unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#51956] [PATCH] On core-updates-frozen, geary is criminally outdated
@ 2021-11-18 19:25 Vivien Kraus via Guix-patches via
       [not found] ` <handler.51956.B.163726359315148.ack@debbugs.gnu.org>
  2021-11-19 13:20 ` bug#51956: [PATCH] On core-updates-frozen, geary is criminally outdated Ludovic Courtès
  0 siblings, 2 replies; 3+ messages in thread
From: Vivien Kraus via Guix-patches via @ 2021-11-18 19:25 UTC (permalink / raw)
  To: 51956


[-- Attachment #1.1: Type: text/plain, Size: 281 bytes --]


Dear guix,

I finally managed to upgrade geary. The latest release lacks the GMime
3.0 vapi, and that’s not something we can generate easily (there’s
custom metadata and custom code), so I had to install it with gmime.

What do you think?

Best regards,

Vivien


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: Let gmime install its vapi --]
[-- Type: text/x-patch, Size: 1220 bytes --]

From 65c6544aca89c3a8797de22861f06a3f7bb831bf Mon Sep 17 00:00:00 2001
From: Vivien Kraus <vivien@planete-kraus.eu>
Date: Thu, 18 Nov 2021 19:44:03 +0100
Subject: [PATCH 1/2] gnu: gmime: Install the vapi file.

* gnu/packages/mail.scm (gmime)[configure flags]: Build the vapi file.
[native-inputs]: Add vala.
---
 gnu/packages/mail.scm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index c92ec14c04..c3be5330f3 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -727,13 +727,14 @@ (define-public gmime
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("gnupg" ,gnupg)                 ; for tests only
-       ("gobject-introspection" ,gobject-introspection)))
+       ("gobject-introspection" ,gobject-introspection)
+       ("vala" ,vala)))
     (inputs `(("glib" ,glib)
               ("gpgme" ,gpgme)
               ("zlib" ,zlib)))
     (arguments
      `(#:configure-flags
-         (list "--enable-introspection=yes")
+         (list "--enable-introspection=yes" "--enable-vapigen=yes")
        #:phases
        (modify-phases %standard-phases
          (add-after
-- 
2.34.0


[-- Attachment #1.3: Upgrade geary to 40.0 --]
[-- Type: text/x-patch, Size: 12354 bytes --]

From cf80e70f47532fa5057755b6e08cc6ea1a346a1f Mon Sep 17 00:00:00 2001
From: Vivien Kraus <vivien@planete-kraus.eu>
Date: Wed, 10 Nov 2021 20:18:46 +0000
Subject: [PATCH 2/2] gnu: geary: Upgrade to 40.0

* gnu/packages/gnome.scm (geary): Upgrade to 40.0.
---
 gnu/local.mk                                  |   1 -
 gnu/packages/gnome.scm                        |  52 ++++---
 .../patches/geary-CVE-2020-24661.patch        | 133 ------------------
 3 files changed, 35 insertions(+), 151 deletions(-)
 delete mode 100644 gnu/packages/patches/geary-CVE-2020-24661.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index f25548f137..d35be45f76 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1111,7 +1111,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/gdm-elogind-support.patch		\
   %D%/packages/patches/gdm-remove-hardcoded-xwayland-path.patch	\
   %D%/packages/patches/gdm-wayland-session-wrapper-from-env.patch	\
-  %D%/packages/patches/geary-CVE-2020-24661.patch		\
   %D%/packages/patches/genimage-mke2fs-test.patch		\
   %D%/packages/patches/geoclue-config.patch			\
   %D%/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch	\
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index ca4ed25fe3..ce00783692 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -140,6 +140,7 @@ (define-module (gnu packages gnome)
   #:use-module (gnu packages inkscape)
   #:use-module (gnu packages iso-codes)
   #:use-module (gnu packages kerberos)
+  #:use-module (gnu packages language)
   #:use-module (gnu packages libcanberra)
   #:use-module (gnu packages libffi)
   #:use-module (gnu packages libunistring)
@@ -11739,34 +11740,46 @@ (define-public gnome-boxes
 (define-public geary
   (package
     (name "geary")
-    (version "3.34.1")
+    (version "40.0")
     (source (origin
               (method git-fetch)
               (uri (git-reference
-                    (url "https://gitlab.gnome.org/GNOME/geary")
-                    (commit version)))
+                    (url "https://gitlab.gnome.org/GNOME/geary.git")
+                    (commit (string-append "gnome-" version))))
               (file-name (git-file-name name version))
               (sha256
                (base32
-                "01cc921kyh3zxz07biqbdzkjgmdcc36kwjyajm4y382a75cl5zg7"))
-              (patches (search-patches "geary-CVE-2020-24661.patch"))))
+                "04hvw86r8sczvjm1z3ls5y5y5h6nyfb648rjkfx05ib00mqq5v1x"))))
     (build-system meson-build-system)
     (arguments
      `(#:glib-or-gtk? #t
+       #:configure-flags
+       '("-Dprofile=release")
        #:phases (modify-phases %standard-phases
                   (add-after 'unpack 'disable-failing-tests
                     (lambda _
-                      (substitute* "test/meson.build"
-                        (("test\\('client-tests', geary_test_client_bin\\)")
-                         ""))
-                      #t))
+                      (substitute* "test/test-client.vala"
+                        (("client.add_suite\\(new Application.CertificateManagerTest\\(\\).suite\\);")
+                         ""))))
+                  (add-after 'unpack 'generate-vapis
+                    (lambda* (#:key inputs #:allow-other-keys)
+                      ;; It’s not possible to generate the GMime vapi, because
+                      ;; there’s custom metadata that gmime didn’t
+                      ;; install. Thus, the vapi should be built and installed
+                      ;; with gmime.
+                      (define gmime
+                        (assoc-ref inputs "gmime"))
+                      (copy-file (string-append gmime "/share/vala/vapi/gmime-3.0.vapi")
+                                 "bindings/vapi/gmime-3.0.vapi")))
                   (add-after 'unpack 'disable-postinstall-script
                     (lambda _
-                      (substitute* "meson.build"
-                        (("meson.add_install_script\\(\
-join_paths\\('build-aux', 'post_install.py'\\)\\)")
-                         ""))
-                      #t))
+                      (substitute* "build-aux/post_install.py"
+                        (("gtk-update-icon-cache")
+                         "true"))))
+                  (add-before 'check 'setup-home
+                    (lambda _
+                      ;; Tests require a writable HOME.
+                      (setenv "HOME" (getcwd))))
                   (add-before 'check 'setup-xvfb
                     (lambda _
                       (system "Xvfb :1 &")
@@ -11777,28 +11790,33 @@ (define-public geary
        ("folks" ,folks)
        ("gcr" ,gcr)
        ("glib" ,glib)
-       ("gmime" ,gmime-2.6)
+       ("gmime" ,gmime)
        ("gnome-online-accounts:lib"
         ,gnome-online-accounts "lib")
+       ("gsettings-desktop-schemas" ,gsettings-desktop-schemas)
        ("gspell" ,gspell)
+       ("gsound" ,gsound)
        ("gtk+" ,gtk+)
        ("iso-codes" ,iso-codes)
        ("json-glib" ,json-glib)
        ("libcanberra" ,libcanberra)
        ("libgee" ,libgee)
-       ("libhandy" ,libhandy-0.0)
+       ("libhandy" ,libhandy)
        ("libpeas" ,libpeas)
        ("libsecret" ,libsecret)
+       ("libstemmer" ,libstemmer)
        ("libunwind" ,libunwind)
        ("sqlite" ,sqlite)
-       ("webkitgtk" ,webkitgtk)
+       ("webkitgtk" ,webkitgtk-with-libsoup2)
        ("ytnef" ,ytnef)))
     (native-inputs
      `(("appstream-glib" ,appstream-glib)
        ("cmake-minimal" ,cmake-minimal)
        ("desktop-file-utils" ,desktop-file-utils)
        ("gettext" ,gettext-minimal)
+       ("glib" ,glib)
        ("glib:bin" ,glib "bin")
+       ("gmime" ,gmime)
        ("gobject-introspection" ,gobject-introspection)
        ("itstool" ,itstool)
        ("libarchive" ,libarchive)
diff --git a/gnu/packages/patches/geary-CVE-2020-24661.patch b/gnu/packages/patches/geary-CVE-2020-24661.patch
deleted file mode 100644
index 6cbc224786..0000000000
--- a/gnu/packages/patches/geary-CVE-2020-24661.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-From d4e86dc91e1d8a940dc40872fe94ef9ac0fed1b5 Mon Sep 17 00:00:00 2001
-From: Michael Gratton <mike@vee.net>
-Date: Tue, 25 Aug 2020 03:54:09 +0000
-Subject: [PATCH] Merge branch 'mjog/866-self-signed-certificates' into
- 'mainline'
-
-Fix invalid certificate pinning when GCR support is unavailable
-
-Closes #866
-
-See merge request GNOME/geary!529
-
-(cherry picked from commit 423a55b00f1dc6bee9dc17e67c0aea6f42387a77)
-
-5088adfe Application.CertificateManager: Rename some methods for clarity
-0d957559 Application.CertificateManager: Check locally pinned certs for equality
----
- .../application-certificate-manager.vala      | 44 +++++++++----------
- 1 file changed, 22 insertions(+), 22 deletions(-)
-
-diff --git a/src/client/application/application-certificate-manager.vala b/src/client/application/application-certificate-manager.vala
-index 4881d73c0..65f6af4fa 100644
---- a/src/client/application/application-certificate-manager.vala
-+++ b/src/client/application/application-certificate-manager.vala
-@@ -381,8 +381,8 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
-         GLib.TlsCertificateFlags ret = this.parent.verify_chain(
-             chain, purpose, identity, interaction, flags, cancellable
-         );
--        if (should_verify(ret, purpose, identity) &&
--            verify(chain, identity, cancellable)) {
-+        if (check_pinned(ret, purpose, identity) &&
-+            is_pinned(chain, identity, cancellable)) {
-             ret = 0;
-         }
-         return ret;
-@@ -399,16 +399,16 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
-         GLib.TlsCertificateFlags ret = yield this.parent.verify_chain_async(
-             chain, purpose, identity, interaction, flags, cancellable
-         );
--        if (should_verify(ret, purpose, identity) &&
--            yield verify_async(chain, identity, cancellable)) {
-+        if (check_pinned(ret, purpose, identity) &&
-+            yield is_pinned_async(chain, identity, cancellable)) {
-             ret = 0;
-         }
-         return ret;
-     }
- 
--    private inline bool should_verify(GLib.TlsCertificateFlags parent_ret,
--                                      string purpose,
--                                      GLib.SocketConnectable? identity) {
-+    private inline bool check_pinned(GLib.TlsCertificateFlags parent_ret,
-+                                     string purpose,
-+                                     GLib.SocketConnectable? identity) {
-         // If the parent didn't verify, check for a locally pinned
-         // cert if it looks like we should, but always reject revoked
-         // certs
-@@ -420,22 +420,22 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
-         );
-     }
- 
--    private bool verify(GLib.TlsCertificate chain,
--                        GLib.SocketConnectable identity,
--                        GLib.Cancellable? cancellable)
-+    private bool is_pinned(GLib.TlsCertificate chain,
-+                           GLib.SocketConnectable identity,
-+                           GLib.Cancellable? cancellable)
-         throws GLib.Error {
--        bool is_verified = false;
-+        bool is_pinned = false;
-         string id = to_name(identity);
-         TrustContext? context = null;
-         lock (this.pinned_certs) {
-             context = this.pinned_certs.get(id);
-             if (context != null) {
--                is_verified = true;
-+                is_pinned = context.certificate.is_same(chain);
-             } else {
-                 // Cert not found in memory, check with GCR if
-                 // enabled.
-                 if (this.use_gcr) {
--                    is_verified = gcr_trust_is_certificate_pinned(
-+                    is_pinned = gcr_trust_is_certificate_pinned(
-                         new Gcr.SimpleCertificate(chain.certificate.data),
-                         GLib.TlsDatabase.PURPOSE_AUTHENTICATE_SERVER,
-                         id,
-@@ -443,7 +443,7 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
-                     );
-                 }
- 
--                if (!is_verified) {
-+                if (!is_pinned) {
-                     // Cert is not pinned in memory or in GCR, so look
-                     // for it on disk. Do this even if GCR support is
-                     // enabled, since if the cert was previously saved
-@@ -453,7 +453,7 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
-                             this.store_dir, id, cancellable
-                         );
-                         this.pinned_certs.set(id, context);
--                        is_verified = true;
-+                        is_pinned = context.certificate.is_same(chain);
-                     } catch (GLib.IOError.NOT_FOUND err) {
-                         // Cert was not found saved, so it not pinned
-                     } catch (GLib.Error err) {
-@@ -465,18 +465,18 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
-                 }
-             }
-         }
--        return is_verified;
-+        return is_pinned;
-     }
- 
--    private async bool verify_async(GLib.TlsCertificate chain,
--                                    GLib.SocketConnectable identity,
--                                    GLib.Cancellable? cancellable)
-+    private async bool is_pinned_async(GLib.TlsCertificate chain,
-+                                       GLib.SocketConnectable identity,
-+                                       GLib.Cancellable? cancellable)
-         throws GLib.Error {
--        bool is_valid = false;
-+        bool pinned = false;
-         yield Geary.Nonblocking.Concurrent.global.schedule_async(() => {
--                is_valid = verify(chain, identity, cancellable);
-+                pinned = is_pinned(chain, identity, cancellable);
-             }, cancellable);
--        return is_valid;
-+        return pinned;
-     }
- 
-     private TrustContext? lookup_id(string id) {
--- 
-GitLab
-
-- 
2.34.0


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 658 bytes --]

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [bug#51956] Acknowledgement ([PATCH] On core-updates-frozen, geary is criminally outdated)
       [not found] ` <handler.51956.B.163726359315148.ack@debbugs.gnu.org>
@ 2021-11-18 20:28   ` Vivien Kraus via Guix-patches via
  0 siblings, 0 replies; 3+ messages in thread
From: Vivien Kraus via Guix-patches via @ 2021-11-18 20:28 UTC (permalink / raw)
  To: 51956


[-- Attachment #1.1: Type: text/plain, Size: 111 bytes --]


If we enable experimental support for gmime 3.0 in pan, we can get rid
of gmime 2.6. Is it worth it?

Vivien


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: 0001-gnu-gmime-Install-the-vapi-file.patch --]
[-- Type: text/x-patch, Size: 1220 bytes --]

From 11b027d7b34a2ac2e8591d4db2bb9a2d8086024e Mon Sep 17 00:00:00 2001
From: Vivien Kraus <vivien@planete-kraus.eu>
Date: Thu, 18 Nov 2021 19:44:03 +0100
Subject: [PATCH 1/3] gnu: gmime: Install the vapi file.

* gnu/packages/mail.scm (gmime)[configure flags]: Build the vapi file.
[native-inputs]: Add vala.
---
 gnu/packages/mail.scm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index c92ec14c04..c3be5330f3 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -727,13 +727,14 @@ (define-public gmime
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("gnupg" ,gnupg)                 ; for tests only
-       ("gobject-introspection" ,gobject-introspection)))
+       ("gobject-introspection" ,gobject-introspection)
+       ("vala" ,vala)))
     (inputs `(("glib" ,glib)
               ("gpgme" ,gpgme)
               ("zlib" ,zlib)))
     (arguments
      `(#:configure-flags
-         (list "--enable-introspection=yes")
+         (list "--enable-introspection=yes" "--enable-vapigen=yes")
        #:phases
        (modify-phases %standard-phases
          (add-after
-- 
2.34.0


[-- Attachment #1.3: 0002-gnu-geary-Upgrade-to-40.0.patch --]
[-- Type: text/x-patch, Size: 12354 bytes --]

From 889e93849db8434abbfcfd63d30979a57535f6e5 Mon Sep 17 00:00:00 2001
From: Vivien Kraus <vivien@planete-kraus.eu>
Date: Wed, 10 Nov 2021 20:18:46 +0000
Subject: [PATCH 2/3] gnu: geary: Upgrade to 40.0

* gnu/packages/gnome.scm (geary): Upgrade to 40.0.
---
 gnu/local.mk                                  |   1 -
 gnu/packages/gnome.scm                        |  52 ++++---
 .../patches/geary-CVE-2020-24661.patch        | 133 ------------------
 3 files changed, 35 insertions(+), 151 deletions(-)
 delete mode 100644 gnu/packages/patches/geary-CVE-2020-24661.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index f25548f137..d35be45f76 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1111,7 +1111,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/gdm-elogind-support.patch		\
   %D%/packages/patches/gdm-remove-hardcoded-xwayland-path.patch	\
   %D%/packages/patches/gdm-wayland-session-wrapper-from-env.patch	\
-  %D%/packages/patches/geary-CVE-2020-24661.patch		\
   %D%/packages/patches/genimage-mke2fs-test.patch		\
   %D%/packages/patches/geoclue-config.patch			\
   %D%/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch	\
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 8d382d411c..78042c4939 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -140,6 +140,7 @@ (define-module (gnu packages gnome)
   #:use-module (gnu packages inkscape)
   #:use-module (gnu packages iso-codes)
   #:use-module (gnu packages kerberos)
+  #:use-module (gnu packages language)
   #:use-module (gnu packages libcanberra)
   #:use-module (gnu packages libffi)
   #:use-module (gnu packages libunistring)
@@ -11737,34 +11738,46 @@ (define-public gnome-boxes
 (define-public geary
   (package
     (name "geary")
-    (version "3.34.1")
+    (version "40.0")
     (source (origin
               (method git-fetch)
               (uri (git-reference
-                    (url "https://gitlab.gnome.org/GNOME/geary")
-                    (commit version)))
+                    (url "https://gitlab.gnome.org/GNOME/geary.git")
+                    (commit (string-append "gnome-" version))))
               (file-name (git-file-name name version))
               (sha256
                (base32
-                "01cc921kyh3zxz07biqbdzkjgmdcc36kwjyajm4y382a75cl5zg7"))
-              (patches (search-patches "geary-CVE-2020-24661.patch"))))
+                "04hvw86r8sczvjm1z3ls5y5y5h6nyfb648rjkfx05ib00mqq5v1x"))))
     (build-system meson-build-system)
     (arguments
      `(#:glib-or-gtk? #t
+       #:configure-flags
+       '("-Dprofile=release")
        #:phases (modify-phases %standard-phases
                   (add-after 'unpack 'disable-failing-tests
                     (lambda _
-                      (substitute* "test/meson.build"
-                        (("test\\('client-tests', geary_test_client_bin\\)")
-                         ""))
-                      #t))
+                      (substitute* "test/test-client.vala"
+                        (("client.add_suite\\(new Application.CertificateManagerTest\\(\\).suite\\);")
+                         ""))))
+                  (add-after 'unpack 'generate-vapis
+                    (lambda* (#:key inputs #:allow-other-keys)
+                      ;; It’s not possible to generate the GMime vapi, because
+                      ;; there’s custom metadata that gmime didn’t
+                      ;; install. Thus, the vapi should be built and installed
+                      ;; with gmime.
+                      (define gmime
+                        (assoc-ref inputs "gmime"))
+                      (copy-file (string-append gmime "/share/vala/vapi/gmime-3.0.vapi")
+                                 "bindings/vapi/gmime-3.0.vapi")))
                   (add-after 'unpack 'disable-postinstall-script
                     (lambda _
-                      (substitute* "meson.build"
-                        (("meson.add_install_script\\(\
-join_paths\\('build-aux', 'post_install.py'\\)\\)")
-                         ""))
-                      #t))
+                      (substitute* "build-aux/post_install.py"
+                        (("gtk-update-icon-cache")
+                         "true"))))
+                  (add-before 'check 'setup-home
+                    (lambda _
+                      ;; Tests require a writable HOME.
+                      (setenv "HOME" (getcwd))))
                   (add-before 'check 'setup-xvfb
                     (lambda _
                       (system "Xvfb :1 &")
@@ -11775,28 +11788,33 @@ (define-public geary
        ("folks" ,folks)
        ("gcr" ,gcr)
        ("glib" ,glib)
-       ("gmime" ,gmime-2.6)
+       ("gmime" ,gmime)
        ("gnome-online-accounts:lib"
         ,gnome-online-accounts "lib")
+       ("gsettings-desktop-schemas" ,gsettings-desktop-schemas)
        ("gspell" ,gspell)
+       ("gsound" ,gsound)
        ("gtk+" ,gtk+)
        ("iso-codes" ,iso-codes)
        ("json-glib" ,json-glib)
        ("libcanberra" ,libcanberra)
        ("libgee" ,libgee)
-       ("libhandy" ,libhandy-0.0)
+       ("libhandy" ,libhandy)
        ("libpeas" ,libpeas)
        ("libsecret" ,libsecret)
+       ("libstemmer" ,libstemmer)
        ("libunwind" ,libunwind)
        ("sqlite" ,sqlite)
-       ("webkitgtk" ,webkitgtk)
+       ("webkitgtk" ,webkitgtk-with-libsoup2)
        ("ytnef" ,ytnef)))
     (native-inputs
      `(("appstream-glib" ,appstream-glib)
        ("cmake-minimal" ,cmake-minimal)
        ("desktop-file-utils" ,desktop-file-utils)
        ("gettext" ,gettext-minimal)
+       ("glib" ,glib)
        ("glib:bin" ,glib "bin")
+       ("gmime" ,gmime)
        ("gobject-introspection" ,gobject-introspection)
        ("itstool" ,itstool)
        ("libarchive" ,libarchive)
diff --git a/gnu/packages/patches/geary-CVE-2020-24661.patch b/gnu/packages/patches/geary-CVE-2020-24661.patch
deleted file mode 100644
index 6cbc224786..0000000000
--- a/gnu/packages/patches/geary-CVE-2020-24661.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-From d4e86dc91e1d8a940dc40872fe94ef9ac0fed1b5 Mon Sep 17 00:00:00 2001
-From: Michael Gratton <mike@vee.net>
-Date: Tue, 25 Aug 2020 03:54:09 +0000
-Subject: [PATCH] Merge branch 'mjog/866-self-signed-certificates' into
- 'mainline'
-
-Fix invalid certificate pinning when GCR support is unavailable
-
-Closes #866
-
-See merge request GNOME/geary!529
-
-(cherry picked from commit 423a55b00f1dc6bee9dc17e67c0aea6f42387a77)
-
-5088adfe Application.CertificateManager: Rename some methods for clarity
-0d957559 Application.CertificateManager: Check locally pinned certs for equality
----
- .../application-certificate-manager.vala      | 44 +++++++++----------
- 1 file changed, 22 insertions(+), 22 deletions(-)
-
-diff --git a/src/client/application/application-certificate-manager.vala b/src/client/application/application-certificate-manager.vala
-index 4881d73c0..65f6af4fa 100644
---- a/src/client/application/application-certificate-manager.vala
-+++ b/src/client/application/application-certificate-manager.vala
-@@ -381,8 +381,8 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
-         GLib.TlsCertificateFlags ret = this.parent.verify_chain(
-             chain, purpose, identity, interaction, flags, cancellable
-         );
--        if (should_verify(ret, purpose, identity) &&
--            verify(chain, identity, cancellable)) {
-+        if (check_pinned(ret, purpose, identity) &&
-+            is_pinned(chain, identity, cancellable)) {
-             ret = 0;
-         }
-         return ret;
-@@ -399,16 +399,16 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
-         GLib.TlsCertificateFlags ret = yield this.parent.verify_chain_async(
-             chain, purpose, identity, interaction, flags, cancellable
-         );
--        if (should_verify(ret, purpose, identity) &&
--            yield verify_async(chain, identity, cancellable)) {
-+        if (check_pinned(ret, purpose, identity) &&
-+            yield is_pinned_async(chain, identity, cancellable)) {
-             ret = 0;
-         }
-         return ret;
-     }
- 
--    private inline bool should_verify(GLib.TlsCertificateFlags parent_ret,
--                                      string purpose,
--                                      GLib.SocketConnectable? identity) {
-+    private inline bool check_pinned(GLib.TlsCertificateFlags parent_ret,
-+                                     string purpose,
-+                                     GLib.SocketConnectable? identity) {
-         // If the parent didn't verify, check for a locally pinned
-         // cert if it looks like we should, but always reject revoked
-         // certs
-@@ -420,22 +420,22 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
-         );
-     }
- 
--    private bool verify(GLib.TlsCertificate chain,
--                        GLib.SocketConnectable identity,
--                        GLib.Cancellable? cancellable)
-+    private bool is_pinned(GLib.TlsCertificate chain,
-+                           GLib.SocketConnectable identity,
-+                           GLib.Cancellable? cancellable)
-         throws GLib.Error {
--        bool is_verified = false;
-+        bool is_pinned = false;
-         string id = to_name(identity);
-         TrustContext? context = null;
-         lock (this.pinned_certs) {
-             context = this.pinned_certs.get(id);
-             if (context != null) {
--                is_verified = true;
-+                is_pinned = context.certificate.is_same(chain);
-             } else {
-                 // Cert not found in memory, check with GCR if
-                 // enabled.
-                 if (this.use_gcr) {
--                    is_verified = gcr_trust_is_certificate_pinned(
-+                    is_pinned = gcr_trust_is_certificate_pinned(
-                         new Gcr.SimpleCertificate(chain.certificate.data),
-                         GLib.TlsDatabase.PURPOSE_AUTHENTICATE_SERVER,
-                         id,
-@@ -443,7 +443,7 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
-                     );
-                 }
- 
--                if (!is_verified) {
-+                if (!is_pinned) {
-                     // Cert is not pinned in memory or in GCR, so look
-                     // for it on disk. Do this even if GCR support is
-                     // enabled, since if the cert was previously saved
-@@ -453,7 +453,7 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
-                             this.store_dir, id, cancellable
-                         );
-                         this.pinned_certs.set(id, context);
--                        is_verified = true;
-+                        is_pinned = context.certificate.is_same(chain);
-                     } catch (GLib.IOError.NOT_FOUND err) {
-                         // Cert was not found saved, so it not pinned
-                     } catch (GLib.Error err) {
-@@ -465,18 +465,18 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
-                 }
-             }
-         }
--        return is_verified;
-+        return is_pinned;
-     }
- 
--    private async bool verify_async(GLib.TlsCertificate chain,
--                                    GLib.SocketConnectable identity,
--                                    GLib.Cancellable? cancellable)
-+    private async bool is_pinned_async(GLib.TlsCertificate chain,
-+                                       GLib.SocketConnectable identity,
-+                                       GLib.Cancellable? cancellable)
-         throws GLib.Error {
--        bool is_valid = false;
-+        bool pinned = false;
-         yield Geary.Nonblocking.Concurrent.global.schedule_async(() => {
--                is_valid = verify(chain, identity, cancellable);
-+                pinned = is_pinned(chain, identity, cancellable);
-             }, cancellable);
--        return is_valid;
-+        return pinned;
-     }
- 
-     private TrustContext? lookup_id(string id) {
--- 
-GitLab
-
-- 
2.34.0


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.4: 0003-gnu-pan-Use-gmime-3.0.patch --]
[-- Type: text/x-patch, Size: 2017 bytes --]

From 48e6b0dd3bb67e2a62788a5f075f6afecd33db89 Mon Sep 17 00:00:00 2001
From: Vivien Kraus <vivien@planete-kraus.eu>
Date: Thu, 18 Nov 2021 21:26:58 +0100
Subject: [PATCH 3/3] gnu: pan: Use gmime 3.0.

* gnu/packages/mail.scm (pan) [configure-flags]: Enable gmime 3.0.
[inputs]: Use gmime 3.0.
* gnu/packages/mail.scm (gmime-2.6): Remove it.
---
 gnu/packages/mail.scm | 17 ++---------------
 1 file changed, 2 insertions(+), 15 deletions(-)

diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index c3be5330f3..53ee69ae0f 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -760,20 +760,6 @@ (define-public gmime
 Extension (MIME).")
     (license (list license:lgpl2.1+ license:gpl2+ license:gpl3+))))
 
-;; Some packages are not ready for GMime 3 yet.
-(define-public gmime-2.6
-  (package
-    (inherit gmime)
-    (version "2.6.23")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "mirror://gnome/sources/gmime/"
-                                  (version-major+minor version)
-                                  "/gmime-" version ".tar.xz"))
-              (sha256
-               (base32
-                "0slzlzcr3h8jikpz5a5amqd0csqh2m40gdk910ws2hnaf5m6hjbi"))))))
-
 (define-public altermime
   (package
     (name "altermime")
@@ -3875,6 +3861,7 @@ (define-public pan
         (base32 "0960siaf0r6m18kv0d8aqpf36x2xbsfcvk07kswlany7jbxrhylr"))))
     (arguments
      `(#:configure-flags '("--with-gtk3" "--with-gtkspell" "--with-gnutls"
+                           "--with-gmime30"
                            "--enable-libnotify" "--enable-manual"
                            "--enable-gkr")
        #:phases
@@ -3887,7 +3874,7 @@ (define-public pan
                                             "/bin/gpg\"")))
              #t)))))
     (inputs
-     `(("gmime" ,gmime-2.6)
+     `(("gmime" ,gmime)
        ("gnupg" ,gnupg)
        ("gnutls" ,gnutls)
        ("gtk+" ,gtk+)
-- 
2.34.0


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 658 bytes --]

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* bug#51956: [PATCH] On core-updates-frozen, geary is criminally outdated
  2021-11-18 19:25 [bug#51956] [PATCH] On core-updates-frozen, geary is criminally outdated Vivien Kraus via Guix-patches via
       [not found] ` <handler.51956.B.163726359315148.ack@debbugs.gnu.org>
@ 2021-11-19 13:20 ` Ludovic Courtès
  1 sibling, 0 replies; 3+ messages in thread
From: Ludovic Courtès @ 2021-11-19 13:20 UTC (permalink / raw)
  To: Vivien Kraus; +Cc: 51956-done

Hi!

Vivien Kraus <vivien@planete-kraus.eu> skribis:

> I finally managed to upgrade geary. The latest release lacks the GMime
> 3.0 vapi, and that’s not something we can generate easily (there’s
> custom metadata and custom code), so I had to install it with gmime.
>
> What do you think?

No strong opinion, LGTM.

> From 65c6544aca89c3a8797de22861f06a3f7bb831bf Mon Sep 17 00:00:00 2001
> From: Vivien Kraus <vivien@planete-kraus.eu>
> Date: Thu, 18 Nov 2021 19:44:03 +0100
> Subject: [PATCH 1/2] gnu: gmime: Install the vapi file.
>
> * gnu/packages/mail.scm (gmime)[configure flags]: Build the vapi file.
> [native-inputs]: Add vala.

[...]

> From cf80e70f47532fa5057755b6e08cc6ea1a346a1f Mon Sep 17 00:00:00 2001
> From: Vivien Kraus <vivien@planete-kraus.eu>
> Date: Wed, 10 Nov 2021 20:18:46 +0000
> Subject: [PATCH 2/2] gnu: geary: Upgrade to 40.0
>
> * gnu/packages/gnome.scm (geary): Upgrade to 40.0.

Applied!

Let’s discuss the possibility of getting rid of gmime 2.6 separately.

Thanks,
Ludo’.




^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-11-19 13:24 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-18 19:25 [bug#51956] [PATCH] On core-updates-frozen, geary is criminally outdated Vivien Kraus via Guix-patches via
     [not found] ` <handler.51956.B.163726359315148.ack@debbugs.gnu.org>
2021-11-18 20:28   ` [bug#51956] Acknowledgement ([PATCH] On core-updates-frozen, geary is criminally outdated) Vivien Kraus via Guix-patches via
2021-11-19 13:20 ` bug#51956: [PATCH] On core-updates-frozen, geary is criminally outdated Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).