Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mutt: add option to configure S/MIME and GnuPG #31207

Merged
merged 1 commit into from Nov 22, 2017
Merged

mutt: add option to configure S/MIME and GnuPG #31207

merged 1 commit into from Nov 22, 2017

Conversation

rnhmjoj
Copy link
Contributor

@rnhmjoj rnhmjoj commented Nov 3, 2017
edited

Motivation for this change

Fix #31102

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change
  • Tested compilation of all pkgs that depend on this change
  • Tested execution of all binary files
  • Fits CONTRIBUTING.md.

I set gpgSupport and smimeSupport default off because we already have GPGME and it should be preferred.

@rnhmjoj
Copy link
Contributor Author

rnhmjoj commented Nov 14, 2017

cc: @matthiasbeyer @catern @kosmikus @the-kenny

matthiasbeyer
matthiasbeyer reviewed Nov 15, 2017
View reviewed changes
pkgs/applications/networking/mailreaders/mutt/default.nix
sed -i 's#/usr/bin/openssl#${openssl}/bin/openssl#' smime_keys.pl
'';
patches = optional smimeSupport (fetchpatch {
url = "https://sources.debian.net/src/mutt/1.7.2-1/debian/patches/misc/smime.rc.patch";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This patch works with our version of mutt?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Basically it enables the configuration samples, minus a few options. I tested it with GnuPG. Someone should try S/SMIME but I think it should be fine.

@dkellner
Copy link

I can confirm S/MIME works as expected using the new smimeSupport. I tested it using:

$ nix-build -E 'with import <nixpkgs> { }; callPackage ./mutt-pr-31207.nix { smimeSupport = true; }'
$ result/bin/mutt

Furthermore, I dumped the configuration with mutt -D and result/bin/mutt -D and compared the results:

128c128
< mailcap_path="~/.mailcap:/nix/store/bvlm8ls85pyvl650i9f3iibgyqggs1ww-mutt-1.9.1/share/mutt/mailcap:/nix/store/bvlm8ls85pyvl650i9f3iibgyqggs1ww-mutt-1.9.1/etc/mailcap:/etc/mailcap:/usr/etc/mailcap:/usr/local/etc/mailcap"
---
> mailcap_path="~/.mailcap:/nix/store/1bvxzdl4s1cr3hhym3hnnp7l8wygkdil-mutt-1.9.1/share/mutt/mailcap:/nix/store/1bvxzdl4s1cr3hhym3hnnp7l8wygkdil-mutt-1.9.1/etc/mailcap:/etc/mailcap:/usr/etc/mailcap:/usr/local/etc/mailcap"
275c275
< smime_decrypt_command=""
---
> smime_decrypt_command="/nix/store/1m0mzcz0aqmlrpjs6606ya2fpsz6f4gs-openssl-1.0.2m-bin/bin/openssl smime -decrypt -passin stdin -inform DER -in %f -inkey %k -recip %c"
278c278
< smime_encrypt_command=""
---
> smime_encrypt_command="/nix/store/1m0mzcz0aqmlrpjs6606ya2fpsz6f4gs-openssl-1.0.2m-bin/bin/openssl smime -encrypt -%a -outform DER -in %f %c"
280,283c280,283
< smime_get_cert_command=""
< smime_get_cert_email_command=""
< smime_get_signer_cert_command=""
< smime_import_cert_command=""
---
> smime_get_cert_command="/nix/store/1m0mzcz0aqmlrpjs6606ya2fpsz6f4gs-openssl-1.0.2m-bin/bin/openssl pkcs7 -print_certs -in %f"
> smime_get_cert_email_command="/nix/store/1m0mzcz0aqmlrpjs6606ya2fpsz6f4gs-openssl-1.0.2m-bin/bin/openssl x509 -in %f -noout -email"
> smime_get_signer_cert_command="/nix/store/1m0mzcz0aqmlrpjs6606ya2fpsz6f4gs-openssl-1.0.2m-bin/bin/openssl smime -verify -in %f -noverify -signer %c -out /dev/null"
> smime_import_cert_command="smime_keys add_cert %f"
286c286
< smime_pk7out_command=""
---
> smime_pk7out_command="/nix/store/1m0mzcz0aqmlrpjs6606ya2fpsz6f4gs-openssl-1.0.2m-bin/bin/openssl smime -verify -in %f -noverify -pk7out"
289c289
< smime_sign_command=""
---
> smime_sign_command="/nix/store/1m0mzcz0aqmlrpjs6606ya2fpsz6f4gs-openssl-1.0.2m-bin/bin/openssl smime -sign -md %d -signer %c -inkey %k -passin stdin -in %f -certfile %i -outform DER"
293,294c293,294
< smime_verify_command=""
< smime_verify_opaque_command=""
---
> smime_verify_command="/nix/store/1m0mzcz0aqmlrpjs6606ya2fpsz6f4gs-openssl-1.0.2m-bin/bin/openssl smime -verify -inform DER -in %s %C -content %f"
> smime_verify_opaque_command="/nix/store/1m0mzcz0aqmlrpjs6606ya2fpsz6f4gs-openssl-1.0.2m-bin/bin/openssl smime -verify -inform DER -in %s %C || /nix/store/1m0mzcz0aqmlrpjs6606ya2fpsz6f4gs-openssl-1.0.2m-bin/bin/openssl smime -verify -inform DER -in %s -nov

@joachifm joachifm merged commit 7059c88 into NixOS:master Nov 22, 2017
@rnhmjoj rnhmjoj deleted the mutt-gpg branch November 28, 2017 09:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matthiasbeyer matthiasbeyer matthiasbeyer left review comments

Assignees
No one assigned
Labels
10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@rnhmjoj @dkellner @matthiasbeyer @joachifm @GrahamcOfBorg