bug#19960: epg: allow passing --keyring values via new epg-context-keyrings

bug#19960: epg: allow passing --keyring values via new epg-context-keyrings

[Ivan Shmakov]

[-- Attachment #1: Type: text/plain, Size: 503 bytes --]

Package:  emacs
Severity: wishlist
Tags: patch

	Please consider the patch MIMEd.

	* lisp/epg.el (epg-context): New slot: keyrings.
	(epg--start): Use it.
	(epg--list-keys-1): Likewise.  (Bug#???)

	An example code making use of this change (assuming that the
	extra keyring is available at the location usual to Debian
	Jessie) is also MIMEd.

	(Tested on 619fc5c197eb, 2015-02-26 18:09:48 UTC.)

-- 
FSF associate member #7257  np. Gates of Tomorrow — Iron Maiden   … 230E 334A

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Type: text/diff, Size: 1283 bytes --]

diff --git a/lisp/epg.el b/lisp/epg.el
index f665453..0768697 100644
--- a/lisp/epg.el
+++ b/lisp/epg.el
@@ -197,6 +197,7 @@ cl-defstruct epg-context
   protocol
   program
   (home-directory epg-gpg-home-directory)
+  keyrings
   armor
   textmode
   include-certs
@@ -570,6 +571,11 @@ defun epg--start (context args)
 		       (if (epg-context-home-directory context)
 			   (list "--homedir"
 				 (epg-context-home-directory context)))
+		       (if (epg-context-keyrings context)
+			   (apply #'nconc
+				  (mapcar (lambda (elt)
+					    (list "--keyring" elt))
+					  (epg-context-keyrings context))))
 		       (unless (eq (epg-context-protocol context) 'CMS)
 			 '("--command-fd" "0"))
 		       (if (epg-context-armor context) '("--armor"))
@@ -1263,6 +1269,11 @@ defun epg--list-keys-1 (context name mode)
   (let ((args (append (if (epg-context-home-directory context)
 			  (list "--homedir"
 				(epg-context-home-directory context)))
+		       (if (epg-context-keyrings context)
+			   (apply #'nconc
+				  (mapcar (lambda (elt)
+					    (list "--keyring" elt))
+					  (epg-context-keyrings context))))
 		      '("--with-colons" "--no-greeting" "--batch"
 			"--with-fingerprint" "--with-fingerprint")
 		      (unless (eq (epg-context-protocol context) 'CMS)

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #3: Type: text/emacs-lisp, Size: 940 bytes --]

(let ((cx (epg-make-context 'OpenPGP))
      (s  (with-current-buffer
              (url-retrieve-synchronously
               "http://snapshot.debian.org/archive/debian/20140501T070413Z/dists/jessie/InRelease")
            (buffer-substring-no-properties
             url-http-end-of-headers (point-max))))
      a b)
  (setq a (progn
            (epg-verify-string cx s)
            (epg-context-result-for cx 'verify)))
  (push "/etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg"
        (epg-context-keyrings cx))
  (setq b (progn
            (epg-verify-string cx s)
            (epg-context-result-for cx 'verify)))
  ;; .
  (list a b))
;; Expected result:
; (([cl-struct-epg-signature
;    no-pubkey "8B48AD6246925553" nil nil
;    (21345 . 47158) nil 1 8 1 nil nil])
;  ([cl-struct-epg-signature
;    good "8B48AD6246925553" undefined
;    "A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553"
;    (21345 . 47158) nil 1 8 1 4 nil]))

bug#19960: epg: allow passing --keyring values via new epg-context-keyrings

[Ted Zlatanov]

On Fri, 27 Feb 2015 16:12:49 +0000 Ivan Shmakov <ivan@siamics.net> wrote: 

IS> Package:  emacs
IS> Severity: wishlist
IS> Tags: patch

IS> 	Please consider the patch MIMEd.

IS> 	* lisp/epg.el (epg-context): New slot: keyrings.
IS> 	(epg--start): Use it.
IS> 	(epg--list-keys-1): Likewise.  (Bug#???)

IS> 	An example code making use of this change (assuming that the
IS> 	extra keyring is available at the location usual to Debian
IS> 	Jessie) is also MIMEd.

IS> 	(Tested on 619fc5c197eb, 2015-02-26 18:09:48 UTC.)

I'd find that useful but don't know if Daiki Ueno agrees.

Ted

bug#19960: epg: allow passing --keyring values via new epg-context-keyrings

[Daiki Ueno]

Ted Zlatanov <tzz@lifelogs.com> writes:

> On Fri, 27 Feb 2015 16:12:49 +0000 Ivan Shmakov <ivan@siamics.net> wrote: 
>
> IS> Package:  emacs
> IS> Severity: wishlist
> IS> Tags: patch
>
> IS> 	Please consider the patch MIMEd.
>
> IS> 	* lisp/epg.el (epg-context): New slot: keyrings.
> IS> 	(epg--start): Use it.
> IS> 	(epg--list-keys-1): Likewise.  (Bug#???)
>
> IS> 	An example code making use of this change (assuming that the
> IS> 	extra keyring is available at the location usual to Debian
> IS> 	Jessie) is also MIMEd.
>
> IS> 	(Tested on 619fc5c197eb, 2015-02-26 18:09:48 UTC.)
>
> I'd find that useful but don't know if Daiki Ueno agrees.

Yes, I agree.  One concern is that GPGME doesn't provide the API either,
while the --keyring option has been there for a long time.  Perhaps that
might be on purpose.  Werner, do you have any comments?

Thanks,
-- 
Daiki Ueno

bug#19960: epg: allow passing --keyring values via new epg-context-keyrings

[Werner Koch]

On Tue, 21 Apr 2015 03:40, ueno@gnu.org said:

> Yes, I agree.  One concern is that GPGME doesn't provide the API either,
> while the --keyring option has been there for a long time.  Perhaps that
> might be on purpose.  Werner, do you have any comments?

It is called GnuPG Made Easy and more esoteric workflows would not match
that name.  Using a different keyring may result in some surprising
behaviour and thus I consider it is better to use use a different
GNUPGHOME for a different configuration.  GPMGE has an API to change
this.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

bug#19960: epg: allow passing --keyring values via new epg-context-keyrings

[Daiki Ueno]

Werner Koch <wk@gnupg.org> writes:

> Using a different keyring may result in some surprising behaviour and
> thus I consider it is better to use use a different GNUPGHOME for a
> different configuration.

Thanks, I was expecting so.  Considering that, I'd suggest to make the
patch less generic.  That is, assuming that the main use-case of an
external keyring is signature verification, add an optional argument
KEYRING to epg-verify-*, instead of extending epg-context.

Regards,
-- 
Daiki Ueno

bug#19960: epg: allow passing --keyring values via new epg-context-keyrings

[Ted Zlatanov]

On Tue, 21 Apr 2015 20:16:32 +0900 Daiki Ueno <ueno@gnu.org> wrote: 

DU> Werner Koch <wk@gnupg.org> writes:
>> Using a different keyring may result in some surprising behaviour and
>> thus I consider it is better to use use a different GNUPGHOME for a
>> different configuration.

DU> Thanks, I was expecting so.  Considering that, I'd suggest to make the
DU> patch less generic.  That is, assuming that the main use-case of an
DU> external keyring is signature verification, add an optional argument
DU> KEYRING to epg-verify-*, instead of extending epg-context.

I actively use GnuPG with two separate keyrings for file encryption and
decryption, that's why I thought this was useful. I'd like to keep both
keyrings in one place instead of overriding GPGHOME. But I don't feel
strongly about it and can adapt, if there are downsides I wasn't aware
existed.

Thanks!
Ted