From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id DEC826DE0B3E for ; Fri, 20 Oct 2017 19:26:04 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.022 X-Spam-Level: X-Spam-Status: No, score=-0.022 tagged_above=-999 required=5 tests=[AWL=-0.022] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XcsPN7legp26 for ; Fri, 20 Oct 2017 19:26:04 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTP id 1A0776DE0B2F for ; Fri, 20 Oct 2017 19:26:00 -0700 (PDT) Received: from fifthhorseman.net (ool-6c3a0662.static.optonline.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id 3AAB4F9A4 for ; Fri, 20 Oct 2017 22:25:59 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id 46846210A5; Fri, 20 Oct 2017 22:25:54 -0400 (EDT) From: Daniel Kahn Gillmor To: Notmuch Mail Subject: [PATCH 06/12] config: define new option index.try_decrypt Date: Fri, 20 Oct 2017 22:25:43 -0400 Message-Id: <20171021022549.2724-7-dkg@fifthhorseman.net> X-Mailer: git-send-email 2.14.2 In-Reply-To: <20171021022549.2724-1-dkg@fifthhorseman.net> References: <20171021022549.2724-1-dkg@fifthhorseman.net> X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Oct 2017 02:26:05 -0000 By default, notmuch won't try to decrypt on indexing. With this patch, we make it possible to indicate a per-database preference using the config variable "index.try_decrypt", which by default will be false. At indexing time, the database needs some way to know its internal defaults for how to index encrypted parts. It shouldn't be contingent on an external config file (since that can't be retrieved from the database object itself), so we store it in the database. This behaves similarly to the query.* configurations, which are also stored in the database itself, so we're not introducing any new dependencies by requiring that it be stored in the database. --- doc/man1/notmuch-config.rst | 13 +++++++++++++ doc/man7/notmuch-properties.rst | 6 ++++-- lib/indexopts.c | 18 +++++++++++++++++- notmuch-config.c | 6 ++++++ 4 files changed, 40 insertions(+), 3 deletions(-) diff --git a/doc/man1/notmuch-config.rst b/doc/man1/notmuch-config.rst index 539199c2..6961737f 100644 --- a/doc/man1/notmuch-config.rst +++ b/doc/man1/notmuch-config.rst @@ -138,6 +138,19 @@ The available configuration items are described below. Default: ``gpg``. + **index.try_decrypt** + + **[STORED IN DATABASE]** + When indexing an encrypted e-mail message, if this variable is + set to true, notmuch will try to decrypt the message and index + the cleartext. Be aware that the index is likely sufficient + to reconstruct the cleartext of the message itself, so please + ensure that the notmuch message index is adequately protected. + DO NOT USE ``index.try_decrypt=true`` without considering the + security of your index. + + Default: ``false``. + **built_with.** Compile time feature . Current possibilities include diff --git a/doc/man7/notmuch-properties.rst b/doc/man7/notmuch-properties.rst index 4b47e8d7..68121359 100644 --- a/doc/man7/notmuch-properties.rst +++ b/doc/man7/notmuch-properties.rst @@ -70,13 +70,15 @@ of its normal activity. properties will be set on the message as a whole. If notmuch never tried to decrypt an encrypted message during - indexing (which is the default), then this property will not be - set on that message. + indexing (which is the default, see ``index.try_decrypt`` in + **notmuch-config(1)**), then this property will not be set on that + message. SEE ALSO ======== **notmuch(1)**, +**notmuch-config(1)**, **notmuch-dump(1)**, **notmuch-insert(1)**, **notmuch-new(1)**, diff --git a/lib/indexopts.c b/lib/indexopts.c index 51b56dd7..15c31d24 100644 --- a/lib/indexopts.c +++ b/lib/indexopts.c @@ -23,7 +23,23 @@ notmuch_indexopts_t * notmuch_database_get_default_indexopts (notmuch_database_t *db) { - return talloc_zero (db, notmuch_indexopts_t); + notmuch_indexopts_t *ret = talloc_zero (db, notmuch_indexopts_t); + if (!ret) + return ret; + + char * try_decrypt; + notmuch_status_t err = notmuch_database_get_config (db, "index.try_decrypt", &try_decrypt); + if (err) + return ret; + + if (try_decrypt && + ((!(strcasecmp(try_decrypt, "true"))) || + (!(strcasecmp(try_decrypt, "yes"))) || + (!(strcasecmp(try_decrypt, "1"))))) + notmuch_indexopts_set_try_decrypt (ret, true); + + free (try_decrypt); + return ret; } notmuch_status_t diff --git a/notmuch-config.c b/notmuch-config.c index 74668718..1cba2661 100644 --- a/notmuch-config.c +++ b/notmuch-config.c @@ -812,8 +812,14 @@ _item_split (char *item, char **group, char **key) static bool _stored_in_db (const char *item) { + const char * db_configs[] = { + "index.try_decrypt", + }; if (STRNCMP_LITERAL (item, "query.") == 0) return true; + for (size_t i = 0; i < ARRAY_SIZE (db_configs); i++) + if (strcmp (item, db_configs[i]) == 0) + return true; return false; } -- 2.14.2