Page MenuHome GnuPG
Create Task
Maniphest T5142

Qt gpgme's sign_key function should not set a remark with an empty string
Closed, ResolvedPublic
Actions

Description

I don't understand the use case for setting a remark on a key signature with the empty string. It seems more likely that any empty strings passed into remark are just being populated from (for example) the default value of a graphical input field that the user left idle.

Applying the following patch (against master) should reduce the size of certifications made via the Qt bindings (untested, sorry!):

--- a/lang/qt/src/qgpgmesignkeyjob.cpp
+++ b/lang/qt/src/qgpgmesignkeyjob.cpp
@@ -83,7 +83,7 @@ static QGpgMESignKeyJob::result_type sign_key(Context *ctx, const Key &key, cons
         skei->setDupeOk(true);
     }
 
-    if (!remark.isNull()) {
+    if (!remark.isNull() && !remark.isEmpty()) {
         ctx->addSignatureNotation("rem@gnupg.org", remark.toUtf8().constData());
     }

Details

Version
1.15

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRAbba1d9547252 Do not set an empty remark to avoid an empty signature notation
rM GPGME
rM3c185c2159cd qt: Avoid empty "rem@gnupg.org" signature notations

Related Objects

Event Timeline

dkg created this task.Nov 18 2020, 9:38 AM
werner assigned this task to ikloecker.Nov 18 2020, 10:34 AM
werner triaged this task as Normal priority.
werner added a subscriber: werner.

Ingo, can you please check? I guess we are not affected because Kleo already checks for an empty string. But dkg's suggestion sounds good to me.

ikloecker added a comment.Nov 18 2020, 12:24 PM

I think Kleopatra is affected. It calls setRemark() on the job unconditionally with the text from the widget, and I'm pretty sure that this text is empty but not a null QString, if the user doesn't enter a remark.

ikloecker added a commit: rM3c185c2159cd: qt: Avoid empty "rem@gnupg.org" signature notations.Nov 18 2020, 12:48 PM
ikloecker added a commit: rKLEOPATRAbba1d9547252: Do not set an empty remark to avoid an empty signature notation.Nov 18 2020, 12:51 PM
ikloecker mentioned this in rKLEOPATRAbba1d9547252: Do not set an empty remark to avoid an empty signature notation.
ikloecker closed this task as Resolved.Nov 18 2020, 1:55 PM

Fixed. Workaround for gpgme 1.15 (and earlier) implemented in Kleopatra: Do not call setRemark() with an empty QString.

werner mentioned this in T5225: Release GPGME 1.15.1.Jan 8 2021, 4:39 PM