From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 641E86DE1006 for ; Thu, 7 Dec 2017 22:24:22 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.01 X-Spam-Level: X-Spam-Status: No, score=-0.01 tagged_above=-999 required=5 tests=[AWL=-0.010] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LfUmjKZeG7an for ; Thu, 7 Dec 2017 22:24:18 -0800 (PST) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTPS id 8529B6DE0C3A for ; Thu, 7 Dec 2017 22:24:14 -0800 (PST) Received: from fifthhorseman.net (ool-6c3a0662.static.optonline.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id 7D181F99F for ; Fri, 8 Dec 2017 01:24:11 -0500 (EST) Received: by fifthhorseman.net (Postfix, from userid 1000) id 01EAC20F72; Fri, 8 Dec 2017 01:24:06 -0500 (EST) From: Daniel Kahn Gillmor To: Notmuch Mail Subject: [PATCH v3 05/15] cli/reply: use decryption policy "auto" by default. Date: Fri, 8 Dec 2017 01:23:54 -0500 Message-Id: <20171208062404.17269-6-dkg@fifthhorseman.net> X-Mailer: git-send-email 2.15.0 In-Reply-To: <20171208062404.17269-1-dkg@fifthhorseman.net> References: <20171208062404.17269-1-dkg@fifthhorseman.net> X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Dec 2017 06:24:22 -0000 If the user doesn't specify --decrypt= at all, but a stashed session key is known to notmuch, when replying to an encrypted message, notmuch should just go ahead and decrypt. The user can disable this at the command line with --decrypt=false, though it's not clear why they would ever want to do that. --- completion/notmuch-completion.bash | 6 +++++- doc/man1/notmuch-reply.rst | 6 +++++- notmuch-reply.c | 9 +++++---- test/T357-index-decryption.sh | 10 ++++++++++ 4 files changed, 25 insertions(+), 6 deletions(-) diff --git a/completion/notmuch-completion.bash b/completion/notmuch-completion.bash index e462a82a..1cd616b3 100644 --- a/completion/notmuch-completion.bash +++ b/completion/notmuch-completion.bash @@ -350,12 +350,16 @@ _notmuch_reply() COMPREPLY=( $( compgen -W "all sender" -- "${cur}" ) ) return ;; + --decrypt) + COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) ) + return + ;; esac ! $split && case "${cur}" in -*) - local options="--format= --format-version= --reply-to= --decrypt ${_notmuch_shared_options}" + local options="--format= --format-version= --reply-to= --decrypt= ${_notmuch_shared_options}" compopt -o nospace COMPREPLY=( $(compgen -W "$options" -- ${cur}) ) ;; diff --git a/doc/man1/notmuch-reply.rst b/doc/man1/notmuch-reply.rst index b6aec3c8..ede77930 100644 --- a/doc/man1/notmuch-reply.rst +++ b/doc/man1/notmuch-reply.rst @@ -80,8 +80,12 @@ Supported options for **reply** include multipart/encrypted part will be replaced by the decrypted content. + If a session key is already known for the message, then it + will be decrypted automatically unless the user explicitly + sets ``--decrypt=false``. + Decryption expects a functioning **gpg-agent(1)** to provide any - needed credentials. Without one, the decryption will fail. + needed credentials. Without one, the decryption will likely fail. See **notmuch-search-terms(7)** for details of the supported syntax for . diff --git a/notmuch-reply.c b/notmuch-reply.c index eec34bed..fd990a9a 100644 --- a/notmuch-reply.c +++ b/notmuch-reply.c @@ -700,11 +700,12 @@ notmuch_reply_command (notmuch_config_t *config, int argc, char *argv[]) int opt_index; notmuch_show_params_t params = { .part = -1, - .crypto = { .decrypt = NOTMUCH_DECRYPT_FALSE }, + .crypto = { .decrypt = NOTMUCH_DECRYPT_AUTO }, }; int format = FORMAT_DEFAULT; int reply_all = true; bool decrypt = false; + bool decrypt_set = false; notmuch_opt_desc_t options[] = { { .opt_keyword = &format, .name = "format", .keywords = @@ -718,7 +719,7 @@ notmuch_reply_command (notmuch_config_t *config, int argc, char *argv[]) (notmuch_keyword_t []){ { "all", true }, { "sender", false }, { 0, 0 } } }, - { .opt_bool = &decrypt, .name = "decrypt" }, + { .opt_bool = &decrypt, .name = "decrypt", .present = &decrypt_set }, { .opt_inherit = notmuch_shared_options }, { } }; @@ -728,8 +729,8 @@ notmuch_reply_command (notmuch_config_t *config, int argc, char *argv[]) return EXIT_FAILURE; notmuch_process_shared_options (argv[0]); - if (decrypt) - params.crypto.decrypt = NOTMUCH_DECRYPT_TRUE; + if (decrypt_set) + params.crypto.decrypt = decrypt ? NOTMUCH_DECRYPT_TRUE : NOTMUCH_DECRYPT_FALSE; notmuch_exit_if_unsupported_format (); diff --git a/test/T357-index-decryption.sh b/test/T357-index-decryption.sh index 7996ec67..31991e22 100755 --- a/test/T357-index-decryption.sh +++ b/test/T357-index-decryption.sh @@ -200,6 +200,16 @@ test_expect_equal \ "$output" \ "$expected" +test_begin_subtest "notmuch reply should show cleartext if session key is present" +output=$(notmuch reply id:simple-encrypted@crypto.notmuchmail.org | grep '^>') +expected='> This is a top sekrit message.' +if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then + test_subtest_known_broken +fi +test_expect_equal \ + "$output" \ + "$expected" + # TODO: test removal of a message from the message store between # indexing and reindexing. -- 2.15.0