Windows doesn't have EUIDs, so instead we'll check that the usernames
match. This doesn't seem the least bit secure to me, but it's Windows so
they're probably owned anyway. If anyone knows one of the "proper" ways
to determine if another process has the same owner on Windows, I'd love
to know about it.
* FIXES Issue #58 but I don't have a Windows machine to test so maybe
it's still broken.
https://github.com/isislovecruft/python-gnupg/issues/58
* FIXES and issue discovered by ttanner (https://github.com/ttanner)
in `gnupg._meta.GPGBase._check_sane_and_get_gpg_version()` where the
GnuPG process wasn't closed and its file descriptors were left
hanging.
* FIXES part of Issue #63.
https://github.com/isislovecruft/python-gnupg/issues/63
There were so many hanging FD issues when I started patching
upstream python-gnupg ― I doubt I found all of them. I probably even
introduced some along the way. And, as ttanner pointed out, this
patch doesn't fix the issue fully, so there are likely more.
* ADD new `gnupg._meta.GPGBase._set_verbose()` method, which will set
`'basic'` as the default `--debug-level` for GnuPG, if the user did
something weird like specifying `verbose=True` or typoing one of the
string levels (e.g. `verbose='guruu'`).
* CHANGE behaviour so that `gnupg.GPG.binary_version` is set in
`gnupg._meta.GPGBase.__init__()`, instead of `gnupg.GPG.__init__()`.
* ADD new `gnupg._meta.GPGBase._check_sane_and_get_gpg_version()`
method, and move logic for doing a sanity check on the binary and
getting the binary's version, which was previously in
`gnupg.GPG.__init__()`, into this new method.
* ADD an additional field for the `binary_version` to the logger call
which displays initialisation settings when `gnupg.GPG.__init__()`
is run.
They aren't required to be ≤ 9, as the previous check in
`gnupg._meta.GPGBase._make_args()` ensured. That is, calling GnuPG from
the commandline, doing:
$ gpg --debug-level=100000 …
is valid, so we should also accept 10000 (even though everything > 8
means the same debug level anyway).
* FIXES Issue#24, which prevented python-gnupg from encrypting to a
filename given as a string to the `output` parameter of
`gnupg.GPGMeta._encrypt()`.
* THANKS TO by Bill Buddington of SecureDrop and Yan Zhu of the
Electronic Frontier Foundation (EFF) for finding and reporting the
bug. The ticket for this bug can be viewed at:
https://github.com/isislovecruft/python-gnupg/issues/24
This is a rather elegant trick from upstream to deal with the differences
between bytesarrays, strings, and unicode literals between Python2.x and
Py3k. However, it doesn't actually make a difference if we're running Py3k or
not to use the trick, since it dynamically calls the builtin type for the
native string in any Python version. It works like so:
>>> import sys
>>> data = '{}\n2 + 2 ≠ 5'.format(sys.version[:5])
>>> print(data)
3.3.2
2 + 2 ≠ 5
>>> type(data)
<class 'str'>
>>> type(data)()
''
>>> unicodedata = u'Mon corps et moi étions un, á cause de cette corde maudite.'
>>> type(unicodedata)
<class 'str'>
Also, in Python2.x:
>>> import sys
>>> data = '{}\n2 + 2 ≠ 5'.format(sys.version[:5])
>>> print data
2.7.5
2 + 2 ≠ 5
>>> type(data)
<type 'str'>
>>> type(data)()
''
>>> unicodedata = u'Mon corps et moi étions un, á cause de cette corde maudite.'
>>> type(unicodedata)
<type 'unicode'>
>>> type(unicodedata)()
u''
For some reason, in GnuPG>=2.x, a missing/corrupted trustdb is a fatal
error. This means that if the homedir was just changed, and any command which
utilizes keys is called (e.g. sign, encrypt, decrypt, etc.) GnuPG dies without
executing the command because we can't find a valid trustdb.
What's even more is that there is a new command in GnuPG>=2.x:
'--fix-trustdb'. You'd think it would, you know, *fix the trustdb*. Hah! Think
again! It prints out a series of shell commands (incorrect ones, at that, as
they don't respect the relevant env variables such as $GNUPGHOME) in a format
which is *not* exec'able (i.e. you can't do something similar to how
$ exec `ssh-agent`
is used). Software engineering, motherfuckers. #FML.
* ADD function _util._deprefix() for stripping a given prefix from the
beginning of another string.
* ADD function _util._separate_keywork() for extracting the keyword from the
beginning of status-fd output.
* REMOVE excess EOL whitespace.
* CLEANUP method gnupg.GPGBase._read_response().
This patch sets the environment variable LANGUGE to 'en', meaning English translation is used for outputs. The string comparisons in test_gpg_binary_version_str failed otherwise when using a non-English locale. Another choice may be to set LANG=C to avoid locales all-in-all.
* ADD docs/change-license-emails.txt, which includes email exchanges between
myself and intrigeri, including links to Debian and LEAP mailing lists with
arguments for and against using AGPL for a library.
* CHANGE license header for all files.
* CHANGE LICENSE file and gnupg/copyright.py to use GPLv3+ text.
* Add GPG._generated_keys as an _utils.InheritableProperty class for storing
a configurable (even by subclasses of GPGBase, without property overrides)
subdirectory of whichever directory gnupg.GPG.homedir is set to. This
subdirectory can be used via the 'separate_keyring=True' option to
gnupg.GPG.gen_key_input(), which will switch temporarily to new pubring.gpg
and secring.gpg keyrings during key creation, and upon finishing creation
of the new key, will ask for the new key's fingerprint, and move the
keyrings into this GPG._generated_keys directory, renamed in the format
"<GPG.homedir>/<GPG._generated_keys>/<fingerprint>.[pub|sec]ring.gpg".
Isis Lovecruft
Tom Galloway
Kali Kaneko
Thomas Tanner
Matt Behrens
drebs
Kali Kaneko
Garrett Robinson
Mikael Nordfeldth