Commit Graph

2459 Commits

Author SHA1 Message Date
Andre Heinecke
7bd6ab4a91 tests: Reduce iterations / threads
* tests/gpg/t-gpgconf.c (main): Reduce iterations to 10.
* tests/gpg/t-thread-keylist-verify.c,
tests/gpg/t-thread-keylist.c (THREAD_COUNT): Reduce to 10.

--
While these tests tested for race conditions a smaller number
of iteration should still show problems if they are run on
multiple systems and regulary. While the 100 Thread count in
the t-thread tests could lead to resource problems.
2017-01-30 14:19:52 +01:00
Andre Heinecke
f3ca2c9ce9 python: Ensure quick-random is used if gpg is gpg2
* lang/python/tests/Makefile.am (gpg.conf): Configure
agent-program accordingly.
2017-01-26 10:44:02 +01:00
Tobias Mueller
9291ebaa41 python: default op_keylist_start parameters.
* lang/python/gpgme.i: Added gpgme_op_keylist_start with defaults
* lang/python/tests/t-keylist.py: Added tests for default parameters
--

To increase the ease of use, op_keylist_start
parameters default to sensible values.
The empty string matches all keys.
We assume that the user wants to retrieve public keys most of the time,
so we default to public keys rather than secret keys.

Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
2017-01-25 17:47:35 +01:00
Andre Heinecke
a98951a30a tests: Use --debug-quick-random for tests
* tests/start-stop-agent: Don't autostart agent on --stop and
running check. Use --debug-quick-random when starting.

--
This should speed up the tests especially on low entropy systems.
Possibly fixing a hang on pythons op_genkey test in the Launchpad
build enviorment (see launchpad issue 1655298)
2017-01-25 14:10:18 +01:00
Justus Winter
6f02133bb0 w32: Fix closing file descriptors.
* src/w32-io.c (writer): Only stop once the buffer is drained.
(destroy_writer): Wait for the writers buffer to be drained.  This
aligns '_gpgme_io_close's behavior with close(2) and fclose(3).

GnuPG-bug-id: 2881
Signed-off-by: Justus Winter <justus@g10code.com>
2017-01-23 15:08:23 +01:00
Andre Heinecke
ca69df8c8d tests: Add safeguards against nullptr deref
* t-gpgconf.c (main): Test some values before dereferencing them.
2017-01-17 15:20:56 +01:00
Andre Heinecke
abfd241d1a qt: Use QVERIFY instead of Q_ASSERT in conf test
* lang/qt/tests/t-config.cpp: Use QVERIFY instead of Q_ASSERT.
2017-01-16 14:16:20 +01:00
Andre Heinecke
8aba08d1d0 qt: Add test for CryptoConfig
* lang/qt/tests/t-config.cpp: New.
* lang/qt/tests/Makefile.am: Update accordingly.
2017-01-16 14:13:39 +01:00
Justus Winter
92543da94c tests: Fix distcheck.
* tests/gpg/Makefile.am (CLEANFILES): Remove gpgconf backups.

Fixes-commit: ea7bb62f5d
Signed-off-by: Justus Winter <justus@g10code.com>
2017-01-16 13:21:02 +01:00
Justus Winter
0e242278df Fix changing options with gpgconf.
* src/engine-gpgconf.c (gpgconf_write): Connect a pipe to the child's
stderr, and wait for it to be closed as an indication that gpgconf has
exited.  Also improve error handling.

GnuPG-bug-id: 2881
Signed-off-by: Justus Winter <justus@g10code.com>
2017-01-16 12:48:56 +01:00
Justus Winter
186dcd3494 tests: Improve the gpgconf test.
* tests/gpg/t-gpgconf.c: Include support functions.
(fail_if_err): Remove macro.
(init_gpgme): Remove function.
(lookup): New function.
(main): Update some values and verify that the changes are applied.
* tests/gpg/t-support.h (test): New assert-like macro.

GnuPG-bug-id: 2881
Signed-off-by: Justus Winter <justus@g10code.com>
2017-01-12 14:18:15 +01:00
Justus Winter
ea7bb62f5d tests: Enable gpgconf test.
--
Fixes: 02ba35c1b6
Signed-off-by: Justus Winter <justus@g10code.com>
2017-01-12 14:06:27 +01:00
Andre Heinecke
9640dc58e4 qt: Add support for stringValueList in CryptoConf
* lang/qt/src/Makefile.am (qgpgme_sources): Add cryptoconfig.cpp
* lang/qt/src/cryptoconfig.cpp: New.
* lang/qt/src/cryptoconfig.h (CryptoConfigEntry::stringValueList):
New.
* lang/qt/src/qgpgmenewcryptoconfig.cpp
(QGpgMENewCryptoConfigEntry::stringValueList): New.
* lang/qt/src/qgpgmenewcryptoconfig.h: Update accordingly.

--
This is a pardigm change in cryptoconfig.h to avoid ABI breaks
with each new config value we support it now has an implementation
that is directly related to qgpgmenewcryptoconfig, which is now
the only one.
2017-01-12 12:57:00 +01:00
Andre Heinecke
a09ed3f26a qt: Don't use qstrdup in test passphrase cb
* lang/qt/tests/t-support.h (TestPassphraseProvider::getPassphrase):
Use gpgrt_asprintf instead of strdup.

--
To avoid problems on MacOS we want to avoid strdup so that
qgpgme can be built without extensions. But qstrdup allocates
with new and not with malloc, so use gpgrt_asprintf instead.
2017-01-12 11:44:11 +01:00
Andre Heinecke
56926c9b50 qt: Clean up test dirs on failure
* t-encrypt.cpp,
t-keylist.cpp,
t-keylocate.cpp,
t-ownertrust.cpp,
t-tofuinfo.cpp,
t-various.cpp,
t-verify.cpp,
t-wkspublish.cpp: Use QVERIFY instead of Q_ASSERT
2017-01-11 16:20:31 +01:00
Andre Heinecke
9e643ab671 qt: Add test for uid functions
* lang/qt/tests/t-various.cpp: New.
* lang/qt/tests/Makefile.am: Update accordingly.
2017-01-11 16:18:17 +01:00
Andre Heinecke
e416f99618 cpp: Add revuid and adduid support
* lang/cpp/src/context.cpp
(Context::revUid, Context::startRevUid),
(Context::addUid, Context::startAddUid): New.
* lang/cpp/src/context.h: Declare new functions.
* lang/cpp/src/key.cpp (Key::UserID::revoke)
(Key::addUid): Idomatic helpers.
lang/cpp/src/key.h: Declare new functions.
* NEWS: Update accordingly.
2017-01-11 16:14:45 +01:00
Andre Heinecke
efe58fe011 Fix Qgpgme build for macos
* lang/qt/src/dn.cpp: Include string.h
(parse_dn_part): Use qstrdup.
* lang/qt/tests/t-support.h (getPassphrase): Use qstrdup.
2017-01-11 15:52:44 +01:00
Andre Heinecke
2e661b9e1a Fix cmake configuration files for MacOS
* configure.ac: Set HAVE_MACOS_SYSTEM conditional.
* lang/qt/src/Makefile.am,
lang/cpp/src/Makefile.am,
lang/qt/src/QGpgmeConfig.cmake.in.in,
lang/cpp/src/GpgmeConfig.cmake.in.in: Use libsuffix again to
distinguish between macos .dylib

--
GnuPG-Bug-Id: 2884
2017-01-11 15:49:00 +01:00
Justus Winter
b14419f68b python: Improve compatibility with Scheme tests.
* lang/python/tests/run-tests.py: Add stub --parallel option.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-01-03 15:29:01 +01:00
Justus Winter
d0e91d28f6 python: Add a switch '--quiet' to the test runner.
* lang/python/tests/run-tests.py: Add and honor a switch '--quiet'.
This way we can use this script to run Python tests one by one without
the noise, and the script will setup the necessary environment for us.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-01-03 15:28:36 +01:00
Andre Heinecke
ececfd5de8 qt: Update config sync doc / comment
* lang/qt/src/cryptoconfig.h (CryptoConfig::sync): Document
that runtime option is always set.
* lang/qt/Src/qgpgmenewcryptoconfig.cpp
(QGpgMENewCryptoConfigComponent::sync): Remove outdated comment
and warn on error.
2017-01-02 14:05:06 +01:00
Andre Heinecke
7103315829 core: Always use runtime for gpgconf changes
* src/engine-gpgconf.c (gpgconf_write): Add --runtime.
* src/gpgme.h.in (gpgme_conf_opt_change): Document this
behavior.

--
If a tool uses GPGME for changing configuration values it
needs a way to ensure that these changes take effect. Otherwise
users may change and see config values and do not understand
why they are not working.
2017-01-02 14:05:06 +01:00
Ben Kibbey
a4b9f1a2b4 Fix gpg_addkey() to work with GPGME_CREATE_NOPASSWD as well.
* src/engine-gpg.c (gpg_addkey): Pass --batch to gpg when
GPGME_CREATE_NOPASSWD is set to fix pinentry without loopback mode.

--
Signed-off-by: Ben Kibbey <bjk@luxsci.net>
2016-12-31 18:09:49 -05:00
Ben Kibbey
d83b8f0dc8 Fix GPGME_CREATE_NOPASSWD without pinentry loopback.
* src/engine-gpg.c(gpg_createkey): Pass --batch to gpg when
GPGME_CREATE_NOPASSWD is set.

--
Signed-off-by: Ben Kibbey <bjk@luxsci.net>
2016-12-26 19:57:22 -05:00
Raphael Kubo da Costa
211844f049 Qt: Make sure extended grep is used with '|'.
* m4/qt.m4: Use grep -E when using the alternation character.
--

POSIX specifies '|' is only supposed to work as an alternation special
character when grep is used in extended mode. The code worked fine
with GNU grep because it accepts extended regular expressions by
default, but other POSIX-compliant implementations might fail and take
it literally.

Signed-off-by: Raphael Kubo da Costa <rakuco@FreeBSD.org>
2016-12-19 10:36:17 +01:00
Andre Heinecke
da5343a9d2 cpp: Ensure that hasSecret is correct after update
* lang/cpp/src/key.cpp (Key::update): Check for
a secret key first before listing public keys.

--
This is a performance delay but the update should
only be called in a non gui thread anyway. The information
if we have the secret key for this key is important to provide
after update.
2016-12-16 19:09:13 +01:00
Andre Heinecke
85e05537e1 cpp: Fix addrSpec for keys without email
* lang/cpp/src/key.cpp (UserID::addrSpec): Use uid->address instead
of normalizing again.
(&operator<<(std::ostream &, const UserID &): Print it.

--
This saves a normalization and fixes the case where a user id
is just a mail address without name, in that case gpgme sets
"address" but not email. Because the email is then the name.
2016-12-15 11:39:12 +01:00
Andre Heinecke
5673f3e54a cpp: Fix update of partial key in verifyresult
* lang/cpp/src/verificationresult.cpp
(Signature::key(bool,bool)): Don't update the returned copy
but the actual key of the signature.

--
The whole point of the update is to change the partial key
from the signature (e.g. only fingerprint and one uid as we
would have from tofu) to a fully keylisted one.
2016-12-15 11:39:12 +01:00
Werner Koch
ecb0e3280a
doc: Let's suggest GNU guidelines for bit checking.
--

While educating students we can also get them to use useful habits, in
particular to parenthese bit tests.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-07 23:25:50 +01:00
Andre Heinecke
7880335273 Clarify what "checking on bit" means
* doc/gpgme.texi (gpgme_sigsum_t summary): Clarify what "you
can check one bit means"

--
It was unclear which bit to test for is. And tests
with students have shown that they would "test" for
this one bit by using if(sig.summary == GPGME_SIGSUM_VALID)
which would fail because valid sigs are also SIGSUM_GREEN.

So lets give an example for people not used to checking bits and
clarify through this example which bit is meant to be checked.
2016-12-07 21:46:24 +01:00
Tobias Mueller
05896c210f python: Try to be more helpful when given a string to encrypt().
* lang/python/helpers.c (_gpg_obj2gpgme_data_t): Extended error
message.
* lang/python/tests/t-encrypt.py: Test for "encode" in error message.
--
The motivation is to help the user when encrypting fails. I claim that
it is not obvious to not being able to encrypt a string directly.  To
nudge the user into encoding it to bytes, the error message is a bit
extended.

Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
2016-12-05 12:44:20 +01:00
Tobias Mueller
fb7f4cb973 python: Define a macro for wrapping fragile result objects.
* lang/python/gpgme.i (wrapresult): New Macro.
--

This reduces the amount of copy and pasted code at the expense of a
slightly more complicated logic with a macro.

Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
2016-12-05 12:41:45 +01:00
Tobias Mueller
ae21d2705f python: Check "buffer" when writing to sys.stdout for python2 compat.
* lang/python/tests/support.py (print_data): Add check for buffer.
--

When running with something like make -C lang/python check verbose=2 the
test would fail under python2, because the file objects do not have a
buffer property.

Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
2016-12-01 17:39:38 +01:00
Tobias Mueller
154389f2a5 python: Make Context have a repr method.
* lang/python/gpg/core.py (Context.__repr__): New function.
--

This makes Context objects look nicer in a REPL.

Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
2016-12-01 17:37:15 +01:00
Tobias Mueller
db2f6c1ca3 python: Make Results have a nicer __repr__.
* lang/python/gpg/results.py (Result.__str__): Renamed to '__repr__'
...
* lang/python/gpg/results.py (Result.__repr__): ... and added fields.
--

So that it looks a bit nicer in the Python REPL.

It looked like this before:

In [2]: gpg.core.get_engine_info()[0]
Out[2]:
<gpg.results.EngineInfo at 0x7fb23509a240>

Now the output is

In [2]: gpg.core.get_engine_info()[0]
Out[2]:
EngineInfo(file_name='/usr/bin/gpg2', home_dir=None,
protocol=0, req_version='1.4.0', version='2.1.11')

This also applies to other results, e.g. the ImportResult.

Note that the format now changed from "<Class >" to "Class()". The
Python documentation on repr states: "For many object types, including
most builtins, eval(repr(obj)) == obj."

Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
2016-12-01 17:28:39 +01:00
Justus Winter
fd4d476214 python: Fix removing the TOFU database.
* lang/python/Makefile.am (CLEANFILES): Move 'tofu.db'...
* lang/python/tests/Makefile.am (CLEANFILES): ... here.

Fixes-commit: 9b22f82afc
Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-25 09:55:42 +01:00
Justus Winter
9b22f82afc tests: Remove tofu.db.
* lang/python/Makefile.am (CLEANFILES): Add 'tofu.db'.
* tests/gpg/Makefile.am (CLEANFILES): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-25 09:13:01 +01:00
Heiko Becker
572c1aac10 Remove a forgotten instance of @libsuffix@
* lang/cpp/src/GpgmeppConfig.cmake.in.in: Remove a forgotten
instance of @libsuffix@.
--

b2c07bd47b removed @libsuffix@ from
cmake config files, but missed one instance.

Signed-off-by: Heiko Becker <heirecka@exherbo.org>
2016-11-17 09:22:12 +01:00
Werner Koch
af79327021
Post release updates.
--
2016-11-16 14:03:40 +01:00
Werner Koch
f06220b691
Release 1.8.0
* configure.ac: Set version to 1.8.0.  Set LT version C28/A17/RO.
Set CPP LT version to C9/A3/R0.  Set Qt LT version to C8/A1/R0.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 13:29:02 +01:00
Werner Koch
7f5f26fd66
doc: Replace http: by https: in core source files.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 13:27:00 +01:00
Werner Koch
9fc92a15bd
core: Do not leak the override session key to ps(1).
* src/engine-gpg.c (struct engine_gpg): New field
override_session_key.
(gpg_release): Free that field.
(gpg_decrypt): With gnupg 2.1.16 use --override-session-key-fd.

* tests/run-decrypt.c (main): Fix setting over the override key.
--

Note that this works only with gnupg 2.1.16 and later.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 10:15:31 +01:00
Daniel Kahn Gillmor
5730647421
doc,tests: Require use of ctx_flag before use of session_key.
* doc/gpgme.texi: Document requirements of verifying that it is OK to
use session_key.
* tests/run-decrypt.c: Ensure that we fail if we're unable to access
the session key, so that we do not violate the guidance above.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Changed the description

 -@code{gpgme_set_ctx_flag (ctx, "export-session-key")} returns
 -@code{GPG_ERR_NO_ERROR} or @code{gpgme_get_ctx_flag (ctx,
 -"export-session-key")} returns @code{"1"}.
 +@code{gpgme_set_ctx_flag (ctx, "export-session-key")} returns success
 +or @code{gpgme_get_ctx_flag (ctx, "export-session-key")} returns true
 +(non-empty string).

to get gpgme_get_ctx_flag for boolean values in sync with its own
description.

Note that I don't agree with the above suggestion but it does not
really harm to have it in the man page.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 10:15:31 +01:00
Andre Heinecke
b2c07bd47b qt, cpp: Add cmake config files for w32
* lang/cpp/src/GpgmeppConfig-w32.cmake.in.in
lang/qt/src/QGpgmeConfig-w32.cmake.in.in: New.
* lang/cpp/src/GpgmeppConfig.cmake.in.in,
lang/qt/src/QGpgmeConfig.cmake.in.in: Remove libsuffix handling.
* lang/cpp/src/Makefile.am,
lang/qt/src/Makefile.am: Create / install w32 config files.
* configure.ac: Configure them.

--
To work with DLL's cmake needs to know about the implib and
the final DLL. So the config files look different enough
that it's better to use alternative files.
2016-11-15 14:33:31 +01:00
Andre Heinecke
45abe6d142 qt: Use new style connect in th..mixin
* lang/qt/src/threadedjobmixin.h
(ThreadedJobMixin::lateInitialization): Use new style connect.
2016-11-15 12:30:56 +01:00
Daniel Kahn Gillmor
ff3b72e2a3 doc: Fix typos.
--
2016-11-15 12:02:56 +01:00
Werner Koch
7659d42468
core: Implement context flag "override-session-key".
* src/gpgme.c (gpgme_set_ctx_flag): Add flags "export-session-key" and
"override-session-key".
(gpgme_get_ctx_flag): Ditto.
(gpgme_set_export_session_keys): Remove.
(gpgme_get_export_session_keys): Remove.
* src/gpgme.def, src/libgpgme.vers: Remove them.
* src/context.h (struct gpgme_context): Add field
override_session_key.
* src/decrypt-verify.c (decrypt_verify_start): Pass
override_session_key value to the engine.
* src/decrypt.c (decrypt_start): Ditto.
* src/engine.c (_gpgme_engine_op_decrypt): Ditto.
(_gpgme_engine_op_decrypt_verify): Ditto.
* src/engine-backend.h (struct engine_ops): Extend DECRYPT and
DECRYPT_VERIFY_START with override_session_key.
* src/engine-uiserver.c (_uiserver_decrypt): Add stub arg
override_session_key.
(uiserver_decrypt): Ditto.
(uiserver_decrypt_verify): Ditto.
* src/engine-gpgsm.c (gpgsm_decrypt): Ditto.
* src/engine-gpg.c (gpg_decrypt): Add arg override_session_key and set
corresponding gpg option.

* tests/run-decrypt.c (print_result): Print the session key if
available.
(main): Add options --export-session-key and --override-session-key.

--

To keep the number of context manipulation functions at bay, this
patches removes the just added gpgme_set_export_session_keys and
gpgme_get_export_session_keys by flags for the generic context
function.

The patch also implements the --override-session-key feature.

GnuPG-bug-id: 2754
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 10:34:13 +01:00
Werner Koch
3234b1bf1d
core: Add public function gpgme_get_ctx_flag.
* src/gpgme.h.in (gpgme_get_ctx_flag): New.
* src/gpgme.c (gpgme_set_ctx_flag): Move down the file and add a trace
statement.
(gpgme_get_ctx_flag): New.
* src/gpgme.def, src/libgpgme.vers: Add new interface.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 09:24:17 +01:00
Daniel Kahn Gillmor
cad1210fb8
core: Enable extraction of session keys.
* src/gpgme.c (gpgme_set_export_session_keys): New function.
(gpgme_get_export_session_keys): New function.
* src/gpgme.h.in (struct _gpgme_op_decrypt_result): Add session_key
member.
(gpgme_{set,get}_export_session_keys): Declare new functions.
* src/libgpgme.vers, src/gpgme.def: Export new functions in shared
object.
* src/engine.h: (_gpgme_engine_op_decrypt) Add export_session_key
parameter.
(_gpgme_engine_op_decrypt_verify): Add export_session_key parameter.
* src/engine-backend.h: (struct engine_ops): Change function
pointer declarations to match.
* src/context.h (struct gpgme_context): Add export_session_keys member.
* src/decrypt.c (release_op_data): Free result.session_key.
(_gpgme_decrypt_status_handler): Store a copy of the exported session
key.
(decrypt_start): Pass export_session_keys from the context.
* src/decrypt-verify.c (decrypt_verify_start): Pass
export_session_keys from context.
* src/engine.c (_gpgme_engine_op_decrypt): Pass through
export_session_key flag.
(_gpgme_engine_op_decrypt_verify): Pass through export_session_key
flag.
* src/engine-gpg.c (gpg_decrypt): If export_session_key is set, add
--export-session-key to argument list.
* src/engine-gpgsm.c (gpgsm_decrypt): Ignore export_session_key for
now, since gpgsm offers no such mechanism.
* src/engine-uiserver.c (_uiserver_decrypt): If export_session_key is
set, add --export-session-key flag to cmd.
* doc/gpgme.texi: Document new functions and session_key member of
decrypt_result_t.
* doc/uiserver.texi: Add --export-session-key flag to DECRYPT command.

--

gpg(1) documents session key export as useful for key escrow, and is
rightly dubious of that use case.  However, session key export is also
useful in other use cases.  Two examples from MUA development (where
this functionality would be specifically useful to me right now):

 * If the MUA stores a local copy of the session key upon decrypting
   the message, it can re-decrypt the message without expensive
   asymmetric operations.  When rendering a thread with dozens of
   encrypted messages, this can represent a significant speedup.

 * A user may have expired encryption-capable secret key material,
   along with many messages encrypted to that material.  If she stores
   the session keys for those messages she wants to keep, she can
   destroy her secret key material and make any messages she has
   deleted completely unrecoverable, even to an attacker who gets her
   remaining secret keys in the future.

This patchset makes a two specific implementation decisions that could
have gone in different ways.  I welcome feedback on preferred outcomes.

 0) session key representation: we currently represent the session key
    as an opaque textual string, rather than trying to provide any
    sort of in-memory structure.  While it wouldn't be hard to parse
    the data produced by gpg's --export-session-key, I chose to use
    the opaque string rather than lock in a particular data format.

 1) API/ABI: i've added a member to gpgme_op_decrypt_result_t.  This
    has the potential to cause an out-of-bound memory access if
    someone uses code compiled against the newer verision, but linked
    at runtime against an older version.  I've attempted to limit that
    risk by documenting that users must verify
    gpgme_get_export_session_keys() before accessing this new struct
    member -- this means that code expecting this capability will
    require the symbol at link-time, and will refuse to link against
    older versions.

    Another approach to solving this problem would be to avoid
    modifying gpgme_op_decrypt_result_t, and to introduce instead a
    new function gpgme_op_session_key(), which could be called in the
    same places as gpgme_op_decrypt_result().  Depending on the
    representation of the session key, this might introduce new
    memory-management burdens on the user of the library, and the
    session key is certainly part of a decryption result, so it seemed
    simpler to go with what i have here.

If anyone has strong preferences that these choices should be solved
in a different way, i'm happy to hear them.

Additionally, I note that i'm also still pretty unclear about how the
"UI Server" fits into this whole ecosystem. In particular, I don't
know whether it's kosher to just add an --export-session-key flag to
the DECRYPT operation without actually having implemented it anywhere,
but i don't see where i would actually implement it either :/

If this patch (or some variant) is adopted, i will supply another
patch that permits offering a session key during decryption (e.g. "gpg
--override-session-key"), but I wanted to get these implementation
choices ironed out first.

Gnupg-Bug-Id: 2754
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

On the concern of adding a new field to a structure: It may not be
clearly documented but we don't expect that a user ever allocates such
a structure - those result structure may only be created bu gpgme and
are read-only for the user.  Adding a new member constitutes a
compatible ABI change and thus an older SO may not be used by code
compiled with a header for the newer API.  Unless someone tinkers with
the build system, this should never happen.  We have added new fields
to result structure may times and I can't remember any problems.

 - wk
2016-11-15 08:52:06 +01:00