Windows doesn't have EUIDs, so instead we'll check that the usernames
match. This doesn't seem the least bit secure to me, but it's Windows so
they're probably owned anyway. If anyone knows one of the "proper" ways
to determine if another process has the same owner on Windows, I'd love
to know about it.
* FIXES Issue #58 but I don't have a Windows machine to test so maybe
it's still broken.
https://github.com/isislovecruft/python-gnupg/issues/58
This code was broken: Half of it required `options` to be a string, and the
other half required `options` to be a list (which the tests enforced, but the
constructor would silently drop for normal-path initialization).
* FIXES and issue discovered by ttanner (https://github.com/ttanner)
in `gnupg._meta.GPGBase._check_sane_and_get_gpg_version()` where the
GnuPG process wasn't closed and its file descriptors were left
hanging.
* FIXES part of Issue #63.
https://github.com/isislovecruft/python-gnupg/issues/63
There were so many hanging FD issues when I started patching
upstream python-gnupg ― I doubt I found all of them. I probably even
introduced some along the way. And, as ttanner pointed out, this
patch doesn't fix the issue fully, so there are likely more.
* ADD new `gnupg._meta.GPGBase._set_verbose()` method, which will set
`'basic'` as the default `--debug-level` for GnuPG, if the user did
something weird like specifying `verbose=True` or typoing one of the
string levels (e.g. `verbose='guruu'`).
* CHANGE behaviour so that `gnupg.GPG.binary_version` is set in
`gnupg._meta.GPGBase.__init__()`, instead of `gnupg.GPG.__init__()`.
* ADD new `gnupg._meta.GPGBase._check_sane_and_get_gpg_version()`
method, and move logic for doing a sanity check on the binary and
getting the binary's version, which was previously in
`gnupg.GPG.__init__()`, into this new method.
* ADD an additional field for the `binary_version` to the logger call
which displays initialisation settings when `gnupg.GPG.__init__()`
is run.
They aren't required to be ≤ 9, as the previous check in
`gnupg._meta.GPGBase._make_args()` ensured. That is, calling GnuPG from
the commandline, doing:
$ gpg --debug-level=100000 …
is valid, so we should also accept 10000 (even though everything > 8
means the same debug level anyway).
* FIXES Issue#24, which prevented python-gnupg from encrypting to a
filename given as a string to the `output` parameter of
`gnupg.GPGMeta._encrypt()`.
* THANKS TO by Bill Buddington of SecureDrop and Yan Zhu of the
Electronic Frontier Foundation (EFF) for finding and reporting the
bug. The ticket for this bug can be viewed at:
https://github.com/isislovecruft/python-gnupg/issues/24
This is a rather elegant trick from upstream to deal with the differences
between bytesarrays, strings, and unicode literals between Python2.x and
Py3k. However, it doesn't actually make a difference if we're running Py3k or
not to use the trick, since it dynamically calls the builtin type for the
native string in any Python version. It works like so:
>>> import sys
>>> data = '{}\n2 + 2 ≠ 5'.format(sys.version[:5])
>>> print(data)
3.3.2
2 + 2 ≠ 5
>>> type(data)
<class 'str'>
>>> type(data)()
''
>>> unicodedata = u'Mon corps et moi étions un, á cause de cette corde maudite.'
>>> type(unicodedata)
<class 'str'>
Also, in Python2.x:
>>> import sys
>>> data = '{}\n2 + 2 ≠ 5'.format(sys.version[:5])
>>> print data
2.7.5
2 + 2 ≠ 5
>>> type(data)
<type 'str'>
>>> type(data)()
''
>>> unicodedata = u'Mon corps et moi étions un, á cause de cette corde maudite.'
>>> type(unicodedata)
<type 'unicode'>
>>> type(unicodedata)()
u''
For some reason, in GnuPG>=2.x, a missing/corrupted trustdb is a fatal
error. This means that if the homedir was just changed, and any command which
utilizes keys is called (e.g. sign, encrypt, decrypt, etc.) GnuPG dies without
executing the command because we can't find a valid trustdb.
What's even more is that there is a new command in GnuPG>=2.x:
'--fix-trustdb'. You'd think it would, you know, *fix the trustdb*. Hah! Think
again! It prints out a series of shell commands (incorrect ones, at that, as
they don't respect the relevant env variables such as $GNUPGHOME) in a format
which is *not* exec'able (i.e. you can't do something similar to how
$ exec `ssh-agent`
is used). Software engineering, motherfuckers. #FML.
* ADD function _util._deprefix() for stripping a given prefix from the
beginning of another string.
* ADD function _util._separate_keywork() for extracting the keyword from the
beginning of status-fd output.
* REMOVE excess EOL whitespace.
* CLEANUP method gnupg.GPGBase._read_response().
Isis Lovecruft
Thomas Tanner
Charles Duffy
Tom Galloway
Kali Kaneko
Matt Behrens
drebs
Kali Kaneko
Garrett Robinson