic-encrypted.eml used in it. > I pushed this, and broke travis. Can you please have a look at https://travis-ci.org/notmuch/notmuch/builds/534979532 d ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH v2] configure: Ensure that GMime can extract session keys
On Mon 2019-05-06 16:16:55 -0400, Daniel Kahn Gillmor wrote: > GMime 3.0 and higher can extract session keys, but it will *not* > extract session keys if it was built with --disable-crypto, or if it > was built against GPGME version < 1.8.0. > > Notmuch currently expects to be able to extract session keys, and > tests will fail if it is not possible, so we ensure that this is the > case during ./configure time. It would be great to see this patch merged -- it sets up a ./configure-time test to ensure that notmuch can indeed deal with session keys correctly, which is necessary for the test suite to pass (and for notmuch to offer sensible decryption and cleartext-indexing options. If there's some reason to not merge it, please let me know. All of its dependencies have been merged. --dkg signature.asc Description: PGP signature ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH v2] configure: Ensure that GMime can extract session keys
On Mon 2019-05-06 16:16:55 -0400, Daniel Kahn Gillmor wrote: > GMime 3.0 and higher can extract session keys, but it will *not* > extract session keys if it was built with --disable-crypto, or if it > was built against GPGME version < 1.8.0. > > Notmuch currently expects to be able to extract session keys, and > tests will fail if it is not possible, so we ensure that this is the > case during ./configure time. please consider v2 of this -- my initial sent draft only worked by accident due to a malingering GnuPG homedir, bc i'd forgotten to set GNUPGHOME in this line: > + && SESSION_KEY=$(GNUPGHOME=${TEMP_GPG} ./_check_session_keys) \ v2 handles it just fine, sorry for the noise. --dkg signature.asc Description: PGP signature ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
[PATCH v2] configure: Ensure that GMime can extract session keys
GMime 3.0 and higher can extract session keys, but it will *not* extract session keys if it was built with --disable-crypto, or if it was built against GPGME version < 1.8.0. Notmuch currently expects to be able to extract session keys, and tests will fail if it is not possible, so we ensure that this is the case during ./configure time. Part of this feels awkward because notmuch doesn't directly depend on gpg at all. Rather, it depends on GMime, and the current implementation of GMime depends on GPGME for its crypto, and GPGME in turn depends on gpg. So the use of gpg in ./configure isn't actually introducing a new dependency, though if a future version of GMime were ever to move away from GnuPG, we might need to reconsider. Note that this changeset depends on id:20190506174327.13457-1-...@fifthhorseman.net , which supplies the rfc822 message test/corpora/crypto/basic-encrypted.eml used in it. Signed-off-by: Daniel Kahn Gillmor --- configure | 54 ++ 1 file changed, 54 insertions(+) diff --git a/configure b/configure index 9140026a..e157aadf 100755 --- a/configure +++ b/configure @@ -497,6 +497,60 @@ if pkg-config --exists "gmime-3.0 > $GMIME_MINVER"; then have_gmime=1 gmime_cflags=$(pkg-config --cflags gmime-3.0) gmime_ldflags=$(pkg-config --libs gmime-3.0) + +printf "Checking for GMime session key extraction support... " + +cat > _check_session_keys.c < +#include + +int main () { +GError *error = NULL; +GMimeParser *parser = NULL; +GMimeMultipartEncrypted *body = NULL; +GMimeDecryptResult *decrypt_result = NULL; +GMimeObject *output = NULL; + +g_mime_init (); +parser = g_mime_parser_new (); +g_mime_parser_init_with_stream (parser, g_mime_stream_file_open("test/corpora/crypto/basic-encrypted.eml", "r", )); +if (error) return !! fprintf (stderr, "failed to instantiate parser with test/corpora/crypto/basic-encrypted.eml\n"); + +body = GMIME_MULTIPART_ENCRYPTED(g_mime_message_get_mime_part (g_mime_parser_construct_message (parser, NULL))); +if (body == NULL) return !!fprintf (stderr, "did not find a multipart encrypted message\n"); + +output = g_mime_multipart_encrypted_decrypt (body, GMIME_DECRYPT_EXPORT_SESSION_KEY, NULL, _result, ); +if (error || output == NULL) return !! fprintf (stderr, "decryption failed\n"); + +if (decrypt_result == NULL) return !! fprintf (stderr, "no GMimeDecryptResult found\n"); +if (decrypt_result->session_key == NULL) return !! fprintf (stderr, "GMimeDecryptResult has no session key\n"); + +printf ("%s\n", decrypt_result->session_key); +return 0; +} +EOF +if ${CC} ${CFLAGS} ${gmime_cflags} ${gmime_ldflags} _check_session_keys.c -o _check_session_keys > /dev/null 2>&1 \ + && TEMP_GPG=$(mktemp -d) \ + && GNUPGHOME=${TEMP_GPG} gpg --batch --quiet --import < test/gnupg-secret-key.asc \ + && SESSION_KEY=$(GNUPGHOME=${TEMP_GPG} ./_check_session_keys) \ + && [ $SESSION_KEY = 9:0BACD64099D1468AB07C796F0C0AC4851948A658A15B34E803865E9FC635F2F5 ] +then +printf "OK.\n" +else +cat