RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1412310 - Rebase gpgme to 1.7.0+
Summary: Rebase gpgme to 1.7.0+
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: gpgme
Version: 7.5
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Frantisek Kluknavsky
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks: 1461652 1465906
TreeView+ depends on / blocked
 
Reported: 2017-01-11 17:42 UTC by Igor Gnatenko
Modified: 2023-09-14 03:37 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-03-28 07:01:51 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Igor Gnatenko 2017-01-11 17:42:02 UTC 
One of main features of newer gpgme is that it provides python bindings which are supported. In RHEL we have only pygpgme which is python bindings for gpgme, but apparently pygpgme upstream (https://launchpad.net/pygpgme) is dead, last release was 2012-03-08, last code change was 2013-02-13.

Couple of things to note:
* Removed libgpgme-pthread.so (I think only 1.8.0+)
  -> libgpgme.so is thread-safe, so all applications should link against libgpgme (but for compatibility reasons, gpgme-config still supports thread-safe option and just returns new soname). This will require rebuilds of all packages linking to this library (kde-runtime, kdenetwork, kdepim, kdepimlibs).
* libgpgme-error needs to be 1.17+ (I think only 1.8.0+)
* pygpgme could stop working (depending on gnupg2 version)
  -> When we updated it in Fedora, it broke pygpgme due to new features, this will require to apply some patches from https://pagure.io/pygpgme/commits/master

Related threads in Fedora ML:
* (pygpgme breakage) ttps://lists.fedoraproject.org/archives/list/devel.org/thread/5DAXFPMJEIISHLKNCYTGYMDLBW2F5GKK/#LMGH7AJ37YPU7FLZA3QBNGNG3R53BQYC
* (gpgme update) https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/FKIY3ILEGGWCDJ5JSMRYZCD26ZGN6QGB/#WYOU4EXEYMUJXQ6QZDF6U6EHNJUTP2TF

------------------------------------------------------------------------------
ABI diff
------------------------------------------------------------------------------
================ changes of 'libgpgme.so.11.8.1'===============
  Functions changes summary: 0 Removed, 4 Changed (50 filtered out), 36 Added functions
  Variables changes summary: 0 Removed, 0 Changed, 0 Added variable

  36 Added functions:

    'function char* gpgme_addrspec_from_uid(const char*)'    {gpgme_addrspec_from_uid@@GPGME_1.1}
    'function gpgme_data_type_t gpgme_data_identify(int)'    {gpgme_data_identify@@GPGME_1.1}
    'function gpg_error_t gpgme_data_set_flag(const char*, const char*)'    {gpgme_data_set_flag@@GPGME_1.1}
    'function const char* gpgme_get_ctx_flag(const char*)'    {gpgme_get_ctx_flag@@GPGME_1.1}
    'function const char* gpgme_get_dirinfo(const char*)'    {gpgme_get_dirinfo@@GPGME_1.1}
    'function int gpgme_get_offline()'    {gpgme_get_offline@@GPGME_1.1}
    'function gpgme_pinentry_mode_t gpgme_get_pinentry_mode()'    {gpgme_get_pinentry_mode@@GPGME_1.1}
    'function const char* gpgme_get_sender()'    {gpgme_get_sender@@GPGME_1.1}
    'function void gpgme_get_status_cb(gpgme_status_cb_t*, void**)'    {gpgme_get_status_cb@@GPGME_1.1}
    'function int gpgme_io_writen(int, void*, size_t)'    {gpgme_io_writen@@GPGME_1.1}
    'function gpgme_error_t gpgme_op_adduid(gpgme_key_t, const char*, unsigned int)'    {gpgme_op_adduid@@GPGME_1.1}
    'function gpgme_error_t gpgme_op_adduid_start(gpgme_key_t, const char*, unsigned int)'    {gpgme_op_adduid_start@@GPGME_1.1}
    'function gpgme_error_t gpgme_op_createkey(const char*, const char*, unsigned long int, unsigned long int, gpgme_key_t, unsigned int)'    {gpgme_op_createkey@@GPGME_1.1}
    'function gpgme_error_t gpgme_op_createkey_start(const char*, const char*, unsigned long int, unsigned long int, gpgme_key_t, unsigned int)'    {gpgme_op_createkey_start@@GPGME_1.1}
    'function gpgme_error_t gpgme_op_createsubkey(gpgme_key_t, const char*, unsigned long int, unsigned long int, unsigned int)'    {gpgme_op_createsubkey@@GPGME_1.1}
    'function gpgme_error_t gpgme_op_createsubkey_start(gpgme_key_t, const char*, unsigned long int, unsigned long int, unsigned int)'    {gpgme_op_createsubkey_start@@GPGME_1.1}
    'function gpgme_error_t gpgme_op_interact(gpgme_key_t, unsigned int, gpgme_interact_cb_t, void*, gpgme_data_t)'    {gpgme_op_interact@@GPGME_1.1}
    'function gpgme_error_t gpgme_op_interact_start(gpgme_key_t, unsigned int, gpgme_interact_cb_t, void*, gpgme_data_t)'    {gpgme_op_interact_start@@GPGME_1.1}
    'function gpgme_error_t gpgme_op_keysign(gpgme_key_t, const char*, unsigned long int, unsigned int)'    {gpgme_op_keysign@@GPGME_1.1}
    'function gpgme_error_t gpgme_op_keysign_start(gpgme_key_t, const char*, unsigned long int, unsigned int)'    {gpgme_op_keysign_start@@GPGME_1.1}
    'function gpgme_error_t gpgme_op_query_swdb(const char*, const char*, unsigned int)'    {gpgme_op_query_swdb@@GPGME_1.1}
    'function gpgme_query_swdb_result_t gpgme_op_query_swdb_result()'    {gpgme_op_query_swdb_result@@GPGME_1.1}
    'function gpgme_error_t gpgme_op_revuid(gpgme_key_t, const char*, unsigned int)'    {gpgme_op_revuid@@GPGME_1.1}
    'function gpgme_error_t gpgme_op_revuid_start(gpgme_key_t, const char*, unsigned int)'    {gpgme_op_revuid_start@@GPGME_1.1}
    'function gpgme_error_t gpgme_op_spawn(const char*, const char**, gpgme_data_t, gpgme_data_t, gpgme_data_t, unsigned int)'    {gpgme_op_spawn@@GPGME_1.1}
    'function gpgme_error_t gpgme_op_spawn_start(const char*, const char**, gpgme_data_t, gpgme_data_t, gpgme_data_t, unsigned int)'    {gpgme_op_spawn_start@@GPGME_1.1}
    'function gpgme_error_t gpgme_op_tofu_policy(gpgme_key_t, gpgme_tofu_policy_t)'    {gpgme_op_tofu_policy@@GPGME_1.1}
    'function gpgme_error_t gpgme_op_tofu_policy_start(gpgme_key_t, gpgme_tofu_policy_t)'    {gpgme_op_tofu_policy_start@@GPGME_1.1}
    'function char* gpgme_pubkey_algo_string(gpgme_subkey_t)'    {gpgme_pubkey_algo_string@@GPGME_1.1}
    'function gpgme_error_t gpgme_set_ctx_flag(const char*, const char*)'    {gpgme_set_ctx_flag@@GPGME_1.1}
    'function int gpgme_set_global_flag(const char*, const char*)'    {gpgme_set_global_flag@@GPGME_1.1}
    'function void gpgme_set_offline(int)'    {gpgme_set_offline@@GPGME_1.1}
    'function gpgme_error_t gpgme_set_pinentry_mode(gpgme_pinentry_mode_t)'    {gpgme_set_pinentry_mode@@GPGME_1.1}
    'function gpgme_error_t gpgme_set_sender(const char*)'    {gpgme_set_sender@@GPGME_1.1}
    'function void gpgme_set_status_cb(gpgme_status_cb_t, void*)'    {gpgme_set_status_cb@@GPGME_1.1}
    'function unsigned int gpgme_signers_count()'    {gpgme_signers_count@@GPGME_1.0}

  4 functions with some indirect sub-type change:

    [C]'function gpgme_error_t gpgme_get_key(const char*, gpgme_key_t*, int)' at keylist.c:1187:1 has some indirect sub-type changes:
      parameter 2 of type 'gpgme_key_t*' has sub-type changes:
        in pointed to type 'typedef gpgme_key_t' at gpgme.h:940:1:
          underlying type '_gpgme_key*' changed:
            in pointed to type 'struct _gpgme_key' at gpgme.h:863:1:
              type size changed from 704 to 768 bits
              1 data member insertion:
                'char* _gpgme_key::fpr', at offset 704 (in bits) at gpgme.h:938:1
              5 data member changes (3 filtered):
               'unsigned int _gpgme_key::is_qualified' offset changed from 22 to 30 (in bits)
               'unsigned int _gpgme_key::can_authenticate' offset changed from 23 to 31 (in bits)
               'unsigned int _gpgme_key::_unused' offset changed from 32 to 8 (in bits)
               type of 'gpgme_subkey_t _gpgme_key::_last_subkey' changed:
                 underlying type '_gpgme_subkey*' changed:
                   in pointed to type 'struct _gpgme_subkey' at gpgme.h:673:1:
                     type size changed from 704 to 832 bits
                     2 data member insertions:
                       'char* _gpgme_subkey::curve', at offset 704 (in bits) at gpgme.h:738:1
                       'char* _gpgme_subkey::keygrip', at offset 768 (in bits) at gpgme.h:741:1
                     4 data member changes (2 filtered):
                      'unsigned int _gpgme_subkey::is_cardkey' offset changed from 21 to 29 (in bits)
                      'unsigned int _gpgme_subkey::is_qualified' offset changed from 22 to 30 (in bits)
                      'unsigned int _gpgme_subkey::can_authenticate' offset changed from 23 to 31 (in bits)
                      'unsigned int _gpgme_subkey::_unused' offset changed from 64 to 8 (in bits)

               type of 'gpgme_user_id_t _gpgme_key::_last_uid' changed:
                 underlying type '_gpgme_user_id*' changed:
                   in pointed to type 'struct _gpgme_user_id' at gpgme.h:816:1:
                     type size changed from 512 to 640 bits
                     2 data member insertions:
                       'char* _gpgme_user_id::address', at offset 512 (in bits) at gpgme.h:854:1
                       'gpgme_tofu_info_t _gpgme_user_id::tofu', at offset 576 (in bits) at gpgme.h:857:1
                     no data member changes (3 filtered);


    [C]'function gpgme_decrypt_result_t gpgme_op_decrypt_result()' at decrypt.c:79:1 has some indirect sub-type changes:
      return type changed:
        underlying type '_gpgme_op_decrypt_result*' changed:
          in pointed to type 'struct _gpgme_op_decrypt_result' at gpgme.h:1521:1:
            type size changed from 256 to 320 bits
            1 data member insertion:
              'char* _gpgme_op_decrypt_result::session_key', at offset 256 (in bits) at gpgme.h:1539:1
            no data member change (1 filtered);

    [C]'function gpgme_genkey_result_t gpgme_op_genkey_result()' at genkey.c:66:1 has some indirect sub-type changes:
      return type changed:
        underlying type '_gpgme_op_genkey_result*' changed:
          in pointed to type 'struct _gpgme_op_genkey_result' at gpgme.h:1855:1:
            type size changed from 128 to 256 bits
            3 data member insertions:
              'unsigned int _gpgme_op_genkey_result::uid', at offset 29 (in bits) at gpgme.h:1864:1
              'gpgme_data_t _gpgme_op_genkey_result::pubkey', at offset 128 (in bits) at gpgme.h:1874:1
              'gpgme_data_t _gpgme_op_genkey_result::seckey', at offset 192 (in bits) at gpgme.h:1878:1

    [C]'function gpgme_verify_result_t gpgme_op_verify_result()' at verify.c:87:1 has some indirect sub-type changes:
      return type changed:
        underlying type '_gpgme_op_verify_result*' changed:
          in pointed to type 'struct _gpgme_op_verify_result' at gpgme.h:1696:1:
            1 data member change:
             type of 'gpgme_signature_t _gpgme_op_verify_result::signatures' changed:
               underlying type '_gpgme_signature*' changed:
                 in pointed to type 'struct _gpgme_signature' at gpgme.h:1644:1:
                   type size changed from 704 to 768 bits
                   1 data member insertion:
                     'gpgme_key_t _gpgme_signature::key', at offset 704 (in bits) at gpgme.h:1692:1
                   no data member changes (4 filtered);



================ end of changes of 'libgpgme.so.11.8.1'===============

Removed binaries:
  libgpgme-pthread.so.11.8.1, SONAME: libgpgme-pthread.so.11
------------------------------------------------------------------------------
Comment 9 Tomas Mraz 2017-06-29 08:29:00 UTC 
Will the modern gpgme work with gnupg-2.0.22 that we have in RHEL-7?

Good regression testing is critical to verify that.
Comment 14 Neal Gompa 2018-01-29 05:52:05 UTC 
(In reply to Tomas Mraz from comment #9)
> Will the modern gpgme work with gnupg-2.0.22 that we have in RHEL-7?
> 
> Good regression testing is critical to verify that.

It should work with it. Even openSUSE Leap 42.3 (which ships with gnupg-2.0.24 as gpg2 package) ships gpgme 1.9.0, and it works just fine there.
Comment 15 Neal Gompa 2018-01-29 06:00:24 UTC 
The main issue is that gpgme cannot successfully run Python tests with gnupg < 2.1.12. As of gpgme 1.10.0, the tests are automatically skipped when gnupg < 2.1.12.
Comment 16 Daniel Mach 2018-03-28 07:01:51 UTC 
Based on my previous discussions with people from security team,
it is not realistic to expect gpgme rebase (it's a crypto package,
rebase might be too risky), especially if there's a workaround in DNF:
https://github.com/rpm-software-management/dnf/pull/837

I'm closing this bug.
Comment 17 Red Hat Bugzilla 2023-09-14 03:37:16 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days
Note You need to log in before you can comment on or make changes to this bug.