1#+TITLE: TODO List 2Hey Emacs, this is -*- org -*- mode! 3 4* IMPORTANT! 5 :PROPERTIES: 6 :CUSTOM_ID: dev-gnupg-org 7 :END: 8 9 There was a nine year gap (2009 to 2018) between edits of this file, 10 so it is likely that much of the old information in it is wrong or 11 no longer applicable. 12 13 Bugs, feature requests and other development related work will be 14 tracked through the [[https://dev.gnupg.org/][dev.gnupg.org]] site. 15 16 17* Documentation 18 :PROPERTIES: 19 :CUSTOM_ID: documentation 20 :END: 21 22** Document all the new stuff. 23 :PROPERTIES: 24 :CUSTOM_ID: more-docs-is-better 25 :END: 26 27*** TODO Fix this TODO list. 28 :PROPERTIES: 29 :CUSTOM_ID: fix-todo 30 :END: 31 32 Clean up the current TODO list. Include properties as relevant (so 33 if someone does make a PDF or HTML version the TOC will work). 34 35 Also check to see if some of these ancient things can be removed 36 (e.g. do we really need to fix things that were broken in GPG 37 1.3.x? I'm thinking not so much). 38 39**** DONE fix TODO items 40 CLOSED: [2018-03-04 Sun 08:55] 41 :PROPERTIES: 42 :CUSTOM_ID: fix-todo-items 43 :END: 44 45 Adjust todo items so each can now be referenced by custom-id and 46 checked off as necessary. 47 48** TODO Document validity and trust issues. 49 :PROPERTIES: 50 :CUSTOM_ID: valid-trust-issues 51 :END: 52 53** In gpgme.texi: Register callbacks under the right letter in the index. 54 :PROPERTIES: 55 :CUSTOM_ID: gpgme-texi 56 :END: 57 58 59* Fix the remaining UI Server problems: 60 :PROPERTIES: 61 :CUSTOM_ID: ui-server-fix 62 :END: 63** VERIFY --silent support. 64 :PROPERTIES: 65 :CUSTOM_ID: verify-silent 66 :END: 67** ENCRYPT/DECRYPT/VERIFY/SIGN reset the engine, shouldn't be done with UISERVER? 68 :PROPERTIES: 69 :CUSTOM_ID: reset-engine-not-ui 70 :END: 71 72 73* IMPORTANT 74 :PROPERTIES: 75 :CUSTOM_ID: important-stuff-really 76 :END: 77** When using descriptor passing, we need to set the fd to blocking before 78 :PROPERTIES: 79 :CUSTOM_ID: set-fd-blocking 80 :END: 81 issuing simple commands, because we are mixing synchronous 82 commands into potentially asynchronous operations. 83** Might want to implement nonblock for w32 native backend! 84 :PROPERTIES: 85 :CUSTOM_ID: nonblock-win32 86 :END: 87 Right now we block reading the next line with assuan. 88 89 90* Before release: 91 :PROPERTIES: 92 :CUSTOM_ID: pre-release 93 :END: 94 95** CANCELLED Some gpg tests fail with gpg 1.3.4-cvs (gpg/t-keylist-sig) 96 CLOSED: [2018-03-09 Fri 08:16] 97 :PROPERTIES: 98 :CUSTOM_ID: gpg-1-3-4-really 99 :END: 100 - State "CANCELLED" from "TODO" [2018-03-09 Fri 08:16] \\ 101 WON'T FIX — too old or no longer applies. 102 The test is currently disabled there and in gpg/t-import. 103 104** When gpg supports it, write binary subpackets directly, 105 :PROPERTIES: 106 :CUSTOM_ID: binary-subpackets 107 :END: 108 and parse SUBPACKET status lines. 109 110 111* ABI's to break: 112 :PROPERTIES: 113 :CUSTOM_ID: abi-breakage-apparently-on-purpose 114 :END: 115 116** Old opassuan interface. 117 :PROPERTIES: 118 :CUSTOM_ID: old-opassuan 119 :END: 120 121** Implementation: Remove support for old style error codes in 122 :PROPERTIES: 123 :CUSTOM_ID: remove-old-error-codes 124 :END: 125 conversion.c::_gpgme_map_gnupg_error. 126 127** gpgme_edit_cb_t: Add "processed" return argument 128 :PROPERTIES: 129 :CUSTOM_ID: add-processed-return 130 :END: 131 (see edit.c::command_handler). 132 133** I/O and User Data could be made extensible. But this can be done 134 :PROPERTIES: 135 :CUSTOM_ID: add-io-user-data 136 :END: 137 without breaking the ABI hopefully. 138 139** All enums should be replaced by ints and simple macros for 140 :PROPERTIES: 141 :CUSTOM_ID: enums-should-be-ints 142 :END: 143 maximum compatibility. 144 145** Compatibility interfaces that can be removed in future versions: 146 :PROPERTIES: 147 :CUSTOM_ID: compat-interfaces-to-go 148 :END: 149 150*** gpgme_data_new_from_filepart 151 :PROPERTIES: 152 :CUSTOM_ID: gpgme-data-new-from-filepart 153 :END: 154 155*** gpgme_data_new_from_file 156 :PROPERTIES: 157 :CUSTOM_ID: gpgme-data-new-from-file 158 :END: 159 160*** gpgme_data_new_with_read_cb 161 :PROPERTIES: 162 :CUSTOM_ID: gpgme-data-new-with-read-cb 163 :END: 164 165*** gpgme_data_rewind 166 :PROPERTIES: 167 :CUSTOM_ID: gpgme-data-rewind 168 :END: 169 170*** gpgme_op_import_ext 171 :PROPERTIES: 172 :CUSTOM_ID: gpgme-op-import-ext 173 :END: 174 175*** gpgme_get_sig_key 176 :PROPERTIES: 177 :CUSTOM_ID: gpgme-get-sig-key 178 :END: 179 180*** gpgme_get_sig_ulong_attr 181 :PROPERTIES: 182 :CUSTOM_ID: gpgme-get-sig-ulong-attr 183 :END: 184 185*** gpgme_get_sig_string_attr 186 :PROPERTIES: 187 :CUSTOM_ID: gpgme-get-sig-string-attr 188 :END: 189 190*** GPGME_SIG_STAT_* 191 :PROPERTIES: 192 :CUSTOM_ID: gpgme-sig-stat 193 :END: 194 195*** gpgme_get_sig_status 196 :PROPERTIES: 197 :CUSTOM_ID: gpgme-get-sig-status 198 :END: 199 200*** gpgme_trust_item_release 201 :PROPERTIES: 202 :CUSTOM_ID: gpgme-trust-item-release 203 :END: 204 205*** gpgme_trust_item_get_string_attr 206 :PROPERTIES: 207 :CUSTOM_ID: gpgme-trust-item-get-string-attr 208 :END: 209 210*** gpgme_trust_item_get_ulong_attr 211 :PROPERTIES: 212 :CUSTOM_ID: gpgme-trust-item-get-ulong-attr 213 :END: 214 215*** gpgme_attr_t 216 :PROPERTIES: 217 :CUSTOM_ID: gpgme-attr-t 218 :END: 219 220*** All Gpgme* typedefs. 221 :PROPERTIES: 222 :CUSTOM_ID: all-gpgme-typedefs 223 :END: 224 225 226* Thread support: 227 :PROPERTIES: 228 :CUSTOM_ID: threads 229 :END: 230 231** When GNU Pth supports sendmsg/recvmsg, wrap them properly. 232 :PROPERTIES: 233 :CUSTOM_ID: wrap-oth 234 :END: 235 236** Without timegm (3) support our ISO time parser is not thread safe. 237 :PROPERTIES: 238 :CUSTOM_ID: time-threads 239 :END: 240 There is a configure time warning, though. 241 242 243* New features: 244 :PROPERTIES: 245 :CUSTOM_ID: new-features 246 :END: 247 248** Flow control for data objects. 249 :PROPERTIES: 250 :CUSTOM_ID: flow-control-is-not-a-euphemism-for-an-s-bend 251 :END: 252 Currently, gpgme_data_t objects are assumed to be blocking. To 253 break this assumption, we need either (A) a way for an user I/O 254 callback to store the current operation in a continuation that can 255 be resumed later. While the continuation exists, file descriptors 256 associated with this operation must be removed from their 257 respective event loop. or (B) a way for gpgme data objects to be 258 associated with a waitable object, that can be registered with the 259 user event loop. Neither is particularly simple. 260 261** Extended notation support. When gpg supports arbitrary binary 262 :PROPERTIES: 263 :CUSTOM_ID: extended-notation 264 :END: 265 notation data, provide a user interface for that. 266 267** notification system 268 :PROPERTIES: 269 :CUSTOM_ID: notification-system 270 :END: 271 We need a simple notification system, probably a simple callback 272 with a string and some optional arguments. This is for example 273 required to notify an application of a changed smartcard, The 274 application can then do whatever is required. There are other 275 usages too. This notification system should be independent of any 276 contextes of course. 277 278 Not sure whether this is still required. GPGME_PROTOCOL_ASSUAN is 279 sufficient for this. 280 281** --learn-code support 282 :PROPERTIES: 283 :CUSTOM_ID: learn-code 284 :END: 285 This might be integrated with import. we still need to work out how 286 to learn a card when gpg and gpgsm have support for smartcards. In 287 GPA we currently invoke gpg directly. 288 289** Might need a stat() for data objects and use it for length param to gpg. 290 :PROPERTIES: 291 :CUSTOM_ID: stat-data 292 :END: 293 294** Implement support for photo ids. 295 :PROPERTIES: 296 :CUSTOM_ID: photo-id 297 :END: 298 299** Allow selection of subkeys 300 :PROPERTIES: 301 :CUSTOM_ID: subkey-selection 302 :END: 303 304** Allow to return time stamps in ISO format 305 :PROPERTIES: 306 :CUSTOM_ID: iso-format-datetime 307 :END: 308 This allows us to handle years later than 2037 properly. With the 309 time_t interface they are all mapped to 2037-12-31 310 311** New features requested by our dear users, but rejected or left for 312 :PROPERTIES: 313 :CUSTOM_ID: feature-requests 314 :END: 315 later consideration: 316 317*** Allow to export secret keys. 318 :PROPERTIES: 319 :CUSTOM_ID: export-secret-keys 320 :END: 321 Rejected because this is conceptually flawed. Secret keys on a 322 smart card can not be exported, for example. 323 May eventually e supproted with a keywrapping system. 324 325*** Selecting the key ring, setting the version or comment in output. 326 :PROPERTIES: 327 :CUSTOM_ID: select-keyring-version 328 :END: 329 Rejected because the naive implementation is engine specific, the 330 configuration is part of the engine's configuration or readily 331 worked around in a different way 332 333*** Selecting the symmetric cipher. 334 :PROPERTIES: 335 :CUSTOM_ID: symmetric-cipher-selection 336 :END: 337 338*** Exchanging keys with key servers. 339 :PROPERTIES: 340 :CUSTOM_ID: key-server-exchange 341 :END: 342 343 344* Engines 345 :PROPERTIES: 346 :CUSTOM_ID: engines 347 :END: 348 349** Do not create/destroy engines, but create engine and then reset it. 350 :PROPERTIES: 351 :CUSTOM_ID: reset-engine-is-not-quite-just-ignition 352 :END: 353 Internally the reset operation still spawns a new engine process, 354 but this can be replaced with a reset later. Also, be very sure to 355 release everything properly at a reset and at an error. Think hard 356 about where to guarantee what (ie, what happens if start fails, are 357 the fds unregistered immediately - i think so?) 358 Note that we need support in gpgsm to set include-certs to default 359 as RESET does not reset it, also for no_encrypt_to and probably 360 other options. 361 362** Optimize the case where a data object has an underlying fd we can pass 363 :PROPERTIES: 364 :CUSTOM_ID: optimus-data-cousin-of-optimus-prime 365 :END: 366 directly to the engine. This will be automatic with socket I/O and 367 descriptor passing. 368 369** Move code common to all engines up from gpg to engine. 370 :PROPERTIES: 371 :CUSTOM_ID: move-code-common-to-engines-out-of-gpg 372 :END: 373 374** engine operations can return General Error on unknown protocol 375 :PROPERTIES: 376 :CUSTOM_ID: general-error-looking-to-be-court-martialled 377 :END: 378 (it's an internal error, as select_protocol checks already). 379 380** When server mode is implemented properly, more care has to be taken to 381 :PROPERTIES: 382 :CUSTOM_ID: server-mode 383 :END: 384 release all resources on error (for example to free assuan_cmd). 385 386** op_import_keys and op_export_keys have a limit in the number of keys. 387 :PROPERTIES: 388 :CUSTOM_ID: import-export-problems 389 :END: 390 This is because we pass them in gpg via the command line and gpgsm 391 via an assuan control line. We should pipe them instead and maybe 392 change gpg/gpgsm to not put them in memory. 393 394 395* GPG breakage: 396 :PROPERTIES: 397 :CUSTOM_ID: gpg-breakage 398 :END: 399 400** CANCELLED gpg 1.4.2 lacks error reporting if sign/encrypt with revoked key. 401 CLOSED: [2018-03-09 Fri 08:19] 402 :PROPERTIES: 403 :CUSTOM_ID: gpg-classic-lacks-stuff 404 :END: 405 - State "CANCELLED" from "TODO" [2018-03-09 Fri 08:19] \\ 406 WON'T FIX. 407 408** CANCELLED gpg 1.4.2 does crappy error reporting (namely none at all) when 409 CLOSED: [2018-03-09 Fri 08:20] 410 :PROPERTIES: 411 :CUSTOM_ID: gpg-classic-problems-but-do-we-care 412 :END: 413 - State "CANCELLED" from "TODO" [2018-03-09 Fri 08:20] \\ 414 WON'T FIX. 415 smart card is missing for sign operation: 416 [GNUPG:] CARDCTRL 4 417 gpg: selecting openpgp failed: ec=6.110 418 gpg: signing failed: general error 419 [GNUPG:] BEGIN_ENCRYPTION 2 10 420 gpg: test: sign+encrypt failed: general error 421 422** DONE Without agent and with wrong passphrase, gpg 1.4.2 enters into an 423 CLOSED: [2018-03-09 Fri 08:20] 424 :PROPERTIES: 425 :CUSTOM_ID: recursive-gpg-classic 426 :END: 427 - State "DONE" from "TODO" [2018-03-09 Fri 08:20] \\ 428 Must have been fixed in a subsequent release. 429 infinite loop. 430 431** CANCELLED Use correct argv[0] 432 CLOSED: [2018-03-09 Fri 08:24] 433 :PROPERTIES: 434 :CUSTOM_ID: correct-argv 435 :END: 436 - State "CANCELLED" from "TODO" [2018-03-09 Fri 08:24] \\ 437 WON'T FIX. 438 439 Also, there is no rungpg.c file in GPGME (or in GPG or most, if not 440 all of the rest of the libs and packages; I suspect there hasn't been 441 for a very long time). 442 In rungpg.c:build_argv we use 443 argv[argc] = strdup ("gpg"); /* argv[0] */ 444 This should be changed to take the real file name used in account. 445 446 447* Operations 448 :PROPERTIES: 449 :CUSTOM_ID: operations-are-not-surgical 450 :END: 451 452** Include cert values -2, -1, 0 and 1 should be defined as macros. 453 :PROPERTIES: 454 :CUSTOM_ID: certified-macros 455 :END: 456 457** If an operation failed, make sure that the result functions don't return 458 :PROPERTIES: 459 :CUSTOM_ID: operation-failure 460 :END: 461 corrupt partial information. !!! 462 NOTE: The EOF status handler is not called in this case !!! 463 464** Verify must not fail on NODATA premature if auto-key-retrieval failed. 465 :PROPERTIES: 466 :CUSTOM_ID: autobot-key-retrieval 467 :END: 468 It should not fail silently if it knows there is an error. !!! 469 470** All operations: Better error reporting. !! 471 :PROPERTIES: 472 :CUSTOM_ID: better-reporting-not-like-fox-news 473 :END: 474 475** Export status handler need much more work. !!! 476 :PROPERTIES: 477 :CUSTOM_ID: export-status-handler 478 :END: 479 480** Import should return a useful error when one happened. 481 :PROPERTIES: 482 :CUSTOM_ID: import-useful-stuff-even-wrong-stuff 483 :END: 484 485*** Import does not take notice of NODATA status report. 486 :PROPERTIES: 487 :CUSTOM_ID: import-no-data 488 :END: 489 490*** When GPGSM does issue IMPORT_OK status reports, make sure to check for 491 :PROPERTIES: 492 :CUSTOM_ID: gpgsm-import-ok 493 :END: 494 them in tests/gpgs m/t-import.c. 495 496** Verify can include info about version/algo/class, but currently 497 :PROPERTIES: 498 :CUSTOM_ID: verify-class 499 :END: 500 this is only available for gpg, not gpgsm. 501 502** Return ENC_TO output in verify result. Again, this is not available 503 :PROPERTIES: 504 :CUSTOM_ID: return-to-enc 505 :END: 506 for gpgsm. 507 508** Genkey should return something more useful than General_Error. 509 :PROPERTIES: 510 :CUSTOM_ID: general-key-assumed-command-from-general-error 511 :END: 512 513** If possible, use --file-setsize to set the file size for proper progress 514 :PROPERTIES: 515 :CUSTOM_ID: file-setsize 516 :END: 517 callback handling. Write data interface for file size. 518 519** Optimize the file descriptor list, so the number of open fds is 520 :PROPERTIES: 521 :CUSTOM_ID: optimus-descriptus-younger-brother-of-optimus-prime 522 :END: 523 always known easily. 524 525** Encryption: It should be verified that the behaviour for partially untrusted 526 :PROPERTIES: 527 :CUSTOM_ID: only-mostly-dead-means-partially-alive 528 :END: 529 recipients is correct. 530 531** When GPG issues INV_something for invalid signers, catch them. 532 :PROPERTIES: 533 :CUSTOM_ID: invalid-sig 534 :END: 535 536 537* Error Values 538 :PROPERTIES: 539 :CUSTOM_ID: error-value 540 :END: 541 542** Map ASSUAN/GpgSM ERR error values in a better way than is done now. !! 543 :PROPERTIES: 544 :CUSTOM_ID: map-ass-error 545 :END: 546 547** Some error values should identify the source more correctly (mostly error 548 :PROPERTIES: 549 :CUSTOM_ID: source-errors 550 :END: 551 values derived from status messages). 552 553** In rungpg.c we need to check the version of the engine 554 :PROPERTIES: 555 :CUSTOM_ID: rungpg-c-engine-ver 556 :END: 557 This requires a way to get the cached version number from the 558 engine layer. 559 560 561* Tests 562 :PROPERTIES: 563 :CUSTOM_ID: tests 564 :END: 565 566** TODO Write a fake gpg-agent so that we can supply known passphrases to 567 :PROPERTIES: 568 :CUSTOM_ID: test-fake-gpg-agent 569 :END: 570 gpgsm and setup the configuration files to use the agent. Without 571 this we are testing a currently running gpg-agent which is not a 572 clever idea. ! 573 574** t-data 575 :PROPERTIES: 576 :CUSTOM_ID: test-data 577 :END: 578 579*** Test gpgme_data_release_and_get_mem. 580 :PROPERTIES: 581 :CUSTOM_ID: test-gpgme-data-release-mem 582 :END: 583 584*** Test gpgme_data_seek for invalid types. 585 :PROPERTIES: 586 :CUSTOM_ID: test-gpgme-data-seek 587 :END: 588 589** t-keylist 590 :PROPERTIES: 591 :CUSTOM_ID: test-keylist 592 :END: 593 Write a test for ext_keylist. 594 595** Test reading key signatures. 596 :PROPERTIES: 597 :CUSTOM_ID: test-key-sig 598 :END: 599 600 601* Debug 602 :PROPERTIES: 603 :CUSTOM_ID: debug 604 :END: 605 606** Tracepoints should be added at: Every public interface enter/leave, 607 :PROPERTIES: 608 :CUSTOM_ID: tracepoint-pub-int 609 :END: 610 before and in every callback, at major decision points, at every 611 internal data point which might easily be observed by the outside 612 (system handles). We also trace handles and I/O support threads in 613 the w32 implementation because that's fragile code. 614 Files left to do: 615 data-fd.c data-mem.c data-stream.c data-user.c debug.c rungpg.c 616 engine.c engine-gpgsm.c funopen.c w32-glib-io.c wait.c 617 wait-global.c wait-private.c wait-user.c op-support.c decrypt.c 618 decrypt-verify.c delete.c edit.c encrypt.c encrypt-sign.c export.c 619 genkey.c import.c key.c keylist.c passphrase.c progress.c signers.c 620 sig-notation.c trust-item.c trustlist.c verify.c 621 622** TODO Handle malloc and vasprintf errors. But decide first if they should be 623 :PROPERTIES: 624 :CUSTOM_ID: malloc-vasprintf 625 :END: 626 627 ignored (and logged with 255?!), or really be assertions. ! 628 629 630* Build suite 631 :PROPERTIES: 632 :CUSTOM_ID: build-suite 633 :END: 634 635** TODO Make sure everything is cleaned correctly (esp. test area). 636 :PROPERTIES: 637 :CUSTOM_ID: clean-tests 638 :END: 639 640** TODO Enable AC_CONFIG_MACRO_DIR and bump up autoconf version requirement. 641 :PROPERTIES: 642 :CUSTOM_ID: autoconf-macros 643 :END: 644 (To fix "./autogen.sh; ./configure --enable-maintainer-mode; touch 645 configure.ac; make"). Currently worked around with ACLOCAL_AMFLAGS??? 646 647 648* Error checking 649 :PROPERTIES: 650 :CUSTOM_ID: error-checking 651 :END: 652 653** TODO engine-gpgsm, with-validation 654 :PROPERTIES: 655 :CUSTOM_ID: gpgsm-validation 656 :END: 657 Add error checking some time after releasing a new gpgsm. 658 659 660* Language bindings and related components 661 :PROPERTIES: 662 :CUSTOM_ID: language-bindings-and-related-stuff 663 :END: 664 665** TODO Emacs and elisp binding 666 :PROPERTIES: 667 :CUSTOM_ID: emacs-and-elisp 668 :END: 669 670 Currently GNU Emacs uses EPA and EPG to provide GnuPG support. EPG 671 does this by calling the GPG executable and wrapping the commands 672 with elisp functions. A more preferable solution would be to 673 implement an epgme.el which integrated with GPGME, then if it could 674 not to attempt calling the gpgme-tool and only if those failed to 675 fall back to the current epg.el and calling the command line 676 binaries. 677 678** TODO API of an API 679 :PROPERTIES: 680 :CUSTOM_ID: api-squared 681 :END: 682 683 See the more detailed notes on this in the [[lang/python/docs/TODO.org][python TODO]]. 684 685** TODO GPGME installation and package management guide 686 :PROPERTIES: 687 :CUSTOM_ID: package-management 688 :END: 689 690 Write a guide/best practices for maintainers of GPGME packages with 691 third party package management systems. 692 693 694* Copyright 2004, 2005, 2018 g10 Code GmbH 695 :PROPERTIES: 696 :CUSTOM_ID: copyright-and-license 697 :END: 698 699This file is free software; as a special exception the author gives 700unlimited permission to copy and/or distribute it, with or without 701modifications, as long as this notice is preserved. 702 703This file is distributed in the hope that it will be useful, but 704WITHOUT ANY WARRANTY, to the extent permitted by law; without even the 705implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR 706PURPOSE. 707