Closed Bug 1627911 Opened 5 years ago Closed 4 years ago

Implement GPGME access for public key import and secret key operations

Categories

(MailNews Core :: Security: OpenPGP, enhancement)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(thunderbird_esr78 unaffected)

Status:
RESOLVED FIXED
Milestone:
81 Branch
Tracking Flags:
Tracking Status
thunderbird_esr78 --- unaffected

People

(Reporter: KaiE, Assigned: KaiE)

References

(Blocks 1 open bug)

Details

(Keywords: leave-open)

Attachments

(2 files)

gpgme-winnt.patch [checked in] [beta 78 checked in]
(deleted), patch
KaiE
: review+
wsmwk
: approval-comm-beta+
Details | Diff | Splinter Review
gpgme-macos.patch [checked in] [beta 78 checked in]
(deleted), patch
KaiE
: review+
wsmwk
: approval-comm-beta+
Details | Diff | Splinter Review

It would be good to implement access to GnuPG using GPGME.

Useful operations are:

  • list available secret and public keys
  • secret key operations (sign and decrypt)
  • extract a public key (for importing it into TB)

A mechanism to directly use a secret key, managed by GnuPG, instead of exporting and importing it, would enable us to use smartcards that are supported by GnuPG.

Blocks: 1595228
Blocks: 1627736

Initial GPGME bindings were already added in bug 1633288.
A fallback attempt to GPGME is currently active.

We should add a pref, that allows the user to disable/enable the use of GPGME.
For now, I'd disable that pref by default, unless we have support for digital signing with GPGME.

We should also change the message that's shown on the debug console. We shouldn't talk about "required GPGME", but rather about "optional GPGME".

This probably doesn't block bug 1627736, moving to "see also".

No longer blocks: 1627736
See Also: → https://bugzilla.mozilla.org/show_bug.cgi?id=1627736
Depends on: 1636791

I tried using gpgme on Windows. It doesn't work directly because both, the binary distribution of GnuPG 2.2 and gpg4win store the library as "libgpgme-11.dll". Attached is a patch that fixes this.

NOTE: Unfortunately gpg4win is only available for Win32. TB for x64 thus can't use the library.

Attachment #9153019 - Flags: review?(kaie)
Assignee: nobody → kaie

(In reply to Patrick Brunschwig from comment #3)

NOTE: Unfortunately gpg4win is only available for Win32. TB for x64 thus can't use the library.

That's sad.
We might want to ask the developers why.

Patrick, do you know the filename on macOS ?

Comment on attachment 9153019 [details] [diff] [review] gpgme-winnt.patch [checked in] [beta 78 checked in] I'll check this in, probably together with bug 1642614
Attachment #9153019 - Flags: review?(kaie) → review+
Keywords: leave-open
Pushed by kaie@kuix.de: https://hg.mozilla.org/comm-central/rev/7dd6c3ae55d4 Try common filename for GPGME dll on Windows. r=kaie DONTBUILD
Attachment #9153019 - Attachment description: gpgme-winnt.patch → gpgme-winnt.patch [checked in]

I'm working on it. The filename is standard, but I fear we will need to manually search for the library (full path). I'll have a patch in a few days.

Comment on attachment 9153019 [details] [diff] [review] gpgme-winnt.patch [checked in] [beta 78 checked in] Need Beta uplift for OpenPGP feature work.
Attachment #9153019 - Flags: approval-comm-beta?

Here is a patch that makes GPGME work on macOS. Unfortunately, macOS doesn't simply search in /usr/local/lib, such that we need to specify some paths explicitly.

I made the patch generic, i.e. it applies to any non-Windows system.

Specifically for macOS:

  • if you use gpgOSX, then GPGME will be found in /usr/local/bin
  • if you use brew or fink the GPGME will be found in /opt/local/bin
Attachment #9154766 - Flags: review?(kaie)
Attachment #9154766 - Flags: review?(kaie) → review+
Pushed by kaie@kuix.de: https://hg.mozilla.org/comm-central/rev/f02863ab01e3 Try loading GPGME library from /usr/local/lib or /opt/local/lib. r=kaie
Comment on attachment 9154766 [details] [diff] [review] gpgme-macos.patch [checked in] [beta 78 checked in] Needed for OpenPGP
Attachment #9154766 - Attachment description: gpgme-macos.patch → gpgme-macos.patch [checked in]
Attachment #9154766 - Flags: approval-comm-beta?
Comment on attachment 9153019 [details] [diff] [review] gpgme-winnt.patch [checked in] [beta 78 checked in] Approved for beta
Attachment #9153019 - Flags: approval-comm-beta? → approval-comm-beta+
Comment on attachment 9154766 [details] [diff] [review] gpgme-macos.patch [checked in] [beta 78 checked in] Approved for beta
Attachment #9154766 - Flags: approval-comm-beta? → approval-comm-beta+
Attachment #9153019 - Attachment description: gpgme-winnt.patch [checked in] → gpgme-winnt.patch [checked in] [beta 78 checked in]
Comment on attachment 9154766 [details] [diff] [review] gpgme-macos.patch [checked in] [beta 78 checked in] https://hg.mozilla.org/releases/comm-beta/rev/b06a7c1b08f72733d9c07b038842c91ec93aedcd https://hg.mozilla.org/releases/comm-beta/rev/a894f36fc41ae6e5c067ed699ebf71b612e2d46e
Attachment #9154766 - Attachment description: gpgme-macos.patch [checked in] → gpgme-macos.patch [checked in] [beta 78 checked in]

As mentioned in https://bugzilla.mozilla.org/show_bug.cgi?id=1642614#c22 already, the right library name to load is libgpgme.so.11, not libgpgme.so. The later is installed only as part of devel headers on major distros (at least Debian and Fedora) and are not expected to be present on user machines.

(In reply to Marek Marczykowski-Górecki from comment #16)

As mentioned in https://bugzilla.mozilla.org/show_bug.cgi?id=1642614#c22 already, the right library name to load is libgpgme.so.11, not libgpgme.so. The later is installed only as part of devel headers on major distros (at least Debian and Fedora) and are not expected to be present on user machines.

This was added in bug 1603782.

With all the work that was done in other bugs, we can close this one.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → 81 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: