* [bug#51956] [PATCH] On core-updates-frozen, geary is criminally outdated
@ 2021-11-18 19:25 Vivien Kraus via Guix-patches via
[not found] ` <handler.51956.B.163726359315148.ack@debbugs.gnu.org>
2021-11-19 13:20 ` bug#51956: [PATCH] On core-updates-frozen, geary is criminally outdated Ludovic Courtès
0 siblings, 2 replies; 3+ messages in thread
From: Vivien Kraus via Guix-patches via @ 2021-11-18 19:25 UTC (permalink / raw)
To: 51956
[-- Attachment #1.1: Type: text/plain, Size: 281 bytes --]
Dear guix,
I finally managed to upgrade geary. The latest release lacks the GMime
3.0 vapi, and that’s not something we can generate easily (there’s
custom metadata and custom code), so I had to install it with gmime.
What do you think?
Best regards,
Vivien
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: Let gmime install its vapi --]
[-- Type: text/x-patch, Size: 1220 bytes --]
From 65c6544aca89c3a8797de22861f06a3f7bb831bf Mon Sep 17 00:00:00 2001
From: Vivien Kraus <vivien@planete-kraus.eu>
Date: Thu, 18 Nov 2021 19:44:03 +0100
Subject: [PATCH 1/2] gnu: gmime: Install the vapi file.
* gnu/packages/mail.scm (gmime)[configure flags]: Build the vapi file.
[native-inputs]: Add vala.
---
gnu/packages/mail.scm | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index c92ec14c04..c3be5330f3 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -727,13 +727,14 @@ (define-public gmime
(native-inputs
`(("pkg-config" ,pkg-config)
("gnupg" ,gnupg) ; for tests only
- ("gobject-introspection" ,gobject-introspection)))
+ ("gobject-introspection" ,gobject-introspection)
+ ("vala" ,vala)))
(inputs `(("glib" ,glib)
("gpgme" ,gpgme)
("zlib" ,zlib)))
(arguments
`(#:configure-flags
- (list "--enable-introspection=yes")
+ (list "--enable-introspection=yes" "--enable-vapigen=yes")
#:phases
(modify-phases %standard-phases
(add-after
--
2.34.0
[-- Attachment #1.3: Upgrade geary to 40.0 --]
[-- Type: text/x-patch, Size: 12354 bytes --]
From cf80e70f47532fa5057755b6e08cc6ea1a346a1f Mon Sep 17 00:00:00 2001
From: Vivien Kraus <vivien@planete-kraus.eu>
Date: Wed, 10 Nov 2021 20:18:46 +0000
Subject: [PATCH 2/2] gnu: geary: Upgrade to 40.0
* gnu/packages/gnome.scm (geary): Upgrade to 40.0.
---
gnu/local.mk | 1 -
gnu/packages/gnome.scm | 52 ++++---
.../patches/geary-CVE-2020-24661.patch | 133 ------------------
3 files changed, 35 insertions(+), 151 deletions(-)
delete mode 100644 gnu/packages/patches/geary-CVE-2020-24661.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index f25548f137..d35be45f76 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1111,7 +1111,6 @@ dist_patch_DATA = \
%D%/packages/patches/gdm-elogind-support.patch \
%D%/packages/patches/gdm-remove-hardcoded-xwayland-path.patch \
%D%/packages/patches/gdm-wayland-session-wrapper-from-env.patch \
- %D%/packages/patches/geary-CVE-2020-24661.patch \
%D%/packages/patches/genimage-mke2fs-test.patch \
%D%/packages/patches/geoclue-config.patch \
%D%/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch \
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index ca4ed25fe3..ce00783692 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -140,6 +140,7 @@ (define-module (gnu packages gnome)
#:use-module (gnu packages inkscape)
#:use-module (gnu packages iso-codes)
#:use-module (gnu packages kerberos)
+ #:use-module (gnu packages language)
#:use-module (gnu packages libcanberra)
#:use-module (gnu packages libffi)
#:use-module (gnu packages libunistring)
@@ -11739,34 +11740,46 @@ (define-public gnome-boxes
(define-public geary
(package
(name "geary")
- (version "3.34.1")
+ (version "40.0")
(source (origin
(method git-fetch)
(uri (git-reference
- (url "https://gitlab.gnome.org/GNOME/geary")
- (commit version)))
+ (url "https://gitlab.gnome.org/GNOME/geary.git")
+ (commit (string-append "gnome-" version))))
(file-name (git-file-name name version))
(sha256
(base32
- "01cc921kyh3zxz07biqbdzkjgmdcc36kwjyajm4y382a75cl5zg7"))
- (patches (search-patches "geary-CVE-2020-24661.patch"))))
+ "04hvw86r8sczvjm1z3ls5y5y5h6nyfb648rjkfx05ib00mqq5v1x"))))
(build-system meson-build-system)
(arguments
`(#:glib-or-gtk? #t
+ #:configure-flags
+ '("-Dprofile=release")
#:phases (modify-phases %standard-phases
(add-after 'unpack 'disable-failing-tests
(lambda _
- (substitute* "test/meson.build"
- (("test\\('client-tests', geary_test_client_bin\\)")
- ""))
- #t))
+ (substitute* "test/test-client.vala"
+ (("client.add_suite\\(new Application.CertificateManagerTest\\(\\).suite\\);")
+ ""))))
+ (add-after 'unpack 'generate-vapis
+ (lambda* (#:key inputs #:allow-other-keys)
+ ;; It’s not possible to generate the GMime vapi, because
+ ;; there’s custom metadata that gmime didn’t
+ ;; install. Thus, the vapi should be built and installed
+ ;; with gmime.
+ (define gmime
+ (assoc-ref inputs "gmime"))
+ (copy-file (string-append gmime "/share/vala/vapi/gmime-3.0.vapi")
+ "bindings/vapi/gmime-3.0.vapi")))
(add-after 'unpack 'disable-postinstall-script
(lambda _
- (substitute* "meson.build"
- (("meson.add_install_script\\(\
-join_paths\\('build-aux', 'post_install.py'\\)\\)")
- ""))
- #t))
+ (substitute* "build-aux/post_install.py"
+ (("gtk-update-icon-cache")
+ "true"))))
+ (add-before 'check 'setup-home
+ (lambda _
+ ;; Tests require a writable HOME.
+ (setenv "HOME" (getcwd))))
(add-before 'check 'setup-xvfb
(lambda _
(system "Xvfb :1 &")
@@ -11777,28 +11790,33 @@ (define-public geary
("folks" ,folks)
("gcr" ,gcr)
("glib" ,glib)
- ("gmime" ,gmime-2.6)
+ ("gmime" ,gmime)
("gnome-online-accounts:lib"
,gnome-online-accounts "lib")
+ ("gsettings-desktop-schemas" ,gsettings-desktop-schemas)
("gspell" ,gspell)
+ ("gsound" ,gsound)
("gtk+" ,gtk+)
("iso-codes" ,iso-codes)
("json-glib" ,json-glib)
("libcanberra" ,libcanberra)
("libgee" ,libgee)
- ("libhandy" ,libhandy-0.0)
+ ("libhandy" ,libhandy)
("libpeas" ,libpeas)
("libsecret" ,libsecret)
+ ("libstemmer" ,libstemmer)
("libunwind" ,libunwind)
("sqlite" ,sqlite)
- ("webkitgtk" ,webkitgtk)
+ ("webkitgtk" ,webkitgtk-with-libsoup2)
("ytnef" ,ytnef)))
(native-inputs
`(("appstream-glib" ,appstream-glib)
("cmake-minimal" ,cmake-minimal)
("desktop-file-utils" ,desktop-file-utils)
("gettext" ,gettext-minimal)
+ ("glib" ,glib)
("glib:bin" ,glib "bin")
+ ("gmime" ,gmime)
("gobject-introspection" ,gobject-introspection)
("itstool" ,itstool)
("libarchive" ,libarchive)
diff --git a/gnu/packages/patches/geary-CVE-2020-24661.patch b/gnu/packages/patches/geary-CVE-2020-24661.patch
deleted file mode 100644
index 6cbc224786..0000000000
--- a/gnu/packages/patches/geary-CVE-2020-24661.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-From d4e86dc91e1d8a940dc40872fe94ef9ac0fed1b5 Mon Sep 17 00:00:00 2001
-From: Michael Gratton <mike@vee.net>
-Date: Tue, 25 Aug 2020 03:54:09 +0000
-Subject: [PATCH] Merge branch 'mjog/866-self-signed-certificates' into
- 'mainline'
-
-Fix invalid certificate pinning when GCR support is unavailable
-
-Closes #866
-
-See merge request GNOME/geary!529
-
-(cherry picked from commit 423a55b00f1dc6bee9dc17e67c0aea6f42387a77)
-
-5088adfe Application.CertificateManager: Rename some methods for clarity
-0d957559 Application.CertificateManager: Check locally pinned certs for equality
----
- .../application-certificate-manager.vala | 44 +++++++++----------
- 1 file changed, 22 insertions(+), 22 deletions(-)
-
-diff --git a/src/client/application/application-certificate-manager.vala b/src/client/application/application-certificate-manager.vala
-index 4881d73c0..65f6af4fa 100644
---- a/src/client/application/application-certificate-manager.vala
-+++ b/src/client/application/application-certificate-manager.vala
-@@ -381,8 +381,8 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
- GLib.TlsCertificateFlags ret = this.parent.verify_chain(
- chain, purpose, identity, interaction, flags, cancellable
- );
-- if (should_verify(ret, purpose, identity) &&
-- verify(chain, identity, cancellable)) {
-+ if (check_pinned(ret, purpose, identity) &&
-+ is_pinned(chain, identity, cancellable)) {
- ret = 0;
- }
- return ret;
-@@ -399,16 +399,16 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
- GLib.TlsCertificateFlags ret = yield this.parent.verify_chain_async(
- chain, purpose, identity, interaction, flags, cancellable
- );
-- if (should_verify(ret, purpose, identity) &&
-- yield verify_async(chain, identity, cancellable)) {
-+ if (check_pinned(ret, purpose, identity) &&
-+ yield is_pinned_async(chain, identity, cancellable)) {
- ret = 0;
- }
- return ret;
- }
-
-- private inline bool should_verify(GLib.TlsCertificateFlags parent_ret,
-- string purpose,
-- GLib.SocketConnectable? identity) {
-+ private inline bool check_pinned(GLib.TlsCertificateFlags parent_ret,
-+ string purpose,
-+ GLib.SocketConnectable? identity) {
- // If the parent didn't verify, check for a locally pinned
- // cert if it looks like we should, but always reject revoked
- // certs
-@@ -420,22 +420,22 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
- );
- }
-
-- private bool verify(GLib.TlsCertificate chain,
-- GLib.SocketConnectable identity,
-- GLib.Cancellable? cancellable)
-+ private bool is_pinned(GLib.TlsCertificate chain,
-+ GLib.SocketConnectable identity,
-+ GLib.Cancellable? cancellable)
- throws GLib.Error {
-- bool is_verified = false;
-+ bool is_pinned = false;
- string id = to_name(identity);
- TrustContext? context = null;
- lock (this.pinned_certs) {
- context = this.pinned_certs.get(id);
- if (context != null) {
-- is_verified = true;
-+ is_pinned = context.certificate.is_same(chain);
- } else {
- // Cert not found in memory, check with GCR if
- // enabled.
- if (this.use_gcr) {
-- is_verified = gcr_trust_is_certificate_pinned(
-+ is_pinned = gcr_trust_is_certificate_pinned(
- new Gcr.SimpleCertificate(chain.certificate.data),
- GLib.TlsDatabase.PURPOSE_AUTHENTICATE_SERVER,
- id,
-@@ -443,7 +443,7 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
- );
- }
-
-- if (!is_verified) {
-+ if (!is_pinned) {
- // Cert is not pinned in memory or in GCR, so look
- // for it on disk. Do this even if GCR support is
- // enabled, since if the cert was previously saved
-@@ -453,7 +453,7 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
- this.store_dir, id, cancellable
- );
- this.pinned_certs.set(id, context);
-- is_verified = true;
-+ is_pinned = context.certificate.is_same(chain);
- } catch (GLib.IOError.NOT_FOUND err) {
- // Cert was not found saved, so it not pinned
- } catch (GLib.Error err) {
-@@ -465,18 +465,18 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
- }
- }
- }
-- return is_verified;
-+ return is_pinned;
- }
-
-- private async bool verify_async(GLib.TlsCertificate chain,
-- GLib.SocketConnectable identity,
-- GLib.Cancellable? cancellable)
-+ private async bool is_pinned_async(GLib.TlsCertificate chain,
-+ GLib.SocketConnectable identity,
-+ GLib.Cancellable? cancellable)
- throws GLib.Error {
-- bool is_valid = false;
-+ bool pinned = false;
- yield Geary.Nonblocking.Concurrent.global.schedule_async(() => {
-- is_valid = verify(chain, identity, cancellable);
-+ pinned = is_pinned(chain, identity, cancellable);
- }, cancellable);
-- return is_valid;
-+ return pinned;
- }
-
- private TrustContext? lookup_id(string id) {
---
-GitLab
-
--
2.34.0
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 658 bytes --]
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [bug#51956] Acknowledgement ([PATCH] On core-updates-frozen, geary is criminally outdated)
[not found] ` <handler.51956.B.163726359315148.ack@debbugs.gnu.org>
@ 2021-11-18 20:28 ` Vivien Kraus via Guix-patches via
0 siblings, 0 replies; 3+ messages in thread
From: Vivien Kraus via Guix-patches via @ 2021-11-18 20:28 UTC (permalink / raw)
To: 51956
[-- Attachment #1.1: Type: text/plain, Size: 111 bytes --]
If we enable experimental support for gmime 3.0 in pan, we can get rid
of gmime 2.6. Is it worth it?
Vivien
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: 0001-gnu-gmime-Install-the-vapi-file.patch --]
[-- Type: text/x-patch, Size: 1220 bytes --]
From 11b027d7b34a2ac2e8591d4db2bb9a2d8086024e Mon Sep 17 00:00:00 2001
From: Vivien Kraus <vivien@planete-kraus.eu>
Date: Thu, 18 Nov 2021 19:44:03 +0100
Subject: [PATCH 1/3] gnu: gmime: Install the vapi file.
* gnu/packages/mail.scm (gmime)[configure flags]: Build the vapi file.
[native-inputs]: Add vala.
---
gnu/packages/mail.scm | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index c92ec14c04..c3be5330f3 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -727,13 +727,14 @@ (define-public gmime
(native-inputs
`(("pkg-config" ,pkg-config)
("gnupg" ,gnupg) ; for tests only
- ("gobject-introspection" ,gobject-introspection)))
+ ("gobject-introspection" ,gobject-introspection)
+ ("vala" ,vala)))
(inputs `(("glib" ,glib)
("gpgme" ,gpgme)
("zlib" ,zlib)))
(arguments
`(#:configure-flags
- (list "--enable-introspection=yes")
+ (list "--enable-introspection=yes" "--enable-vapigen=yes")
#:phases
(modify-phases %standard-phases
(add-after
--
2.34.0
[-- Attachment #1.3: 0002-gnu-geary-Upgrade-to-40.0.patch --]
[-- Type: text/x-patch, Size: 12354 bytes --]
From 889e93849db8434abbfcfd63d30979a57535f6e5 Mon Sep 17 00:00:00 2001
From: Vivien Kraus <vivien@planete-kraus.eu>
Date: Wed, 10 Nov 2021 20:18:46 +0000
Subject: [PATCH 2/3] gnu: geary: Upgrade to 40.0
* gnu/packages/gnome.scm (geary): Upgrade to 40.0.
---
gnu/local.mk | 1 -
gnu/packages/gnome.scm | 52 ++++---
.../patches/geary-CVE-2020-24661.patch | 133 ------------------
3 files changed, 35 insertions(+), 151 deletions(-)
delete mode 100644 gnu/packages/patches/geary-CVE-2020-24661.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index f25548f137..d35be45f76 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1111,7 +1111,6 @@ dist_patch_DATA = \
%D%/packages/patches/gdm-elogind-support.patch \
%D%/packages/patches/gdm-remove-hardcoded-xwayland-path.patch \
%D%/packages/patches/gdm-wayland-session-wrapper-from-env.patch \
- %D%/packages/patches/geary-CVE-2020-24661.patch \
%D%/packages/patches/genimage-mke2fs-test.patch \
%D%/packages/patches/geoclue-config.patch \
%D%/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch \
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 8d382d411c..78042c4939 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -140,6 +140,7 @@ (define-module (gnu packages gnome)
#:use-module (gnu packages inkscape)
#:use-module (gnu packages iso-codes)
#:use-module (gnu packages kerberos)
+ #:use-module (gnu packages language)
#:use-module (gnu packages libcanberra)
#:use-module (gnu packages libffi)
#:use-module (gnu packages libunistring)
@@ -11737,34 +11738,46 @@ (define-public gnome-boxes
(define-public geary
(package
(name "geary")
- (version "3.34.1")
+ (version "40.0")
(source (origin
(method git-fetch)
(uri (git-reference
- (url "https://gitlab.gnome.org/GNOME/geary")
- (commit version)))
+ (url "https://gitlab.gnome.org/GNOME/geary.git")
+ (commit (string-append "gnome-" version))))
(file-name (git-file-name name version))
(sha256
(base32
- "01cc921kyh3zxz07biqbdzkjgmdcc36kwjyajm4y382a75cl5zg7"))
- (patches (search-patches "geary-CVE-2020-24661.patch"))))
+ "04hvw86r8sczvjm1z3ls5y5y5h6nyfb648rjkfx05ib00mqq5v1x"))))
(build-system meson-build-system)
(arguments
`(#:glib-or-gtk? #t
+ #:configure-flags
+ '("-Dprofile=release")
#:phases (modify-phases %standard-phases
(add-after 'unpack 'disable-failing-tests
(lambda _
- (substitute* "test/meson.build"
- (("test\\('client-tests', geary_test_client_bin\\)")
- ""))
- #t))
+ (substitute* "test/test-client.vala"
+ (("client.add_suite\\(new Application.CertificateManagerTest\\(\\).suite\\);")
+ ""))))
+ (add-after 'unpack 'generate-vapis
+ (lambda* (#:key inputs #:allow-other-keys)
+ ;; It’s not possible to generate the GMime vapi, because
+ ;; there’s custom metadata that gmime didn’t
+ ;; install. Thus, the vapi should be built and installed
+ ;; with gmime.
+ (define gmime
+ (assoc-ref inputs "gmime"))
+ (copy-file (string-append gmime "/share/vala/vapi/gmime-3.0.vapi")
+ "bindings/vapi/gmime-3.0.vapi")))
(add-after 'unpack 'disable-postinstall-script
(lambda _
- (substitute* "meson.build"
- (("meson.add_install_script\\(\
-join_paths\\('build-aux', 'post_install.py'\\)\\)")
- ""))
- #t))
+ (substitute* "build-aux/post_install.py"
+ (("gtk-update-icon-cache")
+ "true"))))
+ (add-before 'check 'setup-home
+ (lambda _
+ ;; Tests require a writable HOME.
+ (setenv "HOME" (getcwd))))
(add-before 'check 'setup-xvfb
(lambda _
(system "Xvfb :1 &")
@@ -11775,28 +11788,33 @@ (define-public geary
("folks" ,folks)
("gcr" ,gcr)
("glib" ,glib)
- ("gmime" ,gmime-2.6)
+ ("gmime" ,gmime)
("gnome-online-accounts:lib"
,gnome-online-accounts "lib")
+ ("gsettings-desktop-schemas" ,gsettings-desktop-schemas)
("gspell" ,gspell)
+ ("gsound" ,gsound)
("gtk+" ,gtk+)
("iso-codes" ,iso-codes)
("json-glib" ,json-glib)
("libcanberra" ,libcanberra)
("libgee" ,libgee)
- ("libhandy" ,libhandy-0.0)
+ ("libhandy" ,libhandy)
("libpeas" ,libpeas)
("libsecret" ,libsecret)
+ ("libstemmer" ,libstemmer)
("libunwind" ,libunwind)
("sqlite" ,sqlite)
- ("webkitgtk" ,webkitgtk)
+ ("webkitgtk" ,webkitgtk-with-libsoup2)
("ytnef" ,ytnef)))
(native-inputs
`(("appstream-glib" ,appstream-glib)
("cmake-minimal" ,cmake-minimal)
("desktop-file-utils" ,desktop-file-utils)
("gettext" ,gettext-minimal)
+ ("glib" ,glib)
("glib:bin" ,glib "bin")
+ ("gmime" ,gmime)
("gobject-introspection" ,gobject-introspection)
("itstool" ,itstool)
("libarchive" ,libarchive)
diff --git a/gnu/packages/patches/geary-CVE-2020-24661.patch b/gnu/packages/patches/geary-CVE-2020-24661.patch
deleted file mode 100644
index 6cbc224786..0000000000
--- a/gnu/packages/patches/geary-CVE-2020-24661.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-From d4e86dc91e1d8a940dc40872fe94ef9ac0fed1b5 Mon Sep 17 00:00:00 2001
-From: Michael Gratton <mike@vee.net>
-Date: Tue, 25 Aug 2020 03:54:09 +0000
-Subject: [PATCH] Merge branch 'mjog/866-self-signed-certificates' into
- 'mainline'
-
-Fix invalid certificate pinning when GCR support is unavailable
-
-Closes #866
-
-See merge request GNOME/geary!529
-
-(cherry picked from commit 423a55b00f1dc6bee9dc17e67c0aea6f42387a77)
-
-5088adfe Application.CertificateManager: Rename some methods for clarity
-0d957559 Application.CertificateManager: Check locally pinned certs for equality
----
- .../application-certificate-manager.vala | 44 +++++++++----------
- 1 file changed, 22 insertions(+), 22 deletions(-)
-
-diff --git a/src/client/application/application-certificate-manager.vala b/src/client/application/application-certificate-manager.vala
-index 4881d73c0..65f6af4fa 100644
---- a/src/client/application/application-certificate-manager.vala
-+++ b/src/client/application/application-certificate-manager.vala
-@@ -381,8 +381,8 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
- GLib.TlsCertificateFlags ret = this.parent.verify_chain(
- chain, purpose, identity, interaction, flags, cancellable
- );
-- if (should_verify(ret, purpose, identity) &&
-- verify(chain, identity, cancellable)) {
-+ if (check_pinned(ret, purpose, identity) &&
-+ is_pinned(chain, identity, cancellable)) {
- ret = 0;
- }
- return ret;
-@@ -399,16 +399,16 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
- GLib.TlsCertificateFlags ret = yield this.parent.verify_chain_async(
- chain, purpose, identity, interaction, flags, cancellable
- );
-- if (should_verify(ret, purpose, identity) &&
-- yield verify_async(chain, identity, cancellable)) {
-+ if (check_pinned(ret, purpose, identity) &&
-+ yield is_pinned_async(chain, identity, cancellable)) {
- ret = 0;
- }
- return ret;
- }
-
-- private inline bool should_verify(GLib.TlsCertificateFlags parent_ret,
-- string purpose,
-- GLib.SocketConnectable? identity) {
-+ private inline bool check_pinned(GLib.TlsCertificateFlags parent_ret,
-+ string purpose,
-+ GLib.SocketConnectable? identity) {
- // If the parent didn't verify, check for a locally pinned
- // cert if it looks like we should, but always reject revoked
- // certs
-@@ -420,22 +420,22 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
- );
- }
-
-- private bool verify(GLib.TlsCertificate chain,
-- GLib.SocketConnectable identity,
-- GLib.Cancellable? cancellable)
-+ private bool is_pinned(GLib.TlsCertificate chain,
-+ GLib.SocketConnectable identity,
-+ GLib.Cancellable? cancellable)
- throws GLib.Error {
-- bool is_verified = false;
-+ bool is_pinned = false;
- string id = to_name(identity);
- TrustContext? context = null;
- lock (this.pinned_certs) {
- context = this.pinned_certs.get(id);
- if (context != null) {
-- is_verified = true;
-+ is_pinned = context.certificate.is_same(chain);
- } else {
- // Cert not found in memory, check with GCR if
- // enabled.
- if (this.use_gcr) {
-- is_verified = gcr_trust_is_certificate_pinned(
-+ is_pinned = gcr_trust_is_certificate_pinned(
- new Gcr.SimpleCertificate(chain.certificate.data),
- GLib.TlsDatabase.PURPOSE_AUTHENTICATE_SERVER,
- id,
-@@ -443,7 +443,7 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
- );
- }
-
-- if (!is_verified) {
-+ if (!is_pinned) {
- // Cert is not pinned in memory or in GCR, so look
- // for it on disk. Do this even if GCR support is
- // enabled, since if the cert was previously saved
-@@ -453,7 +453,7 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
- this.store_dir, id, cancellable
- );
- this.pinned_certs.set(id, context);
-- is_verified = true;
-+ is_pinned = context.certificate.is_same(chain);
- } catch (GLib.IOError.NOT_FOUND err) {
- // Cert was not found saved, so it not pinned
- } catch (GLib.Error err) {
-@@ -465,18 +465,18 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
- }
- }
- }
-- return is_verified;
-+ return is_pinned;
- }
-
-- private async bool verify_async(GLib.TlsCertificate chain,
-- GLib.SocketConnectable identity,
-- GLib.Cancellable? cancellable)
-+ private async bool is_pinned_async(GLib.TlsCertificate chain,
-+ GLib.SocketConnectable identity,
-+ GLib.Cancellable? cancellable)
- throws GLib.Error {
-- bool is_valid = false;
-+ bool pinned = false;
- yield Geary.Nonblocking.Concurrent.global.schedule_async(() => {
-- is_valid = verify(chain, identity, cancellable);
-+ pinned = is_pinned(chain, identity, cancellable);
- }, cancellable);
-- return is_valid;
-+ return pinned;
- }
-
- private TrustContext? lookup_id(string id) {
---
-GitLab
-
--
2.34.0
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.4: 0003-gnu-pan-Use-gmime-3.0.patch --]
[-- Type: text/x-patch, Size: 2017 bytes --]
From 48e6b0dd3bb67e2a62788a5f075f6afecd33db89 Mon Sep 17 00:00:00 2001
From: Vivien Kraus <vivien@planete-kraus.eu>
Date: Thu, 18 Nov 2021 21:26:58 +0100
Subject: [PATCH 3/3] gnu: pan: Use gmime 3.0.
* gnu/packages/mail.scm (pan) [configure-flags]: Enable gmime 3.0.
[inputs]: Use gmime 3.0.
* gnu/packages/mail.scm (gmime-2.6): Remove it.
---
gnu/packages/mail.scm | 17 ++---------------
1 file changed, 2 insertions(+), 15 deletions(-)
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index c3be5330f3..53ee69ae0f 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -760,20 +760,6 @@ (define-public gmime
Extension (MIME).")
(license (list license:lgpl2.1+ license:gpl2+ license:gpl3+))))
-;; Some packages are not ready for GMime 3 yet.
-(define-public gmime-2.6
- (package
- (inherit gmime)
- (version "2.6.23")
- (source (origin
- (method url-fetch)
- (uri (string-append "mirror://gnome/sources/gmime/"
- (version-major+minor version)
- "/gmime-" version ".tar.xz"))
- (sha256
- (base32
- "0slzlzcr3h8jikpz5a5amqd0csqh2m40gdk910ws2hnaf5m6hjbi"))))))
-
(define-public altermime
(package
(name "altermime")
@@ -3875,6 +3861,7 @@ (define-public pan
(base32 "0960siaf0r6m18kv0d8aqpf36x2xbsfcvk07kswlany7jbxrhylr"))))
(arguments
`(#:configure-flags '("--with-gtk3" "--with-gtkspell" "--with-gnutls"
+ "--with-gmime30"
"--enable-libnotify" "--enable-manual"
"--enable-gkr")
#:phases
@@ -3887,7 +3874,7 @@ (define-public pan
"/bin/gpg\"")))
#t)))))
(inputs
- `(("gmime" ,gmime-2.6)
+ `(("gmime" ,gmime)
("gnupg" ,gnupg)
("gnutls" ,gnutls)
("gtk+" ,gtk+)
--
2.34.0
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 658 bytes --]
^ permalink raw reply related [flat|nested] 3+ messages in thread
* bug#51956: [PATCH] On core-updates-frozen, geary is criminally outdated
2021-11-18 19:25 [bug#51956] [PATCH] On core-updates-frozen, geary is criminally outdated Vivien Kraus via Guix-patches via
[not found] ` <handler.51956.B.163726359315148.ack@debbugs.gnu.org>
@ 2021-11-19 13:20 ` Ludovic Courtès
1 sibling, 0 replies; 3+ messages in thread
From: Ludovic Courtès @ 2021-11-19 13:20 UTC (permalink / raw)
To: Vivien Kraus; +Cc: 51956-done
Hi!
Vivien Kraus <vivien@planete-kraus.eu> skribis:
> I finally managed to upgrade geary. The latest release lacks the GMime
> 3.0 vapi, and that’s not something we can generate easily (there’s
> custom metadata and custom code), so I had to install it with gmime.
>
> What do you think?
No strong opinion, LGTM.
> From 65c6544aca89c3a8797de22861f06a3f7bb831bf Mon Sep 17 00:00:00 2001
> From: Vivien Kraus <vivien@planete-kraus.eu>
> Date: Thu, 18 Nov 2021 19:44:03 +0100
> Subject: [PATCH 1/2] gnu: gmime: Install the vapi file.
>
> * gnu/packages/mail.scm (gmime)[configure flags]: Build the vapi file.
> [native-inputs]: Add vala.
[...]
> From cf80e70f47532fa5057755b6e08cc6ea1a346a1f Mon Sep 17 00:00:00 2001
> From: Vivien Kraus <vivien@planete-kraus.eu>
> Date: Wed, 10 Nov 2021 20:18:46 +0000
> Subject: [PATCH 2/2] gnu: geary: Upgrade to 40.0
>
> * gnu/packages/gnome.scm (geary): Upgrade to 40.0.
Applied!
Let’s discuss the possibility of getting rid of gmime 2.6 separately.
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-11-19 13:24 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-18 19:25 [bug#51956] [PATCH] On core-updates-frozen, geary is criminally outdated Vivien Kraus via Guix-patches via
[not found] ` <handler.51956.B.163726359315148.ack@debbugs.gnu.org>
2021-11-18 20:28 ` [bug#51956] Acknowledgement ([PATCH] On core-updates-frozen, geary is criminally outdated) Vivien Kraus via Guix-patches via
2021-11-19 13:20 ` bug#51956: [PATCH] On core-updates-frozen, geary is criminally outdated Ludovic Courtès
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.