From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Notmuch Mail <notmuch@notmuchmail.org>
Subject: [PATCH 10/10] add --try-decrypt=(true|false) to notmuch reindex
Date: Tue, 12 Sep 2017 19:01:53 -0400 [thread overview]
Message-ID: <20170912230153.4175-10-dkg@fifthhorseman.net> (raw)
In-Reply-To: <20170912230153.4175-1-dkg@fifthhorseman.net>
Try to decrypt any encrypted parts of newly-discovered messages while
re-indexing them. The cleartext of any successfully-decrypted
messages will be indexed, with tags applied in the same form as from
notmuch insert --try-decrypt=true.
Note: if the deprecated crypto.gpg_path configuration option is set to
anything other than "gpg", we ignore it (and print a warning on
stderr, if built against gmime < 3.0).
---
completion/notmuch-completion.bash | 10 +++++-
doc/man1/notmuch-reindex.rst | 14 ++++++++
notmuch-reindex.c | 23 ++++++++++++++
test/T357-index-decryption.sh | 65 ++++++++++++++++++++++++++++++++++++++
4 files changed, 111 insertions(+), 1 deletion(-)
diff --git a/completion/notmuch-completion.bash b/completion/notmuch-completion.bash
index 72a75a94..ef79affe 100644
--- a/completion/notmuch-completion.bash
+++ b/completion/notmuch-completion.bash
@@ -435,10 +435,18 @@ _notmuch_reindex()
local cur prev words cword split
_init_completion -s || return
+ $split &&
+ case "${prev}" in
+ --try-decrypt)
+ COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) )
+ return
+ ;;
+ esac
+
! $split &&
case "${cur}" in
-*)
- local options="${_notmuch_shared_options}"
+ local options="--try-decrypt= ${_notmuch_shared_options}"
compopt -o nospace
COMPREPLY=( $(compgen -W "$options" -- ${cur}) )
;;
diff --git a/doc/man1/notmuch-reindex.rst b/doc/man1/notmuch-reindex.rst
index e39cc4ee..60a060a7 100644
--- a/doc/man1/notmuch-reindex.rst
+++ b/doc/man1/notmuch-reindex.rst
@@ -19,6 +19,20 @@ The **reindex** command searches for all messages matching the
supplied search terms, and re-creates the full-text index on these
messages using the supplied options.
+Supported options for **reindex** include
+
+ ``--try-decrypt=(true|false)``
+
+ If true, when encountering an encrypted message, try to
+ decrypt it while reindexing. If decryption is successful,
+ index the cleartext itself. Be aware that the index is likely
+ sufficient to reconstruct the cleartext of the message itself,
+ so please ensure that the notmuch message index is adequately
+ protected. DO NOT USE ``--try-decrypt=true`` without
+ considering the security of your index.
+
+ See also ``index.try_decrypt`` in **notmuch-config(1)**.
+
SEE ALSO
========
diff --git a/notmuch-reindex.c b/notmuch-reindex.c
index bceac722..83cd0a57 100644
--- a/notmuch-reindex.c
+++ b/notmuch-reindex.c
@@ -90,6 +90,8 @@ notmuch_reindex_command (notmuch_config_t *config, int argc, char *argv[])
int opt_index;
int ret;
notmuch_indexopts_t *indexopts = NULL;
+ int try_decrypt = -1;
+ notmuch_status_t status;
/* Set up our handler for SIGINT */
memset (&action, 0, sizeof (struct sigaction));
@@ -99,6 +101,7 @@ notmuch_reindex_command (notmuch_config_t *config, int argc, char *argv[])
sigaction (SIGINT, &action, NULL);
notmuch_opt_desc_t options[] = {
+ { NOTMUCH_OPT_BOOLEAN, &try_decrypt, "try-decrypt", 0, 0 },
{ NOTMUCH_OPT_INHERIT, (void *) ¬much_shared_options, NULL, 0, 0 },
{ 0, 0, 0, 0, 0 }
};
@@ -115,6 +118,26 @@ notmuch_reindex_command (notmuch_config_t *config, int argc, char *argv[])
notmuch_exit_if_unmatched_db_uuid (notmuch);
+ indexopts = notmuch_database_get_default_indexopts (notmuch);
+ if (!indexopts)
+ return EXIT_FAILURE;
+
+ if (try_decrypt == TRUE || try_decrypt == FALSE) {
+ status = notmuch_indexopts_set_try_decrypt (indexopts, try_decrypt);
+ if (status)
+ fprintf (stderr, "Warning: failed to set --try-decrypt to %d (%s)\n",
+ try_decrypt, notmuch_status_to_string (status));
+ }
+
+#if (GMIME_MAJOR_VERSION < 3)
+ if (notmuch_indexopts_get_try_decrypt (indexopts)) {
+ const char* gpg_path = notmuch_config_get_crypto_gpg_path (config);
+ if (gpg_path && strcmp(gpg_path, "gpg"))
+ fprintf (stderr, "Warning: deprecated crypto.gpg_path is set to '%s'\n"
+ "\tbut ignoring (use $PATH instead)\n", gpg_path);
+ }
+#endif
+
query_string = query_string_from_args (config, argc-opt_index, argv+opt_index);
if (query_string == NULL) {
fprintf (stderr, "Out of memory\n");
diff --git a/test/T357-index-decryption.sh b/test/T357-index-decryption.sh
index 7bbd81f6..3d18f5af 100755
--- a/test/T357-index-decryption.sh
+++ b/test/T357-index-decryption.sh
@@ -48,4 +48,69 @@ test_expect_equal \
"$output" \
"$expected"
+# add a tag to all messages to ensure that it stays after reindexing
+test_begin_subtest 'tagging all messages'
+test_expect_success 'notmuch tag +blarney "encrypted message"'
+test_begin_subtest "verify that tags have not changed"
+output=$(notmuch search tag:blarney)
+expected='thread:0000000000000001 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message for cleartext index 001 (blarney encrypted inbox)
+thread:0000000000000002 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message for cleartext index 002 (blarney encrypted inbox)'
+test_expect_equal \
+ "$output" \
+ "$expected"
+
+# see if first message shows up after reindexing with --try-decrypt=true (same $expected, untouched):
+test_begin_subtest 'reindex old messages'
+test_expect_success 'notmuch reindex --try-decrypt=true tag:encrypted and not property:index-decryption=success'
+test_begin_subtest "reindexed encrypted message, including cleartext"
+output=$(notmuch search wumpus)
+test_expect_equal \
+ "$output" \
+ "$expected"
+
+# and the same search, but by property ($expected is untouched):
+test_begin_subtest "emacs search by property for both messages"
+output=$(notmuch search property:index-decryption=success)
+test_expect_equal \
+ "$output" \
+ "$expected"
+
+
+# try to remove cleartext indexing
+test_begin_subtest 'reindex without cleartext'
+test_expect_success 'notmuch reindex tag:encrypted and property:index-decryption=success'
+test_begin_subtest "reindexed encrypted messages, without cleartext"
+output=$(notmuch search wumpus)
+expected=''
+test_expect_equal \
+ "$output" \
+ "$expected"
+
+# and the same search, but by property ($expected is untouched):
+test_begin_subtest "emacs search by property with both messages unindexed"
+output=$(notmuch search property:index-decryption=success)
+test_expect_equal \
+ "$output" \
+ "$expected"
+
+# ensure that the tags remain even when we are dropping the cleartext.
+test_begin_subtest "verify that tags remain without cleartext"
+output=$(notmuch search tag:blarney)
+expected='thread:0000000000000001 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message for cleartext index 001 (blarney encrypted inbox)
+thread:0000000000000002 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message for cleartext index 002 (blarney encrypted inbox)'
+test_expect_equal \
+ "$output" \
+ "$expected"
+
+
+# TODO: test removal of a message from the message store between
+# indexing and reindexing.
+
+# TODO: insert the same message into the message store twice, index,
+# remove one of them from the message store, and then reindex.
+# reindexing should return a failure but the message should still be
+# present? -- or what should the semantics be if you ask to reindex a
+# message whose underlying files have been renamed or moved or
+# removed?
+
test_done
--
2.14.1
next prev parent reply other threads:[~2017-09-12 23:02 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-12 23:01 [PATCH 01/10] reorganize indexing of multipart/signed and multipart/encrypted Daniel Kahn Gillmor
2017-09-12 23:01 ` [PATCH 02/10] crypto: Move crypto.c into libutil Daniel Kahn Gillmor
2017-09-12 23:01 ` [PATCH 03/10] crypto: make shared crypto code behave library-like Daniel Kahn Gillmor
2017-09-12 23:01 ` [PATCH 04/10] tests: prepare for more crypto tests (using add_gnupg_home) Daniel Kahn Gillmor
2017-09-12 23:01 ` [PATCH 05/10] index: implement notmuch_indexopts_t with try_decrypt Daniel Kahn Gillmor
2017-09-12 23:01 ` [PATCH 06/10] crypto: index encrypted parts when indexopts try_decrypt is set Daniel Kahn Gillmor
2017-09-12 23:01 ` [PATCH 07/10] Define new config option index.try_decrypt Daniel Kahn Gillmor
2017-09-12 23:29 ` Daniel Kahn Gillmor
2017-09-12 23:01 ` [PATCH 08/10] add --try-decrypt=(true|false) to notmuch new Daniel Kahn Gillmor
2017-09-12 23:01 ` [PATCH 09/10] add --try-decrypt=(true|false) to notmuch insert Daniel Kahn Gillmor
2017-09-12 23:01 ` Daniel Kahn Gillmor [this message]
2017-09-15 5:53 ` cleartext-indexing Daniel Kahn Gillmor
2017-09-15 5:53 ` [PATCH v2 01/10] crypto: Move crypto.c into libutil Daniel Kahn Gillmor
2017-09-23 15:23 ` Jani Nikula
2017-09-15 5:53 ` [PATCH v2 02/10] crypto: make shared crypto code behave library-like Daniel Kahn Gillmor
2017-09-23 15:36 ` Jani Nikula
2017-10-10 3:33 ` Daniel Kahn Gillmor
2017-09-15 5:53 ` [PATCH v2 03/10] tests: prepare for more crypto tests (using add_gnupg_home) Daniel Kahn Gillmor
2017-09-23 15:38 ` Jani Nikula
2017-09-15 5:53 ` [PATCH v2 04/10] index: implement notmuch_indexopts_t with try_decrypt Daniel Kahn Gillmor
2017-09-23 16:10 ` Jani Nikula
2017-10-10 3:45 ` Daniel Kahn Gillmor
2017-10-14 12:40 ` Jani Nikula
2017-09-15 5:53 ` [PATCH v2 05/10] crypto: index encrypted parts when indexopts try_decrypt is set Daniel Kahn Gillmor
2017-09-23 16:05 ` Jani Nikula
2017-10-10 4:27 ` Daniel Kahn Gillmor
2017-09-15 5:53 ` [PATCH v2 06/10] config: indexing defaults will be stored in the database Daniel Kahn Gillmor
2017-09-15 5:53 ` [PATCH v2 07/10] config: define new option index.try_decrypt Daniel Kahn Gillmor
2017-09-23 16:17 ` Jani Nikula
2017-09-15 5:53 ` [PATCH v2 08/10] cli/new: add --try-decrypt=(true|false) Daniel Kahn Gillmor
2017-09-23 16:46 ` Jani Nikula
2017-09-15 5:53 ` [PATCH v2 09/10] cli/insert: " Daniel Kahn Gillmor
2017-09-15 5:53 ` [PATCH v2 10/10] cli/reindex: " Daniel Kahn Gillmor
2017-10-10 5:49 ` cleartext indexing, round 3 Daniel Kahn Gillmor
2017-10-10 5:49 ` [PATCH v3 01/15] crypto: rename notmuch_crypto_t to _notmuch_crypto_t Daniel Kahn Gillmor
2017-10-10 5:49 ` [PATCH v3 02/15] crypto: drop pretense of notmuch_crypto_context_t Daniel Kahn Gillmor
2017-10-10 5:49 ` [PATCH v3 03/15] crypto: _notmuch_crypto_cleanup should return void Daniel Kahn Gillmor
2017-10-10 5:49 ` [PATCH v3 04/15] crypto: move into libutil Daniel Kahn Gillmor
2017-10-12 10:54 ` David Bremner
2017-10-12 14:07 ` Daniel Kahn Gillmor
2017-10-12 21:07 ` David Bremner
2017-10-10 5:49 ` [PATCH v3 05/15] gmime-extra: remove duplicate GMimeAddressType typedef Daniel Kahn Gillmor
2017-10-10 5:49 ` [PATCH v3 06/15] crypto: make shared crypto code behave library-like Daniel Kahn Gillmor
2017-10-10 5:49 ` [PATCH v3 07/15] tests: prepare for more crypto tests (using add_gnupg_home) Daniel Kahn Gillmor
2017-10-10 5:49 ` [PATCH v3 08/15] index: implement notmuch_indexopts_t with try_decrypt Daniel Kahn Gillmor
2017-10-11 0:29 ` avoid double typedef Daniel Kahn Gillmor
2017-10-11 0:30 ` [PATCH v4 08/15] index: implement notmuch_indexopts_t with try_decrypt Daniel Kahn Gillmor
2017-10-12 11:18 ` David Bremner
2017-10-12 14:30 ` Daniel Kahn Gillmor
2017-10-11 6:22 ` avoid double typedef Tomi Ollila
2017-10-10 5:49 ` [PATCH v3 09/15] gmime-extra: drop compat layer for g_mime_multipart_encrypted_decrypt Daniel Kahn Gillmor
2017-10-14 14:02 ` David Bremner
2017-10-10 5:49 ` [PATCH v3 10/15] crypto: index encrypted parts when indexopts try_decrypt is set Daniel Kahn Gillmor
2017-10-13 1:08 ` David Bremner
2017-10-13 14:35 ` Daniel Kahn Gillmor
2017-10-13 15:19 ` David Bremner
2017-10-14 11:15 ` David Bremner
2017-10-10 5:49 ` [PATCH v3 11/15] config: indexing defaults will be stored in the database Daniel Kahn Gillmor
2017-10-14 18:08 ` David Bremner
2017-10-15 6:28 ` Daniel Kahn Gillmor
2017-10-10 5:49 ` [PATCH v3 12/15] config: define new option index.try_decrypt Daniel Kahn Gillmor
2017-10-10 5:49 ` [PATCH v3 13/15] cli/new: add --try-decrypt=(true|false) Daniel Kahn Gillmor
2017-10-10 5:49 ` [PATCH v3 14/15] cli/insert: " Daniel Kahn Gillmor
2017-10-10 5:49 ` [PATCH v3 15/15] cli/reindex: " Daniel Kahn Gillmor
2017-10-10 15:50 ` cleartext indexing, round 3 Jameson Graef Rollins
2017-10-10 16:47 ` Daniel Kahn Gillmor
2017-10-13 1:28 ` David Bremner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170912230153.4175-10-dkg@fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).