From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Notmuch Mail <notmuch@notmuchmail.org>
Subject: [PATCH 11/12] cli/reindex: add --try-decrypt=(true|false)
Date: Fri, 20 Oct 2017 22:25:48 -0400 [thread overview]
Message-ID: <20171021022549.2724-12-dkg@fifthhorseman.net> (raw)
In-Reply-To: <20171021022549.2724-1-dkg@fifthhorseman.net>
Enable override of the index.try_decrypt setting on a per-run basis
when invoking "notmuch reindex". This allows the possibility of (for
example) an emacs keybinding that adds the cleartext of the currently
shown decrypted message to the index, making it searchable in the
future.
It also enables one-time indexing of all messages matching some query,
like so:
notmuch reindex tag:encrypted and\
not property:index.decryption=success and\
from:alice@example.org
We also update the documentation and tab completion, and add a few
more tests.
---
completion/notmuch-completion.bash | 10 +++++-
doc/man1/notmuch-reindex.rst | 14 +++++++++
notmuch-reindex.c | 12 ++++++--
test/T357-index-decryption.sh | 63 ++++++++++++++++++++++++++++++++++++++
4 files changed, 96 insertions(+), 3 deletions(-)
diff --git a/completion/notmuch-completion.bash b/completion/notmuch-completion.bash
index 72a75a94..7aae4297 100644
--- a/completion/notmuch-completion.bash
+++ b/completion/notmuch-completion.bash
@@ -435,10 +435,18 @@ _notmuch_reindex()
local cur prev words cword split
_init_completion -s || return
+ $split &&
+ case "${prev}" in
+ --try-decrypt)
+ COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) )
+ return
+ ;;
+ esac
+
! $split &&
case "${cur}" in
-*)
- local options="${_notmuch_shared_options}"
+ local options="--try-decrypt= ${_notmuch_shared_options}"
compopt -o nospace
COMPREPLY=( $(compgen -W "$options" -- ${cur}) )
;;
diff --git a/doc/man1/notmuch-reindex.rst b/doc/man1/notmuch-reindex.rst
index 1ca10b60..21f6c7a9 100644
--- a/doc/man1/notmuch-reindex.rst
+++ b/doc/man1/notmuch-reindex.rst
@@ -19,6 +19,20 @@ The **reindex** command searches for all messages matching the
supplied search terms, and re-creates the full-text index on these
messages using the supplied options.
+Supported options for **reindex** include
+
+ ``--try-decrypt=(true|false)``
+
+ If true, when encountering an encrypted message, try to
+ decrypt it while reindexing. If decryption is successful,
+ index the cleartext itself. Be aware that the index is likely
+ sufficient to reconstruct the cleartext of the message itself,
+ so please ensure that the notmuch message index is adequately
+ protected. DO NOT USE ``--try-decrypt=true`` without
+ considering the security of your index.
+
+ See also ``index.try_decrypt`` in **notmuch-config(1)**.
+
SEE ALSO
========
diff --git a/notmuch-reindex.c b/notmuch-reindex.c
index 57ff5904..5d702510 100644
--- a/notmuch-reindex.c
+++ b/notmuch-reindex.c
@@ -89,7 +89,7 @@ notmuch_reindex_command (notmuch_config_t *config, int argc, char *argv[])
struct sigaction action;
int opt_index;
int ret;
- notmuch_indexopts_t *indexopts = NULL;
+ notmuch_status_t status;
/* Set up our handler for SIGINT */
memset (&action, 0, sizeof (struct sigaction));
@@ -99,6 +99,7 @@ notmuch_reindex_command (notmuch_config_t *config, int argc, char *argv[])
sigaction (SIGINT, &action, NULL);
notmuch_opt_desc_t options[] = {
+ { .opt_inherit = notmuch_shared_indexing_options },
{ .opt_inherit = notmuch_shared_options },
{ }
};
@@ -115,6 +116,13 @@ notmuch_reindex_command (notmuch_config_t *config, int argc, char *argv[])
notmuch_exit_if_unmatched_db_uuid (notmuch);
+ status = notmuch_process_shared_indexing_options (notmuch, config);
+ if (status != NOTMUCH_STATUS_SUCCESS) {
+ fprintf (stderr, "Error: Failed to process index options. (%s)\n",
+ notmuch_status_to_string (status));
+ return EXIT_FAILURE;
+ }
+
query_string = query_string_from_args (config, argc-opt_index, argv+opt_index);
if (query_string == NULL) {
fprintf (stderr, "Out of memory\n");
@@ -126,7 +134,7 @@ notmuch_reindex_command (notmuch_config_t *config, int argc, char *argv[])
return EXIT_FAILURE;
}
- ret = reindex_query (notmuch, query_string, indexopts);
+ ret = reindex_query (notmuch, query_string, indexing_cli_choices.opts);
notmuch_database_destroy (notmuch);
diff --git a/test/T357-index-decryption.sh b/test/T357-index-decryption.sh
index 1e60df04..22e716c6 100755
--- a/test/T357-index-decryption.sh
+++ b/test/T357-index-decryption.sh
@@ -102,6 +102,69 @@ test_expect_equal \
"$expected"
+# add a tag to all messages to ensure that it stays after reindexing
+test_begin_subtest 'tagging all messages'
+test_expect_success 'notmuch tag +blarney "encrypted message"'
+test_begin_subtest "verify that tags have not changed"
+output=$(notmuch search tag:blarney)
+expected='thread:0000000000000001 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message for cleartext index 001 (blarney encrypted inbox)
+thread:0000000000000005 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message for cleartext index 002 (blarney encrypted inbox unread)'
+test_expect_equal \
+ "$output" \
+ "$expected"
+
+# see if first message shows up after reindexing with --try-decrypt=true (same $expected, untouched):
+test_begin_subtest 'reindex old messages'
+test_expect_success 'notmuch reindex --try-decrypt=true tag:encrypted and not property:index.decryption=success'
+test_begin_subtest "reindexed encrypted message, including cleartext"
+output=$(notmuch search wumpus)
+test_expect_equal \
+ "$output" \
+ "$expected"
+
+# and the same search, but by property ($expected is untouched):
+test_begin_subtest "emacs search by property for both messages"
+output=$(notmuch search property:index.decryption=success)
+test_expect_equal \
+ "$output" \
+ "$expected"
+
+
+# try to remove cleartext indexing
+test_begin_subtest 'reindex without cleartext'
+test_expect_success 'notmuch reindex tag:encrypted and property:index.decryption=success'
+test_begin_subtest "reindexed encrypted messages, without cleartext"
+output=$(notmuch search wumpus)
+expected=''
+test_expect_equal \
+ "$output" \
+ "$expected"
+
+# and the same search, but by property ($expected is untouched):
+test_begin_subtest "emacs search by property with both messages unindexed"
+output=$(notmuch search property:index.decryption=success)
+test_expect_equal \
+ "$output" \
+ "$expected"
+
+# ensure that the tags remain even when we are dropping the cleartext.
+test_begin_subtest "verify that tags remain without cleartext"
+output=$(notmuch search tag:blarney)
+expected='thread:0000000000000001 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message for cleartext index 001 (blarney encrypted inbox)
+thread:0000000000000005 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message for cleartext index 002 (blarney encrypted inbox unread)'
+test_expect_equal \
+ "$output" \
+ "$expected"
+
+
+# TODO: test removal of a message from the message store between
+# indexing and reindexing.
+# TODO: insert the same message into the message store twice, index,
+# remove one of them from the message store, and then reindex.
+# reindexing should return a failure but the message should still be
+# present? -- or what should the semantics be if you ask to reindex a
+# message whose underlying files have been renamed or moved or
+# removed?
test_done
--
2.14.2
next prev parent reply other threads:[~2017-10-21 2:26 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-21 2:25 cleartext indexing, revision 7 Daniel Kahn Gillmor
2017-10-21 2:25 ` [PATCH 01/12] index: implement notmuch_indexopts_t with try_decrypt Daniel Kahn Gillmor
2017-10-21 2:25 ` [PATCH 02/12] doc: add notmuch-properties(7) Daniel Kahn Gillmor
2017-10-21 2:25 ` [PATCH 03/12] reindex: drop all properties named with prefix "index." Daniel Kahn Gillmor
2017-10-21 2:25 ` [PATCH 04/12] crypto: index encrypted parts when indexopts try_decrypt is set Daniel Kahn Gillmor
2017-10-21 2:25 ` [PATCH 05/12] config: test whether an item is stored in the database by name Daniel Kahn Gillmor
2017-10-21 2:25 ` [PATCH 06/12] config: define new option index.try_decrypt Daniel Kahn Gillmor
2017-10-21 2:25 ` [PATCH 07/12] cli: set up shared command-line arguments for indexing Daniel Kahn Gillmor
2017-10-21 2:25 ` [PATCH 08/12] tests: emacs_fcc_message: allow passing --arguments to notmuch new Daniel Kahn Gillmor
2017-10-21 2:25 ` [PATCH 09/12] cli/new: add --try-decrypt=(true|false) Daniel Kahn Gillmor
2017-10-21 2:25 ` [PATCH 10/12] cli/insert: " Daniel Kahn Gillmor
2017-10-21 2:25 ` Daniel Kahn Gillmor [this message]
2017-10-21 2:25 ` [PATCH 12/12] python: add try_decrypt argument to Database.index_file() Daniel Kahn Gillmor
2017-10-25 5:47 ` Daniel Kahn Gillmor
2017-10-22 0:02 ` cleartext indexing, revision 7 David Bremner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171021022549.2724-12-dkg@fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).