From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id 8An/JHx9UWLt+QAAgWs5BA (envelope-from ) for ; Sat, 09 Apr 2022 14:35:08 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id IPhlInx9UWKwQwAA9RJhRA (envelope-from ) for ; Sat, 09 Apr 2022 14:35:08 +0200 Received: from mail.notmuchmail.org (yantan.tethera.net [IPv6:2a01:4f9:c011:7a79::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id ABACDC2AE for ; Sat, 9 Apr 2022 14:35:07 +0200 (CEST) Received: from yantan.tethera.net (localhost [127.0.0.1]) by mail.notmuchmail.org (Postfix) with ESMTP id F2F6D5F710; Sat, 9 Apr 2022 12:35:04 +0000 (UTC) Received: from fethera.tethera.net (fethera.tethera.net [IPv6:2607:5300:60:c5::1]) by mail.notmuchmail.org (Postfix) with ESMTP id 7D8C45F705 for ; Sat, 9 Apr 2022 12:35:02 +0000 (UTC) Received: by fethera.tethera.net (Postfix, from userid 1001) id A6BED5FBD7; Sat, 9 Apr 2022 08:35:01 -0400 (EDT) Received: (nullmailer pid 606420 invoked by uid 1000); Sat, 09 Apr 2022 12:35:00 -0000 From: David Bremner To: David Bremner , Daniel Kahn Gillmor , notmuch@notmuchmail.org Subject: [PATCH 1/2] configure: restructure gmime cert validity checker code Date: Sat, 9 Apr 2022 09:34:52 -0300 Message-Id: <20220409123453.606391-1-david@tethera.net> X-Mailer: git-send-email 2.35.1 In-Reply-To: <874k3pvrfq.fsf@tethera.net> References: <874k3pvrfq.fsf@tethera.net> MIME-Version: 1.0 Message-ID-Hash: 76L7LMHR7BECUFSK35SJJY3OUKYRHE6N X-Message-ID-Hash: 76L7LMHR7BECUFSK35SJJY3OUKYRHE6N X-MailFrom: bremner@tethera.net X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-notmuch.notmuchmail.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.3 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: DE ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1649507708; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-owner:list-unsubscribe:list-subscribe:list-post; bh=6C2c3hjdQjOrzgx8sLZMEcxAyV4gIW5gO/7vXq7IO8k=; b=OvaIVicymAAAZjDzDYK5cHVRG6moPCIYd+0aeySYaVhsdqGsqCZyzhlm+qp8clQVNNpAEX Fy7dsjfK39tasYRXOB2b77YwvpVjviPVu1XROiy/fve37BLgyOymS7J29UvtFIAcNaAN4o rA9UUegcM2dINL76ZpsU7LgGfvsu95A6AFcaNiBRRNrv70SQcXTXEiJvtgBjXWYTp02rMX X4MS8ctFhndXnBBkD1uYnaKsxXQckcGxohlq0Ez8/zTveaRMFAOtPUekspaHU4efOsTmjb 8Nu6g1USyEnq7fcS8PgowPZYRlHSsaSXtoOMpPO46nhEiIdNYLOAmCBCu91B5A== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1649507708; a=rsa-sha256; cv=none; b=oI/96h0KiuYTBh0dXuFPaci6q6pUbaVJbLFR2tmyGHbGnh5Mo9PC93F8VZm7z+bHfvjXd1 ApDJ/4CGbXRbXKeQpkUlKn5JlN/iqfOu7pB2CZLcq3tKdxs2UD0vhSIjs6oxvyQYOyyCp4 vydEFL6/PMvpBxroJleUdfhyeY825QrTbuXJNDKC6r8POCiviAXd9biv/AsOKr3miDjll0 fAPdtV32xGnWq5AL5e9iiWAg7WZ7Zwg6XN4a9mWFWN1c5H7LHPiTk7Rqh/HTF56M1WzwBj z52tOo8gSxFM1StCnuo4N61ZChgtSg4x2c1UP04PWgSNE5miYAdEBW/3SUdDPA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of notmuch-bounces@notmuchmail.org designates 2a01:4f9:c011:7a79::1 as permitted sender) smtp.mailfrom=notmuch-bounces@notmuchmail.org X-Migadu-Spam-Score: 0.04 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of notmuch-bounces@notmuchmail.org designates 2a01:4f9:c011:7a79::1 as permitted sender) smtp.mailfrom=notmuch-bounces@notmuchmail.org X-Migadu-Queue-Id: ABACDC2AE X-Spam-Score: 0.04 X-Migadu-Scanner: scn1.migadu.com X-TUID: ZSA6jbzQpjgH The goal is to generalize this to also check the output format of g_mime_certificate_get_email. --- configure | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/configure b/configure index 36f3f606..d6e1200e 100755 --- a/configure +++ b/configure @@ -552,11 +552,7 @@ EOF rm -rf "$TEMP_GPG" fi - # see https://github.com/jstedfast/gmime/pull/90 - # should be fixed in GMime in 3.2.7, but some distros might patch - printf "Checking for GMime X.509 certificate validity... " - - cat > _check_x509_validity.c < _check_gmime_cert.c < #include @@ -589,16 +585,22 @@ int main () { if (sig == NULL) return !! fprintf (stderr, "no GMimeSignature found at position 0\n"); cert = g_mime_signature_get_certificate (sig); if (cert == NULL) return !! fprintf (stderr, "no GMimeCertificate found\n"); +#ifdef CHECK_VALIDITY validity = g_mime_certificate_get_id_validity (cert); if (validity != GMIME_VALIDITY_FULL) return !! fprintf (stderr, "Got validity %d, expected %d\n", validity, GMIME_VALIDITY_FULL); - +#endif return 0; } EOF + + # see https://github.com/jstedfast/gmime/pull/90 + # should be fixed in GMime in 3.2.7, but some distros might patch + printf "Checking for GMime X.509 certificate validity... " + if ! TEMP_GPG=$(mktemp -d "${TMPDIR:-/tmp}/notmuch.XXXXXX"); then printf 'No.\nCould not make tempdir for testing X.509 certificate validity support.\n' errors=$((errors + 1)) - elif ${CC} ${CFLAGS} ${gmime_cflags} _check_x509_validity.c ${gmime_ldflags} -o _check_x509_validity \ + elif ${CC} -DCHECK_VALIDITY ${CFLAGS} ${gmime_cflags} _check_gmime_cert.c ${gmime_ldflags} -o _check_x509_validity \ && echo disable-crl-checks > "$TEMP_GPG/gpgsm.conf" \ && echo "4D:E0:FF:63:C0:E9:EC:01:29:11:C8:7A:EE:DA:3A:9A:7F:6E:C1:0D S" >> "$TEMP_GPG/trustlist.txt" \ && GNUPGHOME=${TEMP_GPG} gpgsm --batch --quiet --import < "$srcdir"/test/smime/ca.crt -- 2.35.1