mirror of
https://git.notmuchmail.org/git/notmuch
synced 2024-12-22 01:14:53 +01:00
configure: can gpgme can verify signatures when decrypting with a session key?
If https://dev.gnupg.org/T3464 is unresolved in the version of gpgme we are testing against, then we should know about it, because it affects the behavior of notmuch. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This commit is contained in:
parent
b46d842782
commit
e624cc132a
1 changed files with 77 additions and 1 deletions
78
configure
vendored
78
configure
vendored
|
@ -620,6 +620,78 @@ EOF
|
|||
if [ -n "$TEMP_GPG" -a -d "$TEMP_GPG" ]; then
|
||||
rm -rf "$TEMP_GPG"
|
||||
fi
|
||||
|
||||
# see https://dev.gnupg.org/T3464
|
||||
# there are problems verifying signatures when decrypting with session keys with GPGME 1.13.0 and 1.13.1
|
||||
printf "Checking signature verification when decrypting using session keys... "
|
||||
|
||||
cat > _verify_sig_with_session_key.c <<EOF
|
||||
#include <stdio.h>
|
||||
#include <gmime/gmime.h>
|
||||
|
||||
int main () {
|
||||
GError *error = NULL;
|
||||
GMimeParser *parser = NULL;
|
||||
GMimeMultipartEncrypted *body = NULL;
|
||||
GMimeDecryptResult *result = NULL;
|
||||
GMimeSignatureList *sig_list = NULL;
|
||||
GMimeSignature *sig = NULL;
|
||||
GMimeObject *output = NULL;
|
||||
GMimeSignatureStatus status;
|
||||
int len;
|
||||
|
||||
g_mime_init ();
|
||||
parser = g_mime_parser_new ();
|
||||
g_mime_parser_init_with_stream (parser, g_mime_stream_file_open("$srcdir/test/corpora/crypto/encrypted-signed.eml", "r", &error));
|
||||
if (error) return !! fprintf (stderr, "failed to instantiate parser with test/corpora/pkcs7/smime-onepart-signed.eml\n");
|
||||
|
||||
body = GMIME_MULTIPART_ENCRYPTED(g_mime_message_get_mime_part (g_mime_parser_construct_message (parser, NULL)));
|
||||
if (body == NULL) return !! fprintf (stderr, "did not find a multipart/encrypted message\n");
|
||||
|
||||
output = g_mime_multipart_encrypted_decrypt (body, GMIME_DECRYPT_NONE, "9:13607E4217515A70EC8DF9DBC16C5327B94577561D98AD1246FA8756659C7899", &result, &error);
|
||||
if (error || output == NULL) return !! fprintf (stderr, "decrypt failed\n");
|
||||
|
||||
sig_list = g_mime_decrypt_result_get_signatures (result);
|
||||
if (sig_list == NULL) return !! fprintf (stderr, "sig_list is NULL\n");
|
||||
|
||||
if (sig_list == NULL) return !! fprintf (stderr, "no GMimeSignatureList found\n");
|
||||
len = g_mime_signature_list_length (sig_list);
|
||||
if (len != 1) return !! fprintf (stderr, "expected 1 signature, got %d\n", len);
|
||||
sig = g_mime_signature_list_get_signature (sig_list, 0);
|
||||
if (sig == NULL) return !! fprintf (stderr, "no GMimeSignature found at position 0\n");
|
||||
status = g_mime_signature_get_status (sig);
|
||||
if (status & GMIME_SIGNATURE_STATUS_KEY_MISSING) return !! fprintf (stderr, "signature status contains KEY_MISSING (see https://dev.gnupg.org/T3464)\n");
|
||||
|
||||
return 0;
|
||||
}
|
||||
EOF
|
||||
if ! TEMP_GPG=$(mktemp -d "${TMPDIR:-/tmp}/notmuch.XXXXXX"); then
|
||||
printf 'No.\nCould not make tempdir for testing signature verification when decrypting with session keys.\n'
|
||||
errors=$((errors + 1))
|
||||
elif ${CC} ${CFLAGS} ${gmime_cflags} _verify_sig_with_session_key.c ${gmime_ldflags} -o _verify_sig_with_session_key \
|
||||
&& GNUPGHOME=${TEMP_GPG} gpg --batch --quiet --import < "$srcdir"/test/gnupg-secret-key.asc \
|
||||
&& rm -f ${TEMP_GPG}/private-keys-v1.d/*.key
|
||||
then
|
||||
if GNUPGHOME=${TEMP_GPG} ./_verify_sig_with_session_key; then
|
||||
gmime_verify_with_session_key=1
|
||||
printf "Yes.\n"
|
||||
else
|
||||
gmime_verify_with_session_key=0
|
||||
printf "No.\n"
|
||||
cat <<EOF
|
||||
*** Error: GMime fails to verify signatures when decrypting with a session key.
|
||||
|
||||
This is most likely due to a buggy version of GPGME, which should be fixed in 1.13.2 or later.
|
||||
See https://dev.gnupg.org/T3464 for more details.
|
||||
EOF
|
||||
fi
|
||||
else
|
||||
printf 'No.\nFailed to set up gpg for testing signature verification while decrypting with a session key.\n'
|
||||
errors=$((errors + 1))
|
||||
fi
|
||||
if [ -n "$TEMP_GPG" -a -d "$TEMP_GPG" ]; then
|
||||
rm -rf "$TEMP_GPG"
|
||||
fi
|
||||
else
|
||||
have_gmime=0
|
||||
printf "No.\n"
|
||||
|
@ -1144,7 +1216,8 @@ for flag in -Wmissing-declarations; do
|
|||
done
|
||||
printf "\n\t%s\n" "${WARN_CFLAGS}"
|
||||
|
||||
rm -f minimal minimal.c _time_t.c _libversion.c _libversion _libversion.sh _check_session_keys.c _check_session_keys _check_x509_validity.c _check_x509_validity
|
||||
rm -f minimal minimal.c _time_t.c _libversion.c _libversion _libversion.sh _check_session_keys.c _check_session_keys _check_x509_validity.c _check_x509_validity \
|
||||
_verify_sig_with_session_key.c _verify_sig_with_session_key
|
||||
|
||||
# construct the Makefile.config
|
||||
cat > Makefile.config <<EOF
|
||||
|
@ -1438,6 +1511,9 @@ NOTMUCH_DEFAULT_XAPIAN_BACKEND=${default_xapian_backend}
|
|||
# Whether GMime can verify X.509 certificate validity
|
||||
NOTMUCH_GMIME_X509_CERT_VALIDITY=${gmime_x509_cert_validity}
|
||||
|
||||
# Whether GMime can verify signatures when decrypting with a session key:
|
||||
NOTMUCH_GMIME_VERIFY_WITH_SESSION_KEY=${gmime_verify_with_session_key}
|
||||
|
||||
# do we have man pages?
|
||||
NOTMUCH_HAVE_MAN=$((have_sphinx))
|
||||
|
||||
|
|
Loading…
Reference in a new issue