From: Roberto Sassu <roberto.sassu@polito.it>
To: git@vger.kernel.org
Cc: Roberto Sassu <roberto.sassu@polito.it>
Subject: [RFC][PATCH] git-send-email: added support for S/MIME
Date: Tue, 4 Jan 2011 17:02:06 +0100 [thread overview]
Message-ID: <1294156930-21367-1-git-send-email-roberto.sassu@polito.it> (raw)
[-- Attachment #1: Type: text/plain, Size: 6042 bytes --]
The script git-send-email.perl has been modified in order to add support
for messages with S/MIME format. First, the message body is written in a
temporary file and signed by OpenSSL with the X.509 certificate provided by
the user. Then the returned content is added to the previously parsed
header and the message is sent as the same for unsigned messages.
Usage:
git send-email -sign -signing-cert </path/of/PEM> <other options>
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
---
git-send-email.perl | 97 +++++++++++++++++++++++++++++++++++++++++++++-----
1 files changed, 87 insertions(+), 10 deletions(-)
diff --git a/git-send-email.perl b/git-send-email.perl
index 76565de..c040fe6 100755
--- a/git-send-email.perl
+++ b/git-send-email.perl
@@ -57,6 +57,8 @@ git send-email [options] <file | directory | rev-list options >
--annotate * Review each patch that will be sent in an editor.
--compose * Open an editor for introduction.
--8bit-encoding <str> * Encoding to assume 8bit mails if undeclared
+ --sign * Sign all emails with an X.509 certificate.
+ --signing-cert <str> * Path of the X.509 certificate.
Sending:
--envelope-sender <str> * Email envelope sender.
@@ -141,7 +143,7 @@ my $auth;
# Variables we fill in automatically, or via prompting:
my (@to,$no_to,@initial_to,@cc,$no_cc,@initial_cc,@bcclist,$no_bcc,@xh,
- $initial_reply_to,$initial_subject,@files,
+ @xb,$initial_reply_to,$initial_subject,@files,
$author,$sender,$smtp_authpass,$annotate,$compose,$time);
my $envelope_sender;
@@ -161,9 +163,10 @@ if ($@) {
}
# Behavior modification variables
-my ($quiet, $dry_run) = (0, 0);
+my ($quiet, $dry_run, $sign) = (0, 0, 0);
my $format_patch;
my $compose_filename;
+my $signing_cert;
my $force = 0;
# Handle interactive edition of files.
@@ -232,6 +235,7 @@ my %config_settings = (
"confirm" => \$confirm,
"from" => \$sender,
"assume8bitencoding" => \$auto_8bit_encoding,
+ "signing_cert" => \$signing_cert
);
# Help users prepare for 1.7.0
@@ -311,6 +315,8 @@ my $rc = GetOptions("sender|from=s" => \$sender,
"format-patch!" => \$format_patch,
"8bit-encoding=s" => \$auto_8bit_encoding,
"force" => \$force,
+ "sign" => \$sign,
+ "signing-cert:s" => \$signing_cert,
);
unless ($rc) {
@@ -356,6 +362,11 @@ sub read_config {
}
}
+# verify if the signing certificate has been specified
+if ($sign && !$signing_cert) {
+ die "Signing certificate not specified";
+}
+
# read configuration from [sendemail "$identity"], fall back on [sendemail]
$identity = Git::config(@repo, "sendemail.identity") unless (defined $identity);
read_config("sendemail.$identity") if (defined $identity);
@@ -1161,6 +1172,7 @@ foreach my $t (@files) {
@to = ();
@cc = ();
@xh = ();
+ @xb = ();
my $input_format = undef;
my @header = ();
$message = "";
@@ -1223,7 +1235,20 @@ foreach my $t (@files) {
if (/charset="?([^ "]+)/) {
$body_encoding = $1;
}
- push @xh, $_;
+ if ($sign) {
+ push @xb, $_;
+ } else {
+ push @xh, $_;
+ }
+ }
+ elsif (/^MIME-Version:/i && $sign) {
+ # Do nothing: this will be added by OpenSSL
+ }
+ elsif (/Content-Transfer-Encoding:/i && $sign) {
+ # move the Content-Transfer-Encoding in the
+ # first part of the message if the latter is
+ # about to be signed
+ push @xb, $_;
}
elsif (/^Message-Id: (.*)/i) {
$message_id = $1;
@@ -1275,9 +1300,14 @@ foreach my $t (@files) {
if ($broken_encoding{$t} && !$has_content_type) {
$has_content_type = 1;
- push @xh, "MIME-Version: 1.0",
- "Content-Type: text/plain; charset=$auto_8bit_encoding",
- "Content-Transfer-Encoding: 8bit";
+ if ($sign) {
+ push @xb, "Content-Type: text/plain; charset=$auto_8bit_encoding",
+ "Content-Transfer-Encoding: 8bit";
+ } else {
+ push @xh, "MIME-Version: 1.0",
+ "Content-Type: text/plain; charset=$auto_8bit_encoding",
+ "Content-Transfer-Encoding: 8bit";
+ }
$body_encoding = $auto_8bit_encoding;
}
@@ -1298,12 +1328,59 @@ foreach my $t (@files) {
}
else {
$has_content_type = 1;
- push @xh,
- 'MIME-Version: 1.0',
- "Content-Type: text/plain; charset=$author_encoding",
- 'Content-Transfer-Encoding: 8bit';
+ if ($sign) {
+ push @xb,
+ "Content-Type: text/plain; charset=$author_encoding",
+ 'Content-Transfer-Encoding: 8bit';
+ } else {
+ push @xh,
+ 'MIME-Version: 1.0',
+ "Content-Type: text/plain; charset=$author_encoding",
+ 'Content-Transfer-Encoding: 8bit';
+ }
+ }
+ }
+ }
+
+ if ($sign) {
+ my $linecount = 0;
+ my $message_body_tmp_file;
+
+ # put the original Content-Type, charset and Content-Transfer-Encoding
+ # information, if specified, in the first part of the message
+ if (@xb) {
+ $message = join("\n", @xb) . "\n\n" . $message;
+ } else {
+ $message = "\n" . $message;
+ }
+
+ # write the message body in a temporary file
+ $message_body_tmp_file = ($repo ?
+ tempfile(".gitsendemail.body.XXXXXX", DIR => $repo->repo_path()) :
+ tempfile(".gitsendemail.body.XXXXXX", DIR => "."))[1];
+
+ open(MESSAGE_BODY_FILE,">",$message_body_tmp_file) or
+ die "Failed to open for writing $message_body_tmp_file: $!";
+ print MESSAGE_BODY_FILE $message;
+ close MESSAGE_BODY_FILE;
+
+ # sign the message body and put the result in the $message variable
+ $message = "";
+ open(OPENSSL_SIGNED_MESSAGE, "openssl smime -sign -in $message_body_tmp_file -signer $signing_cert |")
+ or die "Could not execute OpenSSL";
+
+ while(<OPENSSL_SIGNED_MESSAGE>) {
+ chomp;
+ if($linecount < 2) {
+ # push first two lines into the header
+ push @xh, $_;
+ } else {
+ # put the remaining content in the $message variable
+ $message .= $_;
}
}
+ close OPENSSL_SIGNED_MESSAGE;
+ unlink($message_body_tmp_file);
}
$needs_confirm = (
--
1.7.3.4
[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 2061 bytes --]
next reply other threads:[~2011-01-04 16:02 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-04 16:02 Roberto Sassu [this message]
2011-01-04 19:22 ` [RFC][PATCH] git-send-email: added support for S/MIME Junio C Hamano
2011-01-04 19:36 ` Thomas Rast
2011-01-05 9:22 ` Roberto Sassu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1294156930-21367-1-git-send-email-roberto.sassu@polito.it \
--to=roberto.sassu@polito.it \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).