Re: [gmime-devel] Using GMimeDecryptResult - certificate information?
- From: Jeffrey Stedfast <fejj gnome org>
- To: Daniel Kahn Gillmor <dkg fifthhorseman net>,	Gaute Hope <eg gaute vetsj com>,	gmime development <gmime-devel-list gnome org>
- Subject: Re: [gmime-devel] Using GMimeDecryptResult - certificate information?
- Date: Sat, 10 Dec 2016 14:51:26 -0500
On 12/10/2016 12:23 PM, Daniel Kahn Gillmor wrote:
On Sat 2016-12-10 16:44:00 +0100, Jeffrey Stedfast <fejj gnome org> wrote:
It's clear to me based on the unit tests that if use_agent = FALSE, then
we cannot use --batch when signing or decrypting because we need to
interactively supply a passphrase to gpg.
Since you were setting use_agent = TRUE, perhaps the solution to this
problem is to use --batch for sign/decrypt if use_agent = TRUE.
Unfortunately I'm having trouble getting use_agent = TRUE to work, it
seems that the gpg-agent always immediately fails with an error about
invalid ioctl for device.
I'm guessing that I need to configure a gpg-agent or something, but I'm
not entirely sure how.
what version of gpg are you testing against?
gnupg 2.1.x always uses a cryptographic agent, so "use_agent" is a bit
of a misnomer in this case.
With GnuPG versions before 2.1.x, i also saw the test failures you
describe :/  This sort of version compatibility issue is something that
gpgme is supposed to hide for you as a developer, though.
       --dkg
I'm testing against several versions:
* 1.4.21 (Fedora 25): The use of --batch caused this version to fail if 
a passphrase was needed (at least when the use of the agent was 
disabled). If I enable use_agent, then this fails - but it looks as 
though the agent is getting an ioctl error and bailing, I just don't 
know why.
* 2.1.13 (Fedora 25): Even after fixing the --batch, this continued to 
fail until I realized that the version parsing in testsuite.c was based 
on "gpg" and not "gpg2". Fixing the unit tests to make sure that the 
same "gpg" executable name was used by both the GMimeGpgContext and the 
code to setup a GPGHOME, then this began working correctly. Enabling 
use_agent fails here as well, even if I don't add the pinentry-mode to 
the gpg.conf - as with 1.4.21, it appears the gpg-agent is getting an 
ioctl error.
* 2.0.30 (Mac): This gets a gpg-agent ioctl error even when use_agent is 
set to FALSE, so clearly it isn't respecting that option. The man-page 
seems to confirm that suspicion by saying that the agent is *always* 
required.
I had already made up my mind that switching to gpgme was the way to go, 
but this cements that decision.
Daniel, could you check to make sure the flurry of changes I made in the 
past 24 hours hasn't broken anything for you? If not (hopefully not), 
I'll push out a release as-is and then I think it'll be time to switch 
gears to "GMime 2.8" and using gpgme for PGP support.
Thanks,
Jeff
[
Date Prev][
Date Next]   [
Thread Prev][
Thread Next]   
[
Thread Index]
[
Date Index]
[
Author Index]