From 1cc07c38c1f4be76a32ff9fccf3fadecda5b1acb Mon Sep 17 00:00:00 2001 From: "rmlibre@riseup.net" Date: Tue, 17 Dec 2019 07:22:41 -0500 Subject: [PATCH] v0.4.7 update - new auto_decrypt() & auto_verify() methods --- CHANGES.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGES.md b/CHANGES.md index 7b7363c..8d25f08 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -3,6 +3,7 @@ - Because of Debian [bug #930665](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930665), and related GnuPG [bug #T4393](https://dev.gnupg.org/T4393), importing keys from the default keyserver [keys.openpgp.org](https://keys.openpgp.org/) doesn't work automatically on all systems. Not without email confirmation, at least. That's because the keyserver will not publish uid information attached to a key before a user confirms access to the email address assigned to the uploaded key. And, because GnuPG folks are still holding up the merging, and back-porting, of patches that would allow GnuPG to automatically handle keys without uids gracefully. This effects the `network_import()` method specifically, but also the `text_import()` and `file_import()` methods, if they happen to be passed a key or filename argument which refers to a key without uid information. The gpg2 binary in this package can be replaced manually if a user's system has access to a patched version. - Because of GnuPG [bug #T3065](https://dev.gnupg.org/T3065#111023), and related [bug #1788190](https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1788190), the `--keyserver` and `--keyserver-options http-proxy` options won't work with onion addresses, and they cause a crash if a keyserver lookup is attempted. This is not entirely an issue for us since we don't use gnupg's networking interface. In fact, we set these environment variables anyway to crash on purpose if gnupg tries to make a network connection. And in case the bug ever gets fixed (it won't), or by accident the options do work in the future, then a tor SOCKSv5 connection will be used instead of a raw connection. - This program may only be reliably compatible with keys that are also created with this program. That's because our terminal parsing is reliant on specific metadata to be similar across all encountered keys. It seems most keys have successfully been parsed with recent updates, though more testing is needed. +- The tests don't currently work when a tester's system has a system installation of tiny_gnupg, and the tests are being run from a local git repo directory. That's because the tests import tiny_gnupg, but if the program is installed in the system, then python will get confused about which keyring to use during the tests. This will lead to crashes and failed tests. Git clone testers probably have to run the test script closer to their system installation, one directory up and into a tests folder. Or pip uninstall tiny_gnupg. OR, send a pull request with an import fix. - Currently, the package is part synchronous, and part asynchronous. This is not ideal, so a decision has to be made: either to stay mixed style, or choose one consistent style. - We're still in unstable and have to build out our test suite. Contributions welcome. ## Minor Changes