From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <notmuch-bounces@notmuchmail.org>
Received: from mp12.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms0.migadu.com with LMTPS
	id AHIEESEhVmJ0uwAAgWs5BA
	(envelope-from <notmuch-bounces@notmuchmail.org>)
	for <larch@yhetil.org>; Wed, 13 Apr 2022 03:02:25 +0200
Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp12.migadu.com with LMTPS
	id 8EuEDSEhVmJnYAEAauVa8A
	(envelope-from <notmuch-bounces@notmuchmail.org>)
	for <larch@yhetil.org>; Wed, 13 Apr 2022 03:02:25 +0200
Received: from mail.notmuchmail.org (yantan.tethera.net [IPv6:2a01:4f9:c011:7a79::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 959E53905C
	for <larch@yhetil.org>; Wed, 13 Apr 2022 03:02:24 +0200 (CEST)
Received: from yantan.tethera.net (localhost [127.0.0.1])
	by mail.notmuchmail.org (Postfix) with ESMTP id 6D0315F721;
	Wed, 13 Apr 2022 01:02:21 +0000 (UTC)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7])
	by mail.notmuchmail.org (Postfix) with ESMTPS id 607B75F700
	for <notmuch@notmuchmail.org>; Wed, 13 Apr 2022 01:02:18 +0000 (UTC)
Received: from fifthhorseman.net (cpe-76-167-129-203.san.res.rr.com [76.167.129.203])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
	(No client certificate requested)
	by che.mayfirst.org (Postfix) with ESMTPSA id 55DA5F9AF;
	Tue, 12 Apr 2022 21:02:16 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000)
	id 6C5EF20CBA; Tue, 12 Apr 2022 16:26:13 -0700 (PDT)
From: Daniel Kahn Gillmor <dkg@debian.org>
To: michaeljgruber+grubix+git@gmail.com, notmuch@notmuchmail.org
Subject: Re: [PATCH v2 2/2] test/smime: fix signature verification test with
 newer gmime.
In-Reply-To: <458b1d99c3d868d4c1659b29d0aa4474aff215c1.1649781229.git.git@grubix.eu>
References: <87mtgrmgll.fsf@fifthhorseman.net>
 <458b1d99c3d868d4c1659b29d0aa4474aff215c1.1649781229.git.git@grubix.eu>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata=
 mDMEX+i03xYJKwYBBAHaRw8BAQdACA4xvL/xI5dHedcnkfViyq84doe8zFRid9jW7CC9XBiI0QQf
 FgoAgwWCX+i03wWJBZ+mAAMLCQcJEOCS6zpcoQ26RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNl
 cXVvaWEtcGdwLm9yZ/tr8E9NA10HvcAVlSxnox6z62KXCInWjZaiBIlgX6O5AxUKCAKbAQIeARYh
 BMKfigwB81402BaqXOCS6zpcoQ26AADZHQD/Zx9nc3N2kj13AUsKMr/7zekBtgfSIGB3hRCU74Su
 G44A/34Yp6IAkndewLxb1WdRSokycnaCVyrk0nb4imeAYyoPtBc8ZGtnQGZpZnRoaG9yc2VtYW4u
 bmV0PojRBBMWCgCDBYJf6LTfBYkFn6YAAwsJBwkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3Rh
 dGlvbnMuc2VxdW9pYS1wZ3Aub3JnL0Gwxvypz2tu1IPG+yu1zPjkiZwpscsitwrVvzN3bbADFQoI
 ApsBAh4BFiEEwp+KDAHzXjTYFqpc4JLrOlyhDboAAPkXAP0Z29z7jW+YzLzPTQML4EQLMbkHOfU4
 +s+ki81Czt0WqgD/SJ8RyrqDCtEP8+E4ZSR01ysKqh+MUAsTaJlzZjehiQ24MwRf6LTfFgkrBgEE
 AdpHDwEBB0DkKHOW2kmqfAK461+acQ49gc2Z6VoXMChRqobGP0ubb4kBiAQYFgoBOgWCX+i03wWJ
 BZ+mAAkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnfvo+
 nHoxDwaLaJD8XZuXiaqBNZtIGXIypF1udBBRoc0CmwICHgG+oAQZFgoAbwWCX+i03wkQPp1xc3He
 VlxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnaheiqE7Pfi3Atb3GGTw+
 jFcBGOaobgzEJrhEuFpXREEWIQQttUkcnfDcj0MoY88+nXFzcd5WXAAAvrsBAIJ5sBg8Udocv25N
 stN/zWOiYpnjjvOjVMLH4fV3pWE1AP9T6hzHz7hRnAA8d01vqoxOlQ3O6cb/kFYAjqx3oMXSBhYh
 BMKfigwB81402BaqXOCS6zpcoQ26AADX7gD/b83VObe14xrNP8xcltRrBZF5OE1rQSPkMNy+eWpk
 eCwA/1hxiS8ZxL5/elNjXiWuHXEvUGnRoVj745Vl48sZPVYMuDgEX+i03xIKKwYBBAGXVQEFAQEH
 QIGex1WZbH6xhUBve5mblScGYU+Y8QJOomXH+rr5tMsMAwEICYjJBBgWCgB7BYJf6LTfBYkFn6YA
 CRDgkus6XKENukcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcEAx9vTD3b
 J0SXkhvcRcCr6uIDJwic3KFKxkH1m4QW0QKbDAIeARYhBMKfigwB81402BaqXOCS6zpcoQ26AAAX
 mwD8CWmukxwskU82RZLMk5fm1wCgMB5z8dA50KLw3rgsCykBAKg1w/Y7XpBS3SlXEegIg1K1e6dR
 fRxL7Z37WZXoH8AH
Date: Tue, 12 Apr 2022 16:26:12 -0700
Message-ID: <87sfqhlw8b.fsf@fifthhorseman.net>
MIME-Version: 1.0
Message-ID-Hash: EU7FPIOPYDHQPMHEHNGYGWDMT25VV7UW
X-Message-ID-Hash: EU7FPIOPYDHQPMHEHNGYGWDMT25VV7UW
X-MailFrom: dkg@debian.org
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-notmuch.notmuchmail.org-0
CC: Michael J Gruber <git@grubix.eu>
X-Mailman-Version: 3.3.3
Precedence: list
List-Id: "Use and development of the notmuch mail system." <notmuch.notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Owner: <mailto:notmuch-owner@notmuchmail.org>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Subscribe: <mailto:notmuch-join@notmuchmail.org>
List-Unsubscribe: <mailto:notmuch-leave@notmuchmail.org>
Content-Type: multipart/mixed; boundary="===============7819117249417747751=="
X-Migadu-Flow: FLOW_IN
X-Migadu-To: larch@yhetil.org
X-Migadu-Country: DE
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1649811744;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-owner:list-unsubscribe:list-subscribe:list-post:autocrypt:autocrypt;
	bh=ti07aJBNts9AaSqQsHCoVB+U+XNyKYnSyQWt0POxSOM=;
	b=pnfkKDVz/zlV68WsCtt/+PvlT5AoWr0swaQn6D9FpKoEBqihWDtwaff6+1UDh+FWPS0XOc
	0MnPMRLhImIfsqtieQPhNbZed3CZzQhuS9Np+DWoxTH9IL12dNhULp2GnvwSeph1f4fghv
	t8zDu5Kh8vMIecpyUQar4Ziusw0FA86Sjo1ED3fPRCtVz6hAWQQbOk+ZMwlo8zcRczZjOR
	qhjlmd8LotQPCz2uwhWFSFbL19ydQ3pPKt0rrGNzBuTPSqYo9kpgywbVbvBU1vXxUrBFV/
	Y/9TfZTJBCdZM/cnxeqQsbUyFODd5JiQZHa5+UXtOtu9RVbJxxmukokSZhr4tw==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1649811744; a=rsa-sha256; cv=none;
	b=DearrVXarfi/j5mcBvlqn9KF9XPlRd4ZToJ1UnN+QSK7t7lf5YD6JR0g5IkLmvyhI+V1/Y
	2lnGtoUGXyC+Z7uf0X5SXPJl7mSwPXTHjDIKV8Nulm/RlJCq3FjMJIy77aBrejB2G/aU4s
	de2vG5bmPr4o8rip3YYjVLvTSADosf0XZUmasSSGeLJ069H6sTfHKzxiHPTkiHIeMrL1oh
	dYwsLO8aLJyCgY1aBJZEpLkTpvPT9kOK5iLwVDFxosUN+w1GDNsQKqJpBnqmww+i9j3H8C
	EPQGS587AhLekKGi9RE4SuvwFBsgJK58R3Qo3BwkOeswhtulCG9SBGR9q9MeRg==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=none;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of notmuch-bounces@notmuchmail.org designates 2a01:4f9:c011:7a79::1 as permitted sender) smtp.mailfrom=notmuch-bounces@notmuchmail.org
X-Migadu-Spam-Score: -4.66
Authentication-Results: aspmx1.migadu.com;
	dkim=none;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of notmuch-bounces@notmuchmail.org designates 2a01:4f9:c011:7a79::1 as permitted sender) smtp.mailfrom=notmuch-bounces@notmuchmail.org
X-Migadu-Queue-Id: 959E53905C
X-Spam-Score: -4.66
X-Migadu-Scanner: scn0.migadu.com
X-TUID: sETyZkjTqMi8


--===============7819117249417747751==
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha256; protocol="application/pgp-signature"

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Thanks, Michael--

This LGTM.

It is more narrowly-targeted at permitting this specific variation than
Bremner's earlier version of the patch (and it doesn't have any tests
marked BROKEN), which is nice.

It might be marginally cleaner to swap out the LEFT_ANGLE RIGHT_ANGLE
variables for a single replacement variable like so:

if [ $NOTMUCH_GMIME_EMITS_ANGLE_BRACKETS =3D=3D 1 ]; then
   EXPECTED_EMAIL_ADDR=3D'<test_suite@notmuchmail.org>'
else
   EXPECTED_EMAIL_ADDR=3D'test_suite@notmuchmail.org'
fi

This makes for only one variable substitution in the json comparison
tests, if i'm looking at it right.

Any of these approaches is fine with me.

    --dkg

On Tue 2022-04-12 22:15:56 +0200, michaeljgruber+grubix+git@gmail.com wrote:
> From: David Bremner <david@tethera.net>
>
> The extra machinery to check for the actual output format is justified
> by the possibility that distros may patch this newer output format
> into older versions of gmime.
>
> Amended-by: Michael J Gruber <git@grubix.eu>
> Signed-off-by: Michael J Gruber <git@grubix.eu>
> ---
> Here is what I meant with my comments: We have everything in place to
> adjust the expected test output to the detected gmime behaviour. This
> also takes into account dkg's remarks on the variable names.
>
> [And yes, I have list bounces again, please forgive my mess and multiple
> subscriptions to work around it.]
>
>  configure          | 17 +++++++++++++++++
>  test/T355-smime.sh | 11 +++++++++--
>  2 files changed, 26 insertions(+), 2 deletions(-)
>
> diff --git a/configure b/configure
> index d6e1200e..056f9232 100755
> --- a/configure
> +++ b/configure
> @@ -588,6 +588,11 @@ int main () {
>  #ifdef CHECK_VALIDITY
>      validity =3D g_mime_certificate_get_id_validity (cert);
>      if (validity !=3D GMIME_VALIDITY_FULL) return !! fprintf (stderr, "G=
ot validity %d, expected %d\n", validity, GMIME_VALIDITY_FULL);
> +#endif
> +#ifdef CHECK_EMAIL
> +    const char *email =3D g_mime_certificate_get_email (cert);
> +    if (! email) return !! fprintf (stderr, "no email returned");
> +    if (email[0] =3D=3D '<') return 2;
>  #endif
>      return 0;
>  }
> @@ -622,6 +627,15 @@ EOF
>  		errors=3D$((errors + 1))
>  	    fi
>  	fi
> +	printf "Checking whether GMime emits email addresses with angle bracket=
s... "
> +	if ${CC} -DCHECK_EMAIL ${CFLAGS} ${gmime_cflags} _check_gmime_cert.c ${=
gmime_ldflags} -o _check_email &&
> +		GNUPGHOME=3D${TEMP_GPG} ./_check_email; then
> +	    gmime_emits_angle_brackets=3D0
> +	    printf "No.\n"
> +	else
> +	    gmime_emits_angle_brackets=3D1
> +	    printf "Yes.\n"
> +	fi
>      else
>  	printf 'No.\nFailed to set up gpgsm for testing X.509 certificate valid=
ity support.\n'
>  	errors=3D$((errors + 1))
> @@ -1559,6 +1573,9 @@ NOTMUCH_HAVE_XAPIAN_DB_RETRY_LOCK=3D${WITH_RETRY_LO=
CK}
>  # Whether GMime can verify X.509 certificate validity
>  NOTMUCH_GMIME_X509_CERT_VALIDITY=3D${gmime_x509_cert_validity}
>=20=20
> +# Whether GMime emits addresses with angle brackets (with <>)
> +NOTMUCH_GMIME_EMITS_ANGLE_BRACKETS=3D${gmime_emits_angle_brackets}
> +
>  # Whether GMime can verify signatures when decrypting with a session key:
>  NOTMUCH_GMIME_VERIFY_WITH_SESSION_KEY=3D${gmime_verify_with_session_key}
>=20=20
> diff --git a/test/T355-smime.sh b/test/T355-smime.sh
> index 31fa4b4e..b15169b7 100755
> --- a/test/T355-smime.sh
> +++ b/test/T355-smime.sh
> @@ -35,6 +35,13 @@ EOF
>  test_expect_equal_file EXPECTED OUTPUT
>=20=20
>  test_begin_subtest "signature verification (notmuch CLI)"
> +if [ $NOTMUCH_GMIME_EMITS_ANGLE_BRACKETS =3D=3D 1 ]; then
> +    LEFT_ANGLE=3D'<'
> +    RIGHT_ANGLE=3D'>'
> +else
> +    LEFT_ANGLE=3D''
> +    RIGHT_ANGLE=3D''
> +fi
>  output=3D$(notmuch show --format=3Djson --verify subject:"test signed me=
ssage 001" \
>      | notmuch_json_show_sanitize \
>      | sed -e 's|"created": [-1234567890]*|"created": 946728000|g' \
> @@ -46,7 +53,7 @@ expected=3D'[[[{"id": "XXXXX",
>   "timestamp": 946728000,
>   "date_relative": "2000-01-01",
>   "tags": ["inbox","signed"],
> - "crypto": {"signed": {"status": [{"fingerprint": "'$FINGERPRINT'", "sta=
tus": "good","userid": "CN=3DNotmuch Test Suite", "email": "<test_suite@not=
muchmail.org>", "expires": 424242424, "created": 946728000}]}},
> + "crypto": {"signed": {"status": [{"fingerprint": "'$FINGERPRINT'", "sta=
tus": "good","userid": "CN=3DNotmuch Test Suite", "email": "'$LEFT_ANGLE'te=
st_suite@notmuchmail.org'$RIGHT_ANGLE'", "expires": 424242424, "created": 9=
46728000}]}},
>   "headers": {"Subject": "test signed message 001",
>   "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
>   "To": "test_suite@notmuchmail.org",
> @@ -55,7 +62,7 @@ expected=3D'[[[{"id": "XXXXX",
>   "sigstatus": [{"fingerprint": "'$FINGERPRINT'",
>   "status": "good",
>   "userid": "CN=3DNotmuch Test Suite",
> - "email": "<test_suite@notmuchmail.org>",
> + "email": "'$LEFT_ANGLE'test_suite@notmuchmail.org'$RIGHT_ANGLE'",
>   "expires": 424242424,
>   "created": 946728000}],
>   "content-type": "multipart/signed",
> --=20
> 2.36.0.rc0.457.gf4fc0d8e4e

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQQttUkcnfDcj0MoY88+nXFzcd5WXAUCYlYKlQAKCRA+nXFzcd5W
XPMfAP0bVPtcVJXRtT+xbh6cWUsM+rAMKARXrXv4BxPmObKkzAD6AoZyCkaquGfD
iGC1ioAj1jM21iHQV+Xx/IzlFEdetAI=
=SLsW
-----END PGP SIGNATURE-----
--=-=-=--

--===============7819117249417747751==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


--===============7819117249417747751==--