| Age | Commit message (Collapse) | Author |
|---|
|
Since October 2018 building notmuch has actually required compiler
that knows C11.
Also this -std=gnu99 was not used in code compiled by configure,
so in theory this could have caused problems...
...but no related reports have been sent, perhaps ever.
Both gcc and clang has been shipping compilers supporting C11
(or later) by default for more than four years now.
Therefore, just dropping -std=gnu99 (and not checking C11
compatibility for now, for simplicity) is easiest to do,
and removes inconsistency between configure and build time
compilations.
|
|
This produces tarballs that are roughly 30% smaller.
|
|
This is just a semantic cleanup -- we have multiple files that are
OpenPGP signatures. And while we're probably making signatures with
GnuPG, they can be verified with any OpenPGP implementation, so "GPG_"
is arguably both not specific enough, and overly-specific.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
Distribute clearsigned sha256sum file in addition to the detached
signature.
Verifies that use the sha256sum ensure that the thing signed includes
the name of the tarball. This defends the verifier by default against
a freeze, rollback, or project substitution attack.
A verifier can use something like the following (as expressed in
bash):
set -o pipefail
wget https://notmuchmail.org/releases/notmuch-$VERSION.tar.gz{,.sha256.asc}
gpgv --keyring ./notmuch-signers.pgp --output - notmuch-$VERSION.tar.gz.sha256.asc | sha256sum -c -
See id:87r2b8w956.fsf@fifthhorseman.net and other messages in that
thread for discussion.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
Adam Majer pointed out in [1] the way were signing releases was
unusual. Neither Carl nor I could think of a good reason for
explicitely signing the checksum (internally of course that's what GPG
is going anyway).
[1] mid:b3fd556d-c346-7af9-a7a2-13b0f3235071@suse.de
|
|
Apparently some systems (MacOS?) have a system library called libutil
and the name conflict causes problems. Since this library is quite
notmuch specific, rename it to something less generic.
|
|
|
|
This package can be created without emacs, but will only be usable in
versions of emacs supporting package.el
|
|
I noticed when trying to use VERSION (and derived variables) in a
subdirectory that the top level Makefile.local needed to be included
first. But according to c10085c77b407d9ea704f8b4f9e0a805f63e72cb it
actually needs to be last. To break this conflict, move the variables
definitions into a new Makefile.global.
|
