From mboxrd@z Thu Jan 1 00:00:00 1970 Received: by 10.42.179.196 with SMTP id br4cs148576icb; Mon, 6 Dec 2010 15:54:07 -0800 (PST) Received: by 10.224.11.145 with SMTP id t17mr5350057qat.54.1291679647209; Mon, 06 Dec 2010 15:54:07 -0800 (PST) Return-Path: Received: from rubyforge.org (rubyforge.org [205.234.109.19]) by mx.google.com with ESMTP id my11si11936034qcb.161.2010.12.06.15.54.06; Mon, 06 Dec 2010 15:54:07 -0800 (PST) Received-SPF: pass (google.com: domain of sup-devel-bounces@rubyforge.org designates 205.234.109.19 as permitted sender) client-ip=205.234.109.19; Authentication-Results: mx.google.com; spf=pass (google.com: domain of sup-devel-bounces@rubyforge.org designates 205.234.109.19 as permitted sender) smtp.mail=sup-devel-bounces@rubyforge.org; dkim=neutral (body hash did not verify) header.i=@gmail.com Received: from rubyforge.org (rubyforge.org [127.0.0.1]) by rubyforge.org (Postfix) with ESMTP id C0D761858267 for ; Mon, 6 Dec 2010 18:54:06 -0500 (EST) Received: from mail-qy0-f178.google.com (mail-qy0-f178.google.com [209.85.216.178]) by rubyforge.org (Postfix) with ESMTP id 210B9167831C for ; Mon, 6 Dec 2010 18:31:43 -0500 (EST) Received: by qyk33 with SMTP id 33so13599954qyk.2 for ; Mon, 06 Dec 2010 15:31:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=7+Em1MHCQe1cwoRCSaAyJsmlxnamUGL63e+JA2fkrm4=; b=AfR833Vkmxf5ufVxsl24+hYQF20XMgaNMzXSxCt0rh3R19+UZn3pIePPI3mlPTMfwh 2Z/xCGraGpMSXLVHtnwNgYP/Jmabv6oRx9SQLRRnmNQZ4r++ojowYx4H/JdnNx8mYqtf EjU7s66JG6zuy1DTJRNw2RQw0z6hmd4tsZ/3s= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=PZRFHeXTt+Ymc/LUTgbrzYeboAsIF6JakbKPJH1nIkmIOAXw8F15fdxYQxlPubS42T ZQs3P7D+rTcODGPfU7i6o6gOEXQzlEYBU2G4XQ+wVCYVxtAnRK1+N0neePsOj6DA98Ii 3sdIjNfw3bgmLq+IuA1F/Tk2MfU3uJ04qGM84= MIME-Version: 1.0 Received: by 10.229.84.147 with SMTP id j19mr4995251qcl.155.1291678303676; Mon, 06 Dec 2010 15:31:43 -0800 (PST) Received: by 10.229.127.17 with HTTP; Mon, 6 Dec 2010 15:31:43 -0800 (PST) In-Reply-To: <1291023322-sup-8457@meteor.durcheinandertal.local> References: <1289466286-sup-7540@meteor.durcheinandertal.local> <1289907535-sup-3989@meteor.durcheinandertal.local> <1289932061-sup-96@meteor.durcheinandertal.local> <1291023322-sup-8457@meteor.durcheinandertal.local> Date: Mon, 6 Dec 2010 23:31:43 +0000 Message-ID: From: Hamish D To: Sup developer discussion Content-Type: multipart/mixed; boundary=0016364ee38a7468b60496c64a47 Subject: Re: [sup-devel] [PATCH] Converted crypto to use the gpgme gem X-BeenThere: sup-devel@rubyforge.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: Sup developer discussion List-Id: Sup developer discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: sup-devel-bounces@rubyforge.org Errors-To: sup-devel-bounces@rubyforge.org --0016364ee38a7468b60496c64a47 Content-Type: text/plain; charset=UTF-8 > I just discovered another problem: If the secret key is not available > (because it's on a removable media and the media is not mounted), the > mail is sent anyway. While this is just a bit annoying for signed mail > it definitely should not happen for encrypted mails. Current sup > corectly fails in this case. I have replicated this (by turning off gpg agent) but I'm confused as to why this is happening. If I try the same steps in irb I get an exception, and this should be caught and dealt with in the same way as current sup does. I guess I'll have to keep trying to replicate more and more of the path way through ... sigh. Once I have worked out the proper logic I can then add some extra checks for ensuring that gpg agent is running and that sup knows where to find it. I could even have sup ask you for your gpg passphrase with gpgme. There might be some security issues with having ruby ask you for your passphrase I guess, but I don't think it would be worse than gpg agent. gpg agent doesn't seem to have the suid bit set, though maybe as a C program it can be more rigorous about overwriting your passphrase in memory. I could always implement it as a hook with gpg agent as the default. > It would also be nice to have different colors for different trust > levels. So you don't have to expand the extra information to see if a > valid signature is trusted or not. Is this already possible with the > current hook? That requires code changes, but I've done that and attached a patch (intended to go on top of the other 4 patches). Now untrusted signatures have a blue background. (Trusted signatures have a default background - black normally, and bad signatures have a red background). All signatures have yellow text. I'm quite open to a different colour scheme being chosen if someone thinks something else would be clearer. Hamish Downer --0016364ee38a7468b60496c64a47 Content-Type: text/x-patch; charset=US-ASCII; name="0005-added-color-for-untrusted-cryptonotice.patch" Content-Disposition: attachment; filename="0005-added-color-for-untrusted-cryptonotice.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_ghdza1sk1 RnJvbSBiOTkzNDNkZDM1ODM2MWFjNDdjOWUwMDE5OGI1MmRmMjhmYmQ5NWNjIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBIYW1pc2ggRG93bmVyIDxkbWlzaGRAZ21haWwuY29tPgpEYXRl OiBNb24sIDYgRGVjIDIwMTAgMjI6MzM6MTcgKzAwMDAKU3ViamVjdDogW1BBVENIIDUvNV0gYWRk ZWQgY29sb3IgZm9yIHVudHJ1c3RlZCBjcnlwdG9ub3RpY2UKCi0tLQogbGliL3N1cC9jb2xvcm1h cC5yYiAgICAgICB8ICAgIDEgKwogbGliL3N1cC9jcnlwdG8ucmIgICAgICAgICB8ICAgMjkgKysr KysrKysrKysrKysrKysrKystLS0tLS0tLS0KIGxpYi9zdXAvbWVzc2FnZS1jaHVua3MucmIgfCAg ICAxICsKIDMgZmlsZXMgY2hhbmdlZCwgMjIgaW5zZXJ0aW9ucygrKSwgOSBkZWxldGlvbnMoLSkK CmRpZmYgLS1naXQgYS9saWIvc3VwL2NvbG9ybWFwLnJiIGIvbGliL3N1cC9jb2xvcm1hcC5yYgpp bmRleCA3ZGU0OGRiLi44NDAyYWRkIDEwMDY0NAotLS0gYS9saWIvc3VwL2NvbG9ybWFwLnJiCisr KyBiL2xpYi9zdXAvY29sb3JtYXAucmIKQEAgLTQwLDYgKzQwLDcgQEAgY2xhc3MgQ29sb3JtYXAK ICAgICA6bWlzc2luZ19tZXNzYWdlID0+IHsgOmZnID0+ICJibGFjayIsIDpiZyA9PiAicmVkIiB9 LAogICAgIDphdHRhY2htZW50ID0+IHsgOmZnID0+ICJjeWFuIiwgOmJnID0+ICJkZWZhdWx0IiB9 LAogICAgIDpjcnlwdG9zaWdfdmFsaWQgPT4geyA6ZmcgPT4gInllbGxvdyIsIDpiZyA9PiAiZGVm YXVsdCIsIDphdHRycyA9PiBbImJvbGQiXSB9LAorICAgIDpjcnlwdG9zaWdfdmFsaWRfdW50cnVz dGVkID0+IHsgOmZnID0+ICJ5ZWxsb3ciLCA6YmcgPT4gImJsdWUiLCA6YXR0cnMgPT4gWyJib2xk Il0gfSwKICAgICA6Y3J5cHRvc2lnX3Vua25vd24gPT4geyA6ZmcgPT4gImN5YW4iLCA6YmcgPT4g ImRlZmF1bHQiIH0sCiAgICAgOmNyeXB0b3NpZ19pbnZhbGlkID0+IHsgOmZnID0+ICJ5ZWxsb3ci LCA6YmcgPT4gInJlZCIsIDphdHRycyA9PiBbImJvbGQiXSB9LAogICAgIDpnZW5lcmljX25vdGlj ZV9wYXRpbmEgPT4geyA6ZmcgPT4gImN5YW4iLCA6YmcgPT4gImRlZmF1bHQiIH0sCmRpZmYgLS1n aXQgYS9saWIvc3VwL2NyeXB0by5yYiBiL2xpYi9zdXAvY3J5cHRvLnJiCmluZGV4IGI5ZmZiMTcu LmU1MzIyNjEgMTAwNjQ0Ci0tLSBhL2xpYi9zdXAvY3J5cHRvLnJiCisrKyBiL2xpYi9zdXAvY3J5 cHRvLnJiCkBAIC0xMjEsMTEgKzEyMSwxNSBAQCBFT1MKICAgZGVmIHZlcmlmaWVkX29rPyB2ZXJp ZnlfcmVzdWx0CiAgICAgdmFsaWQgPSB0cnVlCiAgICAgdW5rbm93biA9IGZhbHNlCi0gICAgb3V0 cHV0X2xpbmVzID0gW10KKyAgICBhbGxfb3V0cHV0X2xpbmVzID0gW10KKyAgICBhbGxfdHJ1c3Rl ZCA9IHRydWUKIAogICAgIHZlcmlmeV9yZXN1bHQuc2lnbmF0dXJlcy5lYWNoIGRvIHxzaWduYXR1 cmV8Ci0gICAgICBvdXRwdXRfbGluZXMucHVzaChzaWdfb3V0cHV0X2xpbmVzKHNpZ25hdHVyZSkp Ci0gICAgICBvdXRwdXRfbGluZXMuZmxhdHRlbiEKKyAgICAgIG91dHB1dF9saW5lcywgdHJ1c3Rl ZCA9IHNpZ19vdXRwdXRfbGluZXMgc2lnbmF0dXJlCisgICAgICBhbGxfb3V0cHV0X2xpbmVzIDw8 IG91dHB1dF9saW5lcworICAgICAgYWxsX291dHB1dF9saW5lcy5mbGF0dGVuIQorICAgICAgYWxs X3RydXN0ZWQgJiY9IHRydXN0ZWQKKwogICAgICAgZXJyX2NvZGUgPSBHUEdNRTo6Z3BnbWVfZXJy X2NvZGUoc2lnbmF0dXJlLnN0YXR1cykKICAgICAgIGlmIGVycl9jb2RlID09IEdQR01FOjpHUEdf RVJSX0JBRF9TSUdOQVRVUkUKICAgICAgICAgdmFsaWQgPSBmYWxzZSAKQEAgLTEzNSwxNCArMTM5 LDE4IEBAIEVPUwogICAgICAgZW5kCiAgICAgZW5kCiAKLSAgICBpZiBvdXRwdXRfbGluZXMubGVu Z3RoID09IDAKLSAgICAgIENodW5rOjpDcnlwdG9Ob3RpY2UubmV3IDp2YWxpZCwgIkVuY3J5cHRl ZCBtZXNzYWdlIHdhc24ndCBzaWduZWQiLCBvdXRwdXRfbGluZXMKKyAgICBpZiBhbGxfb3V0cHV0 X2xpbmVzLmxlbmd0aCA9PSAwCisgICAgICBDaHVuazo6Q3J5cHRvTm90aWNlLm5ldyA6dmFsaWQs ICJFbmNyeXB0ZWQgbWVzc2FnZSB3YXNuJ3Qgc2lnbmVkIiwgYWxsX291dHB1dF9saW5lcwogICAg IGVsc2lmIHZhbGlkCi0gICAgICBDaHVuazo6Q3J5cHRvTm90aWNlLm5ldyg6dmFsaWQsIHNpbXBs aWZ5X3NpZ19saW5lKHZlcmlmeV9yZXN1bHQuc2lnbmF0dXJlc1swXS50b19zKSwgb3V0cHV0X2xp bmVzKQorICAgICAgaWYgYWxsX3RydXN0ZWQKKyAgICAgICAgQ2h1bms6OkNyeXB0b05vdGljZS5u ZXcoOnZhbGlkLCBzaW1wbGlmeV9zaWdfbGluZSh2ZXJpZnlfcmVzdWx0LnNpZ25hdHVyZXNbMF0u dG9fcyksIGFsbF9vdXRwdXRfbGluZXMpCisgICAgICBlbHNlCisgICAgICAgIENodW5rOjpDcnlw dG9Ob3RpY2UubmV3KDp2YWxpZF91bnRydXN0ZWQsIHNpbXBsaWZ5X3NpZ19saW5lKHZlcmlmeV9y ZXN1bHQuc2lnbmF0dXJlc1swXS50b19zKSwgYWxsX291dHB1dF9saW5lcykKKyAgICAgIGVuZAog ICAgIGVsc2lmICF1bmtub3duCi0gICAgICBDaHVuazo6Q3J5cHRvTm90aWNlLm5ldyg6aW52YWxp ZCwgc2ltcGxpZnlfc2lnX2xpbmUodmVyaWZ5X3Jlc3VsdC5zaWduYXR1cmVzWzBdLnRvX3MpLCBv dXRwdXRfbGluZXMpCisgICAgICBDaHVuazo6Q3J5cHRvTm90aWNlLm5ldyg6aW52YWxpZCwgc2lt cGxpZnlfc2lnX2xpbmUodmVyaWZ5X3Jlc3VsdC5zaWduYXR1cmVzWzBdLnRvX3MpLCBhbGxfb3V0 cHV0X2xpbmVzKQogICAgIGVsc2UKLSAgICAgIHVua25vd25fc3RhdHVzIG91dHB1dF9saW5lcwor ICAgICAgdW5rbm93bl9zdGF0dXMgYWxsX291dHB1dF9saW5lcwogICAgIGVuZAogICBlbmQKIApA QCAtMjczLDYgKzI4MSw3IEBAIHByaXZhdGUKICAgICAgICAgICAgICAgICAia2V5IElEICIgKyBz aWduYXR1cmUuZmluZ2VycHJpbnRbLTguLi0xXQogICAgIG91dHB1dF9saW5lcyA9IFt0aW1lX2xp bmUsIGZpcnN0X3NpZ10KIAorICAgIHRydXN0ZWQgPSBmYWxzZQogICAgIGlmIGZyb21fa2V5IAog ICAgICAgIyBmaXJzdCBsaXN0IGFsbCB0aGUgdWlkcwogICAgICAgaWYgZnJvbV9rZXkudWlkcy5s ZW5ndGggPiAxCkBAIC0yODQsMTMgKzI5MywxNSBAQCBwcml2YXRlCiAgICAgICBpZiBzaWduYXR1 cmUudmFsaWRpdHkgIT0gR1BHTUU6OkdQR01FX1ZBTElESVRZX0ZVTEwgJiYgc2lnbmF0dXJlLnZh bGlkaXR5ICE9IEdQR01FOjpHUEdNRV9WQUxJRElUWV9NQVJHSU5BTAogICAgICAgICBvdXRwdXRf bGluZXMgPDwgIldBUk5JTkc6IFRoaXMga2V5IGlzIG5vdCBjZXJ0aWZpZWQgd2l0aCBhIHRydXN0 ZWQgc2lnbmF0dXJlISIKICAgICAgICAgb3V0cHV0X2xpbmVzIDw8ICJUaGVyZSBpcyBubyBpbmRp Y2F0aW9uIHRoYXQgdGhlIHNpZ25hdHVyZSBiZWxvbmdzIHRvIHRoZSBvd25lciIKKyAgICAgIGVs c2UKKyAgICAgICAgdHJ1c3RlZCA9IHRydWUKICAgICAgIGVuZAogCiAgICAgICAjIGZpbmFsbHks IHJ1biB0aGUgaG9vawogICAgICAgb3V0cHV0X2xpbmVzIDw8IEhvb2tNYW5hZ2VyLnJ1bigic2ln LW91dHB1dCIsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgezpzaWduYXR1cmUgPT4g c2lnbmF0dXJlLCA6ZnJvbV9rZXkgPT4gZnJvbV9rZXl9KQogICAgIGVuZAotICAgIG91dHB1dF9s aW5lcworICAgIHJldHVybiBvdXRwdXRfbGluZXMsIHRydXN0ZWQKICAgZW5kCiAKICAgZGVmIGtl eV90eXBlIGtleSwgZnByCmRpZmYgLS1naXQgYS9saWIvc3VwL21lc3NhZ2UtY2h1bmtzLnJiIGIv bGliL3N1cC9tZXNzYWdlLWNodW5rcy5yYgppbmRleCAwMmQyOGY2Li4wMDk3NDUwIDEwMDY0NAot LS0gYS9saWIvc3VwL21lc3NhZ2UtY2h1bmtzLnJiCisrKyBiL2xpYi9zdXAvbWVzc2FnZS1jaHVu a3MucmIKQEAgLTI3Miw2ICsyNzIsNyBAQCBFT1MKICAgICBkZWYgcGF0aW5hX2NvbG9yCiAgICAg ICBjYXNlIHN0YXR1cwogICAgICAgd2hlbiA6dmFsaWQgdGhlbiA6Y3J5cHRvc2lnX3ZhbGlkX2Nv bG9yCisgICAgICB3aGVuIDp2YWxpZF91bnRydXN0ZWQgdGhlbiA6Y3J5cHRvc2lnX3ZhbGlkX3Vu dHJ1c3RlZF9jb2xvcgogICAgICAgd2hlbiA6aW52YWxpZCB0aGVuIDpjcnlwdG9zaWdfaW52YWxp ZF9jb2xvcgogICAgICAgZWxzZSA6Y3J5cHRvc2lnX3Vua25vd25fY29sb3IKICAgICAgIGVuZAot LSAKMS43LjEKCg== --0016364ee38a7468b60496c64a47 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Sup-devel mailing list Sup-devel@rubyforge.org http://rubyforge.org/mailman/listinfo/sup-devel --0016364ee38a7468b60496c64a47--