Commit graph

235 commits

Author SHA1 Message Date
Daniel Kahn Gillmor
db4b48f6cc configure: use pkg-config for gpgme
GnuPG upstream has supported pkg-config since gpgme version 1.13 and
gpg-error 1.33, and now prefers the use of pkg-config by default,
instead of relying on gpg-error-config and gpgme-config.

As of libgpg-error 1.46, upstream deliberately does not ship
gpg-error-config by default.  As of gpgme 1.18.0, upstream does not
ship gpgme-config if gpg-error-config is also not present.

Both of these versions of upstream libraries are in debian unstable
now.  To the extent that notmuch is dependent on GnuPG, it should
follow GnuPG upstream's lead.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2023-01-10 08:29:23 -04:00
Justus Winter
bf8aa34324 test: replace aging OpenPGP key used in the test suite
This replaces the old OpenPGPv4 key that is used in the test suite
with a more modern OpenPGPv4 key.  All cryptographic artifacts in the
test suite are updated accordingly.

Having old cryptographic artifacts in the test suite presents a
problem once the old algorithms are rejected by contemporary
implementations.

For reference, this is the old key.

  sec   rsa1024 2011-02-05 [SC]
        5AEAB11F5E33DCE875DDB75B6D92612D94E46381
  uid           [ unknown] Notmuch Test Suite <test_suite@notmuchmail.org> (INSECURE!)
  ssb   rsa1024 2011-02-05 [E]

And this is the new key.  Note that is has the same shape, but uses
Ed25519 and Cv25519 instead of 1024-bit RSA.

  sec   ed25519 2022-09-07 [SC]
        9A3AFE6C60065A148FD4B58A7E6ABE924645CC60
  uid           [ultimate] Notmuch Test Suite (INSECURE!) <test_suite@notmuchmail.org>
  ssb   cv25519 2022-09-07 [E]
2022-09-23 20:16:00 -03:00
David Bremner
2707c06a0f test: define test_private_C
When testing error handling, it is sometimes difficult to cover a
particular error path deterministically. Introduce a test function to
allow calling lower level functions directly.
2022-06-25 12:55:02 -03:00
Michael J Gruber
0d0cc2a547 configure: avoid warning with -Wall
7228fe68 ("configure: restructure gmime cert validity checker code",
2022-04-09) restructured generated C code to repurpose it later on. This
put usage of `validity` within an `#if`, resulting in an "unused
warning" if that `#if` is not executed.

Put the variable declariation inside the same if branch and, thus,  quel
the warning.

Signed-off-by: Michael J Gruber <git@grubix.eu>
2022-04-19 17:11:46 -03:00
David Bremner
97f16b2651 configure: clean up new test source and binary files.
The previous source was renamed and a new binary generated in
commit 8723e707c1.
2022-04-13 08:23:54 -03:00
David Bremner
8723e707c1 test/smime: fix signature verification test with newer gmime.
The extra machinery to check for the actual output format is justified
by the possibility that distros may patch this newer output format
into older versions of gmime.

Amended-by: Michael J Gruber <git@grubix.eu>
Signed-off-by: Michael J Gruber <git@grubix.eu>
Amended-again-by: db
2022-04-13 07:55:22 -03:00
David Bremner
7228fe688c configure: restructure gmime cert validity checker code
The goal is to generalize this to also check the output format of
g_mime_certificate_get_email.
2022-04-13 07:45:06 -03:00
David Bremner
5620dc142e configure: check for ASAN support
This will allow conditionally running tests that use the address sanitizer.
2022-01-22 21:14:29 -04:00
Michael J Gruber
21e206e8b9 configure: Ignore more options that Fedora spec macros expect
Signed-off-by: Michael J Gruber <git@grubix.eu>
2022-01-11 15:28:08 -04:00
David Bremner
3eb25c94bd Merge branch 'release' 2021-12-29 14:20:49 -04:00
David Bremner
14c4f9441d configure: calculate NOTMUCH_BUILDDIR, write to Makefile.config
This will correct the current use of an undefined variable when
setting LD_LIBRARY_PATH in doc/Makefile.local

It is tempting to try to replace the use of test/export-dirs.sh, but
this is not as simple as it looks, as NOTMUCH_BUILDDIR is used to
locate sh.config, so probably cannot also sensibly be used to define
it.
2021-12-29 14:12:03 -04:00
Tomi Ollila
ab8d0e5725 configure: have bash_absolute and perl_absolute always defined
Since set -u is used, without bash or perl, configure would fail.

This has gone unnoticed as (almost) everyone always had both
bash and perl installed (and in $PATH).

Thanks to FreeBSD ports this bug became visible; this change is
verbatim copy of `patch-configure` in FreeBSD ports tree.
2021-12-11 07:17:42 -04:00
David Bremner
f17d75b83c python-cffi: fix out-of-tree build
The main idea is to replace the hack of copying version.txt into the
bindings source with a generated _notmuch_config.py file.

This will mean that the bindings only build after configuring and
building notmuch itself. Given those constraints, "pip install ."
should work.
2021-12-05 09:08:48 -04:00
David Bremner
174ec2a28f configure: whitespace cleanup
In order to make it easier to keep the whitespace consistent in the
configure script, use the same style defined in devel/STYLE for
C/C++.

  Specifically, a line should begin with zero or more tabs followed
  by fewer than eight spaces.

Presumably this will be no more difficult for people editing configure
than for people editing the C and C++ code.
2021-10-10 20:58:29 -03:00
David Bremner
6e050de4c0 configure: check explicitely for python dev (include) files
As discussed at [1] we have received reports that the implicit check
using cffi.FFI().verify() is not reliable in all environments. Since
we already use pkg-config, and the python dev package should include a
.pc file [2], add an extra check using pkg-config.  On at least
Debian, we have to know which version of python dev files with are
looking for, so calculate that first.

[1]: id:87im1g35ey.fsf@tethera.netid:87im1g35ey.fsf@tethera.net,
[2]: checked on Debian and Fedora
2021-10-09 16:39:06 -03:00
David Bremner
a83ad52da4 configure: optional library sfsexp
The configure part is essentially the same as the other checks using
pkg-config. Since the optional inclusion of this feature changes what
options are available to the user, include it in the "built_with"
pseudo-configuration keys.
2021-09-04 17:07:19 -07:00
Tomi Ollila
b042a59cdf configure: replace $(realpath emacs) with $(cd emacs && pwd -P)
For portability; the realpath command (e.g. from GNU coreutils)
is not so common outside Linux systems.

The "$(cd emacs && pwd -P)" replaces that realpath(1) execution
suitably in this context (using just bash(1) builtins).
2020-10-21 07:01:37 -03:00
Tomi Ollila
00dc5dd824 configure: Check if emacs >= 25 (instead of >= 24) is available
"The minimum supported major version of GNU Emacs is now 25.1."

25.1 is the first "released" version of Emacs 25.
2020-08-12 20:24:29 -03:00
Đoàn Trần Công Danh
9ca14bcbab configure: drop check for default xapian backend
Starting from xapian 1.3.5, xapian switched default backend to glass.

From 00cdfe10 (build: drop support for xapian versions less than 1.4,
2020-04-22), we only support xapian 1.4.0+. Effectively, we don't need
to check for default xapian backend anymore.

Further more, from 99a7aac8 (test: drop use of db_ending, 2020-07-29),
our test framework has become independence from default xapian.

Let's drop it.

Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
2020-08-08 16:01:02 -03:00
Đoàn Trần Công Danh
e4c4cc1b34 configure: check for pytest with python -m pytest
On different distro, pytest is suffixed with different patterns.

On the other hand, `python3-pytest' could be invoked correctly,
via `python3 -m pytest', the latter is used by our tests, now.

Switch to `$python -m pytest` to fix address all incompatible naming.

Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
2020-08-08 15:58:59 -03:00
David Bremner
7aaf6cbe9a configure: replace multiple redirects with redirected block
This belatedly implements Tomi's suggestion from

     id:m25zaukv6u.fsf@guru.guru-group.fi
2020-07-18 11:54:54 -03:00
David Bremner
13116c5ced configure: make sure WITH_PYTHON_DOCS is initialized
Thanks to pazz for reporting the problem.
2020-07-16 15:59:45 -03:00
David Bremner
a05da45523 doc: add new python bindings to main documentation tree.
A separate conf.py and doc directory (or will be needed if someone wants
to build the bindings docs separately from notmuch.
2020-07-15 08:37:11 -03:00
David Bremner
0e03e2d45e doc: replace use of environment variables with a generated config
It is getting unwieldy to pass configuration options on the
sphinx-build command line, and I anticipate further use of
conditionals.

As far as I could tell, execing a string is the idiomatic way to
emulate include in Python.
2020-07-15 08:32:15 -03:00
David Bremner
ee897cab8b test: drop upgrade from v1 tests
These are less crucial since we stopped generating new database
versions and relied primarily on features. They also rely on a
pre-generated v1 database which happens to be chert format. This
backend is not supported by Xapian 1.5.

Also drop the tool gen-testdb.sh, which is currently broken, due to
changes in the testing infrastructure.
2020-07-11 17:20:09 -03:00
David Bremner
f981f5bae0 doc: update install suggestions for fedora derivatives
Fedora still has an old gmime-devel which is 2.6.x. This is no longer
supported by notmuch. Also apparently dnf is a better choice than yum.
2020-07-03 06:31:54 -03:00
Daniel Kahn Gillmor
e624cc132a configure: can gpgme can verify signatures when decrypting with a session key?
If https://dev.gnupg.org/T3464 is unresolved in the version of gpgme
we are testing against, then we should know about it, because it
affects the behavior of notmuch.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-07-02 21:22:14 -03:00
David Bremner
b96ccdf336 configure: detect 64 bit time_t
Certain tests involving timestamps > 32 bits cannot pass with the
current libnotmuch API. We will avoid this issue for now by disabling
those tests on "old" architectures with 32 bit time_t.
2020-06-26 22:16:51 -03:00
Tomi Ollila
963e363a23 configure: use cffi.FFI().verify() to test buildability of CFFI bindings
Checking existence of pyconfig.h to determine whether CFFI-based
notmuch bindings are buildable is not enough; for example Fedora 32
ships pyconfig.h in python3-libs package, but python3-devel is required
to be installed for the bindings to build.

Executing cffi.FFI().verify() is pretty close to what is done in
bindings/python-cffi/notmuch2/_build.py to get the c code part of the
bindings built.
2020-06-09 23:06:03 -03:00
Tomi Ollila
ca37d8950b configure: require python 3.5 for CFFI-based notmuch bindings
Also tell users what the consequences of a "No" answer is when
python version is less than 3.5, cffi or setuptools is missing,
or no pytest >= 3.0 is available.
2020-06-06 07:44:14 -03:00
Tomi Ollila
16d073ebe8 configure: check existence of python3 setuptools and dev package
The notmuch2 CFFI-based Python interface is not buildable unless
python3 dev package and python3 setuptools are installed.

Check that these exist in configure (and disable notmuch2 bindings
build if not) so that build of these bindings don't fail when make(1)
is executed.
2020-06-01 08:02:43 -03:00
Daniel Kahn Gillmor
ef0ab496b3 python-cffi: enable out-of-tree builds
This is a simple hack to enable out-of-tree builds, a concern raised
by Tomi in id:m24kzjib9a.fsf@guru.guru-group.fi

This change at least enables "make check" to complete without error,
but I'm sure it could be improved.  I am not expert enough in
setuptools to know how.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Amended by db per id:87d06usa31.fsf@powell.devork.be
2020-05-30 12:42:14 -03:00
Daniel Kahn Gillmor
7880092964 configure: report GMime minimum version in ./configure output
We already report the minimum version for Glib, zlib, and Xapian
development libraries.  For consistency, report it for GMime as well.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-05-22 22:07:51 -03:00
Daniel Kahn Gillmor
b14d9ae204 smime: tests of X.509 certificate validity are known-broken on GMime < 3.2.7
When checking cryptographic signatures, Notmuch relies on GMime to
tell it whether the certificate that signs a message has a valid User
ID or not.

If the User ID is not valid, then notmuch does not report the signer's
User ID to the user.  This means that the consumer of notmuch's
cryptographic summary of a message (or of its protected headers) can
be confident in relaying the reported identity to the user.

However, some versions of GMime before 3.2.7 cannot report Certificate
validity for X.509 certificates.  This is resolved upstream in GMime
at https://github.com/jstedfast/gmime/pull/90.

We adapt to this by marking tests of reported User IDs for
S/MIME-signed messages as known-broken if GMime is older than 3.2.7
and has not been patched.

If GMime >= 3.2.7 and certificate validity still doesn't work for
X.509 certs, then there has likely been a regression in GMime and we
should fail early, during ./configure.

To break out these specific User ID checks from other checks, i had to
split some tests into two parts, and reuse $output across the two
subtests.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-05-22 22:04:57 -03:00
Tomi Ollila
00cdfe1071 build: drop support for xapian versions less than 1.4
Xapian 1.4 is over 3 years old now (1.4.0 released 2016-06-24),
and 1.2 has been deprecated in Notmuch version 0.27 (2018-06-13).

Xapian 1.4 supports compaction, field processors and retry locking;
conditionals checking compaction and field processors were removed
but user may want to disable retry locking at configure time so it
is kept.
2020-04-23 21:28:45 -03:00
Daniel Kahn Gillmor
13f2027101 configure: Check GMime version properly
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-03-19 21:55:04 -03:00
Tomi Ollila
eb1f799892 configure: fix reference to possibly undefined $PKG_CONFIG_PATH
In case zlib not found by pkg-config(1) the pkg-config information
is resolved by attempting to print ZLIB_VERSION from from zlib
installation if it exists anyway.

If above done successfully compat/zlib.pc is written for forthcoming
pkg-config execution.

Since `set -u` is in effect (since 124a67e96, 2016-05-06),
expanding unset $PKG_CONFIG_PATH (would have) failed whenever tried.

Now it is changed to set as "$PKG_CONFIG_PATH:compat" if PKG_CONFIG_PATH
is set and is non-empty string, plain "compat" otherwise.
2019-12-09 16:24:37 -04:00
Oliver Kiddle
2044c7aad9 configure: Install zsh completions where zsh will find them.
Zsh searches in the $fpath array for completion functions. By default
this includes $(prefix)/share/zsh/site-functions but not the existing
value. The prefix for zsh and notmuch isn't guaranteed to be the same
but it normally will be making this a better default for
zsh_completion_dir.
2019-12-03 08:25:55 -04:00
David Bremner
85adc756c9 tests: run python-cffi tests
The entire python-cffi test suite is considered as a single test at
the level of the notmuch test suite. This might or might not be ideal,
but it gets them run.
2019-12-03 08:12:30 -04:00
David Bremner
3aaa8cfe94 configure: check for python cffi and pytest modules
This is needed to build the new python bindings, and run their tests.
2019-12-03 08:12:30 -04:00
Tomi Ollila
e0e55c5b6f configure: disallow whitespace in paths, extend checks to $PWD
Whitespace in $NOTMUCH_SRCDIR (and $PWD) may work in builds,
but definitely will not work in tests. It would be difficult
to make tests support whitespace in test filename paths -- and
fragile to maintain if done.

So it is just easier and safer to disallow whitespace there.

In case of out of tree build $NOTMUCH_SRCDIR differs from $PWD
(current directory). Extend this whitespace, and also previously
made unsafe characters check to $PWD too.
2019-09-11 18:51:23 -03:00
Tomi Ollila
e13862f127 configure: fix out of tree build; check unsafe characters in srcdir
While check for GMime session key extraction support... was made
out of tree build compatible, related (and some unrelated) unsafe
characters are now checked in notmuch source directory path.

The known unsafe characters in NOTMUCH_SRCDIR are:

- Single quote (') -- NOTMUCH_SRCDIR='${NOTMUCH_SRCDIR}'
  is written to sh.config in configure line 1328.

- Double quote (") -- configure line 521 *now* writes "$srcdir"
  into generated c source file ($NOTMUCH_SRCDIR includes $srcdir).

- Backslash (\) could also be problematic in configure line 521.

- The added $ and ` are potentially unsafe -- inside double quotes
  in shell script those have special meaning.

  Other characters don't expand inside double quoted strings.
2019-08-29 14:32:54 -03:00
David Bremner
b23902a611 Merge branch 'release' 2019-06-17 07:07:45 +02:00
Ralph Seichter
4b17201c4f configure: fix mktemp call for macOS
Add missing template to mktemp, as required by macOS / OS X.

Signed-off-by: Ralph Seichter <abbot@monksofcool.net>
2019-06-17 07:05:08 +02:00
David Bremner
a6a8df7e03 build: drop variable HAVE_EMACS. use WITH_EMACS instead
The extra flexibility of having both HAVE_EMACS (for yes, there is an
emacs we can use) and WITH_EMACS (the user wants emacs support) lead
to confusion and bugs. We now just force WITH_EMACS to 0 if no
suitable emacs is detected.
2019-06-12 19:58:30 -03:00
Daniel Kahn Gillmor
2669117ad7 configure: make _check_session_keys work with an as-needed linker
When using a promiscuous linker, _check_session_keys was working fine.

But some OSes (including some versions of Ubuntu) have set their
linker to always link in "--as-needed" mode, which means that the
order of the objects linked is relevant.  If a library is loaded
before it is needed, that library will no longer be linked in the
final outcome.  _check_session_keys.c was failing on those systems.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-05-20 18:34:12 -03:00
Daniel Kahn Gillmor
0def7b6860 configure: handle TEMP_GPG more robustly
We never want ./configure to try to do something with an unassigned
variable.  So, make the directory $TEMP_GPG at the start of the
testing of session-key handling, and clean it up afterwards as long as
the directory exists.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-05-20 18:24:15 -03:00
Daniel Kahn Gillmor
7546fd9cf6 configure: better error handling on session key check.
There are a few changes bundled here:

 * say "No." explicitly if there's a failure.

 * try to avoid implying that gpgme-config is necessary to build
   notmuch itself (it's not, though it may be useful if you need to
   rebuild gmime).

 * leave _check_session_keys and _check_session_keys.c around if
   ./configure fails, so that the user can play with it more easily
   for debugging.

 * let error messages show when _check_session_keys.c is built.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Amended by DB: use command -v instead of which.
2019-05-20 18:17:18 -03:00
Daniel Kahn Gillmor
30c4fa3702 configure: Ensure that GMime can extract session keys
GMime 3.0 and higher can extract session keys, but it will *not*
extract session keys if it was built with --disable-crypto, or if it
was built against GPGME version < 1.8.0.

Notmuch currently expects to be able to extract session keys, and
tests will fail if it is not possible, so we ensure that this is the
case during ./configure time.

Part of this feels awkward because notmuch doesn't directly depend on
gpg at all.  Rather, it depends on GMime, and the current
implementation of GMime depends on GPGME for its crypto, and GPGME in
turn depends on gpg.

So the use of gpg in ./configure isn't actually introducing a new
dependency, though if a future version of GMime were ever to move away
from GnuPG, we might need to reconsider.

Note that this changeset depends on
id:20190506174327.13457-1-dkg@fifthhorseman.net , which supplies the
rfc822 message test/corpora/crypto/basic-encrypted.eml used in it.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-05-20 16:28:37 -03:00
Daniel Kahn Gillmor
c7bb4c7741 gmime-cleanup: no longer need to use GMime major version during build
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-05-03 06:58:21 -03:00