From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Notmuch Mail <notmuch@notmuchmail.org>
Subject: [PATCH 09/12] cli/new: add --try-decrypt=(true|false)
Date: Fri, 20 Oct 2017 22:25:46 -0400 [thread overview]
Message-ID: <20171021022549.2724-10-dkg@fifthhorseman.net> (raw)
In-Reply-To: <20171021022549.2724-1-dkg@fifthhorseman.net>
Enable override of the index.try_decrypt setting during "notmuch new"
on a per-invocation basis.
We update the documentation and tab completion, and also add a test.
---
completion/notmuch-completion.bash | 13 ++++++++--
doc/man1/notmuch-new.rst | 12 +++++++++
notmuch-new.c | 10 +++++++-
test/T357-index-decryption.sh | 51 ++++++++++++++++++++++++++++++++++++++
4 files changed, 83 insertions(+), 3 deletions(-)
create mode 100755 test/T357-index-decryption.sh
diff --git a/completion/notmuch-completion.bash b/completion/notmuch-completion.bash
index 5201be63..17be6b8f 100644
--- a/completion/notmuch-completion.bash
+++ b/completion/notmuch-completion.bash
@@ -311,11 +311,20 @@ _notmuch_insert()
_notmuch_new()
{
local cur prev words cword split
- _init_completion || return
+ _init_completion -s || return
+
+ $split &&
+ case "${prev}" in
+ --try-decrypt)
+ COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) )
+ return
+ ;;
+ esac
+ ! $split &&
case "${cur}" in
-*)
- local options="--no-hooks --quiet ${_notmuch_shared_options}"
+ local options="--no-hooks --try-decrypt= --quiet ${_notmuch_shared_options}"
compopt -o nospace
COMPREPLY=( $(compgen -W "${options}" -- ${cur}) )
;;
diff --git a/doc/man1/notmuch-new.rst b/doc/man1/notmuch-new.rst
index 14bc5da4..bc26aa48 100644
--- a/doc/man1/notmuch-new.rst
+++ b/doc/man1/notmuch-new.rst
@@ -43,6 +43,18 @@ Supported options for **new** include
``--quiet``
Do not print progress or results.
+ ``--try-decrypt=(true|false)``
+
+ If true, when encountering an encrypted message, try to
+ decrypt it while indexing. If decryption is successful, index
+ the cleartext itself. Be aware that the index is likely
+ sufficient to reconstruct the cleartext of the message itself,
+ so please ensure that the notmuch message index is adequately
+ protected. DO NOT USE ``--try-decrypt=true`` without
+ considering the security of your index.
+
+ See also ``index.try_decrypt`` in **notmuch-config(1)**.
+
EXIT STATUS
===========
diff --git a/notmuch-new.c b/notmuch-new.c
index 0f50457e..fb021b18 100644
--- a/notmuch-new.c
+++ b/notmuch-new.c
@@ -267,7 +267,7 @@ add_file (notmuch_database_t *notmuch, const char *filename,
if (status)
goto DONE;
- status = notmuch_database_index_file (notmuch, filename, NULL, &message);
+ status = notmuch_database_index_file (notmuch, filename, indexing_cli_choices.opts, &message);
switch (status) {
/* Success. */
case NOTMUCH_STATUS_SUCCESS:
@@ -963,6 +963,7 @@ notmuch_new_command (notmuch_config_t *config, int argc, char *argv[])
{ .opt_bool = &verbose, .name = "verbose" },
{ .opt_bool = &add_files_state.debug, .name = "debug" },
{ .opt_bool = &no_hooks, .name = "no-hooks" },
+ { .opt_inherit = notmuch_shared_indexing_options },
{ .opt_inherit = notmuch_shared_options },
{ }
};
@@ -1080,6 +1081,13 @@ notmuch_new_command (notmuch_config_t *config, int argc, char *argv[])
if (notmuch == NULL)
return EXIT_FAILURE;
+ status = notmuch_process_shared_indexing_options (notmuch, config);
+ if (status != NOTMUCH_STATUS_SUCCESS) {
+ fprintf (stderr, "Error: Failed to process index options. (%s)\n",
+ notmuch_status_to_string (status));
+ return EXIT_FAILURE;
+ }
+
/* Set up our handler for SIGINT. We do this after having
* potentially done a database upgrade we this interrupt handler
* won't support. */
diff --git a/test/T357-index-decryption.sh b/test/T357-index-decryption.sh
new file mode 100755
index 00000000..547a3c7e
--- /dev/null
+++ b/test/T357-index-decryption.sh
@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+
+# TODO: test index.decryption=failed
+
+test_description='indexing decrypted mail'
+. $(dirname "$0")/test-lib.sh || exit 1
+
+##################################################
+
+add_gnupg_home
+# get key fingerprint
+FINGERPRINT=$(gpg --no-tty --list-secret-keys --with-colons --fingerprint | grep '^fpr:' | cut -d: -f10)
+
+# create a test encrypted message
+test_begin_subtest 'emacs delivery of encrypted message'
+test_expect_success \
+'emacs_fcc_message \
+ "test encrypted message for cleartext index 001" \
+ "This is a test encrypted message with a wumpus.\n" \
+ "(mml-secure-message-encrypt)"'
+
+test_begin_subtest "search for unindexed cleartext"
+output=$(notmuch search wumpus)
+expected=''
+test_expect_equal \
+ "$output" \
+ "$expected"
+
+# create a test encrypted message that is indexed in the clear
+test_begin_subtest 'emacs delivery of encrypted message'
+test_expect_success \
+'emacs_fcc_message --try-decrypt=true \
+ "test encrypted message for cleartext index 002" \
+ "This is a test encrypted message with a wumpus.\n" \
+ "(mml-secure-message-encrypt)"'
+
+test_begin_subtest "emacs delivery of encrypted message, indexed cleartext"
+output=$(notmuch search wumpus)
+expected='thread:0000000000000002 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message for cleartext index 002 (encrypted inbox)'
+test_expect_equal \
+ "$output" \
+ "$expected"
+
+# and the same search, but by property ($expected is untouched):
+test_begin_subtest "emacs search by property for one message"
+output=$(notmuch search property:index.decryption=success)
+test_expect_equal \
+ "$output" \
+ "$expected"
+
+test_done
--
2.14.2
next prev parent reply other threads:[~2017-10-21 2:26 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-21 2:25 cleartext indexing, revision 7 Daniel Kahn Gillmor
2017-10-21 2:25 ` [PATCH 01/12] index: implement notmuch_indexopts_t with try_decrypt Daniel Kahn Gillmor
2017-10-21 2:25 ` [PATCH 02/12] doc: add notmuch-properties(7) Daniel Kahn Gillmor
2017-10-21 2:25 ` [PATCH 03/12] reindex: drop all properties named with prefix "index." Daniel Kahn Gillmor
2017-10-21 2:25 ` [PATCH 04/12] crypto: index encrypted parts when indexopts try_decrypt is set Daniel Kahn Gillmor
2017-10-21 2:25 ` [PATCH 05/12] config: test whether an item is stored in the database by name Daniel Kahn Gillmor
2017-10-21 2:25 ` [PATCH 06/12] config: define new option index.try_decrypt Daniel Kahn Gillmor
2017-10-21 2:25 ` [PATCH 07/12] cli: set up shared command-line arguments for indexing Daniel Kahn Gillmor
2017-10-21 2:25 ` [PATCH 08/12] tests: emacs_fcc_message: allow passing --arguments to notmuch new Daniel Kahn Gillmor
2017-10-21 2:25 ` Daniel Kahn Gillmor [this message]
2017-10-21 2:25 ` [PATCH 10/12] cli/insert: add --try-decrypt=(true|false) Daniel Kahn Gillmor
2017-10-21 2:25 ` [PATCH 11/12] cli/reindex: " Daniel Kahn Gillmor
2017-10-21 2:25 ` [PATCH 12/12] python: add try_decrypt argument to Database.index_file() Daniel Kahn Gillmor
2017-10-25 5:47 ` Daniel Kahn Gillmor
2017-10-22 0:02 ` cleartext indexing, revision 7 David Bremner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171021022549.2724-10-dkg@fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).