Re: [gmime-devel] Using GMimeDecryptResult - certificate information?

From: Jeffrey Stedfast <fejj gnome org>
To: Daniel Kahn Gillmor <dkg fifthhorseman net>, Gaute Hope <eg gaute vetsj com>, gmime development <gmime-devel-list gnome org>
Subject: Re: [gmime-devel] Using GMimeDecryptResult - certificate information?
Date: Sat, 10 Dec 2016 14:51:26 -0500

On 12/10/2016 12:23 PM, Daniel Kahn Gillmor wrote:

On Sat 2016-12-10 16:44:00 +0100, Jeffrey Stedfast <fejj gnome org> wrote:

It's clear to me based on the unit tests that if use_agent = FALSE, then
we cannot use --batch when signing or decrypting because we need to
interactively supply a passphrase to gpg.

Since you were setting use_agent = TRUE, perhaps the solution to this
problem is to use --batch for sign/decrypt if use_agent = TRUE.

Unfortunately I'm having trouble getting use_agent = TRUE to work, it
seems that the gpg-agent always immediately fails with an error about
invalid ioctl for device.

I'm guessing that I need to configure a gpg-agent or something, but I'm
not entirely sure how.

what version of gpg are you testing against?

gnupg 2.1.x always uses a cryptographic agent, so "use_agent" is a bit
of a misnomer in this case.

With GnuPG versions before 2.1.x, i also saw the test failures you
describe :/  This sort of version compatibility issue is something that
gpgme is supposed to hide for you as a developer, though.

       --dkg


I'm testing against several versions:

* 1.4.21 (Fedora 25): The use of --batch caused this version to fail ifa passphrase was needed (at least when the use of the agent wasdisabled). If I enable use_agent, then this fails - but it looks asthough the agent is getting an ioctl error and bailing, I just don'tknow why.

* 2.1.13 (Fedora 25): Even after fixing the --batch, this continued tofail until I realized that the version parsing in testsuite.c was basedon "gpg" and not "gpg2". Fixing the unit tests to make sure that thesame "gpg" executable name was used by both the GMimeGpgContext and thecode to setup a GPGHOME, then this began working correctly. Enablinguse_agent fails here as well, even if I don't add the pinentry-mode tothe gpg.conf - as with 1.4.21, it appears the gpg-agent is getting anioctl error.

* 2.0.30 (Mac): This gets a gpg-agent ioctl error even when use_agent isset to FALSE, so clearly it isn't respecting that option. The man-pageseems to confirm that suspicion by saying that the agent is *always*required.

I had already made up my mind that switching to gpgme was the way to go,but this cements that decision.

Daniel, could you check to make sure the flurry of changes I made in thepast 24 hours hasn't broken anything for you? If not (hopefully not),I'll push out a release as-is and then I think it'll be time to switchgears to "GMime 2.8" and using gpgme for PGP support.



Thanks,


Jeff

Follow-Ups:
- Re: [gmime-devel] Using GMimeDecryptResult - certificate information?
  - From: Daniel Kahn Gillmor

References:
- Re: [gmime-devel] Using GMimeDecryptResult - certificate information?
  - From: Jeffrey Stedfast
- Re: [gmime-devel] Using GMimeDecryptResult - certificate information?
  - From: Gaute Hope
- Re: [gmime-devel] Using GMimeDecryptResult - certificate information?
  - From: Jeffrey Stedfast
- Re: [gmime-devel] Using GMimeDecryptResult - certificate information?
  - From: Daniel Kahn Gillmor

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]