2 Hey Emacs, this is -*- org -*- mode!
6 :CUSTOM_ID: dev-gnupg-org
9 There was a nine year gap (2009 to 2018) between edits of this file,
10 so it is likely that much of the old information in it is wrong or
13 Bugs, feature requests and other development related work will be
14 tracked through the [[https://dev.gnupg.org/][dev.gnupg.org]] site.
19 :CUSTOM_ID: documentation
22 ** Document all the new stuff.
24 :CUSTOM_ID: more-docs-is-better
27 *** TODO Fix this TODO list.
32 Clean up the current TODO list. Include properties as relevant (so
33 if someone does make a PDF or HTML version the TOC will work).
35 Also check ans see if some of these ancient things can be removed
36 (e.g. do we really need to fix things that were broken in GPG
37 1.3.x? I'm thinking not so much).
39 **** DONE fix TODO items
40 CLOSED: [2018-03-04 Sun 08:55]
42 :CUSTOM_ID: fix-todo-items
45 Adjust todo items so each can now be referenced by custom-id and
46 checked off as necessary.
48 ** TODO Document validity and trust issues.
50 :CUSTOM_ID: valid-trust-issues
53 ** In gpgme.texi: Register callbacks under the right letter in the index.
55 :CUSTOM_ID: gpgme-texi
59 * Fix the remaining UI Server problems:
61 :CUSTOM_ID: ui-server-fix
63 ** VERIFY --silent support.
65 :CUSTOM_ID: verify-silent
67 ** ENCRYPT/DECRYPT/VERIFY/SIGN reset the engine, shouldn't be done with UISERVER?
69 :CUSTOM_ID: reset-engine-not-ui
75 :CUSTOM_ID: important-stuff-really
77 ** When using descriptor passing, we need to set the fd to blocking before
79 :CUSTOM_ID: set-fd-blocking
81 issueing simple commands, because we are mixing synchronous
82 commands into potentially asynchronous operations.
83 ** Might want to implement nonblock for w32 native backend!
85 :CUSTOM_ID: nonblock-win32
87 Right now we block reading the next line with assuan.
92 :CUSTOM_ID: pre-release
95 ** CANCELLED Some gpg tests fail with gpg 1.3.4-cvs (gpg/t-keylist-sig)
96 CLOSED: [2018-03-09 Fri 08:16]
98 :CUSTOM_ID: gpg-1-3-4-really
100 - State "CANCELLED" from "TODO" [2018-03-09 Fri 08:16] \\
101 WON'T FIX — too old or no longer applies.
102 The test is currently disabled there and in gpg/t-import.
104 ** When gpg supports it, write binary subpackets directly,
106 :CUSTOM_ID: binary-subpackets
108 and parse SUBPACKET status lines.
113 :CUSTOM_ID: abi-breakage-apparently-on-purpose
116 ** Old opassuan interface.
118 :CUSTOM_ID: old-opassuan
121 ** Implementation: Remove support for old style error codes in
123 :CUSTOM_ID: remove-old-error-codes
125 conversion.c::_gpgme_map_gnupg_error.
127 ** gpgme_edit_cb_t: Add "processed" return argument
129 :CUSTOM_ID: add-processed-return
131 (see edit.c::command_handler).
133 ** I/O and User Data could be made extensible. But this can be done
135 :CUSTOM_ID: add-io-user-data
137 without breaking the ABI hopefully.
139 ** All enums should be replaced by ints and simple macros for
141 :CUSTOM_ID: enums-should-be-ints
143 maximum compatibility.
145 ** Compatibility interfaces that can be removed in future versions:
147 :CUSTOM_ID: compat-interfaces-to-go
150 *** gpgme_data_new_from_filepart
152 :CUSTOM_ID: gpgme-data-new-from-filepart
155 *** gpgme_data_new_from_file
157 :CUSTOM_ID: gpgme-data-new-from-file
160 *** gpgme_data_new_with_read_cb
162 :CUSTOM_ID: gpgme-data-new-with-read-cb
165 *** gpgme_data_rewind
167 :CUSTOM_ID: gpgme-data-rewind
170 *** gpgme_op_import_ext
172 :CUSTOM_ID: gpgme-op-import-ext
175 *** gpgme_get_sig_key
177 :CUSTOM_ID: gpgme-get-sig-key
180 *** gpgme_get_sig_ulong_attr
182 :CUSTOM_ID: gpgme-get-sig-ulong-attr
185 *** gpgme_get_sig_string_attr
187 :CUSTOM_ID: gpgme-get-sig-string-attr
192 :CUSTOM_ID: gpgme-sig-stat
195 *** gpgme_get_sig_status
197 :CUSTOM_ID: gpgme-get-sig-status
200 *** gpgme_trust_item_release
202 :CUSTOM_ID: gpgme-trust-item-release
205 *** gpgme_trust_item_get_string_attr
207 :CUSTOM_ID: gpgme-trust-item-get-string-attr
210 *** gpgme_trust_item_get_ulong_attr
212 :CUSTOM_ID: gpgme-trust-item-get-ulong-attr
217 :CUSTOM_ID: gpgme-attr-t
220 *** All Gpgme* typedefs.
222 :CUSTOM_ID: all-gpgme-typedefs
231 ** When GNU Pth supports sendmsg/recvmsg, wrap them properly.
236 ** Without timegm (3) support our ISO time parser is not thread safe.
238 :CUSTOM_ID: time-threads
240 There is a configure time warning, though.
245 :CUSTOM_ID: new-features
248 ** Flow control for data objects.
250 :CUSTOM_ID: flow-control-is-not-a-euphemism-for-an-s-bend
252 Currently, gpgme_data_t objects are assumed to be blocking. To
253 break this assumption, we need either (A) a way for an user I/O
254 callback to store the current operation in a continuation that can
255 be resumed later. While the continuation exists, file descriptors
256 associated with this operation must be removed from their
257 respective event loop. or (B) a way for gpgme data objects to be
258 associated with a waitable object, that can be registered with the
259 user event loop. Neither is particularly simple.
261 ** Extended notation support. When gpg supports arbitrary binary
263 :CUSTOM_ID: extended-notation
265 notation data, provide a user interface for that.
267 ** notification system
269 :CUSTOM_ID: notification-system
271 We need a simple notification system, probably a simple callback
272 with a string and some optional arguments. This is for example
273 required to notify an application of a changed smartcard, The
274 application can then do whatever is required. There are other
275 usages too. This notfication system should be independent of any
278 Not sure whether this is still required. GPGME_PROTOCOL_ASSUAN is
281 ** --learn-code support
283 :CUSTOM_ID: learn-code
285 This might be integrated with import. we still need to work out how
286 to learn a card when gpg and gpgsm have support for smartcards. In
287 GPA we currently invoke gpg directly.
289 ** Might need a stat() for data objects and use it for length param to gpg.
291 :CUSTOM_ID: stat-data
294 ** Implement support for photo ids.
299 ** Allow selection of subkeys
301 :CUSTOM_ID: subkey-selection
304 ** Allow to return time stamps in ISO format
306 :CUSTOM_ID: iso-format-datetime
308 This allows us to handle years later than 2037 properly. With the
309 time_t interface they are all mapped to 2037-12-31
311 ** New features requested by our dear users, but rejected or left for
313 :CUSTOM_ID: feature-requests
317 *** Allow to export secret keys.
319 :CUSTOM_ID: export-secret-keys
321 Rejected because this is conceptually flawed. Secret keys on a
322 smart card can not be exported, for example.
323 May eventually e supproted with a keywrapping system.
325 *** Selecting the key ring, setting the version or comment in output.
327 :CUSTOM_ID: select-keyring-version
329 Rejected because the naive implementation is engine specific, the
330 configuration is part of the engine's configuration or readily
331 worked around in a different way
333 *** Selecting the symmetric cipher.
335 :CUSTOM_ID: symmetric-cipher-selection
338 *** Exchanging keys with key servers.
340 :CUSTOM_ID: key-server-exchange
349 ** Do not create/destroy engines, but create engine and then reset it.
351 :CUSTOM_ID: reset-engine-is-not-quite-just-ignition
353 Internally the reset operation still spawns a new engine process,
354 but this can be replaced with a reset later. Also, be very sure to
355 release everything properly at a reset and at an error. Think hard
356 about where to guarantee what (ie, what happens if start fails, are
357 the fds unregistered immediately - i think so?)
358 Note that we need support in gpgsm to set include-certs to default
359 as RESET does not reset it, also for no_encrypt_to and probably
362 ** Optimize the case where a data object has an underlying fd we can pass
364 :CUSTOM_ID: optimus-data-cousin-of-optimus-prime
366 directly to the engine. This will be automatic with socket I/O and
369 ** Move code common to all engines up from gpg to engine.
371 :CUSTOM_ID: move-code-common-to-engines-out-of-gpg
374 ** engine operations can return General Error on unknown protocol
376 :CUSTOM_ID: general-error-looking-to-be-court-martialled
378 (it's an internal error, as select_protocol checks already).
380 ** When server mode is implemented properly, more care has to be taken to
382 :CUSTOM_ID: server-mode
384 release all resources on error (for example to free assuan_cmd).
386 ** op_import_keys and op_export_keys have a limit in the number of keys.
388 :CUSTOM_ID: import-export-problems
390 This is because we pass them in gpg via the command line and gpgsm
391 via an assuan control line. We should pipe them instead and maybe
392 change gpg/gpgsm to not put them in memory.
397 :CUSTOM_ID: gpg-breakage
400 ** CANCELLED gpg 1.4.2 lacks error reporting if sign/encrypt with revoked key.
401 CLOSED: [2018-03-09 Fri 08:19]
403 :CUSTOM_ID: gpg-classic-lacks-stuff
405 - State "CANCELLED" from "TODO" [2018-03-09 Fri 08:19] \\
408 ** CANCELLED gpg 1.4.2 does crappy error reporting (namely none at all) when
409 CLOSED: [2018-03-09 Fri 08:20]
411 :CUSTOM_ID: gpg-classic-problems-but-do-we-care
413 - State "CANCELLED" from "TODO" [2018-03-09 Fri 08:20] \\
415 smart card is missing for sign operation:
417 gpg: selecting openpgp failed: ec=6.110
418 gpg: signing failed: general error
419 [GNUPG:] BEGIN_ENCRYPTION 2 10
420 gpg: test: sign+encrypt failed: general error
422 ** DONE Without agent and with wrong passphrase, gpg 1.4.2 enters into an
423 CLOSED: [2018-03-09 Fri 08:20]
425 :CUSTOM_ID: recursive-gpg-classic
427 - State "DONE" from "TODO" [2018-03-09 Fri 08:20] \\
428 Must have been fixed in a subsequent release.
431 ** CANCELLED Use correct argv[0]
432 CLOSED: [2018-03-09 Fri 08:24]
434 :CUSTOM_ID: correct-argv
436 - State "CANCELLED" from "TODO" [2018-03-09 Fri 08:24] \\
439 Also, there is no rungpg.c file in GPGME (or in GPG or most, if not
440 all of the rest of the libs and packages; I suspect there hasn't been
441 for a very long time).
442 In rungpg.c:build_argv we use
443 argv[argc] = strdup ("gpg"); /* argv[0] */
444 This should be changed to take the real file name used in account.
449 :CUSTOM_ID: operations-are-not-surgical
452 ** Include cert values -2, -1, 0 and 1 should be defined as macros.
454 :CUSTOM_ID: certified-macros
457 ** If an operation failed, make sure that the result functions don't return
459 :CUSTOM_ID: operation-failure
461 corrupt partial information. !!!
462 NOTE: The EOF status handler is not called in this case !!!
464 ** Verify must not fail on NODATA premature if auto-key-retrieval failed.
466 :CUSTOM_ID: autobot-key-retrieval
468 It should not fail silently if it knows there is an error. !!!
470 ** All operations: Better error reporting. !!
472 :CUSTOM_ID: better-reporting-not-like-fox-news
475 ** Export status handler need much more work. !!!
477 :CUSTOM_ID: export-status-handler
480 ** Import should return a useful error when one happened.
482 :CUSTOM_ID: import-useful-stuff-even-wrong-stuff
485 *** Import does not take notice of NODATA status report.
487 :CUSTOM_ID: import-no-data
490 *** When GPGSM does issue IMPORT_OK status reports, make sure to check for
492 :CUSTOM_ID: gpgsm-import-ok
494 them in tests/gpgs m/t-import.c.
496 ** Verify can include info about version/algo/class, but currently
498 :CUSTOM_ID: verify-class
500 this is only available for gpg, not gpgsm.
502 ** Return ENC_TO output in verify result. Again, this is not available
504 :CUSTOM_ID: return-to-enc
508 ** Genkey should return something more useful than General_Error.
510 :CUSTOM_ID: general-key-assumed-command-from-general-error
513 ** If possible, use --file-setsize to set the file size for proper progress
515 :CUSTOM_ID: file-setsize
517 callback handling. Write data interface for file size.
519 ** Optimize the file descriptor list, so the number of open fds is
521 :CUSTOM_ID: optimus-descriptus-younger-brother-of-optimus-prime
525 ** Encryption: It should be verified that the behaviour for partially untrusted
527 :CUSTOM_ID: only-mostly-dead-means-partially-alive
529 recipients is correct.
531 ** When GPG issues INV_something for invalid signers, catch them.
533 :CUSTOM_ID: invalid-sig
539 :CUSTOM_ID: error-value
542 ** Map ASSUAN/GpgSM ERR error values in a better way than is done now. !!
544 :CUSTOM_ID: map-ass-error
547 ** Some error values should identify the source more correctly (mostly error
549 :CUSTOM_ID: source-errors
551 values derived from status messages).
553 ** In rungpg.c we need to check the version of the engine
555 :CUSTOM_ID: rungpg-c-engine-ver
557 This requires a way to get the cached version number from the
566 ** TODO Write a fake gpg-agent so that we can supply known passphrases to
568 :CUSTOM_ID: test-fake-gpg-agent
570 gpgsm and setup the configuration files to use the agent. Without
571 this we are testing a currently running gpg-agent which is not a
576 :CUSTOM_ID: test-data
579 *** Test gpgme_data_release_and_get_mem.
581 :CUSTOM_ID: test-gpgme-data-release-mem
584 *** Test gpgme_data_seek for invalid types.
586 :CUSTOM_ID: test-gpgme-data-seek
591 :CUSTOM_ID: test-keylist
593 Write a test for ext_keylist.
595 ** Test reading key signatures.
597 :CUSTOM_ID: test-key-sig
606 ** Tracepoints should be added at: Every public interface enter/leave,
608 :CUSTOM_ID: tracepoint-pub-int
610 before and in every callback, at major decision points, at every
611 internal data point which might easily be observed by the outside
612 (system handles). We also trace handles and I/O support threads in
613 the w32 implementation because that's fragile code.
615 data-fd.c data-mem.c data-stream.c data-user.c debug.c rungpg.c
616 engine.c engine-gpgsm.c funopen.c w32-glib-io.c wait.c
617 wait-global.c wait-private.c wait-user.c op-support.c decrypt.c
618 decrypt-verify.c delete.c edit.c encrypt.c encrypt-sign.c export.c
619 genkey.c import.c key.c keylist.c passphrase.c progress.c signers.c
620 sig-notation.c trust-item.c trustlist.c verify.c
622 ** TODO Handle malloc and vasprintf errors. But decide first if they should be
624 :CUSTOM_ID: malloc-vasprintf
627 ignored (and logged with 255?!), or really be assertions. !
632 :CUSTOM_ID: build-suite
635 ** TODO Make sure everything is cleaned correctly (esp. test area).
637 :CUSTOM_ID: clean-tests
640 ** TODO Enable AC_CONFIG_MACRO_DIR and bump up autoconf version requirement.
642 :CUSTOM_ID: autoconf-macros
644 (To fix "./autogen.sh; ./configure --enable-maintainer-mode; touch
645 configure.ac; make"). Currently worked around with ACLOCAL_AMFLAGS???
650 :CUSTOM_ID: error-checking
653 ** TODO engine-gpgsm, with-validation
655 :CUSTOM_ID: gpgsm-validation
657 Add error checking some time after releasing a new gpgsm.
660 * Language bindings and related components
662 :CUSTOM_ID: language-bindings-and-related-stuff
665 ** TODO Emacs and elisp binding
667 :CUSTOM_ID: emacs-and-elisp
670 Currently GNU Emacs uses EPA and EPG to provide GnuPG support. EPG
671 does this by calling the GPG executable and wrapping the commands
672 with elisp functions. A more preferable solution would be to
673 implement an epgme.el which integrated with GPGME, then if it could
674 not to attempt calling the gpgme-tool and only if those failed to
675 fall back to the current epg.el and calling the command line
678 ** TODO API of an API
680 :CUSTOM_ID: api-squared
683 See the more detailed notes on this in the [[lang/python/docs/TODO.org][python TODO]].
685 ** TODO GPGME installation and package management guide
687 :CUSTOM_ID: package-management
690 Write a guide/best practices for maintainers of GPGME packages with
691 third party package management systems.
694 * Copyright 2004, 2005, 2018 g10 Code GmbH
696 :CUSTOM_ID: copyright-and-license
699 This file is free software; as a special exception the author gives
700 unlimited permission to copy and/or distribute it, with or without
701 modifications, as long as this notice is preserved.
703 This file is distributed in the hope that it will be useful, but
704 WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
705 implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR