[PATCH 7/9] add a gpg_path value for notmuch_database_t

Tomi Ollila tomi.ollila at iki.fi
Sun Dec 13 03:17:07 PST 2015


On Sun, Dec 13 2015, Tomi Ollila <tomi.ollila at iki.fi> wrote:

> On Sun, Dec 13 2015, David Bremner <david at tethera.net> wrote:
>
>>
>> Without weighing in on the advisibility of searching for gpg in $PATH,
>> there is a glib function g_find_program_in_path. We're already linking
>> to glib (because of gmime mainly, but it's used other places as well).
>
> glib2-2.38 (glib/gutils.c) seems to look in PATH, and if 
> g_getenv ("PATH") == NULL uses hardcoded path "/bin:/usr/bin:.";
> (it us "security" feature to have '.' last...)
>
> If rest is TL;DR; I'd suggest we use this... since libgpgme has implemented
> it IMO too late for use in 2016 (or do additional compat function?)

Actually now that I sent this mail it kept rolling on my mind... If anyone
else than me (and libgpgme?) thinks that '.' should not be in search path
we could do

if (getenv("PATH") == NULL) {
   path_set = true;
   setenv("PATH", "/bin:/usr/bin", 1); // XXX *BSD configurability //
}
else path_set = false;

... g_find_program_in_path("gpg2")
... g_find_program_in_path("gpg")

if (path_set) {
  unsetenv("PATH");

---

I also thought of examining the return value starting with ./ but
(current or) future version of g_find_program_in_path() might
canonicalize the returned path...


Tomi


>
>> The other point that occurs to me is that libgpgme solves this same
>> problem in src/posix-util.c. It also seems to search path, at least
>> optionally, although only if it cannot find gpgconf.
>
> On Fedora 20 I looked gpgme-1.3.2 sources -- in there I could not find
> this search using PATH... gpg-1.3.2 is released 2012-05-02...
>
> Jessie (lib)gpgme 1.5.1 (2014-07-30) seems to have the code David mentioned...
> (btw. I was suprisingly hard to search Debian packages; IIRC it was easier)
>
> Ubuntu 14.04 LTS has (lib)gpgme 1.4.3 (ubuntu5). I did not download that
> source... but 1.5.1 NEWS indicates that this PATH search has arrived to
> 1.5.0 (2014-05-21)
>
> This search is different from glib2-version that if getenv("PATH") == NULL
> search only "/bin:/usr/bin"


More information about the notmuch mailing list