From 880f1a1b94ee90f9d5a3b2d66b9cbeee4fe0acd4 Mon Sep 17 00:00:00 2001 From: Christoph Berg Date: Tue, 3 Feb 2009 22:31:31 +0100 Subject: [PATCH] Use upstream's smime.rc file, hereby fixing S/MIME encryption. (Closes: #315319) --- debian/changelog | 4 ++- debian/extra/rc/smime-paths.rc | 20 --------------- debian/mutt.install | 1 + debian/mutt.preinst | 15 +++++++++++ debian/patches/misc/smime.rc | 46 ++++++++++++++++++++++++++++++++++ debian/patches/series | 1 + 6 files changed, 66 insertions(+), 21 deletions(-) delete mode 100644 debian/extra/rc/smime-paths.rc create mode 100644 debian/mutt.preinst create mode 100644 debian/patches/misc/smime.rc diff --git a/debian/changelog b/debian/changelog index 550f807..4b12c5d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,8 +3,10 @@ mutt (1.5.19-2) experimental; urgency=low * Recommends: libsasl2-modules. Technically, we depend on libsasl2-2 which already recommends this package, but not having it installed just confuses too many users. + * Use upstream's smime.rc file, hereby fixing S/MIME encryption. + (Closes: #315319) - -- Christoph Berg Fri, 30 Jan 2009 00:10:25 +0100 + -- Christoph Berg Tue, 03 Feb 2009 22:08:02 +0100 mutt (1.5.19-1) experimental; urgency=low diff --git a/debian/extra/rc/smime-paths.rc b/debian/extra/rc/smime-paths.rc deleted file mode 100644 index ace80b8..0000000 --- a/debian/extra/rc/smime-paths.rc +++ /dev/null @@ -1,20 +0,0 @@ -# S/MIME configuration -set smime_ca_location=`for f in $HOME/.smime/ca-certificates.crt $HOME/.smime/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt ; do if [ -f $f ] ; then echo $f ; exit ; fi ; done` -set smime_certificates="~/.smime/certificates" -set smime_keys="~/.smime/keys" -set smime_pk7out_command="openssl smime -verify -in %f -noverify -pk7out" -set smime_get_cert_command="openssl pkcs7 -print_certs -in %f" -set smime_get_signer_cert_command="openssl smime -verify -in %f -noverify -signer %c -out /dev/null" -set smime_get_cert_email_command="openssl x509 -in %f -noout -email" -set smime_import_cert_command="smime_keys add_cert %f" -set smime_encrypt_command="openssl smime -encrypt %a -outform DER -in %f %c" -set smime_sign_command="openssl smime -sign -signer %c -inkey %k -passin stdin -in %f -certfile %i -outform DER" -# This alternative command does not include the full certificates chain. -# Be sure to understand RFC 2315 section 9.1 before using it. -#set smime_sign_command="openssl smime -sign -signer %c -inkey %k -passin stdin -in %f -outform DER" -set smime_decrypt_command="openssl smime -decrypt -passin stdin -inform DER -in %f -inkey %k -recip %c" -set smime_verify_command="openssl smime -verify -inform DER -in %s %C -content %f" -set smime_verify_opaque_command="\ -openssl smime -verify -inform DER -in %s %C || \ -openssl smime -verify -inform DER -in %s -noverify 2>/dev/null" - diff --git a/debian/mutt.install b/debian/mutt.install index ad84104..9f1c8e3 100644 --- a/debian/mutt.install +++ b/debian/mutt.install @@ -11,6 +11,7 @@ debian/extra/lib/debian-ldap-query usr/lib/mutt debian/tmp/Muttrc etc debian/tmp/gpg.rc etc/Muttrc.d +contrib/smime.rc etc/Muttrc.d debian/extra/rc/*.rc etc/Muttrc.d debian/extra/mutt.xpm usr/share/pixmaps debian/tmp/usr/share/doc/*.html usr/share/doc/mutt/html diff --git a/debian/mutt.preinst b/debian/mutt.preinst new file mode 100644 index 0000000..fd2ecf8 --- /dev/null +++ b/debian/mutt.preinst @@ -0,0 +1,15 @@ +#!/bin/sh + +if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt "1.5.19-2" ; then + MD5SUM=$(md5sum /etc/Muttrc.d/smime-paths.rc | cut -d ' ' -f 1) + if [ "$MD5SUM" = "185414b78b332a662500719a179778c5" ] ; then + echo "Removing obsolete config file /etc/Muttrc.d/smime-paths.rc" + rm /etc/Muttrc.d/smime-paths.rc + else + echo "Not removing modified obsolete config file /etc/Muttrc.d/smime-paths.rc" + fi +fi + +#DEBHELPER# + +exit 0 diff --git a/debian/patches/misc/smime.rc b/debian/patches/misc/smime.rc new file mode 100644 index 0000000..d7ac791 --- /dev/null +++ b/debian/patches/misc/smime.rc @@ -0,0 +1,46 @@ +--- a/contrib/smime.rc ++++ b/contrib/smime.rc +@@ -4,33 +4,34 @@ + + # If you compiled mutt with support for both PGP and S/MIME, PGP + # will be the default method unless the following option is set +-set smime_is_default ++#set smime_is_default + + # Uncoment this if you don't want to set labels for certificates you add. + # unset smime_ask_cert_label + + # Passphrase expiration +-set smime_timeout=300 ++#set smime_timeout=300 + + # Global crypto options -- these affect PGP operations as well. +-set crypt_autosign = yes +-set crypt_replyencrypt = yes +-set crypt_replysign = yes +-set crypt_replysignencrypted = yes +-set crypt_verify_sig = yes ++#set crypt_autosign = yes ++#set crypt_replyencrypt = yes ++#set crypt_replysign = yes ++#set crypt_replysignencrypted = yes ++#set crypt_verify_sig = yes + + # Section A: Key Management. + + # The (default) keyfile for signing/decrypting. Uncomment the following + # line and replace the keyid with your own. +-set smime_default_key="12345678.0" ++#set smime_default_key="12345678.0" + + # Uncommen to make mutt ask what key to use when trying to decrypt a message. + # It will use the default key above (if that was set) else. + # unset smime_decrypt_use_default_key + + # Path to a file or directory with trusted certificates +-set smime_ca_location="~/.smime/ca-bundle.crt" ++#set smime_ca_location="~/.smime/ca-bundle.crt" ++set smime_ca_location=`for f in $HOME/.smime/ca-certificates.crt $HOME/.smime/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt ; do if [ -e $f ] ; then echo $f ; exit ; fi ; done` + + # Path to where all known certificates go. (must exist!) + set smime_certificates="~/.smime/certificates" diff --git a/debian/patches/series b/debian/patches/series index 4c84555..16a0bd4 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -25,6 +25,7 @@ debian-specific/assumed_charset-compat misc/define-pgp_getkeys_command.diff misc/gpg.rc-paths +misc/smime.rc mutt.org # extra patches for mutt-patched mutt-patched/sidebar-compat-revert.debian -- 2.43.0