Files
cproof/docs/profanity-ox-setup.1
Jabber Developer 72f4f186da
All checks were successful
CI Code / Check spelling (push) Successful in 18s
CI Code / Check coding style (push) Successful in 34s
CI Code / Code Coverage (push) Successful in 2m36s
CI Code / Linux (debian) (push) Successful in 4m41s
CI Code / Linux (ubuntu) (push) Successful in 4m52s
CI Code / Linux (arch) (push) Successful in 5m40s
merge: sync upstream profanity-im/profanity
Sync with upstream profanity-im/profanity.

Major upstream changes incorporated:

Memory management
  - Replace malloc+memset with g_new0 throughout codebase
  - Adopt auto_gchar / auto_gcharv / auto_gerror / auto_jid cleanup macros
  - Replace free() with g_free() for GAlloc'd memory

Editor rewrite
  - Remove pthread-based async editor; use GChildWatch callback API
  - New launch_editor(initial_content, callback, user_data) interface
  - Proper signal handling (SIGINT, SIGTSTP, SIGPIPE reset in child)
  - ui_suspend()/ui_resume() integration for TTY management

OMEMO improvements
  - Dual backend support: libsignal-protocol-c and libomemo-c
  - Proper pre-key removal after use (XEP-0384 compliance)
  - Automatic pre-key regeneration when store drops below threshold
  - New functions: omemo_is_device_active(), omemo_is_jid_trusted()
  - omemo_get_jid_untrusted_fingerprints() for better error messages
  - Fingerprint notifications on new device identity discovery
  - Deterministic pre-key ID generation tracking max_pre_key_id
  - omemo_trust_changed() UI updates on trust state changes

JID validation
  - RFC 6122-compliant validation in jid_is_valid()
  - Character-level checks (RFC 6122 forbidden chars: & ' / : < > @)
  - Length limits: 1023 per component, 3071 total
  - New jid_is_valid_user_jid() for user vs. service JID distinction

Database
  - Schema migration v3: UNIQUE constraint on archive_id for deduplication
  - Triggers for corrected message tracking (replaces_db_id / replaced_by_db_id)
  - db_history_result_t return type, _truncate_datetime_suffix()

UI / console
  - win_warn_needed() / win_warn_sent() warning deduplication hash table
  - PAD_MIN_HEIGHT dynamic pad sizing with PAD_THRESHOLD auto-cleanup
  - Spellcheck integration in input field with Unicode word detection
  - cons_spellcheck_setting() for /settings ui output
  - /[command]? shortcut for command help

Account config
  - Account name sanitization for GKeyFile special chars ([ ] = # \n \r)
  - Replace popen() with g_spawn_sync() for eval_password
  - TLS policy: add "direct" option alongside legacy

Connection
  - Port validation with g_assert (0–65535)
  - SHA-256 certificate fingerprint support (XMPP_CERT_PUBKEY_FINGERPRINT_SHA256)
  - "direct" TLS policy alias for legacy SSL

Common utilities
  - str_xml_sanitize() for XML 1.0 illegal character removal
  - string_matches_one_of() with formatted error messages
  - valid_tls_policy_option() helper
  - prof_date_time_format_iso8601() utility
  - Improved strip_arg_quotes() with backslash unescaping
  - prof_occurrences() uses g_slist_prepend + reverse for performance

PGP / OX
  - Proper GPGME resource cleanup with goto-cleanup pattern
  - g_string_free(xmppuri) leak fix in _ox_key_lookup

CSV export
  - Use GString + g_file_set_contents instead of raw write() syscalls

Tests
  - Restructured into subdirectories: command/, config/, xmpp/, ui/, omemo/, otr/, pgp/
  - New test_cmd_ac.c for autocompleter unit tests
  - Updated stubs for new UI suspend/resume functions

License headers
  - Migrate to SPDX-3.0 identifiers (GPL-3.0-or-later WITH OpenSSL-exception)

────────────────────────────────────────────────────
cproof-specific preservations:

  - XEP-0308 LMC: replace_id ?: id logic in message/stanza/omemo
  - Force encryption: cmd_force_encryption, test_forced_encryption
  - CWE-134: format string protection (cons_show("%s", ...))
  - y_start_pos-based paging in window.c
  - db_history_result_t return type, _truncate_datetime_suffix()

Merge-time fixes:

  - common.c: format-security (-Werror) — cons_show(errmsg) → cons_show("%s", errmsg)
  - database.c: null-deref guard — !msg->timestamp → msg && !msg->timestamp
  - console.c: implicit size_t → int cast — (int)(maxlen + 1)
  - tlscerts.c: %d for size_t — %zu

Build system:
  - Kept autotools (Makefile.am, configure.ac); upstream uses Meson
  - Restored deleted files: bootstrap.sh, autogen.sh, ax_valgrind_check.m4, configure-debug
  - Updated Makefile.am test paths for subdirectory structure
  - Added test_cmd_ac, test_forced_encryption to test sources

Functional tests:
  - Use cproof version; upstream requires stbbr_for_xmlns from updated stabber
  - Not yet available in devs/stabber fork

Closes #64

Merge author: jabber.developer2
Commits authors:
 Michael Vetter <jubalh@iodoru.org>
& Steffen Jaeckel <s@jaeckel.eu>
2026-05-26 17:48:14 +00:00

154 lines
3.9 KiB
Groff

.TH man 1 "2026-03-26" "0.17.0" "Profanity XMPP client"
.SH NAME
Profanity \- a simple console based XMPP chat client.
.SH DESCRIPTION
.ie "\f[CB]x\f[]"x" \{\
. ftr V B
. ftr VI BI
. ftr VB B
. ftr VBI BI
.\}
.el \{\
. ftr V CR
. ftr VI CI
. ftr VB CB
. ftr VBI CBI
.\}
.PP
This man page is intended to help you set up XEP-0374: OpenPGP for XMPP
Instant Messaging.
Also known as OX.
.PP
For details on usage see man profanity-ox or \f[V]/help ox\f[R].
.PP
Profanity wants to give the user a maximum freedom in setting up their
system.
So we won\[cq]t touch your GPG settings directly.
Which means you will need to do some manual steps.
They are described here
.SH Generate OpenPGP key materials
.PP
The first step is to create a OpenPGP key pair.
The key pair generation will be done with the \f[V]gpg\f[R] command of
GnuPG.
.IP
.nf
\f[C]
gpg --quick-generate-key xmpp:alice\[at]domain.tld future-default default 3y
\f[R]
.fi
.PP
This command will generated a OpenPGP key with a UID
\f[V]xmpp:alice\[at]domain.tld\f[R].
The option \f[V]future-default\f[R] has been used to generate a
ed25519/cv25519 key.
The key is set to expire in threeyears.
.PP
Replace the Jabber ID with your JID and do \f[B]not\f[R] forget the URI
\f[V]xmpp:\f[R] prefix.
.PP
Example output:
.IP
.nf
\f[C]
pub ed25519 2021-09-21 [SC] [verf\[:a]llt: 2024-09-20]
583BAE703A801095B6B71A56BD801174B1A0B84A
uid xmpp:alice\[at]domain.tld
sub cv25519 2021-09-21 [E]
\f[R]
.fi
.SH Export your public key
.PP
You need to export your public key so you can later upload it into a PEP
node.
It\[cq]s just a way how your chat partners can retrieve the public key
from you.
Use the command below to export public key:
.PP
Example command:
.IP
.nf
\f[C]
gpg --export \[rs]
--export-options export-minimal \[rs]
--export-filter \[aq]keep-uid=uid =\[ti] xmpp:alice\[at]domain.tld\[aq] \[rs]
--export-filter \[aq]drop-subkey=usage =\[ti] a\[aq] \[rs]
583BAE703A801095B6B71A56BD801174B1A0B84A \[rs]
> /tmp/pep-key.gpg
\f[R]
.fi
.PP
The key will be exported to \f[V]/tmp/pep-key.gpg\f[R].
You may check the key with the command below:
.PP
\f[V]gpg --show-key --with-sig-list /tmp/pep-key.gpg\f[R]
.PP
Keep in mind: Public keys may have some information (signatures, name,
e-mail address).
Be careful which data will be exported.
The \f[V]export-options\f[R] and \f[V]export-filter\f[R] option of GnuPG
will help you to filter the data.
.SH Publish your key
.PP
You can use profanity to publish your exported key into your account
(PEP).
The \f[V]/ox announce\f[R] command will publish your key.
.IP
.nf
\f[C]
/ox announce /tmp/pep-key.gpg
\f[R]
.fi
.PP
The command will create two PEP node records to store the key.
.SH Discover keys
.PP
To discover public keys of your partners use the \f[V]/ox discover\f[R]
command.
.PP
Example output:
.IP
.nf
\f[C]
/ox discover buddy\[at]domain.tld
Discovering Public Key for buddy\[at]domain.tld
1234567890ABCDEF1234567890ABCDEF12345678
\f[R]
.fi
.PP
To request and import a key, you can use the \f[V]/ox request\f[R]
command.
.IP
.nf
\f[C]
/ox request buddy\[at]domain.tld 1234567890ABCDEF1234567890ABCDEF12345678
Requesting Public Key 1234567890ABCDEF1234567890ABCDEF12345678 for buddy\[at]domain.tld
Public Key imported
\f[R]
.fi
.PP
The key will be imported into your gnupg keyring.
.SH Sign the imported key
.PP
The key can been shown via gpg
\f[V]gpg -k xmpp:buddy\[at]domain.tld\f[R].
Make sure the key is the key of your buddy and sign the key with your
key.
.IP
.nf
\f[C]
gpg --ask-cert-level --default-key 583BAE703A801095B6B71A56BD801174B1A0B84A --sign-key 1234567890ABCDEF1234567890ABCDEF12345678
\f[R]
.fi
.PP
The command \f[V]/ox contacts\f[R] will show the keys with XMPP-UID.
The command \f[V]/ox keys\f[R] will show all known OpenPGP keys.
.PP
Only once you signed the key you can actually use OX with your partner.
.SH Use OX
.PP
Within a chat window you can start OX via \f[V]/ox start\f[R] and stop
it via \f[V]/ox end\f[R].
.PP
Messages will be send signed and encrypted.