1 Return-Path: <schnouki@schnouki.net>
\r
2 X-Original-To: notmuch@notmuchmail.org
\r
3 Delivered-To: notmuch@notmuchmail.org
\r
4 Received: from localhost (localhost [127.0.0.1])
\r
5 by olra.theworths.org (Postfix) with ESMTP id 967B2429E3B
\r
6 for <notmuch@notmuchmail.org>; Mon, 16 Jan 2012 15:56:55 -0800 (PST)
\r
7 X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
\r
11 X-Spam-Status: No, score=-0.1 tagged_above=-999 required=5
\r
12 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1]
\r
14 Received: from olra.theworths.org ([127.0.0.1])
\r
15 by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
\r
16 with ESMTP id 96ti72gXnoHR for <notmuch@notmuchmail.org>;
\r
17 Mon, 16 Jan 2012 15:56:53 -0800 (PST)
\r
18 Received: from ks3536.kimsufi.com (schnouki.net [87.98.217.222])
\r
19 by olra.theworths.org (Postfix) with ESMTP id 8CDA5429E35
\r
20 for <notmuch@notmuchmail.org>; Mon, 16 Jan 2012 15:56:53 -0800 (PST)
\r
21 Received: from odin.local (nancy.schnouki.net [78.238.0.45])
\r
22 by ks3536.kimsufi.com (Postfix) with ESMTPSA id 1E3026A0026;
\r
23 Tue, 17 Jan 2012 00:56:52 +0100 (CET)
\r
24 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=schnouki.net;
\r
25 s=key-schnouki; t=1326758212;
\r
26 bh=pOFUVvRXac9BNYjInXv7unuSXvKLur2a7edZZ91S5LM=;
\r
27 h=From:To:Subject:Date:Message-Id:In-Reply-To:References;
\r
28 b=Rzq1UsIdwoMUokBro1GjVtueiORt+eK6pLBmv9rcY+tJdjSm/O5DN+egVISN8yzAP
\r
29 cnhXgs+xdDGZDWVd22mDAKlApkbry+QF7xDMUCfZnmlfXj3OXXEd9cEI7sReJznWTj
\r
30 T7mstqVlRcW/V459CV/tp+Rv16BQ3DdBjUOY5/Fc=
\r
31 From: Thomas Jost <schnouki@schnouki.net>
\r
32 To: notmuch@notmuchmail.org
\r
33 Subject: [PATCH] Add pseudo-compatibility with gmime 2.6
\r
34 Date: Tue, 17 Jan 2012 00:56:39 +0100
\r
35 Message-Id: <1326758199-18058-1-git-send-email-schnouki@schnouki.net>
\r
36 X-Mailer: git-send-email 1.7.8.3
\r
37 In-Reply-To: <8762gbtd6p.fsf@schnouki.net>
\r
38 References: <8762gbtd6p.fsf@schnouki.net>
\r
39 X-BeenThere: notmuch@notmuchmail.org
\r
40 X-Mailman-Version: 2.1.13
\r
42 List-Id: "Use and development of the notmuch mail system."
\r
43 <notmuch.notmuchmail.org>
\r
44 List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
\r
45 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
\r
46 List-Archive: <http://notmuchmail.org/pipermail/notmuch>
\r
47 List-Post: <mailto:notmuch@notmuchmail.org>
\r
48 List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
\r
49 List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
\r
50 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
\r
51 X-List-Received-Date: Mon, 16 Jan 2012 23:56:55 -0000
\r
53 There are lots of API changes in gmime 2.6 crypto handling. By adding
\r
54 preprocessor directives, it is however possible to add gmime 2.6 compatibility
\r
55 while preserving compatibility with gmime 2.4 too.
\r
57 This is mostly based on id:"8762i8hrb9.fsf@bookbinder.fernseed.info".
\r
59 This was tested against both gmime 2.6.4 and 2.4.31. With gmime 2.4.31, the
\r
60 crypto tests all work fine (as expected). With gmime 2.6.4, one crypto test
\r
61 fails (signature verification with signer key unavailable) but this will be hard
\r
62 to fix since the new API does not report the reason why a signature verification
\r
63 fails (other than the human-readable error message).
\r
65 mime-node.c | 50 ++++++++++++++++++++++++++-
\r
66 notmuch-client.h | 27 ++++++++++++++-
\r
67 notmuch-reply.c | 7 ++++
\r
68 notmuch-show.c | 97 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
\r
69 show-message.c | 4 ++
\r
70 5 files changed, 181 insertions(+), 4 deletions(-)
\r
72 diff --git a/mime-node.c b/mime-node.c
\r
73 index d26bb44..ae2473d 100644
\r
76 @@ -33,7 +33,11 @@ typedef struct mime_node_context {
\r
77 GMimeMessage *mime_message;
\r
79 /* Context provided by the caller. */
\r
81 + GMimeCryptoContext *cryptoctx;
\r
83 GMimeCipherContext *cryptoctx;
\r
85 notmuch_bool_t decrypt;
\r
86 } mime_node_context_t;
\r
88 @@ -57,8 +61,12 @@ _mime_node_context_free (mime_node_context_t *res)
\r
91 mime_node_open (const void *ctx, notmuch_message_t *message,
\r
92 - GMimeCipherContext *cryptoctx, notmuch_bool_t decrypt,
\r
93 - mime_node_t **root_out)
\r
95 + GMimeCryptoContext *cryptoctx,
\r
97 + GMimeCipherContext *cryptoctx,
\r
99 + notmuch_bool_t decrypt, mime_node_t **root_out)
\r
101 const char *filename = notmuch_message_get_filename (message);
\r
102 mime_node_context_t *mctx;
\r
103 @@ -112,12 +120,21 @@ DONE:
\r
109 +_signature_list_free (GMimeSignatureList **proxy)
\r
111 + g_object_unref (*proxy);
\r
116 _signature_validity_free (GMimeSignatureValidity **proxy)
\r
118 g_mime_signature_validity_free (*proxy);
\r
123 static mime_node_t *
\r
124 _mime_node_create (const mime_node_t *parent, GMimeObject *part)
\r
125 @@ -165,11 +182,23 @@ _mime_node_create (const mime_node_t *parent, GMimeObject *part)
\r
126 GMimeMultipartEncrypted *encrypteddata =
\r
127 GMIME_MULTIPART_ENCRYPTED (part);
\r
128 node->decrypt_attempted = TRUE;
\r
130 + GMimeDecryptResult *decrypt_result = g_mime_decrypt_result_new ();
\r
131 + node->decrypted_child = g_mime_multipart_encrypted_decrypt
\r
132 + (encrypteddata, node->ctx->cryptoctx, &decrypt_result, &err);
\r
133 + if (node->decrypted_child) {
\r
134 + node->decrypt_success = node->verify_attempted = TRUE;
\r
135 + node->sig_list = g_mime_decrypt_result_get_signatures (decrypt_result);
\r
136 + if (!node->sig_list)
\r
137 + fprintf (stderr, "Failed to get signatures: %s\n",
\r
138 + (err ? err->message : "no error explanation given"));
\r
140 node->decrypted_child = g_mime_multipart_encrypted_decrypt
\r
141 (encrypteddata, node->ctx->cryptoctx, &err);
\r
142 if (node->decrypted_child) {
\r
143 node->decrypt_success = node->verify_attempted = TRUE;
\r
144 node->sig_validity = g_mime_multipart_encrypted_get_signature_validity (encrypteddata);
\r
147 fprintf (stderr, "Failed to decrypt part: %s\n",
\r
148 (err ? err->message : "no error explanation given"));
\r
149 @@ -182,6 +211,18 @@ _mime_node_create (const mime_node_t *parent, GMimeObject *part)
\r
150 "(must be exactly 2)\n",
\r
154 + GMimeSignatureList *sig_list = g_mime_multipart_signed_verify
\r
155 + (GMIME_MULTIPART_SIGNED (part), node->ctx->cryptoctx, &err);
\r
156 + node->verify_attempted = TRUE;
\r
157 + node->sig_list = sig_list;
\r
159 + GMimeSignatureList **proxy =
\r
160 + talloc (node, GMimeSignatureList *);
\r
161 + *proxy = sig_list;
\r
162 + talloc_set_destructor (proxy, _signature_list_free);
\r
165 /* For some reason the GMimeSignatureValidity returned
\r
166 * here is not a const (inconsistent with that
\r
168 @@ -200,10 +241,15 @@ _mime_node_create (const mime_node_t *parent, GMimeObject *part)
\r
169 *proxy = sig_validity;
\r
170 talloc_set_destructor (proxy, _signature_validity_free);
\r
177 + if (node->verify_attempted && !node->sig_list)
\r
179 if (node->verify_attempted && !node->sig_validity)
\r
181 fprintf (stderr, "Failed to verify signed part: %s\n",
\r
182 (err ? err->message : "no error explanation given"));
\r
184 diff --git a/notmuch-client.h b/notmuch-client.h
\r
185 index 517c010..e85f882 100644
\r
186 --- a/notmuch-client.h
\r
187 +++ b/notmuch-client.h
\r
190 #include <gmime/gmime.h>
\r
192 +/* GMIME_CHECK_VERSION is only available in gmime >= 2.5. But so are
\r
193 + * GMIME_MAJOR_VERSION and friends. */
\r
194 +#ifdef GMIME_MAJOR_VERSION
\r
198 #include "notmuch.h"
\r
200 /* This is separate from notmuch-private.h because we're trying to
\r
201 @@ -69,7 +75,11 @@ typedef struct notmuch_show_format {
\r
202 void (*part_start) (GMimeObject *part,
\r
204 void (*part_encstatus) (int status);
\r
206 + void (*part_sigstatus) (GMimeSignatureList* siglist);
\r
208 void (*part_sigstatus) (const GMimeSignatureValidity* validity);
\r
210 void (*part_content) (GMimeObject *part);
\r
211 void (*part_end) (GMimeObject *part);
\r
212 const char *part_sep;
\r
213 @@ -83,7 +93,11 @@ typedef struct notmuch_show_params {
\r
218 + GMimeCryptoContext* cryptoctx;
\r
220 GMimeCipherContext* cryptoctx;
\r
223 } notmuch_show_params_t;
\r
225 @@ -286,7 +300,12 @@ typedef struct mime_node {
\r
226 * signature. May be NULL if signature verification failed. If
\r
227 * there are simply no signatures, this will be non-NULL with an
\r
228 * empty signers list. */
\r
230 + /* TODO: update the above comment... */
\r
231 + GMimeSignatureList* sig_list;
\r
233 const GMimeSignatureValidity *sig_validity;
\r
236 /* Internal: Context inherited from the root iterator. */
\r
237 struct mime_node_context *ctx;
\r
238 @@ -311,8 +330,12 @@ typedef struct mime_node {
\r
241 mime_node_open (const void *ctx, notmuch_message_t *message,
\r
242 - GMimeCipherContext *cryptoctx, notmuch_bool_t decrypt,
\r
243 - mime_node_t **node_out);
\r
245 + GMimeCryptoContext *cryptoctx,
\r
247 + GMimeCipherContext *cryptoctx,
\r
249 + notmuch_bool_t decrypt, mime_node_t **node_out);
\r
251 /* Return a new MIME node for the requested child part of parent.
\r
252 * parent will be used as the talloc context for the returned child
\r
253 diff --git a/notmuch-reply.c b/notmuch-reply.c
\r
254 index da3acce..dc37c51 100644
\r
255 --- a/notmuch-reply.c
\r
256 +++ b/notmuch-reply.c
\r
257 @@ -688,15 +688,22 @@ notmuch_reply_command (void *ctx, int argc, char *argv[])
\r
258 reply_format_func = notmuch_reply_format_default;
\r
262 + /* TODO: GMimePasswordRequestFunc */
\r
263 + params.cryptoctx = g_mime_gpg_context_new (NULL, "gpg");
\r
265 GMimeSession* session = g_object_new (g_mime_session_get_type(), NULL);
\r
266 params.cryptoctx = g_mime_gpg_context_new (session, "gpg");
\r
268 if (params.cryptoctx) {
\r
269 g_mime_gpg_context_set_always_trust ((GMimeGpgContext*) params.cryptoctx, FALSE);
\r
270 params.decrypt = TRUE;
\r
272 fprintf (stderr, "Failed to construct gpg context.\n");
\r
275 g_object_unref (session);
\r
279 config = notmuch_config_open (ctx, NULL, NULL);
\r
280 diff --git a/notmuch-show.c b/notmuch-show.c
\r
281 index d14dac9..263ab72 100644
\r
282 --- a/notmuch-show.c
\r
283 +++ b/notmuch-show.c
\r
284 @@ -76,7 +76,11 @@ static void
\r
285 format_part_encstatus_json (int status);
\r
289 +format_part_sigstatus_json (GMimeSignatureList* siglist);
\r
291 format_part_sigstatus_json (const GMimeSignatureValidity* validity);
\r
295 format_part_content_json (GMimeObject *part);
\r
296 @@ -486,6 +490,21 @@ show_text_part_content (GMimeObject *part, GMimeStream *stream_out)
\r
297 g_object_unref(stream_filter);
\r
301 +static const char*
\r
302 +signature_status_to_string (GMimeSignatureStatus x)
\r
305 + case GMIME_SIGNATURE_STATUS_GOOD:
\r
307 + case GMIME_SIGNATURE_STATUS_BAD:
\r
309 + case GMIME_SIGNATURE_STATUS_ERROR:
\r
312 + return "unknown";
\r
316 signer_status_to_string (GMimeSignerStatus x)
\r
318 @@ -501,6 +520,7 @@ signer_status_to_string (GMimeSignerStatus x)
\r
325 format_part_start_text (GMimeObject *part, int *part_count)
\r
326 @@ -592,6 +612,75 @@ format_part_encstatus_json (int status)
\r
332 +format_part_sigstatus_json (GMimeSignatureList *siglist)
\r
334 + printf (", \"sigstatus\": [");
\r
341 + void *ctx_quote = talloc_new (NULL);
\r
343 + for (i = 0; i < g_mime_signature_list_length (siglist); ++i) {
\r
344 + GMimeSignature *signature = g_mime_signature_list_get_signature (siglist, i);
\r
352 + GMimeSignatureStatus status = g_mime_signature_get_status (signature);
\r
353 + printf ("\"status\": %s",
\r
354 + json_quote_str (ctx_quote,
\r
355 + signature_status_to_string (status)));
\r
357 + GMimeCertificate *certificate = g_mime_signature_get_certificate (signature);
\r
358 + if (status == GMIME_SIGNATURE_STATUS_GOOD)
\r
361 + printf (", \"fingerprint\": %s", json_quote_str (ctx_quote, g_mime_certificate_get_fingerprint (certificate)));
\r
362 + /* these dates are seconds since the epoch; should we
\r
363 + * provide a more human-readable format string? */
\r
364 + time_t created = g_mime_signature_get_created (signature);
\r
365 + if (created != -1)
\r
366 + printf (", \"created\": %d", (int) created);
\r
367 + time_t expires = g_mime_signature_get_expires (signature);
\r
369 + printf (", \"expires\": %d", (int) expires);
\r
370 + /* output user id only if validity is FULL or ULTIMATE. */
\r
371 + /* note that gmime is using the term "trust" here, which
\r
372 + * is WRONG. It's actually user id "validity". */
\r
375 + const char *name = g_mime_certificate_get_name (certificate);
\r
376 + GMimeCertificateTrust trust = g_mime_certificate_get_trust (certificate);
\r
377 + if (name && (trust == GMIME_CERTIFICATE_TRUST_FULLY || trust == GMIME_CERTIFICATE_TRUST_ULTIMATE))
\r
378 + printf (", \"userid\": %s", json_quote_str (ctx_quote, name));
\r
380 + } else if (certificate) {
\r
381 + const char *key_id = g_mime_certificate_get_key_id (certificate);
\r
383 + printf (", \"keyid\": %s", json_quote_str (ctx_quote, key_id));
\r
386 + GMimeSignatureError errors = g_mime_signature_get_errors (signature);
\r
387 + if (errors != GMIME_SIGNATURE_ERROR_NONE) {
\r
388 + printf (", \"errors\": %x", errors);
\r
396 + talloc_free (ctx_quote);
\r
400 format_part_sigstatus_json (const GMimeSignatureValidity* validity)
\r
402 @@ -652,6 +741,7 @@ format_part_sigstatus_json (const GMimeSignatureValidity* validity)
\r
404 talloc_free (ctx_quote);
\r
409 format_part_content_json (GMimeObject *part)
\r
410 @@ -990,13 +1080,20 @@ notmuch_show_command (void *ctx, unused (int argc), unused (char *argv[]))
\r
411 } else if ((STRNCMP_LITERAL (argv[i], "--verify") == 0) ||
\r
412 (STRNCMP_LITERAL (argv[i], "--decrypt") == 0)) {
\r
413 if (params.cryptoctx == NULL) {
\r
415 + /* TODO: GMimePasswordRequestFunc */
\r
416 + if (NULL == (params.cryptoctx = g_mime_gpg_context_new(NULL, "gpg")))
\r
418 GMimeSession* session = g_object_new(g_mime_session_get_type(), NULL);
\r
419 if (NULL == (params.cryptoctx = g_mime_gpg_context_new(session, "gpg")))
\r
421 fprintf (stderr, "Failed to construct gpg context.\n");
\r
423 g_mime_gpg_context_set_always_trust((GMimeGpgContext*)params.cryptoctx, FALSE);
\r
425 g_object_unref (session);
\r
429 if (STRNCMP_LITERAL (argv[i], "--decrypt") == 0)
\r
430 params.decrypt = 1;
\r
431 diff --git a/show-message.c b/show-message.c
\r
432 index 8768889..65269fd 100644
\r
433 --- a/show-message.c
\r
434 +++ b/show-message.c
\r
435 @@ -48,7 +48,11 @@ show_message_part (mime_node_t *node,
\r
436 format->part_encstatus (node->decrypt_success);
\r
438 if (node->verify_attempted && format->part_sigstatus)
\r
440 + format->part_sigstatus (node->sig_list);
\r
442 format->part_sigstatus (node->sig_validity);
\r
445 format->part_content (part);
\r