thread-based email index, search, and tagging https://git.notmuchmail.org/git/notmuch/atom?h=0.30_rc0 2020-05-31T16:52:33Z 2020-05-31T16:52:33Z Daniel Kahn Gillmor dkg@fifthhorseman.net 2020-05-26T17:06:02Z urn:sha1:b624b406ff004909e30903593e6b4f7dd889c9dc 2020-05-30T15:42:14Z Tomi Ollila tomi.ollila@iki.fi 2020-04-23T21:26:43Z urn:sha1:c9e55a712e1ab4d5e84ba15d07d094865e72ffa1 json_check_nodes.py exists in source tree, not in out of tree build tree. Added -B to the execution so source tree is not "polluted" by a .pyc file when json_check_nodes.py is executed. When creating run_emacs.sh make it load .elc files from out of tree build tree, not from source tree if such files existed. If existed, those may be outdated, or even created by some other emacs than the one that was used to build .elc files in out of tree build dir. 2020-05-09T11:32:51Z Daniel Kahn Gillmor dkg@fifthhorseman.net 2020-05-08T23:24:38Z urn:sha1:627460d7bbbb6b95a07084c2b6fc7f647a5547e1 Several functions in test/test-lib.sh used variable names that are also used outside of those functions (e.g. $output and $expected are used in many of the test scripts), but they are not expected to communicate via those variables. We mark those variables "local" within test-lib.sh so that they do not get clobbered when used outside test-lib. We also move the local variable declarations to beginning of each function, to avoid weird gotchas with local variable declarations as described in https://tldp.org/LDP/abs/html/localvar.html. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2020-04-30T21:02:38Z Daniel Kahn Gillmor dkg@fifthhorseman.net 2020-03-19T04:15:08Z urn:sha1:9055dfdae41ba762b12434fe678fc524ea3ed618 GPGME has a strange failure mode when it is in offline mode, and/or when certificates don't have any CRLs: in particular, it refuses to accept the validity of any certificate other than a "root" cert. This can be worked around by setting the `disable-crl-checks` configuration variable for gpgsm. I've reported this to the GPGME upstream at https://dev.gnupg.org/T4883, but I have no idea how it will be resolved. In the meantime, we'll just work around it. Note that this fixes the test for verification of id:smime-multipart-signed@protected-headers.example, because multipart/signed messages are already handled correctly (one-part PKCS#7 messages will get fixed later). Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2020-04-30T20:57:16Z Daniel Kahn Gillmor dkg@fifthhorseman.net 2020-04-28T18:57:20Z urn:sha1:488e91f42b95c116b387212c90ea47c43c716f5b This test does exactly what it says on the tin. It expects JSON data to be parseable by Python, at least. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2020-04-30T20:55:11Z Daniel Kahn Gillmor dkg@fifthhorseman.net 2020-04-30T19:35:21Z urn:sha1:7c7cebffe6f05c8bbb07c3714fde08562444c72e This is taken from the same Internet Draft that test/smime/ca.crt comes from. See that draft for more details. https://www.ietf.org/id/draft-dkg-lamps-samples-02.html#name-pkcs12-object-for-bob We don't use it yet, but it will be used to decrypt other messages in the test suite. Note that we include it here with an empty passphrase, rather than with the passphrase "bob" that it is supplied with in the I-D. The underlying cryptographic material is the same, but this way we can import cleanly into gpgsm without having a passphrase set on it (gpgsm converts an empty-string passphrase into no passphrase at all on import). Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2020-04-30T20:54:58Z Daniel Kahn Gillmor dkg@fifthhorseman.net 2020-04-30T19:34:21Z urn:sha1:51c43d0e925486b2c7b9a708ba9aebc22dde57a6 Without this fix, we couldn't run both add_gnupg_home and add_gpgsm_home in the same test script. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2020-04-30T20:54:37Z Daniel Kahn Gillmor dkg@fifthhorseman.net 2020-04-28T18:57:13Z urn:sha1:2e351d10c2aba786656715e8334fc2296e22527d The documentation for message mode clearly states that EasyPG (which uses GnuPG) is the default and recommended way to use S/MIME with mml-secure: [0] https://www.gnu.org/software/emacs/manual/html_node/message/Using-S_002fMIME.html To ensure that this mode works, we just need to import the secret key in question into gpgsm in addition to the public key. gpgsm should be able pick the right keys+certificates to use based on To/From headers, so we don't have to specify anything manually in the #secure mml tag. The import process from the OpenSSL-preferred form (cert+secretkey) is rather ugly, because gpgsm wants to see a PKCS#12 object when importing secret keys. Note that EasyPG generates the more modern Content-Type: application/pkcs7-signature instead of application/x-pkcs7-signature for the detached signature. We are also obliged to manually set gpgsm's include-certs setting to 1 because gpgsm defaults to send "everything but the root cert". In our weird test case, the certificate we're using is self-signed, so it *is* the root cert, which means that gpgsm doesn't include it by default. Setting it to 1 forces inclusion of the signer's cert, which satisfies openssl's smime subcommand. See https://dev.gnupg.org/T4878 for more details. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2020-04-30T20:54:03Z Daniel Kahn Gillmor dkg@fifthhorseman.net 2020-04-28T18:57:12Z urn:sha1:f7921e6e1cdbfc1d16488f5b08cf3c9e2bd36b1d Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2020-04-30T20:53:54Z Daniel Kahn Gillmor dkg@fifthhorseman.net 2020-04-30T19:33:29Z urn:sha1:1f21465205f92f68d25ef039b1e111bc26c70b4a This CA is useful for test suites and the like, but is not an actually-secure CA, because its secret key material is also published. I plan to use it for its intended purpose in the notmuch test suite. It was copied from this Internet Draft: https://tools.ietf.org/id/draft-dkg-lamps-samples-01.html#name-certificate-authority-certi Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>