--
* src/Key.js: the fingerprint returned by a Key is now always upper
case hex, even if the constructor had lower case input. This is to be
more consistent with gpgme and to be more readable and reliable in
comparisions.
* lang/python/examples/howto/symcrypt-file.py: *sigh*; passphrase was
right the first time, just the error check that wasn't.
* I really should stop second guessing myself one of these days ...
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Ran all the .py files in src/ and below through Yapf.
* Included some manual edits of core.py, this time successfully making
two notorious sections a bit more pythonic than scheming.
* Left the module imports as is.
* This will be committed if it passes the most essential test:
compiling, installing and running it.
Signed-off-by: Ben McGinnes <ben@adversary.org>
* lang/cpp/src/gpggencardkeyinteractor.cpp
(GpgGenCardKeyInteractor::Private::keysize): Change to string.
--
The value is only required as string so we can save it this
way to avoid the need to convert it for the action command.
GnuPG-Bug-Id: T4094
* lang/python/tests/Makefile.am,
lang/qt/tests/Makefile.am,
tests/Makefile.am,
tests/gpg/Makefile.am,
tests/gpgsm/Makefile.am,
tests/opassuan/Makefile.am (GNUPGHOME): Make variable explict.
--
If the build directory has too long path, gpgme could fail.
This is similar to
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847206
In order to fix that, this patch extracts the GNUPGHOME variable
to be presented directly in the Makefile and thus overridable by
command line option.
A build system can then create a symlink to the GNUPGHOME directory
in /tmp and use that symlink as the GNUPGHOME directory
thus making the path very short.
GnuPG-Bug-Id: T4091
Patch provided by vlmarek
--
* src/index.js: The export now uses a freezed Object, which does not
allow for simply overwriting the init method by e.g. a third-party
library.
* BrowsertestExtension: Added some tests trying if decryption of bad
data properly fails
--
* The aim is to iterate through the results of the first request
(all keys), and then add the propert 'hasSecret' to those that
are in the second request (secret Keysring) as well. I messed
this up in a recent change, and it escaped testing.
--
* An Object.freeze should stop any malicious third party from changing
objects' methods once the objects are instantiated (see unittest for
an approach that would have worked before)
- An initialized gpgmejs- object doesn't have a '_Keyring' property
anymore (it still has its 'Keyring')
- The internal expect='base64' needed to be turned into a method.
--
* src/ [Connection, Error, Key, Keyring, MEssage, Signature, gpgmejs]:
Functions and values that are not meant to be overwritten are now
moved into their constructors, thus eliminating the possibility of
overwrites after initialization.
* Key: The mode of use (synchronous cached, or async promises) ivs now
determined at initialization of that Key. The property Key.isAsync
reflects this state.
* unittests: fixed old Key syntax for testing.
* Message.js isComplete is now a method and not a getter anymore.
* Added some startup tests.
--
Tests will now run with one instance of gpgmejs each block,
which reduces overhead. Readability is (hopefully) improved),
some negative tests are added.
There is still a performance problem in base64 encoding/decoding,
which causes some tests to fail due to time out.
--
* The import answer now also directly contains the armored Key as Key
property, without need to refresh the Key object created in the
answer. This allows for direct comparision of input and output.
* BrowserTestExtension: added test for that import callback
--
* The libgpg error strings arrive in the browser in a different
encoding than used by browsers. Escaping and then decoding it
should cover most languages in the supported browsers.
* lang/cpp/src/key.cpp (Key::update): Check that the key is
not NULL.
* lang/cpp/src/verificationresult.cpp (GpgME::Signature::key):
Check for fingerprint.
* Fixed and tested the changes necessary for org-mode to correctly
parse pythonic (Python 3) indentation.
* Updated the source blocks to recommended upper case for BEGIN_SRC
and END_SRC.
* Tested and confirmed XHTML output matches correct examples.
* Tested against pseudo-control output via exporting from org-mode to
org-mode and then exporting that to XHTML. Remaining differences
appear to be discarding the custom tags used to provide X[HT]ML id
elements to each section which does not appear to offer any benefit.
* Exporting directly to XHTML or other HTML output should no longer
cause problems, but if there are any then the first step should be
exporting from org-to-org and then exporting that to XHTML.
Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Another retrofitting of the HOWTO Python example code, this time
following adjustments to python-mode configuration and having
trawled through the org-mode mailing lists for clues.
* lang/qt/src/threadedjobmixin.cpp (fromEncoding)
(stringFromGpgOutput): New helpers.
(markupDiagnostics): Use it.
--
The Problem is that on my western windows system GnuPG
gets CP 437 as GetConsoleOutputCP and prints in that codepage.
In a W32 GUI Application we get 0 as GetConsoleOutputCP and 1252
with GetACP.
The only thing that seemed to somehow match was GetOEMCP but
that might just be luck and it might still be broken in
other windows languages.
This code is also used in Kleopatra so it might make sense
to make it public once it is demonstrated that it works on
most systems.
--
* src/Keyring.js: If the optional "pattern" parameter is not to be
used, but another, following parameter is, null is more of a
convention in javascript, thus both null and undefined are
interpreted as "this parameter is not meant to be set".
--
* Reflects the changes made to gpgme-json in commit
6cc842c9aa.
- getKeysArmored now returns an object with property 'armored' being
the exported armored block, and an (optional) array of fingerprint
strings for those keys that can be used in sign/encrypt operations
as property 'secret_fprs'. With this, extensions such as mailvelope
will be able to bulk fetch all necessary key information in one
request.
--
* Fixed errors:
- src/Message.js post(): Set chunksize to defined default value instead
of hardcoded
- src/Keys.js: added getHasSecret() to refreshKey operation.
* Reviewed and updated the documentation
* non-documentation changes which do not affect functionality:
- src/Errors: disabled a console.warn that is only useful for debugging
- helpers.js: renamed "string" to "value" in isFingerprint and isLongId
to avoid confusion
- src/Keyring: prepare_sync, search are both explicitly set to false by
default
* Complete typographic overhaul.
* Removed all section level indentation since it does not affect
output formatting, but might affect source code examples.
* In text-mode stripped out all tabs which had crept in and replaced
them with four spaces.
* Updated all code examples (again) to conform with Python-mode.
* Bumped version number in preparation for next release of GPG 2.2.9
and corresponding GPGME release.
--
* Don't make a secret-Key request for each Key retrieved, use one
request for all of them instead, and assemble the info later. This
should reduce the traffic with large Keyrings. The bulk retrieval
for the public armored Keys for each of these Keys is still up to
discussion
* unittests: disabled assertion for the armored key (as it currently
doesn't work)
* encryptTest: clarified the mechanism/reason of rejection for
Messages >64 MB. This is still a TODO, as this error comes from a
different place (the browser itself) and behaves different from the
other errors.
--
* A verify at gpgme-json does not fail if there is a valid pgp message
that does not include a signature. Instead, the answer will be devoid
of signatures. In javascript, the SIG_NO_SIG error should be reported
here, but wasn't.
--
* package.json:
- the old webpack-cli version depended on two packages
with vulnerabilities, set to minimum version 3.0.8 to fix this
(nodesecurity.io/advisories/157, nodesecurity.io/advisories/612)
- added License identifier
* README: Updated documentation
* jsdoc.conf: Added a configuration file for jsdoc
* some minor documentation changes, indentations
--
* src/Keyring.js: getKeys() now has the option "search", which will
trigger a remote lookup (as configured in gpg) for the string given
as pattern.
* src/permittedOperations: make use of the new 'locate' option in
keylist
* DemoExtension: Add a button for lookup, to demonstrate the
functionality
--
* BrowserTestExtension:
- The KeyImport/Export test had some errors, which have now been fixed
- The secret key used for the test examples is now placed more
prominently, and a clarification added that decrypt tests will not
work if this key is not imported.
* permittedOperations.js: typo
Thanks to rrenkert@intevation.de for the fixes
* Apparently I am wrong and Scheme is the new Python after all.
* Non-import related PEP8 compliance must wait for another day, though
the other PEP8 fixes remain.
* Changed id/else statements to a more pythonic form from scheme
masquerading as python - sorry Justus, it had to go ;).
* With the added bonus of enabling PEP8 compliance in those sections.
* Fixed remaining PEP8 compliance issues with the exception of the
imports at the beginning of the file (changing those will break the
entire module, so we'll cope with it as it is).
* Bindings confirmed to work with the newly released 3.7.0.
* Updated M4 file to reflect this change and correct the Python binary
search order (3.7 is not yet given priority, but will still be found
first via the more generic python3 executable).
* Updated setup.py.in, bindings documentation and README to reflect this.
* Added a secret key export variant which saves output as both GPG
binary and ASCII armoured, plus saves in $GNUPGHOME and uses
multiple methods of determining what that location is.
* Example of default exporting keys.
* Example of exporting minimised keys.
* Example of exporting secret keys to a file with correct permissions.
Signed-off-by: Ben McGinnes <ben@adversary.org>
* The holy grail: a function to export secret keys.
* GPGME will still invoke pinentry and gpg-agent as usual to authorise
the export.
* Mostly similar to the two previous export functions for public keys
except that it will return None if the result had a length of zero
bytes. Meaning that the difference between the specified pattern
(if any) not matching available keys and an incorrect passphrase is
not able to be determined from this function (or the underlying one
for that matter).
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Updated key_export and key_export_minimal to return None where a
pattern matched no keys in a manner simnilar to the possible result
of key_export_secret.
* Added functions for exporting public keys to gpg.core in both
complete form and in minimised form.
* Rather than letting people need to worry about the export modes we
are simply separating the functions as people would be more familiar
with from the command line usage anyway.
* Functions added for Context are: ctx.key_export_minimal and
ctx.key_export as the default or full export.
Signed-off-by: Ben McGinnes <ben@adversary.org>
--
* src/Signature: typo
* src/gpgmejs.js: fixed wrong scope in verification
* right now verify does not succeed in the DemoExtension.
This is probably a problem in conversion or line ending.
* configure.ac: Add js as language.
* lang/Makefile.am: Add js as dist language.
* lang/js/BrowserTestExtension/Makefile.am,
lang/js/DemoExtension/Makefile.am,
lang/js/Makefile.am,
lang/js/src/Makefile.am: Populate EXTRA_DIST variables.
--
There is no actual build done yet as there seems to be
no way to build it with debian stable tools. This needs
clarification.
--
* src/Keyring.js: added more options for key generation.
* src/Key.js: GetDefaultKey now relies on the info associated with the
key, as the approach of relying on a secret subkey did not work as
intended
* DemoExtension: Added a button for retrieval of the subkey, to test
this functionality.
* Fixed most of the PEP8 errors in core.py
* Those remaining may need more than little edits and are a bit
strange (too clearly the result of a programmer who has spent far
too much time dealing with Lisp so that for Python it looks
... strange).
* Wrapped the key import function in the try/exception statements
needed to catch at least the most likely unsuccessful import attempt
errors.
* Mostly draws on the file error and no data import statuses for
errors, with a couple of exceptions.
Signed-off-by: Ben McGinnes <ben@adversary.org>
* The foundation of a pythonic key import function authored by Jacob
Adams.
* A unit testing script for the same function originally authored by
Tobias Mueller
* Added DCO reference for Jacob Adams to the GPGME AUTHORS file.
* Additional details regarding this patch are available here:
https://dev.gnupg.org/T4001
Signed-off-by: Ben McGinnes <ben@adversary.org>
--
* src/gpgmejs.js:
- Added verify method
- Added verification results in decrypt (if signatures are present
in the message)
- Added a base64 option to decrypt
* src/Signature.js: Convenience class for verification results. Used
for e.g. converting timestamps to javascript time, quick overall
validity checks
* src/Keyring.js: removed debug code
* src/Errors.js add two new Signature errors
--
* DemoExtension/maindemo.js - added a Demo for retrieving the default
signing key
* src/Errors.js - add a new Error if no default key can be determined
* src/Key.js added documentation and a TODO marker for hasSecret.
* src/Keyring.js implemented getDefaultKey
* src/permittedOperations.js: Added missing entry for verify,
added config_opt
--
* The current test icon was just a generic pin. Changed that by the
gnupg lock symbol with 'Demo'/'Tests' written on it. Original taken
from gnupg artwork/icons/lock-wing.svg.
--
* src/Keyring.js: Added method generateKey for new Keys
Still TODO: Key length and some further testing. Automated testing
does not work in this case, and gpgmejs will not be able to delete
test keys again.
* src/permittedOperations.js Added new method's definitions according
to gpgme-json
--
* the nativeApp now sends all data in one base64-encoded string, which
needs reassembly, but in a much easier way now.
* there are some new performance problems now, especially with
decrypting data
* lang/cpp/src/context.cpp, lang/cpp/src/context.h
(Context::createKeyEx): New.
--
The createKeyEx function follows the usual pattern that the
synchronous call returns a result directly while for the
async an extra call is neccessary.
* Uses the groups module to prepare a list of recipients and encrypt
to those.
* The main version (encrypt-to-group.py) tries to check for invalid
recipients, but still falls back to always trust for the second
encryption attempt.
* The gullible version doesn't try pruning the recipient list at all,
it just tries to encrypt and if it fails, switches straight to
always trust.
* The trustno1 version doesn't use the always trust model at all and
only attempts pruning the list of invalid recipients.
--
* trying to stick to eslint from now on for readability
* As some attribution was lost in previous git confusions, I added my
name into some of the licence headers
--
* Keyring.js
- implemented importKey: importing one or more armored public key
blocks.
- implemented deleteKey: deleting a public Key from gpg.
* Key.js renamed property Key.armor to Key.armored
* Helpers.js: toKeyIDArray does not complain anymore if there are no
keys. Not having Keys in e.g. signing keys in encrypt is legitimate
and common, the complaints were getting spammy
* Errors.js: gpgme_errors now always pass an optional additional
message, for easier debugging in minified code
* Connection.js: Fix in gpgme-json responses containing objects
* eslintrc.json: Start using eslint. A cleanup to conform to it is not
done yet
* Added further tests for the new functionality
* Another attempt at fixing the org-mode version.
* A proof reader ascertained there were tabs in it instead of whitespace.
* Stripped the lot out and replaced with standard 4 spaces, fixed
every incorrect example ... and it still breaks upon save and/or export.
* Added the reference to the mutt-groups.py script to demonstrate the
groups.py module/code.
--
* src/Keys.js
- made setKeyData more consistent with other methods
- added convenience methods (Key.armored, Key.hasSecret)
- Added a Key delete function
* src/Keyring.js:
- added a getkeysArmored which allows for bulk export of public Keys
gpgmejs:
- removed deleteKey. It is now a method of the Key itself
- Encrypt: Added some common options as parameter, and the
possibility to set all allowed flags via an additional Object
* lang/cpp/src/data.h, lang/cpp/src/data.cpp (Data::rewind): New.
* lang/qt/tests/t-various.cpp (testDataRewind): Test it.
--
The advantage of this convieniance function in GPGME is that
it avoids the messiness that are declarations with off_t.
GnuPG-Bug-Id: T3996
--
* implementing Keyring methods:
- Keyring.getKeys: has an additional option that retrieves the armor
and secret state once at the beginning. This is power hungry, but
allows for Keys to be used directly (without querying gpgme-json
each call)
* permittedOperations.js: reflect recent changes in the native
counterpart, adding more options
* Key: adding two methods for retrieving the armored Key block and
for finding out if the Key includes a secret subkey.
--
* After an operation a connection should be disconnected again.
The "end of operation" is now assumed to be either an error as
answer, or a message not including a "more"
* GPGME, GPGME_Key, GPGME_Keyring don't require a connection
anymore
* Message.js: The Message.post() method will open a connection as
required
--
* Keys can now be queried for information. Onne version queries gnug
directly (asynchronous Promise in javascript terms), the cached
version refreshes on demand.
* Small fixes:
src/Connection.js joins answers that stay json properly now
--
* src/Connection.js: isConnected was renamed to checkConnection, that
returns a promise with either version information or Boolean
* Connection checks have been adapted to reflect that checkConnection
returns a Promise
* BrowsertestExtension: tests/signTest.js was missing from my last
commit
* Added a script which demonstrates how the groups module works.
* Script generates Mutt/Neomutt crypt-hooks for every group entry in
gpg.conf, including those entries for multiple keys (Mutt handles
that differently).
* Fixed the groups.py script so it really does what is described (the
old code had the same result for groups, group_lines and
group_lists).
* Updated the corresponding example in the doc to match.
* Updated the decryption example code in the HOWTO and the
corresponding decrypt-file.py script to gracefully handle a
decryption failure. This error will always be triggered when GPGME
is used to try to decrypt an old, MDC-less encrypted message or
file.
--
* Uint8Arrays are not supported for now there are unsolved issues in
conversion, and they are lower priority
* encrypt gains a new option to indicate that input values are base64
encoded
* as decrypted values are always base64 encoded, the option base64 will
not try to decode the result into utf, but leave it as it is
--
* Some assumption on messages were wrong. Now the tests use more
reasonable sizes.
* bigString now uses the full utf8-extent, with the exception of
U+0000. This code gets dropped during the encryption-decryption
process.
--
* The majority of tests needs to be run in a nativeMessaging context.
Offering the few tests that don't need this context at two places
introduces issues with maintainability. All tests now removed can be
found in ./unittests.js
--
* Added openpgp - Mode tests to the browsertest Extension. These tests
require openpgp, which should not be a hard dependency for the main
project. Packing openpgpjs into the extension is still TODO
* Fixes:
- openpgp mode API now correctly handles parameters as an object,
similar to openpgpjs
- proper check and parsing of openpgpjs Message Objects
--
* There were some inconsistencies between utf-8, transfer and browsers'
utf16, which broke characters that were split between individual
messages. src/Connection now contains a workaround that reassembles
javascripts' format from passed base64 strings. This needs someone
more experienced looking.
* Added several new tests which were failing during initial debugging
of this issue
* reorganized BrowsertestExtension to avoid cluttering.
--
* Tests: Under certain circumstances, some data change during
encrypt-decrypt. Committing the current state so the problem can be
discussed.
* Fixes:
- disconnecting the test ports after tests are complete
- fixed passing of the error message from gpgme-json
--
* Key.js: Error code for wrong parameter in createKey should be
"PARAM_WRONG"
* Helpers.js: The property openpgpjs-like Objects were checked for in
toKeyIdArray was not defined.
* src/permittedOperations.js: updated more expectations and assumptions
for the native API
* new Problems:
- There seems to be a message size limit of about 21 MB for
nativeMessaging, much lower than the documented 4GB.
- Some bytes are lost with random data in an encrypt-decrypt
roundtrip. The culprit is unclear.
* Changed the expiration date for the generated test key to NYE this
century, rather than the NYE this millennium as originally suggested
in job #3815.
* This covers the lifetimes of current users (except, maybe, some very
healthy millennials) as well as the 32-bit clock end date in 2038;
without falling foul of OpenPGP's 2106 expiration.
--
* Key.js: Error code for wrong parameter in createKey should be
"PARAM_WRONG"
* Helpers.js: The property openpgpjs-like Objects were checked for in
toKeyIdArray was not defined.
* src/permittedOperations.js: updated more expectations and assumptions
for the native API
--
* Added unittests to be run inside a Browser. To be able to access
the non-exposed functions and classes, a testing bundle will be
created, containing the tests (unittests.js) and the items to be
tested.
* src/Helpelpers, src/Key, src/Keyring: fixed some errors found
during testing.
--
* Tests: initialization of the two modes, encryption
* gpgme.js: reintroduced message check before calling
Connection.post()
* gpgmejs_openpgp.js: Fixed openpgp mode not passing keys
* index.js: fixed some confusion in parseconfig()
* Inserted some TODO stubs for missing error handling
--
* Extensions:
- Moved testapplication to Demoextension
- Created BrowserTestExtension.
Includes mocha and chai. For running tests that cannot be run
outside a WebExtension
Both Extensions can be found zipped in build/extensions after
running build_extensions.sh
* Code changes:
- src/Config: Place for the configuration
- small fixes raised during testing in Keyring.js, Message.js,
- src/gpgmejs_openpgpjs.js don't offer direct GpgME object to the
outside, as it only causes confusion
- index.js init() now checks the config for validity
* Tests:
- Reordered tests in test/.
- Input values are now in a separate file which may be of use for
bulk testing
* moved the build directory from dist to build
* src/qgpgmenewcryptoconfig.cpp (QGpgMENewCryptoConfigEntry::urlValue):
Build url from local file.
(QGpgMENewCryptoConfigEntry::setURLValue): Set native seperated
path.
--
This fixes setting files through cryptoconfig on Windows.
GnuPG-Bug-Id: T3939
--
* Introduced Mocha/chai as testsuite. After development build
'npm test' should run the unit tests. Functionality exclusive to
Browsers/WebExtensions cannot be run this way, so some other testing
is still needed.
- package.json: Added required development packages
- .babelrc indirect configuration for mocha. ES6 transpiling
needs some babel configuration, but mocha has no setting for it.
- test/mocha.opts Vonfiguration for mocha runs
* Fixed errors:
- Helpers.js toKeyIdArray; isLongId is now exported
- Key.js Key constructor failed
- Message.js will not throw an Error during construction, a new
message is now created with createMessage, which can return an
Error or a GPGME_Message object
* Tests:
- test/Helpers: exports from Helpers.js, GPGME_Error handling
- test/Message: first init test with bad parameters
--
* gpgmejs_openpgpjs
- unsuported values with no negative consequences can now reject,
warn or be ignored, according to config.unconsidered_params
- cleanup of unsupported/supported parameters and TODOS
* A src/index.js init() now accepts a configuration object
* Errors will now be derived from Error, offering more info and a
stacktrace.
* Fixed Connection.post() timeout triggering on wrong cases
* Added comments in permittedOperations.js, which gpgme interactions
are still unimplemented and should be added next
--
* A timeout of 5 seconds is activated for functions that do not require
a pinentry. This definition is written to src/permittedOperations.js
* testapplication.js now alerts the proper error codes and messages.
* src/Errors.js fixed two typos in error handling
--
* Error objects will now return the error code if defined as error type
in src/Errors.js, or do a console.log if it is a warning. Errors from
the native gpgme-json will be marked as GNUPG_ERROR.
--
* src/aKey.js changed fingerprint to setter (to avoid overwrites)
* src/gpgmejs_openpgpjs.js
- Added a class GPGME_Key_openpgpmode, which allows for renaming and
deviation from GPGME.
- renamed classes *_openPGPCompatibility to *_openpgpmode. They are
not fully compatible, but only offer a subset of properties. Also,
the name seems less clunky
--
* The Connection will now be started before an object is created, to
better account for failures.
* index.js: now exposes an init(), which returns a Promise of
configurable <GpgME | gpgmeGpgME_openPGPCompatibility> with an
established connection.
* TODO: There is currently no way to recover from a "connection lost"
* Connection.js offers Connection.isConnected, which toggles on port
closing.
--
* Error handling: introduced GPGMEJS_Error class that handles errors
at a more centralized and consistent position
* src/Connection.js:
The nativeMessaging port now opens per session instead of per
message. Some methods were added that reflect this change
- added methods disconnect() and reconnect()
- added connection status query
* src/gpgmejs.js
- stub for key deletion
- error handling
- high level API for changing connection status
* src/gpgmejs_openpgpjs.js
- added stubs for Key/Keyring handling according to current
state of discussion. It is still subject to change
* src/Helpers.js
- toKeyIdArray creates an array of KeyIds, now accepting
fingerprints, GPGMEJS_Key objects and openpgp Key objects.
* Key objects (src/Key.js) Querying information about a key
directly from gnupg. Currently a stub, only the Key.fingerprint is
functional.
* Keyring queries (src/Keyring.js): Listing and searching keys.
Currently a stub.
* Compatibility class gpgme_openpgpjs offers an API that should accept
openpgpjs syntax, throwing errors if a parameter is unexpected/not
implemented
* tried to be more generic in methods
* waiting for multiple answers if 'more' is in the answer
* more consistency checking on sending and receiving
* updated the example extension
--
* lang/python/setup.py.in: Copy gpgme.h instead of parsing it.
--
The python bindings tried to parse deprecated functions
out of gpgme.h. This fails for the current gpgme.h in
that it removes an entire field in the key sig struct (_obsolete_class).
Hence, the fields were off by an int and the bindings accessed struct
members via the wrong offset. That caused python program to crash.
At least on 32bit platforms, the crash can be easily triggered by
accessing key.uids[0].signatures. On 64bit platforms the compiler
probably aligns the struct so that the missing 4 bytes are not noticed.
With this change, the python bindings will expose all functions
that gpgme exposes, including the deprecated ones.
Credits go to Justus Winter for debugging and identying the issue.
Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
GnuPG-bug-id: 3892
--
Note this code misses all the legal boilerplate; please add this as
soon as possible and provide a DCO so we can merge it into master.
I also removed the dist/ directory because that was not source code.
* Script to generate a new key with encryption subkey taking input
from interactive prompts.
* Will also take a passphrase via pinentry and uses passphrase caching
of five minutes when used in conjunction with the temp homedir
script.
* Testing the addition of a HTML header set in org-mode in order to
had RSS update links for files.
* This should work with any [X]HTML export from current versions of
Org-Mode, but if it also works on website generated pages then it'll
tick off one of the wishlist itmes.
* Script to create a temporary gnupg homedir in the user's directory
for testing or scripting purposes.
* Creates a hidden directory on POSIX systems with the correct
permissions (700).
* Creates a gpg.conf in that directory containing the same
configuration options as used in the "Danger Mouse" example in the
HOWTO with the correct permissions (600).
* Added GPGME Python bindings HOWTO in Australian/British English.
** en-US "translation" still to be done.
* Added several example scripts comprised of the "Basic Functions"
section of the HOWTO (plus the work-around at the end).
** As these scripts are very basic examples they are released under
both the GPLv2+ and the LGPLv2.1+ (just like GPGME itself).
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Temporarily removing multi-key selection based examples.
* There are a few issues with getting the key selections to play
nicely with gpg.Context().keylist object types.
* Will troubleshoot them separately and restore them when that's
worked out, but I don't want these more complicated examples to
delay merging the HOWTO with master.
* Similar to group-key-selection.py, but does not use an existing
group from gpg.conf; instead takes multiple key IDs, fingerprints or
patterns on the command line and adds them to a keylist object.
* Begins to string together some of the simpler examples to do more
useful things.
* Signs and encrypts a file while encrypting to every key in a group
specified in the gpg.conf file.
* Updated usage so it only references importing the final list of
lists produced. Trying to use some of the mid-points can have
unpredictable results (this is part of the problem with work
arounds).
* Similar to encrypt file except for signing a file in normal mode.
* Noticed additional changes to be made to the howto to match this,
but they will have to wait due to a power outage (currently running
on battery and a mobile connection, but that won't last).
* Added groups selection work around code.
* Intended for use as a module to be imported by other scripts,
usually with "from groups import group_lists" or "from groups import
group_lines" or similar.
* Example to sign and encrypt a file.
* Similar to encrypt-file.py except all keys are considered trusted
and signs with the default key.
* Also encrypts to the default key.
* Example to encrypt a file to a single key.
* Takes key ID and/or fpr as a CLI parameter.
* Takes path and filename as a CLI parameter.
* Encrypts to specified key only, no signing and writes the output in
both ASCII armoured and GPG binary formats with output filenames
based on input filename.
* Added the same license as used with the HOWTO.
* Since these examples are so basic, they'll be dual licensed the same
as GPGME itself (otherwise it would slip too dangerously against the
need for permissive licensing of crypto libraries).
* Added reference to location where all the examples included in the
HOWTO will be available as executable scripts.
* Included a short README file in that location.
* Since we don't want to encourage accessing the low level functions
(e.g. op_encrypt), but since this example can still be useful to
understand, renaming it and will add new encryption examples to
match the instructions in the HOWTO.
* Adjusted the python-gnupg so the comments regarding insecure
invocation of commands via subprocess (shell=True) were a major
historical issue and not a a current issue.
* Not including Vinay Sajip's requested change to say it is now secure
since no audit of the current code base has been performed and my
last major inspection of that code was around the time I first
ported PyME to Python 3 in 2015.
* Checked off several points of howto coverage as completed.
* Reorganised to move S/MIME coverage to its own separate group of tasks.
* Noted only revocation remains for howto completion.
* moved single encrytion examples up to the first ones, pending merge
and major cut.
* This is basically just to make future checks of revisions a little easier.
* Fixed a minor typographic error.
* Bumped version number in preparation for merge with master.
* While there are probably a few more things worthy of being added
(mainly how to revoke things), this document is essentially ready
for publication now.
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Added a new user ID for Danger Mouse.
* Removed the empty entry for key preferences since that is handled
through gpg.conf and/or editing the key directly.
* Clarified which English dialects this is written in.
* Translating to American can happen *after* it's done.
** The Yank version would probably want to change some of the examples
anyway.
* Began the description for normal/default signing.
* Added a section on key selection.
* Included recommendation for using fingerprint when selecting one
specific key.
* Also included the most ironically amusing example of multiple key
selection in a GPG guide. Hey, it's public data ... (heh).
* Added explanation of the ascendance of Python 3 over Python 2 in the
guide to the intro.
* Expanded key selection description so people know what not to
include regarding key IDs with this key selection method.
* During the course of working out the updated signature methods,
determined that key selection (including counting) will beed to be
presented before the basic functions.
* Moved "working with keys" up.
* Added a miscellaneous work-arounds section at the end.
* Included code in said miscellaneous section for accessing the groups
specified in a gpg.conf file.
* It's a bit ugly since it does require subprocess (but not call,
Popen or shell access and only accesses one command).
* updated multi-encryption final example to be complete.
* second example shows most likely method of reading plaintext.
* updated example filenames to stick with running gag
(i.e. secret_plans.txt).
* error corrections.
* multiple typesetting fixes only required due to certain archaic
eccentricities of LaTeX.
* a couple of minor python PEP8 compliance corrections.
* Added a more complicated encryption example with a few variations on
the encryption method to account for untrusted recipient keys,
signing or not signing, including or excluding default keys and so
on.
* Switched from links to some external docs to using footnotes where
necessary.
* Ideally the howto should be as stand alone as possible.
* Also it makes it difficult to convert to another format for
proof-reading if there are links that the conversion can't find.
* Wrote the text description explaining each step in the most basic
encryption operation.
* Will need to include additional examples for encrypting to multiple
recipients using Context().encrypt instead of Context().op_encrypt.
* Added all four signing code examples that are most likely to be
used: armoured, clearsigned, detached armoured and detached binary.
* May remove some examples and just discuss the differences, but it
depends on the way the text is filled out.
* Added sample code for encrypting some text to a single key.
* Basically I'm just lifting existing production code and changing the
key IDs from mine to "0x12345678DEADBEEF" for these first few
examples.
* I'll fill in the text description after.
* Note: due to my regional location, I might split some tasks into
more commits in order to be sure no work gets lost in case of
emergency (or to put it another way: I know Telstra too well to
trust them).
* Added a section for those pythonistas who are too used to web
programming. Stressed that it's not simply not RESTful, it's not
even REST-like.
* Letting me move on to drawing a very loose parallel between a
session and a context. The differences should become obvious in the
subsequent sections.
* Some instructions to include are fairly obvious; as with encryption,
decryption and signature verification.
* Some are a little less obvious.
* This includes the requests received to specifically include subkey
management (adding and revoking subkeys on a primary key that's
being retained.
* Added the UID equivalents to the list, as well as key selection
matters (and may or may not include something for handling group
lines since that involves wrapping a CLI binary).
* Key control documentation and examples requested by Mike Ingle of
confidantmail.org.
* removed one bit of whitespace.
* Marked up references to gpgme.h.
* Fixed one spelling error.
* Removed py2.6 from python search order since even if it is
supported, it shouldn't be encouraged.
* Started work on the GPGME Python bindings HOWTO.
* 1,050 words to begin with at approx. 7.5KB.
* Got as far as installation.
* Includes instruction not to use PyPI for this.
* Set LaTeX headers to enable ligatures and a 12pt font by default.
* Paper size left for regional defaults.
* Using XeLaTeX for easier font control.
* Using default LaTeX font of Latin Main, but that's easy enough to change.
* The developers of Phabricator, the web front-end on dev.gnupg.org
have not implemented renderers for Markdown, Org-Mode or any other
common markdown like language.
* They also refuse to do so.
* Instead they re-invented the wheel and implemented their own version
of Markdown-like thing which is incompatible with everything else.
It is called Remarkup.
* The developers of Phabricator and Remarkup have refused to provide
conversion tools to move files to/from any format to/from Remarkup.
* They expect everyone to learn their new favourite pet project.
* Remarkup may or may not display Org Mode files, but if so then it is
likely to only want to do so as plain text.
* There is an unaffiliated and unofficial project to convert Github
Markdown to Remarkup via Pandoc. This might be adapted for our use,
but requires testing.
* Until then exporting from Org Mode to UTF-8 text is likely the least
worst plan.
* Which means renaming this file to README.org first.
* Removed Markdown style heading underlining.
* Removed in-line file type declaration (which is not correctly parsed
by the web interface on dev.gnupg.org).
* Fixed or updated the most fundamental errors.
* Also included some details on which modules are available on PyPI,
as well as what happened to the PyME commit log.
* Updated TODO.
* The entirety of the old TODO has been replaced with either more
relevant tasks or goals for the examples and a more measured
approach to the docs and why, in this project, Org Mode trumps reST,
even though it's Python through and through.
* lang/qt/src/qgpgmequickjob.cpp (addSubkeyWorker)
(createWorker): Use toMSecsSinceEpoch instead toSecsSinceEpoch.
--
toSecsSinceEpoch was only introduced in Qt 5.8.
* src/gpgsignkeyeditinteractor.cpp (SignKeyState): Add second
CONFIRM state.
(makeTable): Properly handle local_promote_okay.
(action): Handle CONFIRM2.
--
This fixes changing a local signature to a "public" signature.
GnuPG-Bug-Id: T1649
* lang/python/gpgme.i: copied signature from gpgme.h and defaulted the
value to SEEK_SET.
* lang/python/tests/t-data.py: Added a test for no second argument
--
Having to import the os package when wanting to read a Data object is a
slight annoyance. With SWIG, we can define default parameters. This
change defaults the whence argument to SEEK_SET which is how StringIO
and BytesIO behave.
Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
* lang/qt/src/qgpgmequickjob.cpp,
lang/qt/src/qgpgmequickjob.h,
lang/qt/src/quickjob.h: New.
* lang/qt/src/Makefile.am,
lang/qt/src/protocol.h,
lang/qt/src/protocol_p.h,
lang/qt/src/job.cpp: Update accordingly.
--
Keeping it in line with the Job for everything pattern.
Although it's reduced to one job for four commands as
the commands all behave the same.
* lang/python/tests/Makefile.am: Distinguish target and path.
* tests/gpg/Makefile.am: Ditto.
* tests/gpgsm/Makefile.am: Ditto.
--
GNU Make is powerful enough to match path to target (and vice versa),
but BSD make is not.
GnuPG-bug-id: 3056
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* lang/qt/src/dataprovider.cpp (blocking_read): Keep
reading if process is not atEnd.
--
This fixes a regression in Kleopatra that uses this dataprovider
to chain the gpgtar process to the encryption / signing.
* NEWS: Update.
* lang/python/src/core.py (Context.__read__): New helper function.
(Context.encrypt): Attach partial results to exceptions.
(Context.decrypt): Likewise.
(Context.sign): Likewise.
(Context.verify): Likewise.
* lang/python/src/errors.py (GpgError): Move the core of GPGMEError to
this class, add a nicer interface for it. This makes the errors
thrown by this library more uniform, and allows us to track the
underlying error in synthesized high-level errors.
(GPGMEError): Simplify.
(...): Make sure to call the parent classes' constructor in all other
classes.
--
Attach partial results to errors. Some operations return results even
though they signal an error. Of course this information must be taken
with a grain of salt. But often, this information is useful for
diagnostic uses or to give the user feedback. Since the normal
control flow is disrupted by the exception, the callee can no longer
return results, hence we attach them to the exception objects.
GnuPG-bug-id: 3271
Signed-off-by: Justus Winter <justus@g10code.com>
* NEWS: Update.
* lang/cpp/src/decryptionresult.cpp (DecryptionResult::isDeVs): New
function.
* lang/cpp/src/decryptionresult.h (DecryptionResult::isDeVs): New
prototype.
* lang/cpp/src/verificationresult.cpp (Signature::isDeVs): New
function.
* lang/cpp/src/verificationresult.h (Signature::isDeVs): New
prototype.
* lang/python/src/results.py (DecryptResult): Turn field 'is_de_vs'
into a boolean.
(Signature): Likewise.
* src/decrypt.c (_gpgme_decrypt_status_handler): Handle the new
compliance status line.
* src/verify.c (_gpgme_verify_status_handler): Likewise.
* src/gpgme.h.in (gpgme_status_code_t): Add new status codes for the
new status lines.
* src/keylist.c (parse_pub_field18): Move function to 'util.h'.
(keylist_colon_handler): Adapt callsites.
* src/status-table.c (status_table): Add new status lines.
* src/util.h (PARSE_COMPLIANCE_FLAGS): New macro. This used to be
'parse_pub_field18', but turned into a macro to make it polymorphic.
--
When decrypting data and verifying signatures, report whether the
operations are in compliance with the criteria for data classified as
VS-NfD. This information can the be presented to the user.
GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
* lang/python/setup.py.in: Prepend the Python build dir to the list of
include directories so that it takes precedence over any other include
directory.
--
Fixes the build in case an older 'gpgme.h' is installed and is picked
up by the compiler when compiling the Python module.
Signed-off-by: Justus Winter <justus@g10code.com>
* lang/python/tests/Makefile.am (pubring-stamp): Do not depend on the
configuration files, this can trigger superfluous rebuilds.
Signed-off-by: Justus Winter <justus@g10code.com>
* lang/python/tests/Makefile.am: Kill all previously running daemons
before creating the private key store.
* lang/qt/tests/Makefile.am: Likewise.
* tests/gpg/Makefile.am: Likewise.
* tests/gpgsm/Makefile.am: Likewise.
--
Now that the daemons sockets are no longer created in the GNUPGHOME,
we cannot rely on cleaning the build directory to make sure they are
shut down. Therefore, we explicitly kill any running daemons when
creating the test environment.
Signed-off-by: Justus Winter <justus@g10code.com>
* lang/python/tests/Makefile.am: Create test environment as part of
'make all'.
* tests/gpg/Makefile.am: Make sure the private keystore is created
first.
* tests/gpgsm/Makefile.am: Create test environment as part of
'make all'. Make sure the private keystore is created
first.
Signed-off-by: Justus Winter <justus@g10code.com>
* lang/qt/src/qgpgmenewcryptoconfig.cpp: Include functional.
--
This is intended to fix compilation against the c++ stdlib from
Gentoo / GCC 7.
Patch provided by Martin Väth.
GnuPG-Bug-Id: T3151
* lang/qt/src/decryptjob.h,
lang/qt/src/decryptverifyjob.h,
lang/qt/src/signencryptjob.h,
lang/qt/src/verifydetachedjob.h,
lang/qt/src/verifyopaquejob.h: Undeprecate ByteArray based API.
--
While an IODevice may be more performant the ByteArray API is
a very easy way to get started with QGpgME as it allows you
basically to encrypt / decrypt any QString.
This also fixes a ton of deprecation warnings in KDE where this
API is used all over the place.
* lang/qt/tests/t-encrypt.cpp, lang/qt/tests/t-tofuinfo.cpp:
Only use exported API.
--
With the Job::Context hack we no longer need to use internal API.
* lang/python/tests/support.py (have_tofu_support): New function.
* lang/python/tests/t-quick-key-manipulation.py: Skip TOFU test if not
supported by GnuPG.
Signed-off-by: Justus Winter <justus@g10code.com>
* lang/python/tests/run-tests.py: Add --python-libdir optional
parameter.
--
This will make the python tests usable for downstream that build python
module outside of autotools build system.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* lang/python/setup.py.in: Read gpg-error.h using the pre-processor.
--
The libgpg-error may be installed in multilib configuration in which
there is a wrapper header at /usr/include that includes the actual
header at /usr/include/*. This causes invalid errors.i generation.
Let the pre-processor extract the header content instead reading it
explicitly.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* configure.ac: Remove PYTHON_VERSIONS subst.
* lang/python/Makefile.am: Use basename of python as builddir prefix.
* lang/python/tests/run-tests.py: Likewise.
--
Two variables needs be at sync PYTHONS and PYTHON_VERSIONS, these may go
out of sync in some cases, for example in Gentoo where default python is
3.4 we get:
PYTHON='/usr/bin/python2'
PYTHONS='/usr/bin/python /usr/bin/python2'
PYTHON_VERSIONS='2.7 3.4'
We can use the basename of the python interpreter to achieve similar
effect without having to sync indexes between these two variables.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* tests/gpg/Makefile.am: Use BUILT_SOURCES instead of check-local
and initial.test.
* lang/qt/tests/Makefile.am: Ditto.
--
This fixes "make dist" failure when source tree is clean:
git clean -dxf
autoreconf -ivf
./configure
make dist
BUILT_SOURCES should be used when file as generated without explicit
dependency. The check-local is all-am dependency, this means that it
will be resolved also in "make dist".
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* lang/python/setup.py.in: Do not parse arguments.
--
The distutils settings can come from either command-line or
configuration file. Parsing parameters is not working in all cases.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* lang/python/gpg/version.py.in: Rename to lang/python/version.py.in.
configure.ac: Generate version.py.in in lang/python.
* lang/python/MANIFEST.in: Include version.py explicitly.
* lang/python/gpg: Rename to 'src'.
* lang/python/Makefile.am: Do not copy source files, do not use absolute
directories, support lib64 in uninstall, clean also dist directory, use
symlink for gpg src.
* lang/python/setup.py.in: Use builddir, copy sources into builddir,
copy version.py into module.
--
Simplify build to symlink the gpg sources into builddir instead of
copying. This requires handling of version.py as generated file.
In addition apply some cleanups: Drop the absolution pathes, clean the
dist directory as well, support lib64 for sitelib at uninstall.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* lang/python/gpgme-h-clean.py: Delete file.
* lang/python/MANIFEST.in: Adapt accordingly.
* lang/python/Makefile.am (EXTRA_DIST): Likewise.
(COPY_FILES_GPG): Bring variable back.
(copystamp): Copy files.
(clean-local): Delete copied files.
(install-exec-local): Do not create and install list of installed
files.
(uninstall-local): Instead, create some explicit rules to uninstall
the extension.
* lang/python/setup.py.in: Parse arguments. Locate files either in
the source directory, or in the build base directory. Inline the code
from 'gpgme-h-clean.py'. Copy 'helpers.c', add source directory as
include directory.
Fixes-commit: 801d7d8c5d
Signed-off-by: Justus Winter <justus@g10code.com>
* lang/python/setup.py.in: Generate files within BuildExtFirstHack
adjust build flags at this point instead of global.
* lang/python/Makefile.am: Remove logic of separate source directory per
python version in favor of build directory.
* lang/python/tests/run-tests.py: Adjust build directory location.
--
Generate files into build directory, leaving the source directory clean.
Use the same source directory for multiple python version build. Result
of 'prepare' target is a standard distutil layout that can be used
easily by downstream to build all python targets in-place.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* lang/qt/src/dn.cpp (parse_dn_part): Add fmt argument instead of
using name directly.
GnuPG-Bug-Id: 3023
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* lang/qt/src/t-tofuinfo.cpp (TestTofuInfo::testSupported): Treat
it as unsupported if secret keylisting already fails.
--
The likely cause of this is that the agent can't be started
because the trust model is unsupported. Other tests check
that keylisting actually works.
* lang/python/Makefile.am: Fix 'prepare' target.
* lang/python/setup.py.in: Use 'abs_top_builddir' instead of guessing
the path.
--
'prepare' will prepare target at PREPAREDIR. The automake integration
will also make use of prepare target. Downstream distributors may
also make use of prepare target.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* lang/qt/tests/t-encrypt.cpp (EncryptTest::testEncryptDecryptNowrap):
Disable test.
--
This test produces failures under CI/ASAN conditions as the
verify after the unwrap returns an error. As we currently
don't have time to look into this more it's disabled for now.
Similar to the testMixedEncryptDecrypt.
* lang/python/tests/support.py (assert_gpg_version): Fix error
message. Skip all tests when we use GnuPG older than 2.1.12.
GnuPG-bug-id: 3008
Signed-off-by: Justus Winter <justus@g10code.com>
* lang/cpp/src/context.cpp: Respect directly provided flags
in the new decrypt functions.
--
Overlooked in the initial commit. Also fixed the according
unused variable warnings.
* lang/cpp/src/context.cpp: New decrypt and decryptVerify functions
that take flags as arguments. Use new variants in old functions.
(Context::setDecryptionFlags): New helper.
(Context::Private::Private): Initialize new member.
* lang/cpp/src/context_p.h (Context::Private::decryptFlags): New.
* lang/cpp/src/context.h (Context::DecryptFlags): New enum.
(Context::EncryptionFlags): Extend for EncryptWrap.
--
The setDecryptionFlags provides a generic way to set decryption
flags for the whole context. This allows existing code to just
keep using the old functions and modify the decryption behavior
in a central place.
* lang/cpp/data.h, lang/cpp/data.cpp (GpgME::Data::toKeys): New.
--
Doing this in data instead of Context is a bit more idiomatic. But
this could also be added to Context.
* NEWS: Update.
* lang/python/gpg/core.py (Context.keylist): New keyword argument
'source'. If given, list keys from 'source'.
* lang/python/gpgme.i: Wrap the argument to
'gpgme_op_keylist_from_data_start'.
* lang/python/tests/Makefile.am (py_tests): Add new test.
* lang/python/tests/support.py (EphemeralContext): Do not throw an
error if no agent has been started in the context.
* lang/python/tests/t-keylist-from-data.py: New file.
Signed-off-by: Justus Winter <justus@g10code.com>
* lang/python/tests/Makefile.am (gpg-agent.conf): Do not hard-code the
option. This breaks gpg-agent from GnuPG 2.0.
* tests/start-stop-agent: Rather, check if the option is supported and
add it to the configuration if it is.
GnuPG-bug-id: 3008
Fixes-commit: bbf19124bb
Signed-off-by: Justus Winter <justus@g10code.com>
* lang/python/tests/support.py (assert_gpg_version): New function.
* lang/python/tests/t-callbacks.py: Use the new function to skip the
test if GnuPG is too old.
* lang/python/tests/t-edit.py: Likewise.
* lang/python/tests/t-encrypt-sym.py: Likewise.
* lang/python/tests/t-quick-key-creation.py: Likewise.
* lang/python/tests/t-quick-key-manipulation.py: Likewise.
* lang/python/tests/t-quick-key-signing.py: Likewise.
GnuPG-bug-id: 3008
Signed-off-by: Justus Winter <justus@g10code.com>
* lang/python/tests/run-tests.py: Make the error message shown when we
cannot locate the python module in the build tree more helpful.
Signed-off-by: Justus Winter <justus@g10code.com>
* lang/python/tests/support.py (TemporaryDirectory): Always use our
own version even if 'tempfile.TemporaryDirectory' is provided, because
we need to use 'shutil.rmtree(..., ignore_errors=True)' to avoid it
tripping over gpg-agent deleting its own sockets.
Signed-off-by: Justus Winter <justus@g10code.com>
* lang/qt/src/dn.cpp (parse_dn_part): Use gpgrt_asprintf instead
of qstrdup.
--
This fixes a new / free mismatch because qstrdup uses new and
the allocated parts are freed with free. Similar to: a09ed3f2
* lang/python/tests/initial.py: Print path of the Python module used
during tests. Useful to detect if by any mistake the wrong module is
picked up.
Signed-off-by: Justus Winter <justus@g10code.com>
* lang/python/tests/t-quick-key-manipulation.py: Modify the
configuration file in the ephemeral home directory, not the one used
by all the tests.
Fixes-commit: 15fbac9e72
Signed-off-by: Justus Winter <justus@g10code.com>
* lang/python/tests/support.py (EphemeralContext): New function.
* lang/python/tests/t-quick-key-creation.py: Use the new function to
manage ephemeral contexts.
* lang/python/tests/t-quick-key-manipulation.py: Likewise.
* lang/python/tests/t-quick-subkey-creation.py: Likewise.
--
Previously, there was a problem with cleaning up ephemeral home
directories. shutil.rmtree deleted the agents main socket, gpg-agent
detected that, and deleted the other sockets as well, racing
shutil.rmtree which did not cope will with that.
Fix this by asking the agent nicely to shut down.
Signed-off-by: Justus Winter <justus@g10code.com>
* lang/python/gpg/core.py (Context.assuan_transact): Fix testing
whether the command is a string on Python2.
* lang/python/tests/t-protocol-assuan.py: Improve the test to detect
this problem.
Signed-off-by: Justus Winter <justus@g10code.com>
* lang/python/Makefile.am (copystamp): Also copy the setup script, and
link the header files.
(all-local): Use local setup script.
(sdist): Fix Python source distribution creation.
(CLEANFILES): Remove now obsolete files.
(install-exec-local): Use local setup script.
* lang/python/setup.py.in: Adjust relative paths to in-tree files.
Fixes-commit: fe65a26ab5
Signed-off-by: Justus Winter <justus@g10code.com>
* lang/python/gpgme.i: Added a genericrepr macro and use it for
gpgme_key, gpgme_subkey, and gpgme_key_sig.
--
To look nicer in Python's REPL.
We define a generic __repr__ as a SWIG macro and use that to extend some
defined SWIG objects.
The alternative would have been to write a custom __repr__ function for
each class but that would need to be changed everytime the object's
structure changes. The bindings should be easy to maintain, I guess.
This comes at the expense that the reprs are now relatively long and
contain, for example, both keyid and fingerprint.
Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
* lang/python/setup.py.in: Call SWIG without the builtin flag.
--
The SWIG documentation
<http://www.swig.org/Doc2.0/Python.html#Python_nn28> leaves the
impression that -builtin is solely for increasing performance:
New in SWIG version 2.0.4: The use of Python proxy classes has
performance implications that may be unacceptable for a high-
performance library. The new -builtin option instructs SWIG to
forego the use of proxy classes, and instead create wrapped types as
new built-in Python types. When this option is used, the following
section ("Proxy classes") does not apply. Details on the use of the
-builtin option are in the Built-in Types section.
While not wasting CPU cycles is good, it also prevents Python code being
written in the wrapper itself. That, however, may be useful to make it
easier to extend the wrapper.
Partially reverts: 856bcfe293
Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
* lang/python/gpgme.i (pygpgme_wrap_gpgme_data_t): Provide a "self"
variable for SWIG_NewPointerObj and call SWIG_NewPointerObj rather than
SWIG_Python_NewPointerObj.
--
SWIG_Python_NewPointerObj seems to be an implementation detail, because
SWIG's documentation does not mention that function at all. In fact,
SWIG_NewPointerObj is a call to SWIG_Python_NewPointerObj with the first
parameter being either NULL or the "self" variable, depending on whether
SWIG is called with the -builtin flag. So far, the first parameter was
hard-coded to NULL. This change also hard-codes it to NULL but makes
it more explicit. The benefit is that the documented function is being
used and that compilation works regardless of the -builtin flag.
Partially reverts: 856bcfe293
Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
* lang/python/setup.py.in: Only call with -py3 when we run under python3
or higher.
--
If we ever remove the -builtin flag and leave the the -py3 flag, SWIG
will generate Python code which will be incompatible with Python 2,
because the py3 flag generates python3 code which is incompatible with
python2.
So we conditionally generate SWIG bindings with -py3.
Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
* lang/python/Makefile.am (copystamp): Create one copy per Python
version.
(all-local): Adapt.
(clean-local): Likewise.
(install-exec-local): Likewise.
* lang/python/tests/run-tests.py: Likewise.
--
Currently, we use one copy of the Python module's source to build for
all Python versions. This is problematic, because SWIG writes a
wrapper file into the source tree. Currently, this file works with
both Python 2 and 3, but this is purely by chance.
Improve the situation by creating one copy per Python version so that
SWIG can write version-specific code into each copy.
Signed-off-by: Justus Winter <justus@g10code.com>
* lang/qt/src/qgpgmenewcryptoconfig.cpp,
lang/qt/src/threadedjobmixin.h: Include functional.
--
With GCC 7.0, functional is not included transitively and we get:
In file included from qgpgmedeletejob.h:39:0,
from qgpgmedeletejob.cpp:38:
threadedjobmixin.h:98:33: error: 'function' in namespace 'std'
does not name a template type
void setFunction(const std::function<T_result()> &function)
^~~~~~~~
std::{function,bind,placeholders,mem_fn} are defined in functional.
References: https://bugzilla.redhat.com/show_bug.cgi?id=1417383
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
GnuPG-Bug-Id: 2955
Commit Message amended by Andre Heinecke
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* lang/qt/tests/t-support.h (QSIGNALSPY_TIMEOUT): New macro.
* lang/qt/tests/t-encrypt.cpp: Use the new macro as timeout when
waiting for signals.
* lang/qt/tests/t-keylist.cpp: Likewise.
* lang/qt/tests/t-keylocate.cpp: Likewise.
* lang/qt/tests/t-ownertrust.cpp: Likewise.
* lang/qt/tests/t-wkspublish.cpp: Likewise.
--
Increase the timeout when waiting for signals from 5 seconds to 60.
This addresses intermittent test failures on slow machines.
Signed-off-by: Justus Winter <justus@g10code.com>
* lang/python/gpgme.i: Added gpgme_op_keylist_start with defaults
* lang/python/tests/t-keylist.py: Added tests for default parameters
--
To increase the ease of use, op_keylist_start
parameters default to sensible values.
The empty string matches all keys.
We assume that the user wants to retrieve public keys most of the time,
so we default to public keys rather than secret keys.
Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
* lang/qt/src/Makefile.am (qgpgme_sources): Add cryptoconfig.cpp
* lang/qt/src/cryptoconfig.cpp: New.
* lang/qt/src/cryptoconfig.h (CryptoConfigEntry::stringValueList):
New.
* lang/qt/src/qgpgmenewcryptoconfig.cpp
(QGpgMENewCryptoConfigEntry::stringValueList): New.
* lang/qt/src/qgpgmenewcryptoconfig.h: Update accordingly.
--
This is a pardigm change in cryptoconfig.h to avoid ABI breaks
with each new config value we support it now has an implementation
that is directly related to qgpgmenewcryptoconfig, which is now
the only one.
* lang/qt/tests/t-support.h (TestPassphraseProvider::getPassphrase):
Use gpgrt_asprintf instead of strdup.
--
To avoid problems on MacOS we want to avoid strdup so that
qgpgme can be built without extensions. But qstrdup allocates
with new and not with malloc, so use gpgrt_asprintf instead.
* configure.ac: Set HAVE_MACOS_SYSTEM conditional.
* lang/qt/src/Makefile.am,
lang/cpp/src/Makefile.am,
lang/qt/src/QGpgmeConfig.cmake.in.in,
lang/cpp/src/GpgmeConfig.cmake.in.in: Use libsuffix again to
distinguish between macos .dylib
--
GnuPG-Bug-Id: 2884
* lang/python/tests/run-tests.py: Add and honor a switch '--quiet'.
This way we can use this script to run Python tests one by one without
the noise, and the script will setup the necessary environment for us.
Signed-off-by: Justus Winter <justus@g10code.com>
* lang/qt/src/cryptoconfig.h (CryptoConfig::sync): Document
that runtime option is always set.
* lang/qt/Src/qgpgmenewcryptoconfig.cpp
(QGpgMENewCryptoConfigComponent::sync): Remove outdated comment
and warn on error.
* lang/cpp/src/key.cpp (Key::update): Check for
a secret key first before listing public keys.
--
This is a performance delay but the update should
only be called in a non gui thread anyway. The information
if we have the secret key for this key is important to provide
after update.
* lang/cpp/src/key.cpp (UserID::addrSpec): Use uid->address instead
of normalizing again.
(&operator<<(std::ostream &, const UserID &): Print it.
--
This saves a normalization and fixes the case where a user id
is just a mail address without name, in that case gpgme sets
"address" but not email. Because the email is then the name.
* lang/cpp/src/verificationresult.cpp
(Signature::key(bool,bool)): Don't update the returned copy
but the actual key of the signature.
--
The whole point of the update is to change the partial key
from the signature (e.g. only fingerprint and one uid as we
would have from tofu) to a fully keylisted one.
* lang/python/helpers.c (_gpg_obj2gpgme_data_t): Extended error
message.
* lang/python/tests/t-encrypt.py: Test for "encode" in error message.
--
The motivation is to help the user when encrypting fails. I claim that
it is not obvious to not being able to encrypt a string directly. To
nudge the user into encoding it to bytes, the error message is a bit
extended.
Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
* lang/python/gpgme.i (wrapresult): New Macro.
--
This reduces the amount of copy and pasted code at the expense of a
slightly more complicated logic with a macro.
Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
* lang/python/tests/support.py (print_data): Add check for buffer.
--
When running with something like make -C lang/python check verbose=2 the
test would fail under python2, because the file objects do not have a
buffer property.
Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
* lang/python/gpg/core.py (Context.__repr__): New function.
--
This makes Context objects look nicer in a REPL.
Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
* lang/python/gpg/results.py (Result.__str__): Renamed to '__repr__'
...
* lang/python/gpg/results.py (Result.__repr__): ... and added fields.
--
So that it looks a bit nicer in the Python REPL.
It looked like this before:
In [2]: gpg.core.get_engine_info()[0]
Out[2]:
<gpg.results.EngineInfo at 0x7fb23509a240>
Now the output is
In [2]: gpg.core.get_engine_info()[0]
Out[2]:
EngineInfo(file_name='/usr/bin/gpg2', home_dir=None,
protocol=0, req_version='1.4.0', version='2.1.11')
This also applies to other results, e.g. the ImportResult.
Note that the format now changed from "<Class >" to "Class()". The
Python documentation on repr states: "For many object types, including
most builtins, eval(repr(obj)) == obj."
Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
* lang/cpp/src/GpgmeppConfig.cmake.in.in: Remove a forgotten
instance of @libsuffix@.
--
b2c07bd47b removed @libsuffix@ from
cmake config files, but missed one instance.
Signed-off-by: Heiko Becker <heirecka@exherbo.org>
* lang/cpp/src/GpgmeppConfig-w32.cmake.in.in
lang/qt/src/QGpgmeConfig-w32.cmake.in.in: New.
* lang/cpp/src/GpgmeppConfig.cmake.in.in,
lang/qt/src/QGpgmeConfig.cmake.in.in: Remove libsuffix handling.
* lang/cpp/src/Makefile.am,
lang/qt/src/Makefile.am: Create / install w32 config files.
* configure.ac: Configure them.
--
To work with DLL's cmake needs to know about the implib and
the final DLL. So the config files look different enough
that it's better to use alternative files.
* lang/qt/src/job.cpp,
lang/qt/src/job.h (Job::context): New.
* lang/qt/src/threadedjobmixin.cpp
(ThreadedJobMixin::~ThreadedJobMixin): New. Unregister context.
(ThreadedJobMixin::lateInitialization): Register context.
* NEWS: Update for cpp and qt.
--
The global map hack is necessary because the job class does
not know about the context which is held in threadedjobmixin.
Adding a virtual function in Job would be an ABI break which
I'd like to avoid at this point. Although QGpgME's API will
need a big ABI break to make it ABI maintainable. The virtual
jobs -> implementation classes are nearly unmaintainable ABI wise.
The context is exposed to provide more flexibility to users, e.g.
to add a passphrase callback or to set the sender in a context.
* lang/qt/src/qgpgme_export.h,
lang/qt/src/qgpgme_version.h: Change license to GPLv2+
--
These files were based on copies from the cpp version/export
headers. This change is meant to clarify the licensing by
bringing it in line with the overall licesense of the
qgpgme library.
* lang/qt/src/defaultkeygenerationjob.cpp
(DefaultKeyGenerationJob::start): Explicitly connect pointer
in the QPointer.
--
Commit message written by Andre Heinecke <aheinecke@intevation.de>
* configure.ac (VERSION_MAJOR, VERSION_MINOR, VERSION_MICRO): New
subst variables for the version header.
* lang/cpp/src/GpgmeppConfigVersion.cmake.in,
lang/cpp/src/gpgmepp_version.h.in,
lang/qt/src/QGpgmeConfigVersion.cmake.in,
lang/qt/src/qgpgme_version.h.in: Use new variables.
--
Using the LT_* variables was just wrong. Reporting the
package version also makes more sense then the library version.
Having different versions might make ABI breaks more visible
by increasing the major version number, but to have different
versions in the same package is too confusing imo and gpgme
uses a versioning that is unrelated to the library version number.
* lang/qt/src/Makefile.am: Install cmake config file in qgpgme subdir.
--
Putting it together with Gpgmepp was done for historic reasons
but the proper way is for each library to have its own subdir.
* lang/qt/src/dn.cpp (DN, DN::Attribute): New public API.
* lang/qt/src/dn.h: New.
* lang/qt/src/Makefile.am: Update accordingly.
--
This is a general useful API to work with X509 distinguished
names and is useful when doing CMS with GpgME.
Adding this class from libkleo allows kmails messagelib to
avoid any KDE UI Frameworks and so can be used more versatile
in the future.
This class can be combined with libkleos DNAttributeMapper
to have the same bevavior as before in libkleo when using
DN::prettyDN calls can be converted from:
Kleo::DN(uid).prettyDN();
to:
QGpgME::DN dn(uid);
uid.setAttributeOrder(
Kleo::DNAttributeMapper::instance()->attributeOrder());
dn.prettyDN();
* lang/cpp/src/Makefile.am,
lang/qt/src/Makefile.am: Install version headers in include
subdirs.
--
This change was requested on the gnupg-devel mailing list to
avoid placing these headers into the top level include directories.
There is currently no known user of these headers so changing it
now should not break things downstream.
This follows weeks of discussion on the gnupg-devel mailing list.
Hopefully it will make it easier for people using Python to use GnuPG
in the future.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* lang/python/pyme/core.py (Context.get_key): Raise errors.KeyNotFound
if the key is not found. This error is both a KeyError for idiomatic
error handling as well as a GPGMEError so we don't break existing
code.
* lang/python/pyme/errors.py (KeyNotFound): New class.
* lang/python/tests/support.py (no_such_key): New variable.
* lang/python/tests/t-keylist.py: Test the new behavior.
Signed-off-by: Justus Winter <justus@g10code.com>
* lang/qt/src/multideletejob.h: Fix include, cryptobackend.h is now
called protocol.h
* lang/qt/src/multideletejob.cpp: New file.
* lang/qt/src/Makefile.am: Add multideletejob.cpp.
* lang/cpp/src/Makefile.am: Install abstractimportjob.h since it's
included from importjob.h
--
Fixes build when someone inclues importjob.h in their code.
* lang/cpp/src/key.cpp (UserID::addrSpecFromString): New static
function to expose addrspec from uid.
(UserID::addrSpec): New. Get addrSpec from Userid.
* NEWS: Update accordingly.
* lang/cpp/src/verificationresult.cpp (Signature::key(bool, bool)):
New. Can be used to search / update the key associcated with this
signature.
--
By using update a caller can ensure that an incomplete key
obtainable through the new key() function is fully loaded.
With search the key can be looked up in the internal keyring.
As the results are cached this can be done in the crypto thread
and the result then better used in the UI thread.
* lang/cpp/src/verificationresult.cpp (Private): Add null key
to list when there is no key associated with the signature.
--
This fixes an out of bounds read when a verification did
not have a key.
* lang/cpp/src/key.cpp: Include <strings.h> for 'strcasecmp'.
* tests/gpg/t-cancel.c: Include <sys/select.h> for 'fd_set' and
friends.
Signed-off-by: Justus Winter <justus@g10code.com>
* src/qgpgmewkspublishjob.cpp,
src/qgpgmewkspublishjob.h,
src/wkspublishjob.h,
tests/t-wkspublish.cpp: Fix spelling of received.
* src/configure.ac (LIBQGPGME_LT_CURRENT): Bump
accordingly.
--
While this is an API break I've decided to fix this now
instead of deprecating / keeping it around forever in the API.
The only known users of QGpgME are KDE Applications and
there it is not yet used.
* lang/qt/tests/t-encrypt.cpp: Disable tests that require
a password for 2.0.
--
The passphrase_cb apparently does not work with 2.0 so we would
need a fake pinentry to get this to work. We just disable the
test instead as this is a rarely used feature and works with
1.4 and 2.1.
* lang/qt/tests/Makefile.am (TESTS): Remove t-wkspublish.
--
Even the only enabled test did a connection to localhost this
might fail if it is stalled and is an outside factor. It also might
be disturbing other services locally.
* lang/python/Makefile.am: Link to the files.
* lang/python/gpgme.i: Update path.
* lang/python/setup.py.in: Do not add the top builddir to the include
path.
--
To make it easy to build the subpackage using standard tools without
altering environment or CFLAGS, symlink the required artifacts from
source tree into subpackage directory when preparing sources.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* lang/python/Makefile.am: Add 'prepare' target.
--
This enables preparing the package using autoconf then build using
distutils as separate stage.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* lang/cpp/src/Makefile.am,
lang/qt/src/Makefile.am: Replace resolved_includedir.
* lang/cpp/src/GpgmeppConfig.cmake.in.in,
lang/qt/src/QGpgmeConfig.cmake.in.in: Use resolved_includedir
instead of relying on a common installation prefix.
--
This fixes usage of the config files in case gpgme
is configured with a custom --includedir.
We have to do the replacement manually like for libdir
because configure would include variables in the replacement.
* lang/python/Makefile.am: Pass 'top_builddir' to 'setup.py'.
* lang/python/gpgme.i: Include 'config.h'.
* lang/python/helpers.c: Likewise.
* lang/python/helpers.h: Likewise.
* lang/python/setup.py.in: Make sure that 'config.h' can be found.
--
Fixes build on 32 bit platforms with large file support.
Signed-off-by: Justus Winter <justus@g10code.com>
* THANKS, doc/ChangeLog-2011, tests/ChangeLog-2011,
tests/gpg/geheim.txt: convert from iso 8859-1 to utf-8.
* lang/qt/src/dataprovider.cpp, lang/qt/src/qgpgmerefreshkeysjob.cpp,
lang/qt/src/qgpgmesecretkeyexportjob.cpp: replace U+FFFD REPLACEMENT
CHARACTER with proper U+00E4 LATIN SMALL LETTER A WITH DIAERESIS.
--
Note that src/versioninfo.rc.in is still ISO-8859-1. I don't know
whether Windows will properly handle UTF-8 in this file or not, so i
have not touched it.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* lang/cpp/src/context.cpp
(Context::signaturePolicyURL): return nullptr on default
(to_tofu_policy_t): add default case for unknown
* lang/cpp/src/key.cpp
(Key::primaryFingerprint): return nullptr on default
* lang/cpp/src/tofuinfo.cpp
(GpgME::TofuInfo::policy): add default case for unknown
Signed-off-by: Andreas Stieger <astieger@suse.com>
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* lang/python/Makefile.am (SUBDIRS): Make current dir fist.
* lang/python/tests/Makefile.am (xcheck): Depend on pubring-stamp.
(CLEANFILES): Remove private-keys-v1.d/gpg-sample.stamp.
(check-local): Remove.
(initial.py): Remove dependency.
(./pubring-stamp): Depend on conf files and the
private-keys-v1.d/gpg-sample.stamp file. Also replace use of
basename.
--
This addresses the problem that two rules might run the private keys
copy rule and due to the files being chmod -w during make discheck the
second process running that rule's cp would get a permission error.
Signed-off-by: Werner Koch <wk@gnupg.org>
* lang/python/tests/Makefile.am (./pubring-stamp): Use --batch with
GPG to avoid Pinentries during import when using GnuPG >= 2.1.
Replace touch by echo.
* tests/gpg/Makefile.am (./pubring-stamp): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* lang/qt/tests/Makefile.am (clean-local): Avoid non-portable "--"
* lang/python/Makefile.am (copystamp): Use well defined cp -R instead
of cp -r.
Signed-off-by: Werner Koch <wk@gnupg.org>
* lang/qt/tests/t-tofuinfo.cpp (testTofuPolicy): Add
debug output.
--
The debug output is only emitted before a failure of the
test in case a keylisting of bravo@example.net fails which
it should never do.