From: Jameson Graef Rollins Date: Wed, 27 Feb 2013 16:14:41 +0000 (+1600) Subject: Re: [PATCH] cli: crypto: tell gmime to use gpg-agent X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=37ff47f8857105e3f2d740d9cf02f5c9dc7b0124;p=notmuch-archives.git Re: [PATCH] cli: crypto: tell gmime to use gpg-agent --- diff --git a/09/a115b82be02c7bfeac8547d6d13e051a1e6d1b b/09/a115b82be02c7bfeac8547d6d13e051a1e6d1b new file mode 100644 index 000000000..1e5905cbc --- /dev/null +++ b/09/a115b82be02c7bfeac8547d6d13e051a1e6d1b @@ -0,0 +1,120 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by olra.theworths.org (Postfix) with ESMTP id 9EAEB431FB6 + for ; Wed, 27 Feb 2013 08:14:50 -0800 (PST) +X-Virus-Scanned: Debian amavisd-new at olra.theworths.org +X-Spam-Flag: NO +X-Spam-Score: -2.3 +X-Spam-Level: +X-Spam-Status: No, score=-2.3 tagged_above=-999 required=5 + tests=[RCVD_IN_DNSWL_MED=-2.3] autolearn=disabled +Received: from olra.theworths.org ([127.0.0.1]) + by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id wtTZZlBLy71f for ; + Wed, 27 Feb 2013 08:14:48 -0800 (PST) +Received: from outgoing-mail.its.caltech.edu (outgoing-mail.its.caltech.edu + [131.215.239.19]) + by olra.theworths.org (Postfix) with ESMTP id 6F3AD431FAF + for ; Wed, 27 Feb 2013 08:14:48 -0800 (PST) +Received: from earth-doxen.imss.caltech.edu (localhost [127.0.0.1]) + by earth-doxen-postvirus (Postfix) with ESMTP id D0B7C66E00F8; + Wed, 27 Feb 2013 08:14:47 -0800 (PST) +X-Spam-Scanned: at Caltech-IMSS on earth-doxen by amavisd-new +Received: from finestructure.net (DHCP-123-224.caltech.edu [131.215.123.224]) + (Authenticated sender: jrollins) + by earth-doxen-submit (Postfix) with ESMTP id D658466E011C; + Wed, 27 Feb 2013 08:14:43 -0800 (PST) +Received: by finestructure.net (Postfix, from userid 1000) + id B154E61745; Wed, 27 Feb 2013 08:14:43 -0800 (PST) +From: Jameson Graef Rollins +To: Jani Nikula , notmuch@notmuchmail.org +Subject: Re: [PATCH] cli: crypto: tell gmime to use gpg-agent +In-Reply-To: <1361950838-22919-1-git-send-email-jani@nikula.org> +References: <1361950838-22919-1-git-send-email-jani@nikula.org> +User-Agent: Notmuch/0.15+8~gd4a7374 (http://notmuchmail.org) Emacs/24.2.1 + (x86_64-pc-linux-gnu) +Date: Wed, 27 Feb 2013 08:14:41 -0800 +Message-ID: <87hakxpwcu.fsf@servo.finestructure.net> +MIME-Version: 1.0 +Content-Type: multipart/signed; boundary="=-=-="; + micalg=pgp-sha256; protocol="application/pgp-signature" +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.13 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Wed, 27 Feb 2013 16:14:50 -0000 + +--=-=-= +Content-Type: text/plain + +On Tue, Feb 26 2013, Jani Nikula wrote: +> For decryption, we expect there to be a functioning gpg-agent, and we +> want gpg to talk to it for any needed credentials. There's a gmime +> function to declare that: g_mime_gpg_context_set_use_agent() [1], [2]. +> Start using it. +> +> I had gpg-agent running, but gpg "use-agent" configuration option +> disabled. This resulted in an error message from 'notmuch show': +> +> Failed to decrypt part: Canceled. +> +> and json had this: +> +> "encstatus" : [ { "status" : "bad" } ] +> +> One could argue the "use-agent" option should be enabled, but I'd like +> to use the agent only as a last resort. I think that's irrelevant +> though. There's a gmime function to declare what we expect, so we +> should use it. Conveniently it also fixes the problem in a user +> friendly way. + +I will argue that the "use-agent" option should be enabled. If we force +use of gpg-agent, then we don't allow people to opt out of using it. +That's not very user friendly, particularly if someone has not enabled +it for a specific reason. + +But I think more to the point we need a little bit of due diligence of +the effects of this before we enable it. What happens if gpg-agent is +not available? What happens if there is no X session? Tests that probe +the various circumstances would be useful. + +I do note, though, that the error messages are not very useful. It +would be nice if could figure out that the decryption failed because of +lack of agent and inform the user of that. + +We should probably also update the show man page to make explicit that +an agent may be required. + +jamie. + +--=-=-= +Content-Type: application/pgp-signature + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.12 (GNU/Linux) + +iQIcBAEBCAAGBQJRLjDxAAoJEO00zqvie6q80YwP+wYQwBco4kcfFiwI6eHjxA3R +jx6vGOBal6z3ET7WcS06YdY4iX/CuBJZu72NbR8TwMxU9JoW7Fq95ovWJdsPirJx +gXzvPQtHt9RjDYVeateVDHKylqtz0PRdXzlndGEexRTG6jkaY1AqMzUkRnd5YBvJ +pH+WYDTg10COnxEi5QdR5Bb9fBQQvykAvX4is6D76aGNpr4kexlbqiFPWILQzLwS +vjikP2ZB8PF7pOrEFQKUrd/XJk+SWrE2QBZYIJq7kKuYivM+NXcuijIaWTFhVHoM +V+pCae5fir82VgE0HWlyb0fM/Lq22y3NE9c33cLzdArv8Y+YZLi4SCnKVE++4kK3 +2Mvp7ZCvHGJ1Ygbe3irteknpKX1O4MlJlAr6r+zyjLZTSdT8BTxw/+FEY9DbfI4W +++9wcSTgkfv2mIW4qHo15NA0FkhAzPyreKPe7gX66K/gf1X/B41tTRYS4JTCNbaT +i/CO+d2CH+8oCzeWt1Y+XIAWWuotQaVym+zyeB3nAzWk54RUUok7dWnL06h7dx0x +st2KRtkDVCwL8dAPUDD0G+5DWyXIrQ8HfaBrfFrKHiWgRQkI2TR60DWtw3/2D1NM +CSP1X05QsimIGn+RqsY750wgJ7I26qFXFwOmuqTTveFLY2tn9DrxgY4xm6F4Wsqa +ZWjGa6no6YdAiA6SmP3Q +=ICqV +-----END PGP SIGNATURE----- +--=-=-=--