Add compatibility with gmime 2.6

There are lots of API changes in gmime 2.6 crypto handling. By adding
preprocessor directives, it is however possible to add gmime 2.6 compatibility
while preserving compatibility with gmime 2.4 too.

This is mostly based on id:"8762i8hrb9.fsf@bookbinder.fernseed.info".

This was tested against both gmime 2.6.4 and 2.4.31. With gmime 2.4.31, the
crypto tests all work fine (as expected). With gmime 2.6.4, one crypto test is
currently broken (signature verification with signer key unavailable), most
likely because of a bug in gmime which will hopefully be fixed in a future
version.
This commit is contained in:
Thomas Jost 2012-01-20 10:39:24 +01:00 committed by David Bremner
parent d3aa6848da
commit 00b5623d1a
6 changed files with 191 additions and 4 deletions

View file

@ -33,7 +33,11 @@ typedef struct mime_node_context {
GMimeMessage *mime_message; GMimeMessage *mime_message;
/* Context provided by the caller. */ /* Context provided by the caller. */
#ifdef GMIME_ATLEAST_26
GMimeCryptoContext *cryptoctx;
#else
GMimeCipherContext *cryptoctx; GMimeCipherContext *cryptoctx;
#endif
notmuch_bool_t decrypt; notmuch_bool_t decrypt;
} mime_node_context_t; } mime_node_context_t;
@ -57,8 +61,12 @@ _mime_node_context_free (mime_node_context_t *res)
notmuch_status_t notmuch_status_t
mime_node_open (const void *ctx, notmuch_message_t *message, mime_node_open (const void *ctx, notmuch_message_t *message,
GMimeCipherContext *cryptoctx, notmuch_bool_t decrypt, #ifdef GMIME_ATLEAST_26
mime_node_t **root_out) GMimeCryptoContext *cryptoctx,
#else
GMimeCipherContext *cryptoctx,
#endif
notmuch_bool_t decrypt, mime_node_t **root_out)
{ {
const char *filename = notmuch_message_get_filename (message); const char *filename = notmuch_message_get_filename (message);
mime_node_context_t *mctx; mime_node_context_t *mctx;
@ -112,12 +120,21 @@ DONE:
return status; return status;
} }
#ifdef GMIME_ATLEAST_26
static int
_signature_list_free (GMimeSignatureList **proxy)
{
g_object_unref (*proxy);
return 0;
}
#else
static int static int
_signature_validity_free (GMimeSignatureValidity **proxy) _signature_validity_free (GMimeSignatureValidity **proxy)
{ {
g_mime_signature_validity_free (*proxy); g_mime_signature_validity_free (*proxy);
return 0; return 0;
} }
#endif
static mime_node_t * static mime_node_t *
_mime_node_create (const mime_node_t *parent, GMimeObject *part) _mime_node_create (const mime_node_t *parent, GMimeObject *part)
@ -165,11 +182,25 @@ _mime_node_create (const mime_node_t *parent, GMimeObject *part)
GMimeMultipartEncrypted *encrypteddata = GMimeMultipartEncrypted *encrypteddata =
GMIME_MULTIPART_ENCRYPTED (part); GMIME_MULTIPART_ENCRYPTED (part);
node->decrypt_attempted = TRUE; node->decrypt_attempted = TRUE;
#ifdef GMIME_ATLEAST_26
GMimeDecryptResult *decrypt_result = NULL;
node->decrypted_child = g_mime_multipart_encrypted_decrypt
(encrypteddata, node->ctx->cryptoctx, &decrypt_result, &err);
#else
node->decrypted_child = g_mime_multipart_encrypted_decrypt node->decrypted_child = g_mime_multipart_encrypted_decrypt
(encrypteddata, node->ctx->cryptoctx, &err); (encrypteddata, node->ctx->cryptoctx, &err);
#endif
if (node->decrypted_child) { if (node->decrypted_child) {
node->decrypt_success = node->verify_attempted = TRUE; node->decrypt_success = node->verify_attempted = TRUE;
#ifdef GMIME_ATLEAST_26
/* This may be NULL if the part is not signed. */
node->sig_list = g_mime_decrypt_result_get_signatures (decrypt_result);
if (node->sig_list)
g_object_ref (node->sig_list);
g_object_unref (decrypt_result);
#else
node->sig_validity = g_mime_multipart_encrypted_get_signature_validity (encrypteddata); node->sig_validity = g_mime_multipart_encrypted_get_signature_validity (encrypteddata);
#endif
} else { } else {
fprintf (stderr, "Failed to decrypt part: %s\n", fprintf (stderr, "Failed to decrypt part: %s\n",
(err ? err->message : "no error explanation given")); (err ? err->message : "no error explanation given"));
@ -182,6 +213,15 @@ _mime_node_create (const mime_node_t *parent, GMimeObject *part)
"(must be exactly 2)\n", "(must be exactly 2)\n",
node->nchildren); node->nchildren);
} else { } else {
#ifdef GMIME_ATLEAST_26
node->sig_list = g_mime_multipart_signed_verify
(GMIME_MULTIPART_SIGNED (part), node->ctx->cryptoctx, &err);
node->verify_attempted = TRUE;
if (!node->sig_list)
fprintf (stderr, "Failed to verify signed part: %s\n",
(err ? err->message : "no error explanation given"));
#else
/* For some reason the GMimeSignatureValidity returned /* For some reason the GMimeSignatureValidity returned
* here is not a const (inconsistent with that * here is not a const (inconsistent with that
* returned by * returned by
@ -200,12 +240,25 @@ _mime_node_create (const mime_node_t *parent, GMimeObject *part)
*proxy = sig_validity; *proxy = sig_validity;
talloc_set_destructor (proxy, _signature_validity_free); talloc_set_destructor (proxy, _signature_validity_free);
} }
#endif
} }
} }
#ifdef GMIME_ATLEAST_26
/* sig_list may be created in both above cases, so we need to
* cleanly handle it here. */
if (node->sig_list) {
GMimeSignatureList **proxy = talloc (node, GMimeSignatureList *);
*proxy = node->sig_list;
talloc_set_destructor (proxy, _signature_list_free);
}
#endif
#ifndef GMIME_ATLEAST_26
if (node->verify_attempted && !node->sig_validity) if (node->verify_attempted && !node->sig_validity)
fprintf (stderr, "Failed to verify signed part: %s\n", fprintf (stderr, "Failed to verify signed part: %s\n",
(err ? err->message : "no error explanation given")); (err ? err->message : "no error explanation given"));
#endif
if (err) if (err)
g_error_free (err); g_error_free (err);

View file

@ -30,6 +30,14 @@
#include <gmime/gmime.h> #include <gmime/gmime.h>
/* GMIME_CHECK_VERSION in gmime 2.4 is not usable from the
* preprocessor (it calls a runtime function). But since
* GMIME_MAJOR_VERSION and friends were added in gmime 2.6, we can use
* these to check the version number. */
#ifdef GMIME_MAJOR_VERSION
#define GMIME_ATLEAST_26
#endif
#include "notmuch.h" #include "notmuch.h"
/* This is separate from notmuch-private.h because we're trying to /* This is separate from notmuch-private.h because we're trying to
@ -69,7 +77,11 @@ typedef struct notmuch_show_format {
void (*part_start) (GMimeObject *part, void (*part_start) (GMimeObject *part,
int *part_count); int *part_count);
void (*part_encstatus) (int status); void (*part_encstatus) (int status);
#ifdef GMIME_ATLEAST_26
void (*part_sigstatus) (GMimeSignatureList* siglist);
#else
void (*part_sigstatus) (const GMimeSignatureValidity* validity); void (*part_sigstatus) (const GMimeSignatureValidity* validity);
#endif
void (*part_content) (GMimeObject *part); void (*part_content) (GMimeObject *part);
void (*part_end) (GMimeObject *part); void (*part_end) (GMimeObject *part);
const char *part_sep; const char *part_sep;
@ -83,7 +95,11 @@ typedef struct notmuch_show_params {
int entire_thread; int entire_thread;
int raw; int raw;
int part; int part;
#ifdef GMIME_ATLEAST_26
GMimeCryptoContext* cryptoctx;
#else
GMimeCipherContext* cryptoctx; GMimeCipherContext* cryptoctx;
#endif
int decrypt; int decrypt;
} notmuch_show_params_t; } notmuch_show_params_t;
@ -290,11 +306,17 @@ typedef struct mime_node {
/* True if signature verification on this part was attempted. */ /* True if signature verification on this part was attempted. */
notmuch_bool_t verify_attempted; notmuch_bool_t verify_attempted;
#ifdef GMIME_ATLEAST_26
/* The list of signatures for signed or encrypted containers. If
* there are no signatures, this will be NULL. */
GMimeSignatureList* sig_list;
#else
/* For signed or encrypted containers, the validity of the /* For signed or encrypted containers, the validity of the
* signature. May be NULL if signature verification failed. If * signature. May be NULL if signature verification failed. If
* there are simply no signatures, this will be non-NULL with an * there are simply no signatures, this will be non-NULL with an
* empty signers list. */ * empty signers list. */
const GMimeSignatureValidity *sig_validity; const GMimeSignatureValidity *sig_validity;
#endif
/* Internal: Context inherited from the root iterator. */ /* Internal: Context inherited from the root iterator. */
struct mime_node_context *ctx; struct mime_node_context *ctx;
@ -319,8 +341,12 @@ typedef struct mime_node {
*/ */
notmuch_status_t notmuch_status_t
mime_node_open (const void *ctx, notmuch_message_t *message, mime_node_open (const void *ctx, notmuch_message_t *message,
GMimeCipherContext *cryptoctx, notmuch_bool_t decrypt, #ifdef GMIME_ATLEAST_26
mime_node_t **node_out); GMimeCryptoContext *cryptoctx,
#else
GMimeCipherContext *cryptoctx,
#endif
notmuch_bool_t decrypt, mime_node_t **node_out);
/* Return a new MIME node for the requested child part of parent. /* Return a new MIME node for the requested child part of parent.
* parent will be used as the talloc context for the returned child * parent will be used as the talloc context for the returned child

View file

@ -688,15 +688,22 @@ notmuch_reply_command (void *ctx, int argc, char *argv[])
reply_format_func = notmuch_reply_format_default; reply_format_func = notmuch_reply_format_default;
if (decrypt) { if (decrypt) {
#ifdef GMIME_ATLEAST_26
/* TODO: GMimePasswordRequestFunc */
params.cryptoctx = g_mime_gpg_context_new (NULL, "gpg");
#else
GMimeSession* session = g_object_new (g_mime_session_get_type(), NULL); GMimeSession* session = g_object_new (g_mime_session_get_type(), NULL);
params.cryptoctx = g_mime_gpg_context_new (session, "gpg"); params.cryptoctx = g_mime_gpg_context_new (session, "gpg");
#endif
if (params.cryptoctx) { if (params.cryptoctx) {
g_mime_gpg_context_set_always_trust ((GMimeGpgContext*) params.cryptoctx, FALSE); g_mime_gpg_context_set_always_trust ((GMimeGpgContext*) params.cryptoctx, FALSE);
params.decrypt = TRUE; params.decrypt = TRUE;
} else { } else {
fprintf (stderr, "Failed to construct gpg context.\n"); fprintf (stderr, "Failed to construct gpg context.\n");
} }
#ifndef GMIME_ATLEAST_26
g_object_unref (session); g_object_unref (session);
#endif
} }
config = notmuch_config_open (ctx, NULL, NULL); config = notmuch_config_open (ctx, NULL, NULL);

View file

@ -76,7 +76,11 @@ static void
format_part_encstatus_json (int status); format_part_encstatus_json (int status);
static void static void
#ifdef GMIME_ATLEAST_26
format_part_sigstatus_json (GMimeSignatureList* siglist);
#else
format_part_sigstatus_json (const GMimeSignatureValidity* validity); format_part_sigstatus_json (const GMimeSignatureValidity* validity);
#endif
static void static void
format_part_content_json (GMimeObject *part); format_part_content_json (GMimeObject *part);
@ -486,6 +490,21 @@ show_text_part_content (GMimeObject *part, GMimeStream *stream_out)
g_object_unref(stream_filter); g_object_unref(stream_filter);
} }
#ifdef GMIME_ATLEAST_26
static const char*
signature_status_to_string (GMimeSignatureStatus x)
{
switch (x) {
case GMIME_SIGNATURE_STATUS_GOOD:
return "good";
case GMIME_SIGNATURE_STATUS_BAD:
return "bad";
case GMIME_SIGNATURE_STATUS_ERROR:
return "error";
}
return "unknown";
}
#else
static const char* static const char*
signer_status_to_string (GMimeSignerStatus x) signer_status_to_string (GMimeSignerStatus x)
{ {
@ -501,6 +520,7 @@ signer_status_to_string (GMimeSignerStatus x)
} }
return "unknown"; return "unknown";
} }
#endif
static void static void
format_part_start_text (GMimeObject *part, int *part_count) format_part_start_text (GMimeObject *part, int *part_count)
@ -592,6 +612,73 @@ format_part_encstatus_json (int status)
printf ("}]"); printf ("}]");
} }
#ifdef GMIME_ATLEAST_26
static void
format_part_sigstatus_json (GMimeSignatureList *siglist)
{
printf (", \"sigstatus\": [");
if (!siglist) {
printf ("]");
return;
}
void *ctx_quote = talloc_new (NULL);
int i;
for (i = 0; i < g_mime_signature_list_length (siglist); i++) {
GMimeSignature *signature = g_mime_signature_list_get_signature (siglist, i);
if (i > 0)
printf (", ");
printf ("{");
/* status */
GMimeSignatureStatus status = g_mime_signature_get_status (signature);
printf ("\"status\": %s",
json_quote_str (ctx_quote,
signature_status_to_string (status)));
GMimeCertificate *certificate = g_mime_signature_get_certificate (signature);
if (status == GMIME_SIGNATURE_STATUS_GOOD) {
if (certificate)
printf (", \"fingerprint\": %s", json_quote_str (ctx_quote, g_mime_certificate_get_fingerprint (certificate)));
/* these dates are seconds since the epoch; should we
* provide a more human-readable format string? */
time_t created = g_mime_signature_get_created (signature);
if (created != -1)
printf (", \"created\": %d", (int) created);
time_t expires = g_mime_signature_get_expires (signature);
if (expires > 0)
printf (", \"expires\": %d", (int) expires);
/* output user id only if validity is FULL or ULTIMATE. */
/* note that gmime is using the term "trust" here, which
* is WRONG. It's actually user id "validity". */
if (certificate) {
const char *name = g_mime_certificate_get_name (certificate);
GMimeCertificateTrust trust = g_mime_certificate_get_trust (certificate);
if (name && (trust == GMIME_CERTIFICATE_TRUST_FULLY || trust == GMIME_CERTIFICATE_TRUST_ULTIMATE))
printf (", \"userid\": %s", json_quote_str (ctx_quote, name));
}
} else if (certificate) {
const char *key_id = g_mime_certificate_get_key_id (certificate);
if (key_id)
printf (", \"keyid\": %s", json_quote_str (ctx_quote, key_id));
}
GMimeSignatureError errors = g_mime_signature_get_errors (signature);
if (errors != GMIME_SIGNATURE_ERROR_NONE) {
printf (", \"errors\": %d", errors);
}
printf ("}");
}
printf ("]");
talloc_free (ctx_quote);
}
#else
static void static void
format_part_sigstatus_json (const GMimeSignatureValidity* validity) format_part_sigstatus_json (const GMimeSignatureValidity* validity)
{ {
@ -652,6 +739,7 @@ format_part_sigstatus_json (const GMimeSignatureValidity* validity)
talloc_free (ctx_quote); talloc_free (ctx_quote);
} }
#endif
static void static void
format_part_content_json (GMimeObject *part) format_part_content_json (GMimeObject *part)
@ -1000,13 +1088,20 @@ notmuch_show_command (void *ctx, unused (int argc), unused (char *argv[]))
} else if ((STRNCMP_LITERAL (argv[i], "--verify") == 0) || } else if ((STRNCMP_LITERAL (argv[i], "--verify") == 0) ||
(STRNCMP_LITERAL (argv[i], "--decrypt") == 0)) { (STRNCMP_LITERAL (argv[i], "--decrypt") == 0)) {
if (params.cryptoctx == NULL) { if (params.cryptoctx == NULL) {
#ifdef GMIME_ATLEAST_26
/* TODO: GMimePasswordRequestFunc */
if (NULL == (params.cryptoctx = g_mime_gpg_context_new(NULL, "gpg")))
#else
GMimeSession* session = g_object_new(g_mime_session_get_type(), NULL); GMimeSession* session = g_object_new(g_mime_session_get_type(), NULL);
if (NULL == (params.cryptoctx = g_mime_gpg_context_new(session, "gpg"))) if (NULL == (params.cryptoctx = g_mime_gpg_context_new(session, "gpg")))
#endif
fprintf (stderr, "Failed to construct gpg context.\n"); fprintf (stderr, "Failed to construct gpg context.\n");
else else
g_mime_gpg_context_set_always_trust((GMimeGpgContext*)params.cryptoctx, FALSE); g_mime_gpg_context_set_always_trust((GMimeGpgContext*)params.cryptoctx, FALSE);
#ifndef GMIME_ATLEAST_26
g_object_unref (session); g_object_unref (session);
session = NULL; session = NULL;
#endif
} }
if (STRNCMP_LITERAL (argv[i], "--decrypt") == 0) if (STRNCMP_LITERAL (argv[i], "--decrypt") == 0)
params.decrypt = 1; params.decrypt = 1;

View file

@ -48,7 +48,11 @@ show_message_part (mime_node_t *node,
format->part_encstatus (node->decrypt_success); format->part_encstatus (node->decrypt_success);
if (node->verify_attempted && format->part_sigstatus) if (node->verify_attempted && format->part_sigstatus)
#ifdef GMIME_ATLEAST_26
format->part_sigstatus (node->sig_list);
#else
format->part_sigstatus (node->sig_validity); format->part_sigstatus (node->sig_validity);
#endif
format->part_content (part); format->part_content (part);

View file

@ -104,6 +104,8 @@ test_expect_equal \
"$expected" "$expected"
test_begin_subtest "signature verification with signer key unavailable" test_begin_subtest "signature verification with signer key unavailable"
# this is broken with current versions of gmime-2.6
(ldd $(which notmuch) | grep -Fq gmime-2.6) && test_subtest_known_broken
# move the gnupghome temporarily out of the way # move the gnupghome temporarily out of the way
mv "${GNUPGHOME}"{,.bak} mv "${GNUPGHOME}"{,.bak}
output=$(notmuch show --format=json --verify subject:"test signed message 001" \ output=$(notmuch show --format=json --verify subject:"test signed message 001" \