diff options
author | JinWang An <jinwang.an@samsung.com> | 2021-12-01 16:54:37 +0900 |
---|---|---|
committer | JinWang An <jinwang.an@samsung.com> | 2021-12-01 16:54:37 +0900 |
commit | fd4d11c14daa6a54c81202dffc02cc419fa67568 (patch) | |
tree | e14910ad034ec7b4d10552a13e219174ccd4946d /TODO | |
parent | 442a1386c9708114c2b721afea60d5593e36c423 (diff) | |
download | gpgme-fd4d11c14daa6a54c81202dffc02cc419fa67568.tar.gz gpgme-fd4d11c14daa6a54c81202dffc02cc419fa67568.tar.bz2 gpgme-fd4d11c14daa6a54c81202dffc02cc419fa67568.zip |
Imported Upstream version 1.11.0upstream/1.11.0
Diffstat (limited to 'TODO')
-rw-r--r-- | TODO | 518 |
1 files changed, 498 insertions, 20 deletions
@@ -1,58 +1,254 @@ +#+TITLE: TODO List Hey Emacs, this is -*- org -*- mode! -* Document all the new stuff. +* IMPORTANT! + :PROPERTIES: + :CUSTOM_ID: dev-gnupg-org + :END: + + There was a nine year gap (2009 to 2018) between edits of this file, + so it is likely that much of the old information in it is wrong or + no longer applicable. + + Bugs, feature requests and other development related work will be + tracked through the [[https://dev.gnupg.org/][dev.gnupg.org]] site. + + +* Documentation + :PROPERTIES: + :CUSTOM_ID: documentation + :END: + +** Document all the new stuff. + :PROPERTIES: + :CUSTOM_ID: more-docs-is-better + :END: + +*** TODO Fix this TODO list. + :PROPERTIES: + :CUSTOM_ID: fix-todo + :END: + + Clean up the current TODO list. Include properties as relevant (so + if someone does make a PDF or HTML version the TOC will work). + + Also check ans see if some of these ancient things can be removed + (e.g. do we really need to fix things that were broken in GPG + 1.3.x? I'm thinking not so much). + +**** DONE fix TODO items + CLOSED: [2018-03-04 Sun 08:55] + :PROPERTIES: + :CUSTOM_ID: fix-todo-items + :END: + + Adjust todo items so each can now be referenced by custom-id and + checked off as necessary. + +** TODO Document validity and trust issues. + :PROPERTIES: + :CUSTOM_ID: valid-trust-issues + :END: + +** In gpgme.texi: Register callbacks under the right letter in the index. + :PROPERTIES: + :CUSTOM_ID: gpgme-texi + :END: + + * Fix the remaining UI Server problems: + :PROPERTIES: + :CUSTOM_ID: ui-server-fix + :END: ** VERIFY --silent support. + :PROPERTIES: + :CUSTOM_ID: verify-silent + :END: ** ENCRYPT/DECRYPT/VERIFY/SIGN reset the engine, shouldn't be done with UISERVER? + :PROPERTIES: + :CUSTOM_ID: reset-engine-not-ui + :END: + * IMPORTANT + :PROPERTIES: + :CUSTOM_ID: important-stuff-really + :END: ** When using descriptor passing, we need to set the fd to blocking before + :PROPERTIES: + :CUSTOM_ID: set-fd-blocking + :END: issueing simple commands, because we are mixing synchronous commands into potentially asynchronous operations. -** Might want to implement nonblock for w32 native backend! Right now, - we block reading the next line with assuan. +** Might want to implement nonblock for w32 native backend! + :PROPERTIES: + :CUSTOM_ID: nonblock-win32 + :END: + Right now we block reading the next line with assuan. + * Before release: -** Some gpg tests fail with gpg 1.3.4-cvs (gpg/t-keylist-sig) + :PROPERTIES: + :CUSTOM_ID: pre-release + :END: + +** CANCELLED Some gpg tests fail with gpg 1.3.4-cvs (gpg/t-keylist-sig) + CLOSED: [2018-03-09 Fri 08:16] + :PROPERTIES: + :CUSTOM_ID: gpg-1-3-4-really + :END: + - State "CANCELLED" from "TODO" [2018-03-09 Fri 08:16] \\ + WON'T FIX — too old or no longer applies. The test is currently disabled there and in gpg/t-import. + ** When gpg supports it, write binary subpackets directly, + :PROPERTIES: + :CUSTOM_ID: binary-subpackets + :END: and parse SUBPACKET status lines. + * ABI's to break: + :PROPERTIES: + :CUSTOM_ID: abi-breakage-apparently-on-purpose + :END: + ** Old opassuan interface. + :PROPERTIES: + :CUSTOM_ID: old-opassuan + :END: + ** Implementation: Remove support for old style error codes in + :PROPERTIES: + :CUSTOM_ID: remove-old-error-codes + :END: conversion.c::_gpgme_map_gnupg_error. + ** gpgme_edit_cb_t: Add "processed" return argument + :PROPERTIES: + :CUSTOM_ID: add-processed-return + :END: (see edit.c::command_handler). + ** I/O and User Data could be made extensible. But this can be done + :PROPERTIES: + :CUSTOM_ID: add-io-user-data + :END: without breaking the ABI hopefully. + ** All enums should be replaced by ints and simple macros for + :PROPERTIES: + :CUSTOM_ID: enums-should-be-ints + :END: maximum compatibility. + ** Compatibility interfaces that can be removed in future versions: + :PROPERTIES: + :CUSTOM_ID: compat-interfaces-to-go + :END: + *** gpgme_data_new_from_filepart + :PROPERTIES: + :CUSTOM_ID: gpgme-data-new-from-filepart + :END: + *** gpgme_data_new_from_file + :PROPERTIES: + :CUSTOM_ID: gpgme-data-new-from-file + :END: + *** gpgme_data_new_with_read_cb + :PROPERTIES: + :CUSTOM_ID: gpgme-data-new-with-read-cb + :END: + *** gpgme_data_rewind + :PROPERTIES: + :CUSTOM_ID: gpgme-data-rewind + :END: + *** gpgme_op_import_ext + :PROPERTIES: + :CUSTOM_ID: gpgme-op-import-ext + :END: + *** gpgme_get_sig_key + :PROPERTIES: + :CUSTOM_ID: gpgme-get-sig-key + :END: + *** gpgme_get_sig_ulong_attr + :PROPERTIES: + :CUSTOM_ID: gpgme-get-sig-ulong-attr + :END: + *** gpgme_get_sig_string_attr + :PROPERTIES: + :CUSTOM_ID: gpgme-get-sig-string-attr + :END: + *** GPGME_SIG_STAT_* + :PROPERTIES: + :CUSTOM_ID: gpgme-sig-stat + :END: + *** gpgme_get_sig_status + :PROPERTIES: + :CUSTOM_ID: gpgme-get-sig-status + :END: + *** gpgme_trust_item_release + :PROPERTIES: + :CUSTOM_ID: gpgme-trust-item-release + :END: + *** gpgme_trust_item_get_string_attr + :PROPERTIES: + :CUSTOM_ID: gpgme-trust-item-get-string-attr + :END: + *** gpgme_trust_item_get_ulong_attr + :PROPERTIES: + :CUSTOM_ID: gpgme-trust-item-get-ulong-attr + :END: + *** gpgme_attr_t + :PROPERTIES: + :CUSTOM_ID: gpgme-attr-t + :END: + *** All Gpgme* typedefs. + :PROPERTIES: + :CUSTOM_ID: all-gpgme-typedefs + :END: * Thread support: + :PROPERTIES: + :CUSTOM_ID: threads + :END: + ** When GNU Pth supports sendmsg/recvmsg, wrap them properly. + :PROPERTIES: + :CUSTOM_ID: wrap-oth + :END: + ** Without timegm (3) support our ISO time parser is not thread safe. + :PROPERTIES: + :CUSTOM_ID: time-threads + :END: There is a configure time warning, though. + * New features: + :PROPERTIES: + :CUSTOM_ID: new-features + :END: + ** Flow control for data objects. + :PROPERTIES: + :CUSTOM_ID: flow-control-is-not-a-euphemism-for-an-s-bend + :END: Currently, gpgme_data_t objects are assumed to be blocking. To break this assumption, we need either (A) a way for an user I/O callback to store the current operation in a continuation that can @@ -61,9 +257,17 @@ Hey Emacs, this is -*- org -*- mode! respective event loop. or (B) a way for gpgme data objects to be associated with a waitable object, that can be registered with the user event loop. Neither is particularly simple. + ** Extended notation support. When gpg supports arbitrary binary + :PROPERTIES: + :CUSTOM_ID: extended-notation + :END: notation data, provide a user interface for that. + ** notification system + :PROPERTIES: + :CUSTOM_ID: notification-system + :END: We need a simple notification system, probably a simple callback with a string and some optional arguments. This is for example required to notify an application of a changed smartcard, The @@ -75,35 +279,77 @@ Hey Emacs, this is -*- org -*- mode! sufficient for this. ** --learn-code support + :PROPERTIES: + :CUSTOM_ID: learn-code + :END: This might be integrated with import. we still need to work out how to learn a card when gpg and gpgsm have support for smartcards. In GPA we currently invoke gpg directly. ** Might need a stat() for data objects and use it for length param to gpg. + :PROPERTIES: + :CUSTOM_ID: stat-data + :END: + ** Implement support for photo ids. + :PROPERTIES: + :CUSTOM_ID: photo-id + :END: + ** Allow selection of subkeys + :PROPERTIES: + :CUSTOM_ID: subkey-selection + :END: + ** Allow to return time stamps in ISO format - This allows us to handle years later than 2037 properly. With the - time_t interface they are all mapped to 2037-12-31 + :PROPERTIES: + :CUSTOM_ID: iso-format-datetime + :END: + This allows us to handle years later than 2037 properly. With the + time_t interface they are all mapped to 2037-12-31 + ** New features requested by our dear users, but rejected or left for + :PROPERTIES: + :CUSTOM_ID: feature-requests + :END: later consideration: + *** Allow to export secret keys. + :PROPERTIES: + :CUSTOM_ID: export-secret-keys + :END: Rejected because this is conceptually flawed. Secret keys on a smart card can not be exported, for example. May eventually e supproted with a keywrapping system. + *** Selecting the key ring, setting the version or comment in output. + :PROPERTIES: + :CUSTOM_ID: select-keyring-version + :END: Rejected because the naive implementation is engine specific, the configuration is part of the engine's configuration or readily worked around in a different way + *** Selecting the symmetric cipher. + :PROPERTIES: + :CUSTOM_ID: symmetric-cipher-selection + :END: + *** Exchanging keys with key servers. + :PROPERTIES: + :CUSTOM_ID: key-server-exchange + :END: -* Documentation -** Document validity and trust issues. -** In gpgme.texi: Register callbacks under the right letter in the index. * Engines + :PROPERTIES: + :CUSTOM_ID: engines + :END: + ** Do not create/destroy engines, but create engine and then reset it. + :PROPERTIES: + :CUSTOM_ID: reset-engine-is-not-quite-just-ignition + :END: Internally the reset operation still spawns a new engine process, but this can be replaced with a reset later. Also, be very sure to release everything properly at a reset and at an error. Think hard @@ -112,85 +358,255 @@ Hey Emacs, this is -*- org -*- mode! Note that we need support in gpgsm to set include-certs to default as RESET does not reset it, also for no_encrypt_to and probably other options. + ** Optimize the case where a data object has an underlying fd we can pass + :PROPERTIES: + :CUSTOM_ID: optimus-data-cousin-of-optimus-prime + :END: directly to the engine. This will be automatic with socket I/O and descriptor passing. + ** Move code common to all engines up from gpg to engine. + :PROPERTIES: + :CUSTOM_ID: move-code-common-to-engines-out-of-gpg + :END: + ** engine operations can return General Error on unknown protocol + :PROPERTIES: + :CUSTOM_ID: general-error-looking-to-be-court-martialled + :END: (it's an internal error, as select_protocol checks already). + ** When server mode is implemented properly, more care has to be taken to + :PROPERTIES: + :CUSTOM_ID: server-mode + :END: release all resources on error (for example to free assuan_cmd). -** op_import_keys and op_export_keys have a limit ion the number of keys. + +** op_import_keys and op_export_keys have a limit in the number of keys. + :PROPERTIES: + :CUSTOM_ID: import-export-problems + :END: This is because we pass them in gpg via the command line and gpgsm via an assuan control line. We should pipe them instead and maybe change gpg/gpgsm to not put them in memory. + * GPG breakage: -** gpg 1.4.2 lacks error reporting if sign/encrypt with revoked key. -** gpg 1.4.2 does crappy error reporting (namely none at all) when + :PROPERTIES: + :CUSTOM_ID: gpg-breakage + :END: + +** CANCELLED gpg 1.4.2 lacks error reporting if sign/encrypt with revoked key. + CLOSED: [2018-03-09 Fri 08:19] + :PROPERTIES: + :CUSTOM_ID: gpg-classic-lacks-stuff + :END: + - State "CANCELLED" from "TODO" [2018-03-09 Fri 08:19] \\ + WON'T FIX. + +** CANCELLED gpg 1.4.2 does crappy error reporting (namely none at all) when + CLOSED: [2018-03-09 Fri 08:20] + :PROPERTIES: + :CUSTOM_ID: gpg-classic-problems-but-do-we-care + :END: + - State "CANCELLED" from "TODO" [2018-03-09 Fri 08:20] \\ + WON'T FIX. smart card is missing for sign operation: [GNUPG:] CARDCTRL 4 gpg: selecting openpgp failed: ec=6.110 gpg: signing failed: general error [GNUPG:] BEGIN_ENCRYPTION 2 10 gpg: test: sign+encrypt failed: general error -** Without agent and with wrong passphrase, gpg 1.4.2 enters into an + +** DONE Without agent and with wrong passphrase, gpg 1.4.2 enters into an + CLOSED: [2018-03-09 Fri 08:20] + :PROPERTIES: + :CUSTOM_ID: recursive-gpg-classic + :END: + - State "DONE" from "TODO" [2018-03-09 Fri 08:20] \\ + Must have been fixed in a subsequent release. infinite loop. -** Use correct argv[0] + +** CANCELLED Use correct argv[0] + CLOSED: [2018-03-09 Fri 08:24] + :PROPERTIES: + :CUSTOM_ID: correct-argv + :END: + - State "CANCELLED" from "TODO" [2018-03-09 Fri 08:24] \\ + WON'T FIX. + + Also, there is no rungpg.c file in GPGME (or in GPG or most, if not + all of the rest of the libs and packages; I suspect there hasn't been + for a very long time). In rungpg.c:build_argv we use argv[argc] = strdup ("gpg"); /* argv[0] */ This should be changed to take the real file name used in account. * Operations + :PROPERTIES: + :CUSTOM_ID: operations-are-not-surgical + :END: + ** Include cert values -2, -1, 0 and 1 should be defined as macros. + :PROPERTIES: + :CUSTOM_ID: certified-macros + :END: + ** If an operation failed, make sure that the result functions don't return + :PROPERTIES: + :CUSTOM_ID: operation-failure + :END: corrupt partial information. !!! NOTE: The EOF status handler is not called in this case !!! + ** Verify must not fail on NODATA premature if auto-key-retrieval failed. + :PROPERTIES: + :CUSTOM_ID: autobot-key-retrieval + :END: It should not fail silently if it knows there is an error. !!! + ** All operations: Better error reporting. !! + :PROPERTIES: + :CUSTOM_ID: better-reporting-not-like-fox-news + :END: + ** Export status handler need much more work. !!! + :PROPERTIES: + :CUSTOM_ID: export-status-handler + :END: + ** Import should return a useful error when one happened. + :PROPERTIES: + :CUSTOM_ID: import-useful-stuff-even-wrong-stuff + :END: + *** Import does not take notice of NODATA status report. + :PROPERTIES: + :CUSTOM_ID: import-no-data + :END: + *** When GPGSM does issue IMPORT_OK status reports, make sure to check for + :PROPERTIES: + :CUSTOM_ID: gpgsm-import-ok + :END: them in tests/gpgs m/t-import.c. + ** Verify can include info about version/algo/class, but currently + :PROPERTIES: + :CUSTOM_ID: verify-class + :END: this is only available for gpg, not gpgsm. + ** Return ENC_TO output in verify result. Again, this is not available + :PROPERTIES: + :CUSTOM_ID: return-to-enc + :END: for gpgsm. + ** Genkey should return something more useful than General_Error. + :PROPERTIES: + :CUSTOM_ID: general-key-assumed-command-from-general-error + :END: + ** If possible, use --file-setsize to set the file size for proper progress + :PROPERTIES: + :CUSTOM_ID: file-setsize + :END: callback handling. Write data interface for file size. + ** Optimize the file descriptor list, so the number of open fds is + :PROPERTIES: + :CUSTOM_ID: optimus-descriptus-younger-brother-of-optimus-prime + :END: always known easily. + ** Encryption: It should be verified that the behaviour for partially untrusted + :PROPERTIES: + :CUSTOM_ID: only-mostly-dead-means-partially-alive + :END: recipients is correct. + ** When GPG issues INV_something for invalid signers, catch them. + :PROPERTIES: + :CUSTOM_ID: invalid-sig + :END: + * Error Values + :PROPERTIES: + :CUSTOM_ID: error-value + :END: + ** Map ASSUAN/GpgSM ERR error values in a better way than is done now. !! + :PROPERTIES: + :CUSTOM_ID: map-ass-error + :END: + ** Some error values should identify the source more correctly (mostly error + :PROPERTIES: + :CUSTOM_ID: source-errors + :END: values derived from status messages). + ** In rungpg.c we need to check the version of the engine + :PROPERTIES: + :CUSTOM_ID: rungpg-c-engine-ver + :END: This requires a way to get the cached version number from the engine layer. * Tests -** Write a fake gpg-agent so that we can supply known passphrases to + :PROPERTIES: + :CUSTOM_ID: tests + :END: + +** TODO Write a fake gpg-agent so that we can supply known passphrases to + :PROPERTIES: + :CUSTOM_ID: test-fake-gpg-agent + :END: gpgsm and setup the configuration files to use the agent. Without this we are testing a currently running gpg-agent which is not a clever idea. ! + ** t-data + :PROPERTIES: + :CUSTOM_ID: test-data + :END: + *** Test gpgme_data_release_and_get_mem. + :PROPERTIES: + :CUSTOM_ID: test-gpgme-data-release-mem + :END: + *** Test gpgme_data_seek for invalid types. + :PROPERTIES: + :CUSTOM_ID: test-gpgme-data-seek + :END: + ** t-keylist + :PROPERTIES: + :CUSTOM_ID: test-keylist + :END: Write a test for ext_keylist. + ** Test reading key signatures. + :PROPERTIES: + :CUSTOM_ID: test-key-sig + :END: + * Debug + :PROPERTIES: + :CUSTOM_ID: debug + :END: + ** Tracepoints should be added at: Every public interface enter/leave, + :PROPERTIES: + :CUSTOM_ID: tracepoint-pub-int + :END: before and in every callback, at major decision points, at every internal data point which might easily be observed by the outside (system handles). We also trace handles and I/O support threads in @@ -202,21 +618,83 @@ Hey Emacs, this is -*- org -*- mode! decrypt-verify.c delete.c edit.c encrypt.c encrypt-sign.c export.c genkey.c import.c key.c keylist.c passphrase.c progress.c signers.c sig-notation.c trust-item.c trustlist.c verify.c -** Handle malloc and vasprintf errors. But decide first if they should be + +** TODO Handle malloc and vasprintf errors. But decide first if they should be + :PROPERTIES: + :CUSTOM_ID: malloc-vasprintf + :END: + ignored (and logged with 255?!), or really be assertions. ! + * Build suite -** Make sure everything is cleaned correctly (esp. test area). -** Enable AC_CONFIG_MACRO_DIR and bump up autoconf version requirement. + :PROPERTIES: + :CUSTOM_ID: build-suite + :END: + +** TODO Make sure everything is cleaned correctly (esp. test area). + :PROPERTIES: + :CUSTOM_ID: clean-tests + :END: + +** TODO Enable AC_CONFIG_MACRO_DIR and bump up autoconf version requirement. + :PROPERTIES: + :CUSTOM_ID: autoconf-macros + :END: (To fix "./autogen.sh; ./configure --enable-maintainer-mode; touch configure.ac; make"). Currently worked around with ACLOCAL_AMFLAGS??? + * Error checking -** engine-gpgsm, with-validation + :PROPERTIES: + :CUSTOM_ID: error-checking + :END: + +** TODO engine-gpgsm, with-validation + :PROPERTIES: + :CUSTOM_ID: gpgsm-validation + :END: Add error checking some time after releasing a new gpgsm. -Copyright 2004, 2005 g10 Code GmbH +* Language bindings and related components + :PROPERTIES: + :CUSTOM_ID: language-bindings-and-related-stuff + :END: + +** TODO Emacs and elisp binding + :PROPERTIES: + :CUSTOM_ID: emacs-and-elisp + :END: + + Currently GNU Emacs uses EPA and EPG to provide GnuPG support. EPG + does this by calling the GPG executable and wrapping the commands + with elisp functions. A more preferable solution would be to + implement an epgme.el which integrated with GPGME, then if it could + not to attempt calling the gpgme-tool and only if those failed to + fall back to the current epg.el and calling the command line + binaries. + +** TODO API of an API + :PROPERTIES: + :CUSTOM_ID: api-squared + :END: + + See the more detailed notes on this in the [[lang/python/docs/TODO.org][python TODO]]. + +** TODO GPGME installation and package management guide + :PROPERTIES: + :CUSTOM_ID: package-management + :END: + + Write a guide/best practices for maintainers of GPGME packages with + third party package management systems. + + +* Copyright 2004, 2005, 2018 g10 Code GmbH + :PROPERTIES: + :CUSTOM_ID: copyright-and-license + :END: This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without |