Verified Commit bf7af017 authored by Andre Heinecke's avatar Andre Heinecke
Browse files

Add some more Gpg4win version code from Kleopatra

It makes sense to have that in libkleo because libkleo
is also used by the Outlook plugin of Gpg4win. This
adds support to read a signed Version file for
about data that matches the packaging.

GnuPG-Bug-Id: T5011
parent f06bb929
Pipeline #29607 passed with stage
in 16 minutes and 47 seconds
......@@ -5,6 +5,7 @@
Copyright (c) 2008 Klarälvdalens Datakonsult AB
2016 by Bundesamt für Sicherheit in der Informationstechnik
Software engineering by Intevation GmbH
2020 g10 Code GmbH
Kleopatra is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -61,6 +62,8 @@
#include <algorithm>
#include <array>
#include <KLocalizedString>
using namespace GpgME;
QString Kleo::gnupgHomeDirectory()
......@@ -133,21 +136,108 @@ QStringList Kleo::gnupgFileWhitelist()
QString Kleo::gpg4winVersion()
class Gpg4win
QFile versionFile(gpg4winInstallPath() + QStringLiteral("/../VERSION"));
if (! {
// No need to translate this should only be the case in development
// builds.
return QStringLiteral("Unknown (no VERSION file found)");
static const Gpg4win *instance()
// We use singleton to do the signature check only once.
static Gpg4win *inst = nullptr;
if (!inst) {
inst = new Gpg4win();
return inst;
const QString g4wTag = QString::fromUtf8(versionFile.readLine());
if (!g4wTag.startsWith(QLatin1String("gpg4win"))) {
// Hu? Something unknown
return QStringLiteral("Unknown (invalid VERSION file found)");
QString mVersion;
QString mDescription;
QString mDescLong;
Gpg4win() :
mVersion(QStringLiteral("Unknown Windows Version")),
mDescription(i18n("Certificate Manager and Unified Crypto GUI")),
mDescLong(QStringLiteral("<a href=>Visit the Gpg4win homepage</a>"))
const QString instPath = Kleo::gpg4winInstallPath();
const QString verPath = instPath + QStringLiteral("/../VERSION");
QFile versionFile(verPath);
QString versVersion;
QString versDescription;
QString versDescLong;
// Open the file first to avoid a verify and then read issue where
// "auditors" might say its an issue,...
if (! {
// No need to translate this should only be the case in development
// builds.
} else {
// Expect a three line format of three HTML strings.
versVersion = QString::fromUtf8(versionFile.readLine()).trimmed();
versDescription = QString::fromUtf8(versionFile.readLine()).trimmed();
versDescLong = QString::fromUtf8(versionFile.readLine()).trimmed();
const QString sigPath = verPath + QStringLiteral(".sig");
QFileInfo versionSig(instPath + QStringLiteral("/../VERSION.sig"));
QString signedVersion;
if (versionSig.exists()) {
/* We have a signed version so let us check it against the GnuPG
* release keys. */
QProcess gpgv;
gpgv.setProgram(Kleo::gpgPath().replace(QStringLiteral("gpg.exe"), QStringLiteral("gpgv.exe")));
const QString keyringPath(QStringLiteral("%1/../share/gnupg/distsigkey.gpg").arg(Kleo::gnupgInstallPath()));
gpgv.setArguments(QStringList() << QStringLiteral("--keyring")
<< keyringPath
<< QStringLiteral("--")
<< sigPath
<< verPath);
if (gpgv.exitStatus() == QProcess::NormalExit &&
!gpgv.exitCode()) {
qCDebug(LIBKLEO_LOG) << "Valid Version: " << mVersion;
mVersion = versVersion;
mDescription = versDescription;
mDescLong = versDescLong;
} else {
qCDebug(LIBKLEO_LOG) << "gpgv failed with stderr: " << gpgv.readAllStandardError();
qCDebug(LIBKLEO_LOG) << "gpgv stdout" << gpgv.readAllStandardOutput();
} else {
qCDebug(LIBKLEO_LOG) << "No signed VERSION file found.";
// Next line is version.
return QString::fromUtf8(versionFile.readLine()).trimmed();
const QString &version() const
return mVersion;
const QString &description() const
return mDescription;
const QString &longDescription() const
return mDescLong;
} // namespace
QString Kleo::gpg4winVersion()
return Gpg4win::instance()->version();
QString Kleo::gpg4winDescription()
return Gpg4win::instance()->description();
QString Kleo::gpg4winLongDescription()
return Gpg4win::instance()->longDescription();
QString Kleo::gpg4winInstallPath()
......@@ -3,6 +3,7 @@
This file is part of Kleopatra, the KDE keymanager
Copyright (c) 2008 Klarälvdalens Datakonsult AB
2020 g10 Code GmbH
Kleopatra is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -69,6 +70,8 @@ KLEO_EXPORT QString gpgPath();
KLEO_EXPORT QString gpgConfListDir(const char *which);
KLEO_EXPORT QString gpg4winInstallPath();
KLEO_EXPORT QString gpg4winVersion();
KLEO_EXPORT QString gpg4winDescription();
KLEO_EXPORT QString gpg4winLongDescription();
KLEO_EXPORT QString gnupgInstallPath();
KLEO_EXPORT const QString& paperKeyInstallPath();
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment