schleuder 3.5.0 → 4.0.0

data/lib/schleuder/errors/base.rb

@@ -1,8 +1,8 @@
 module Schleuder
   module Errors
     class Base < StandardError
-      def t(*args)
-        I18n.t(*args)
+      def t(key, **kwargs)
+        I18n.t(key, **kwargs)
       end
 
       def to_s

data/lib/schleuder/errors/decryption_failed.rb

@@ -4,7 +4,7 @@ module Schleuder
       def initialize(list)
         set_default_locale
         super t('errors.decryption_failed',
-                    { key: list.key.to_s, email: list.sendkey_address })
+                    key: list.key.to_s, email: list.sendkey_address)
       end
     end
   end

data/lib/schleuder/errors/fatal_error.rb

@@ -5,7 +5,7 @@ module Schleuder
       end
 
       def to_s
-        t("errors.fatalerror")
+        t('errors.fatalerror')
       end
     end
   end

data/lib/schleuder/errors/key_adduid_failed.rb

@@ -2,7 +2,7 @@ module Schleuder
   module Errors
     class KeyAdduidFailed < Base
       def initialize(errmsg)
-        super t('errors.key_adduid_failed', { errmsg: errmsg })
+        super t('errors.key_adduid_failed', errmsg: errmsg)
       end
     end
   end

data/lib/schleuder/errors/key_generation_failed.rb

@@ -2,7 +2,7 @@ module Schleuder
   module Errors
     class KeyGenerationFailed < Base
       def initialize(listdir, listname)
-        super t('errors.key_generation_failed', {listdir: listdir, listname: listname})
+        super t('errors.key_generation_failed', listdir: listdir, listname: listname)
       end
     end
   end

data/lib/schleuder/errors/message_empty.rb

@@ -3,7 +3,7 @@ module Schleuder
     class MessageEmpty < Base
       def initialize(list)
         set_default_locale
-        super t('errors.message_empty', { request_address: list.request_address })
+        super t('errors.message_empty', request_address: list.request_address)
       end
     end
   end

data/lib/schleuder/errors/message_too_big.rb

@@ -4,7 +4,7 @@ module Schleuder
       def initialize(list)
         set_default_locale
         allowed_size = list.max_message_size_kb
-        super t('errors.message_too_big', { allowed_size: allowed_size })
+        super t('errors.message_too_big', allowed_size: allowed_size)
       end
     end
   end

data/lib/schleuder/errors/too_many_keys.rb

@@ -2,7 +2,7 @@ module Schleuder
   module Errors
     class TooManyKeys < Base
       def initialize(listdir, listname)
-        super t('errors.too_many_keys', {listdir: listdir, listname: listname})
+        super t('errors.too_many_keys', listdir: listdir, listname: listname)
       end
     end
   end

data/lib/schleuder/filters/post_decryption/10_request.rb

@@ -3,17 +3,17 @@ module Schleuder
     def self.request(list, mail)
       return if ! mail.request?
 
-      list.logger.debug "Request-message"
+      list.logger.debug 'Request-message'
 
       if ! mail.was_encrypted? || ! mail.was_validly_signed?
-        list.logger.debug "Error: Message was not encrypted and validly signed"
+        list.logger.debug 'Error: Message was not encrypted and validly signed'
         return Errors::MessageUnauthenticated.new
       end
 
       if mail.keywords.empty?
         output = I18n.t(:no_keywords_error)
       else
-        output = PluginRunners::RequestPluginsRunner.run(list, mail)
+        output = KeywordHandlersRunner.run(type: :request, list: list, mail: mail)
         output = output.flatten.map(&:presence).compact
         if output.blank?
           output = I18n.t(:no_output_result)

data/lib/schleuder/filters/post_decryption/20_max_message_size.rb

@@ -3,7 +3,7 @@ module Schleuder
 
     def self.max_message_size(list, mail)
       if (mail.raw_source.size / 1024) > list.max_message_size_kb
-        list.logger.info "Rejecting mail as too big"
+        list.logger.info 'Rejecting mail as too big'
         return Errors::MessageTooBig.new(list)
       end
     end

data/lib/schleuder/filters/post_decryption/30_forward_to_owner.rb

@@ -3,7 +3,7 @@ module Schleuder
     def self.forward_to_owner(list, mail)
       return if ! mail.to_owner?
 
-      list.logger.debug "Forwarding addressed to -owner"
+      list.logger.debug 'Forwarding addressed to -owner'
       mail.add_pseudoheader(:note, I18n.t(:owner_forward_prefix))
       cleanmail = mail.clean_copy(true)
       list.admins.each do |admin|

data/lib/schleuder/filters/post_decryption/40_receive_admin_only.rb

@@ -2,7 +2,7 @@ module Schleuder
   module Filters
     def self.receive_admin_only(list, mail)
       if list.receive_admin_only? && ( ! mail.was_validly_signed? || ! mail.signer.admin? )
-        list.logger.info "Rejecting mail as not from admin."
+        list.logger.info 'Rejecting mail as not from admin.'
         return Errors::MessageNotFromAdmin.new
       end
     end

data/lib/schleuder/filters/post_decryption/50_receive_authenticated_only.rb

@@ -2,7 +2,7 @@ module Schleuder
   module Filters
     def self.receive_authenticated_only(list, mail)
       if list.receive_authenticated_only? && ( ! mail.was_encrypted? || ! mail.was_validly_signed? )
-        list.logger.info "Rejecting mail as unauthenticated"
+        list.logger.info 'Rejecting mail as unauthenticated'
         return Errors::MessageUnauthenticated.new
       end
     end

data/lib/schleuder/filters/post_decryption/60_receive_signed_only.rb

@@ -2,7 +2,7 @@ module Schleuder
   module Filters
     def self.receive_signed_only(list, mail)
       if list.receive_signed_only? && ! mail.was_validly_signed?
-        list.logger.info "Rejecting mail as unsigned"
+        list.logger.info 'Rejecting mail as unsigned'
         return Errors::MessageUnsigned.new
       end
     end

data/lib/schleuder/filters/post_decryption/70_receive_encrypted_only.rb

@@ -2,7 +2,7 @@ module Schleuder
   module Filters
     def self.receive_encrypted_only(list, mail)
       if list.receive_encrypted_only? && ! mail.was_encrypted?
-        list.logger.info "Rejecting mail as unencrypted"
+        list.logger.info 'Rejecting mail as unencrypted'
         return Errors::MessageUnencrypted.new
       end
     end

data/lib/schleuder/filters/post_decryption/80_receive_from_subscribed_emailaddresses_only.rb

@@ -2,7 +2,7 @@ module Schleuder
   module Filters
     def self.receive_from_subscribed_emailaddresses_only(list, mail)
       if list.receive_from_subscribed_emailaddresses_only? && list.subscriptions.where(email: mail.from.first).blank?
-        list.logger.info "Rejecting mail as not from subscribed address."
+        list.logger.info 'Rejecting mail as not from subscribed address.'
         return Errors::MessageSenderNotSubscribed.new
       end
     end

data/lib/schleuder/filters/pre_decryption/10_forward_bounce_to_admins.rb

@@ -2,7 +2,7 @@ module Schleuder
   module Filters
     def self.forward_bounce_to_admins(list, mail)
       if mail.automated_message?
-        list.logger.info "Forwarding automated message to admins"
+        list.logger.info 'Forwarding automated message to admins'
         list.logger.notify_admin I18n.t(:forward_automated_message_to_admins), mail.original_message, I18n.t('automated_message_subject')
         exit
       end

data/lib/schleuder/filters/pre_decryption/30_send_key.rb

@@ -3,7 +3,7 @@ module Schleuder
     def self.send_key(list, mail)
       return if ! mail.sendkey_request?
 
-      list.logger.debug "Sending public key as reply."
+      list.logger.debug 'Sending public key as reply.'
 
       out = mail.reply
       out.from = list.email

data/lib/schleuder/filters/pre_decryption/40_fix_exchange_messages.rb

@@ -18,7 +18,7 @@ module Schleuder
           mail.parts[1][:content_type].content_type == 'application/pgp-encrypted' &&
           mail.parts[2][:content_type].content_type == 'application/octet-stream'
         mail.parts.delete_at(0)
-        mail.content_type = [:multipart, :encrypted, {protocol: "application/pgp-encrypted", boundary: mail.boundary}]
+        mail.content_type = [:multipart, :encrypted, {protocol: 'application/pgp-encrypted', boundary: mail.boundary}]
       end
     end
   end

data/lib/schleuder/filters/pre_decryption/50_strip_html_from_alternative.rb

@@ -8,12 +8,12 @@ module Schleuder
         return false
       end
 
-      Schleuder.logger.debug "Stripping html-part from multipart/alternative-message"
+      Schleuder.logger.debug 'Stripping html-part from multipart/alternative-message'
       mail.parts.delete_if do |part|
         part[:content_type].content_type == 'text/html'
       end
       mail.content_type = 'multipart/mixed'
-      mail.add_pseudoheader(:note, I18n.t("pseudoheaders.stripped_html_from_multialt"))
+      mail.add_pseudoheader(:note, I18n.t('pseudoheaders.stripped_html_from_multialt'))
     end
   end
 end

data/lib/schleuder/filters_runner.rb

@@ -34,7 +34,7 @@ module Schleuder
 
       def bounce?(response, mail)
         if list.bounces_drop_all
-          list.logger.debug "Dropping bounce as configurated"
+          list.logger.debug 'Dropping bounce as configurated'
           notify_admins(I18n.t('.bounces_drop_all'), mail.original_message)
           return false
         end
@@ -47,7 +47,7 @@ module Schleuder
           end
         end
 
-        list.logger.debug "Bouncing message"
+        list.logger.debug 'Bouncing message'
         true
       end
 
@@ -61,21 +61,21 @@ module Schleuder
         list.logger.debug "Loading #{filter_type}_decryption filters"
         sorted_filters.map do |filter_name|
           require all_filter_files[filter_name]
-          filter_name.split('_',2).last
+          filter_name.split('_', 2).last
         end
       end
 
       def sorted_filters
-        @sorted_filters ||= all_filter_files.keys.sort do |a,b|
-          a.split('_',2).first.to_i <=> b.split('_',2).first.to_i
+        @sorted_filters ||= all_filter_files.keys.sort do |a, b|
+          a.split('_', 2).first.to_i <=> b.split('_', 2).first.to_i
         end
       end
 
       def all_filter_files
         @all_filter_files ||= begin
           files_in_filter_dirs = Dir[*filter_dirs]
-          files_in_filter_dirs.inject({}) do |res,file|
-            filter_name = File.basename(file,'.rb')
+          files_in_filter_dirs.inject({}) do |res, file|
+            filter_name = File.basename(file, '.rb')
             res[filter_name] = file
             res
           end
@@ -83,9 +83,9 @@ module Schleuder
       end
 
       def filter_dirs
-        @filter_dirs ||= [File.join(File.dirname(__FILE__),"filters"),
+        @filter_dirs ||= [File.join(File.dirname(__FILE__), 'filters'),
                           Schleuder::Conf.filters_dir].map do |d|
-                            File.join(d,"#{filter_type}_decryption/[0-9]*_*.rb")
+                            File.join(d, "#{filter_type}_decryption/[0-9]*_*.rb")
                           end
       end
     end

data/lib/schleuder/gpgme/ctx.rb

@@ -25,10 +25,10 @@ module GPGME
           [import_status.fpr, nil]
         end
       when 0
-        [nil, "The given key material did not contain any keys!"]
+        [nil, 'The given key material did not contain any keys!']
       else
         # TODO: report import-stati of the keys?
-        [nil, "The given key material contained more than one key, could not determine which fingerprint to use. Please set it manually!"]
+        [nil, 'The given key material contained more than one key, could not determine which fingerprint to use. Please set it manually!']
       end
     end
 
@@ -78,8 +78,8 @@ module GPGME
     end
 
     def self.check_gpg_version
-      if ! sufficient_gpg_version?('2.0')
-        $stderr.puts "Error: GnuPG version >= 2.0 required.\nPlease install it and/or provide the path to the binary via the environment-variable GPGBIN.\nExample: GPGBIN=/opt/gpg2/bin/gpg ..."
+      if ! sufficient_gpg_version?('2.2')
+        $stderr.puts "Error: GnuPG version >= 2.2 required.\nPlease install it and/or provide the path to the binary via the environment-variable GPGBIN.\nExample: GPGBIN=/opt/gpg2/bin/gpg ..."
         exit 1
       end
     end
@@ -95,10 +95,7 @@ module GPGME
         sleep rand(1.0..5.0)
         refresh_key(key.fingerprint).presence
       end
-      # TODO: drop version check once we killed gpg 2.0 support.
-      if GPGME::Ctx.sufficient_gpg_version?('2.1')
-        `gpgconf --kill dirmngr`
-      end
+      `gpgconf --kill dirmngr`
       output.compact.join("\n")
     end
 
@@ -110,6 +107,8 @@ module GPGME
         # Return filtered error messages. Include gpgkeys-messages from stdout
         # (gpg 2.0 does that), which could e.g. report a failure to connect to
         # the keyserver.
+        # TODO: Revisit this once we don't do network access via GPG
+        # anymore.
         res = [
           refresh_key_filter_messages(gpgerr),
           refresh_key_filter_messages(gpgout).grep(/^gpgkeys: /)
@@ -118,8 +117,7 @@ module GPGME
         # we better kill dirmngr, so it hopefully won't suffer
         # from the same error during the next run.
         # See #309 for background
-        # TODO: drop version check once we killed gpg 2.0 support.
-        if !res.empty? && GPGME::Ctx.sufficient_gpg_version?('2.1')
+        if !res.empty?
           `gpgconf --kill dirmngr`
         end
         res.join("\n")
@@ -158,7 +156,7 @@ module GPGME
         # restricted to keyservers.
         "#{keyserver_arg} --auto-key-locate keyserver --locate-key #{input}"
       else
-        [nil, I18n.t("fetch_key.invalid_input")]
+        [nil, I18n.t('fetch_key.invalid_input')]
       end
     end
 
@@ -166,8 +164,8 @@ module GPGME
       import_states = translate_import_data(gpgoutput)
       strings = import_states.map do |fingerprint, states|
         key = find_distinct_key(fingerprint)
-        I18n.t(locale_key, { key_oneline: key.oneline,
-                             states: states.to_sentence })
+        I18n.t(locale_key, key_summary: key.summary,
+                           states: states.to_sentence)
       end
       strings
     end
@@ -182,7 +180,7 @@ module GPGME
         states = []
 
         if import_status == 0
-          states << I18n.t("import_states.unchanged")
+          states << I18n.t('import_states.unchanged')
         else
           IMPORT_FLAGS.each do |text, int|
             if (import_status & int) > 0
@@ -213,7 +211,7 @@ module GPGME
       errors = []
       output = []
       base_cmd = gpg_engine.file_name
-      base_args = "--no-greeting --no-permission-warning --quiet --armor --trust-model always --no-tty --command-fd 0 --status-fd 1"
+      base_args = '--no-greeting --no-permission-warning --quiet --armor --trust-model always --no-tty --command-fd 0 --status-fd 1'
       cmd = [base_cmd, base_args, args].flatten.join(' ')
       Open3.popen3(cmd) do |stdin, stdout, stderr, thread|
         if block_given?
@@ -231,24 +229,6 @@ module GPGME
       raise 'Need gpg in $PATH or in $GPGBIN'
     end
 
-    def self.gpgcli_expect(args)
-      gpgcli(args) do |stdin, stdout, stderr|
-        counter = 0
-        while line = stdout.gets rescue nil
-          counter += 1
-          if counter > 1042
-            return "Too many input-lines from gpg, something went wrong"
-          end
-          output, error = yield(line.chomp)
-          if output == false
-            return error
-          elsif output
-            stdin.puts output
-          end
-        end
-      end
-    end
-
     def self.spawn_daemon(name, args)
       delete_daemon_socket(name)
       cmd = "#{name} #{args} --daemon > /dev/null 2>&1"
@@ -258,7 +238,7 @@ module GPGME
     end
 
     def self.delete_daemon_socket(name)
-      path = File.join(ENV["GNUPGHOME"], "S.#{name}")
+      path = File.join(ENV['GNUPGHOME'], "S.#{name}")
       if File.exist?(path)
         File.delete(path)
       end
@@ -268,7 +248,7 @@ module GPGME
       if Conf.keyserver.present?
         "--keyserver #{Conf.keyserver}"
       else
-        ""
+        ''
       end
     end
 

data/lib/schleuder/gpgme/key.rb

@@ -26,8 +26,8 @@ module GPGME
       expired.present?
     end
 
-    def oneline
-      @oneline ||= 
+    def summary
+      @summary ||= 
         begin
           datefmt = '%Y-%m-%d'
           attribs = [
@@ -41,7 +41,7 @@ module GPGME
               attribs << "[expired: #{expires.strftime(datefmt)}]"
             when :revoked
               # TODO: add revocation date when it's available.
-              attribs << "[revoked]"
+              attribs << '[revoked]'
             else
               attribs << "[#{usability_issue}]"
             end
@@ -75,144 +75,12 @@ module GPGME
       if trust.present?
         trust
       elsif ! usable_for?(:encrypt)
-        "not capable of encryption"
+        'not capable of encryption'
       else
         nil
       end
     end
 
-    def set_primary_uid(email)
-      # We rely on the order of UIDs here. Seems to work.
-      index = self.uids.map(&:email).index(email)
-      uid_number = index + 1
-      primary_set = false
-      args = "--edit-key '#{self.fingerprint}' #{uid_number}"
-      errors, _ = GPGME::Ctx.gpgcli_expect(args) do |line|
-        case line.chomp
-        when /keyedit.prompt/
-          if ! primary_set
-            primary_set = true
-            "primary"
-          else
-            "save"
-          end
-        else
-          nil
-        end
-      end
-      errors.join
-    end
-
-    def adduid(uid, email)
-      # This block can be deleted once we cease to support gnupg 2.0.
-      if ! GPGME::Ctx.sufficient_gpg_version?('2.1.4')
-        return adduid_expect(uid, email)
-      end
-
-      # Specifying the key via fingerprint apparently doesn't work.
-      errors, _ = GPGME::Ctx.gpgcli("--quick-adduid #{uid} '#{uid} <#{email}>'")
-      errors.join
-    end
-
-    # This method can be deleted once we cease to support gnupg 2.0.
-    def adduid_expect(uid, email)
-      args = "--allow-freeform-uid --edit-key '#{self.fingerprint}' adduid"
-      errors, _ = GPGME::Ctx.gpgcli_expect(args) do |line|
-        case line.chomp
-        when /keygen.name/
-          uid
-        when /keygen.email/
-          email
-        when /keygen.comment/
-          ''
-        when /keyedit.prompt/
-          "save"
-        else
-          nil
-        end
-      end
-      errors.join
-    end
-
-    def clearpassphrase(oldpw)
-      # This block can be deleted once we cease to support gnupg 2.0.
-      if ! GPGME::Ctx.sufficient_gpg_version?('2.1.0')
-        return clearpassphrase_v20(oldpw)
-      end
-
-      oldpw_given = false
-      # Don't use '--passwd', it claims to fail (even though it factually doesn't).
-      args = "--pinentry-mode loopback --edit-key '#{self.fingerprint}' passwd"
-      errors, _, exitcode = GPGME::Ctx.gpgcli_expect(args) do |line|
-        case line
-        when /passphrase.enter/
-          if ! oldpw_given
-            oldpw_given = true
-            oldpw
-          else
-            ""
-          end
-        when /BAD_PASSPHRASE/
-          [false, 'bad passphrase']
-        when /change_passwd.empty.okay/
-          'y'
-        when /keyedit.prompt/
-          "save"
-        else
-          nil
-        end
-      end
-
-      # Only show errors if something apparently went wrong. Otherwise we might
-      # leak useless strings from gpg and make the caller report errors even
-      # though this method succeeded.
-      if exitcode > 0
-        errors.join
-      else
-        nil
-      end
-    end
-
-    # This method can be deleted once we cease to support gnupg 2.0.
-    def clearpassphrase_v20(oldpw)
-      start_gpg_agent(oldpw)
-      # Don't use '--passwd', it claims to fail (even though it factually doesn't).
-      errors, _, exitcode = GPGME::Ctx.gpgcli_expect("--edit-key '#{self.fingerprint}' passwd") do |line|
-        case line
-        when /BAD_PASSPHRASE/
-          [false, 'bad passphrase']
-        when /change_passwd.empty.okay/
-          'y'
-        when /keyedit.prompt/
-          "save"
-        else
-          nil
-        end
-      end
-      stop_gpg_agent
-
-      # Only show errors if something apparently went wrong. Otherwise we might
-      # leak useless strings from gpg and make the caller report errors even
-      # though this method succeeded.
-      if exitcode > 0
-        errors.join
-      else
-        nil
-      end
-    end
-
-    # This method can be deleted once we cease to support gnupg 2.0.
-    def stop_gpg_agent
-      # gpg-agent terminates itself if its socket goes away.
-      GPGME::Ctx.delete_daemon_socket('gpg-agent')
-    end
-
-    def start_gpg_agent(oldpw)
-      ENV['PINENTRY_USER_DATA'] = oldpw
-      pinentry = File.join(ENV['SCHLEUDER_ROOT'], 'bin', 'pinentry-clearpassphrase')
-      GPGME::Ctx.spawn_daemon('gpg-agent', "--use-standard-socket --pinentry-program #{pinentry}")
-    end
-
     def self.valid_fingerprint?(fp)
       fp =~ Schleuder::Conf::FINGERPRINT_REGEXP
     end