From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id F36706DE13FC for ; Mon, 6 May 2019 12:48:29 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.159 X-Spam-Level: X-Spam-Status: No, score=-0.159 tagged_above=-999 required=5 tests=[AWL=0.042, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ehg8DFN34cn0 for ; Mon, 6 May 2019 12:48:29 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTPS id 48A056DE13F8 for ; Mon, 6 May 2019 12:48:29 -0700 (PDT) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1557172108; h=from : to : subject : date : message-id : mime-version : content-transfer-encoding : from; bh=BmpkNyIF0Nh9rSpO3G0wPE5/AGPW3JTZW78+8J/XUfY=; b=n9Bo0RDcGHcjEpiDVsIeWM14Pe+wQC+jeN90aCere7SKmhFeawjE1fiT wTXL61a4gQrSrEtVqhLLi3evAxgMBg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1557172108; h=from : to : subject : date : message-id : mime-version : content-transfer-encoding : from; bh=BmpkNyIF0Nh9rSpO3G0wPE5/AGPW3JTZW78+8J/XUfY=; b=LCgsE5dzqJxrOVHuPKx5ZDbmttweuho7ZVI9XAJxeAJkL1Sm5CMyPBTB zzjIOJnypN060g5Wt+IduUZ2Br4Q3mYdQ4cGCmwCJl8p+oclxJBfEhL4Nh 3O01NSCF668+NRLtyC1ZoocWXBbFDXVTsASRFTtHf2YA1kmAOf1r6Gy4sl 6HiykGrGjDMZgcJo28DoZmOdWjo25vGWxO/eHyfv8gMSxgtVVL2ZjV6iVO NzQ9gQ0FGoZ6HDo0HdaafyVwh4lpDJnrLmAtqr5dlumwdSZN96ba6Iadtk rLRXEDJHBDd5zJ/NvjBzphAdbRs5bjLlmtfqakbcenLXxlLkP2ddqg== Received: from fifthhorseman.net (unknown [38.109.115.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 6DB06F99D for ; Mon, 6 May 2019 15:48:28 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id 899252094F; Mon, 6 May 2019 15:48:25 -0400 (EDT) From: Daniel Kahn Gillmor To: Notmuch Mail Subject: [PATCH] configure: Ensure that GMime can extract session keys Date: Mon, 6 May 2019 15:48:25 -0400 Message-Id: <20190506194825.32322-1-dkg@fifthhorseman.net> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 May 2019 19:48:30 -0000 GMime 3.0 and higher can extract session keys, but it will *not* extract session keys if it was built with --disable-crypto, or if it was built against GPGME version < 1.8.0. Notmuch currently expects to be able to extract session keys, and tests will fail if it is not possible, so we ensure that this is the case during ./configure time. Part of this feels awkward because notmuch doesn't directly depend on gpg at all. Rather, it depends on GMime, and the current implementation of GMime depends on GPGME for its crypto, and GPGME in turn depends on gpg. So the use of gpg in ./configure isn't actually introducing a new dependency, though if a future version of GMime were ever to move away from GnuPG, we might need to reconsider. Note that this changeset depends on id:20190506174327.13457-1-dkg@fifthhorseman.net , which supplies the rfc822 message test/corpora/crypto/basic-encrypted.eml used in it. Signed-off-by: Daniel Kahn Gillmor --- configure | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/configure b/configure index 9140026a..805292be 100755 --- a/configure +++ b/configure @@ -497,6 +497,60 @@ if pkg-config --exists "gmime-3.0 > $GMIME_MINVER"; then have_gmime=1 gmime_cflags=$(pkg-config --cflags gmime-3.0) gmime_ldflags=$(pkg-config --libs gmime-3.0) + + printf "Checking for GMime session key extraction support... " + + cat > _check_session_keys.c < +#include + +int main () { + GError *error = NULL; + GMimeParser *parser = NULL; + GMimeMultipartEncrypted *body = NULL; + GMimeDecryptResult *decrypt_result = NULL; + GMimeObject *output = NULL; + + g_mime_init (); + parser = g_mime_parser_new (); + g_mime_parser_init_with_stream (parser, g_mime_stream_file_open("test/corpora/crypto/basic-encrypted.eml", "r", &error)); + if (error) return !! fprintf (stderr, "failed to instantiate parser with test/corpora/crypto/basic-encrypted.eml\n"); + + body = GMIME_MULTIPART_ENCRYPTED(g_mime_message_get_mime_part (g_mime_parser_construct_message (parser, NULL))); + if (body == NULL) return !! fprintf (stderr, "did not find a multipart encrypted message\n"); + + output = g_mime_multipart_encrypted_decrypt (body, GMIME_DECRYPT_EXPORT_SESSION_KEY, NULL, &decrypt_result, &error); + if (error || output == NULL) return !! fprintf (stderr, "decryption failed\n"); + + if (decrypt_result == NULL) return !! fprintf (stderr, "no GMimeDecryptResult found\n"); + if (decrypt_result->session_key == NULL) return !! fprintf (stderr, "GMimeDecryptResult has no session key\n"); + + printf ("%s\n", decrypt_result->session_key); + return 0; +} +EOF + if ${CC} ${CFLAGS} ${gmime_cflags} ${gmime_ldflags} _check_session_keys.c -o _check_session_keys > /dev/null 2>&1 \ + && TEMP_GPG=$(mktemp -d) \ + && GNUPGHOME=${TEMP_GPG} gpg --batch --quiet --import < test/gnupg-secret-key.asc \ + && SESSION_KEY=$(./_check_session_keys) \ + && [ $SESSION_KEY = 9:0BACD64099D1468AB07C796F0C0AC4851948A658A15B34E803865E9FC635F2F5 ] + then + printf "OK.\n" + else + cat <