From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 65AF56DE13FC for ; Mon, 6 May 2019 13:17:15 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.159 X-Spam-Level: X-Spam-Status: No, score=-0.159 tagged_above=-999 required=5 tests=[AWL=0.042, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WtGqCd5nWiXX for ; Mon, 6 May 2019 13:17:14 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTPS id A8AAE6DE1120 for ; Mon, 6 May 2019 13:17:14 -0700 (PDT) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1557173833; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : from; bh=yY3heEm5Ba7lcxJzw5BHc+FuKGMgCvoqIyiyXW4fPMI=; b=hUkbsu6SCn7FlxLOdT1X0YQ7PkZfvRePlquHJAzTy/x1UlfXbrW+5cIO gvpM1lGHkMavr8ZAHLQs4/LiXFFZCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1557173833; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : from; bh=yY3heEm5Ba7lcxJzw5BHc+FuKGMgCvoqIyiyXW4fPMI=; b=MLzk44ohkWo/8nrYQ7O6uyTg19Yu4PPRU+6Mec6yhMtbTwiwJP9kfbb2 v43VP4MsEV9Z8eekbU4u2AWl2jF9lbafjKHw3wvUnvFj+aWKXWaW5ToTkc 1Yu7RnHI3jOTuJstI+Uv/5DOqWZLWsvTti8me44CVKvdIKmEXVcczWFVql fs1oHrfrO9LDcM51W1+fAdeozNBabLdobBhYi5keFz6t2ATp4ad0KeIm6S oNocD7w6zCCFyBYvQNlU8TwX29KQEJeslPMADyw+Kb61gfqFbmqmM36b4M /6CNLcgqgIcSEywf4ZTWd/XxLDyorCvAVlGbxlDPObOVeII/lh4b3g== Received: from fifthhorseman.net (unknown [38.109.115.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id BB8F0F99D for ; Mon, 6 May 2019 16:17:13 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id 8B0E120420; Mon, 6 May 2019 16:16:55 -0400 (EDT) From: Daniel Kahn Gillmor To: Notmuch Mail Subject: [PATCH v2] configure: Ensure that GMime can extract session keys Date: Mon, 6 May 2019 16:16:55 -0400 Message-Id: <20190506201655.16276-1-dkg@fifthhorseman.net> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190506194825.32322-1-dkg@fifthhorseman.net> References: <20190506194825.32322-1-dkg@fifthhorseman.net> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 May 2019 20:17:15 -0000 GMime 3.0 and higher can extract session keys, but it will *not* extract session keys if it was built with --disable-crypto, or if it was built against GPGME version < 1.8.0. Notmuch currently expects to be able to extract session keys, and tests will fail if it is not possible, so we ensure that this is the case during ./configure time. Part of this feels awkward because notmuch doesn't directly depend on gpg at all. Rather, it depends on GMime, and the current implementation of GMime depends on GPGME for its crypto, and GPGME in turn depends on gpg. So the use of gpg in ./configure isn't actually introducing a new dependency, though if a future version of GMime were ever to move away from GnuPG, we might need to reconsider. Note that this changeset depends on id:20190506174327.13457-1-dkg@fifthhorseman.net , which supplies the rfc822 message test/corpora/crypto/basic-encrypted.eml used in it. Signed-off-by: Daniel Kahn Gillmor --- configure | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/configure b/configure index 9140026a..e157aadf 100755 --- a/configure +++ b/configure @@ -497,6 +497,60 @@ if pkg-config --exists "gmime-3.0 > $GMIME_MINVER"; then have_gmime=1 gmime_cflags=$(pkg-config --cflags gmime-3.0) gmime_ldflags=$(pkg-config --libs gmime-3.0) + + printf "Checking for GMime session key extraction support... " + + cat > _check_session_keys.c < +#include + +int main () { + GError *error = NULL; + GMimeParser *parser = NULL; + GMimeMultipartEncrypted *body = NULL; + GMimeDecryptResult *decrypt_result = NULL; + GMimeObject *output = NULL; + + g_mime_init (); + parser = g_mime_parser_new (); + g_mime_parser_init_with_stream (parser, g_mime_stream_file_open("test/corpora/crypto/basic-encrypted.eml", "r", &error)); + if (error) return !! fprintf (stderr, "failed to instantiate parser with test/corpora/crypto/basic-encrypted.eml\n"); + + body = GMIME_MULTIPART_ENCRYPTED(g_mime_message_get_mime_part (g_mime_parser_construct_message (parser, NULL))); + if (body == NULL) return !! fprintf (stderr, "did not find a multipart encrypted message\n"); + + output = g_mime_multipart_encrypted_decrypt (body, GMIME_DECRYPT_EXPORT_SESSION_KEY, NULL, &decrypt_result, &error); + if (error || output == NULL) return !! fprintf (stderr, "decryption failed\n"); + + if (decrypt_result == NULL) return !! fprintf (stderr, "no GMimeDecryptResult found\n"); + if (decrypt_result->session_key == NULL) return !! fprintf (stderr, "GMimeDecryptResult has no session key\n"); + + printf ("%s\n", decrypt_result->session_key); + return 0; +} +EOF + if ${CC} ${CFLAGS} ${gmime_cflags} ${gmime_ldflags} _check_session_keys.c -o _check_session_keys > /dev/null 2>&1 \ + && TEMP_GPG=$(mktemp -d) \ + && GNUPGHOME=${TEMP_GPG} gpg --batch --quiet --import < test/gnupg-secret-key.asc \ + && SESSION_KEY=$(GNUPGHOME=${TEMP_GPG} ./_check_session_keys) \ + && [ $SESSION_KEY = 9:0BACD64099D1468AB07C796F0C0AC4851948A658A15B34E803865E9FC635F2F5 ] + then + printf "OK.\n" + else + cat <