[PATCH] emacs: use new show --decrypt=stash feature in emacs UI

[PATCH] emacs: use new show --decrypt=stash feature in emacs UI

[Jameson Graef Rollins]

This just changes the show --decrypt flag to "stash" in the emacs UI,
so that session keys will be stashed in the database when viewing
encrypted messages that have not previously been decrypted.  As
always, this will only happen if the notmuch-crypto-process-mime
customization variable is set to "true".
---
 emacs/notmuch-lib.el   | 2 +-
 emacs/notmuch-query.el | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/emacs/notmuch-lib.el b/emacs/notmuch-lib.el
index a7e02710..94ddef52 100644
--- a/emacs/notmuch-lib.el
+++ b/emacs/notmuch-lib.el
@@ -593,7 +593,7 @@ the given type."
 		       (set-buffer-multibyte nil))
 		     (let ((args `("show" "--format=raw"
 				   ,(format "--part=%s" (plist-get part :id))
-				   ,@(when process-crypto '("--decrypt=true"))
+				   ,@(when process-crypto '("--decrypt=stash"))
 				   ,(notmuch-id-to-query (plist-get msg :id))))
 			   (coding-system-for-read
 			    (if binaryp 'no-conversion
diff --git a/emacs/notmuch-query.el b/emacs/notmuch-query.el
index 563e4acf..8c38eb02 100644
--- a/emacs/notmuch-query.el
+++ b/emacs/notmuch-query.el
@@ -32,7 +32,7 @@ is a possibly empty forest of replies.
 "
   (let ((args '("show" "--format=sexp" "--format-version=4")))
     (if notmuch-show-process-crypto
-	(setq args (append args '("--decrypt=true"))))
+        (setq args (append args '("--decrypt=stash"))))
     (setq args (append args search-terms))
     (apply #'notmuch-call-notmuch-sexp args)))
 
-- 
2.17.1

[PATCH] emacs: use new show --decrypt=stash feature in emacs UI

[Jameson Graef Rollins]

This just changes the show --decrypt flag to "stash" in the emacs UI,
so that session keys will be stashed in the database when viewing
encrypted messages that have not previously been decrypted.  As
always, this will only happen if the notmuch-crypto-process-mime
customization variable is set to "true".
---
 emacs/notmuch-lib.el   | 2 +-
 emacs/notmuch-query.el | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/emacs/notmuch-lib.el b/emacs/notmuch-lib.el
index a7e02710..94ddef52 100644
--- a/emacs/notmuch-lib.el
+++ b/emacs/notmuch-lib.el
@@ -593,7 +593,7 @@ the given type."
 		       (set-buffer-multibyte nil))
 		     (let ((args `("show" "--format=raw"
 				   ,(format "--part=%s" (plist-get part :id))
-				   ,@(when process-crypto '("--decrypt=true"))
+				   ,@(when process-crypto '("--decrypt=stash"))
 				   ,(notmuch-id-to-query (plist-get msg :id))))
 			   (coding-system-for-read
 			    (if binaryp 'no-conversion
diff --git a/emacs/notmuch-query.el b/emacs/notmuch-query.el
index 563e4acf..8c38eb02 100644
--- a/emacs/notmuch-query.el
+++ b/emacs/notmuch-query.el
@@ -32,7 +32,7 @@ is a possibly empty forest of replies.
 "
   (let ((args '("show" "--format=sexp" "--format-version=4")))
     (if notmuch-show-process-crypto
-	(setq args (append args '("--decrypt=true"))))
+        (setq args (append args '("--decrypt=stash"))))
     (setq args (append args search-terms))
     (apply #'notmuch-call-notmuch-sexp args)))
 
-- 
2.17.1

[PATCH] emacs: use new show --decrypt=stash feature in emacs UI

[Jameson Graef Rollins]

This just changes the show --decrypt flag to "stash" in the emacs UI,
so that session keys will be stashed in the database when viewing
encrypted messages that have not previously been decrypted.  As
always, this will only happen if the notmuch-crypto-process-mime
customization variable is set to "true".
---
 emacs/notmuch-lib.el   | 2 +-
 emacs/notmuch-query.el | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/emacs/notmuch-lib.el b/emacs/notmuch-lib.el
index a7e02710..94ddef52 100644
--- a/emacs/notmuch-lib.el
+++ b/emacs/notmuch-lib.el
@@ -593,7 +593,7 @@ the given type."
 		       (set-buffer-multibyte nil))
 		     (let ((args `("show" "--format=raw"
 				   ,(format "--part=%s" (plist-get part :id))
-				   ,@(when process-crypto '("--decrypt=true"))
+				   ,@(when process-crypto '("--decrypt=stash"))
 				   ,(notmuch-id-to-query (plist-get msg :id))))
 			   (coding-system-for-read
 			    (if binaryp 'no-conversion
diff --git a/emacs/notmuch-query.el b/emacs/notmuch-query.el
index 563e4acf..8c38eb02 100644
--- a/emacs/notmuch-query.el
+++ b/emacs/notmuch-query.el
@@ -32,7 +32,7 @@ is a possibly empty forest of replies.
 "
   (let ((args '("show" "--format=sexp" "--format-version=4")))
     (if notmuch-show-process-crypto
-	(setq args (append args '("--decrypt=true"))))
+        (setq args (append args '("--decrypt=stash"))))
     (setq args (append args search-terms))
     (apply #'notmuch-call-notmuch-sexp args)))
 
-- 
2.17.1

Re: [PATCH] emacs: use new show --decrypt=stash feature in emacs UI

[Jameson Graef Rollins]

Jeez I don't know how I manged to send three copies of this to the list.
Apologies for the spam.  At least only one of them needs to be reviewed!

jamie.

Re: [PATCH] emacs: use new show --decrypt=stash feature in emacs UI

[Daniel Kahn Gillmor]

[-- Attachment #1: Type: text/plain, Size: 821 bytes --]

On Mon 2018-06-11 16:09:00 -0700, Jameson Graef Rollins wrote:
> This just changes the show --decrypt flag to "stash" in the emacs UI,
> so that session keys will be stashed in the database when viewing
> encrypted messages that have not previously been decrypted.  As
> always, this will only happen if the notmuch-crypto-process-mime
> customization variable is set to "true".


I'm not convinced that this is the right approach.  In particular,
sending "--decrypt=stash" requires that the notmuch database is opened
read/write, which isn't always desirable.

(it'd be nice to be able to use notmuch-emacs to browse a notmuch
archive without locking the notmuch db or even needing read/write access
to the database)

perhaps we need a third setting for notmuch-crypto-process-mime besides
nil and t instead?

    --dkg

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

Re: [PATCH] emacs: use new show --decrypt=stash feature in emacs UI

[Daniel Kahn Gillmor]

[-- Attachment #1: Type: text/plain, Size: 664 bytes --]

On Tue 2018-06-12 10:00:18 -0400, Daniel Kahn Gillmor wrote:
> (it'd be nice to be able to use notmuch-emacs to browse a notmuch
> archive without locking the notmuch db or even needing read/write access
> to the database)

to be clear, it's not just about wanting to be able to avoid write
access during "notmuch show" -- there are other use cases i'd like us to
be able to support, including the ability to keep some messages'
cleartext indexed, while leaving some of them un-indexed (keeping their
contents secret from anyone who doesn't have the user's secret keys).

This proposed change removes that possibility, so i think it needs more
nuance.

     --dkg

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

Re: [PATCH] emacs: use new show --decrypt=stash feature in emacs UI

[Jameson Graef Rollins]

[-- Attachment #1: Type: text/plain, Size: 3034 bytes --]

On Tue, Jun 12 2018, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
> On Tue 2018-06-12 10:00:18 -0400, Daniel Kahn Gillmor wrote:
>> (it'd be nice to be able to use notmuch-emacs to browse a notmuch
>> archive without locking the notmuch db or even needing read/write access
>> to the database)
>
> to be clear, it's not just about wanting to be able to avoid write
> access during "notmuch show" -- there are other use cases i'd like us to
> be able to support, including the ability to keep some messages'
> cleartext indexed, while leaving some of them un-indexed (keeping their
> contents secret from anyone who doesn't have the user's secret keys).
>
> This proposed change removes that possibility, so i think it needs more
> nuance.

This patch works for all the use cases I personally care about, so I
would like a configuration that is this simple.

The use case you're arguing for, which I believe is the ability to
choose on a per-message basis whether you want to stash or not, would
have to not use the show stash functionality at all.

What if notmuch-crypto-process-mime just accepted the same values that
show --decrypt does, with the same meanings, e.g.:

┌─────────────────────────────────────┬───────┬──────┬──────┬───────┐
│                                     │ false │ auto │ true │ stash │
├─────────────────────────────────────┼───────┼──────┼──────┼───────┤
│Show  cleartext  if  session  key is │       │ X    │ X    │ X     │
│already known                        │       │      │      │       │
├─────────────────────────────────────┼───────┼──────┼──────┼───────┤
│Use secret keys to show cleartext    │       │      │ X    │ X     │
├─────────────────────────────────────┼───────┼──────┼──────┼───────┤
│Stash any  newly  recovered  session │       │      │      │ X     │
│keys, reindexing message if found    │       │      │      │       │
└─────────────────────────────────────┴───────┴──────┴──────┴───────┘

notmuch-crypto-process-mime is really only relevant for show anyway, so
I think this makes sense.

Users who want to chose to stash on a per-message basis would then need
to set notmuch-crypto-process-mime=true, and then do reindex
--decrypt=true if they want to stash.

jamie.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

Re: [PATCH] emacs: use new show --decrypt=stash feature in emacs UI

[Daniel Kahn Gillmor]

On Tue 2018-06-12 23:07:33 -0700, Jameson Graef Rollins wrote:
> What if notmuch-crypto-process-mime just accepted the same values that
> show --decrypt does, with the same meanings, e.g.:
>
> ┌─────────────────────────────────────┬───────┬──────┬──────┬───────┐
> │                                     │ false │ auto │ true │ stash │
> ├─────────────────────────────────────┼───────┼──────┼──────┼───────┤
> │Show  cleartext  if  session  key is │       │ X    │ X    │ X     │
> │already known                        │       │      │      │       │
> ├─────────────────────────────────────┼───────┼──────┼──────┼───────┤
> │Use secret keys to show cleartext    │       │      │ X    │ X     │
> ├─────────────────────────────────────┼───────┼──────┼──────┼───────┤
> │Stash any  newly  recovered  session │       │      │      │ X     │
> │keys, reindexing message if found    │       │      │      │       │
> └─────────────────────────────────────┴───────┴──────┴──────┴───────┘
>
> notmuch-crypto-process-mime is really only relevant for show anyway, so
> I think this makes sense.

I agree, i think this makes sense.  so these text strings could be
mapped straight through.

in addition to the strings, for the sake of supporting more native
elisp-y style, if notmuch-crypto-process-mime is set to nil it should
probably map to "false", and if it is set to t, it should probably map
to "true".

wdyt?

        --dkg

Re: [PATCH] emacs: use new show --decrypt=stash feature in emacs UI

[David Bremner]

Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:

> On Tue 2018-06-12 23:07:33 -0700, Jameson Graef Rollins wrote:
>> What if notmuch-crypto-process-mime just accepted the same values that
>> show --decrypt does, with the same meanings, e.g.:
>>
>> ┌─────────────────────────────────────┬───────┬──────┬──────┬───────┐
>> │                                     │ false │ auto │ true │ stash │
>> ├─────────────────────────────────────┼───────┼──────┼──────┼───────┤
>> │Show  cleartext  if  session  key is │       │ X    │ X    │ X     │
>> │already known                        │       │      │      │       │
>> ├─────────────────────────────────────┼───────┼──────┼──────┼───────┤
>> │Use secret keys to show cleartext    │       │      │ X    │ X     │
>> ├─────────────────────────────────────┼───────┼──────┼──────┼───────┤
>> │Stash any  newly  recovered  session │       │      │      │ X     │
>> │keys, reindexing message if found    │       │      │      │       │
>> └─────────────────────────────────────┴───────┴──────┴──────┴───────┘
>>
>> notmuch-crypto-process-mime is really only relevant for show anyway, so
>> I think this makes sense.
>
> I agree, i think this makes sense.  so these text strings could be
> mapped straight through.
>

What about using symbols and some kind of case? less efficient but
better error checking

d

Re: [PATCH] emacs: use new show --decrypt=stash feature in emacs UI

[Daniel Kahn Gillmor]

[-- Attachment #1: Type: text/plain, Size: 793 bytes --]

On Wed 2018-06-13 13:25:54 -0300, David Bremner wrote:
> What about using symbols and some kind of case? less efficient but
> better error checking

symbols would also make for a more brittle interaction between future
versions of the notmuch cli and notmuch-emacs, but i agree that the
error checking would probably be worth it (it's not hard to update the
list of symbols if a new option gets added to "show --decrypt".

also, it looks like notmuch-mua-reply reasons about
notmuch-show-process-crypto to create the --decrypt= arg for "notmuch
reply".  "notmuch reply" doesn't have --decrypt=stash (and i don't think
there's any sensible workflow that would warrant puting it there) so
some reasoning needs to be done there.  symbols would make that a more
sensible approach.

         --dkg

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

Re: [PATCH] emacs: use new show --decrypt=stash feature in emacs UI

[Jameson Graef Rollins]

[-- Attachment #1: Type: text/plain, Size: 1200 bytes --]

On Wed, Jun 13 2018, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
> On Wed 2018-06-13 13:25:54 -0300, David Bremner wrote:
>> What about using symbols and some kind of case? less efficient but
>> better error checking
>
> symbols would also make for a more brittle interaction between future
> versions of the notmuch cli and notmuch-emacs, but i agree that the
> error checking would probably be worth it (it's not hard to update the
> list of symbols if a new option gets added to "show --decrypt".
>
> also, it looks like notmuch-mua-reply reasons about
> notmuch-show-process-crypto to create the --decrypt= arg for "notmuch
> reply".  "notmuch reply" doesn't have --decrypt=stash (and i don't think
> there's any sensible workflow that would warrant puting it there) so
> some reasoning needs to be done there.  symbols would make that a more
> sensible approach.

I'm not sure exactly what you mean by "symbols", but I'm working on
something that will turn notmuch-crypto-process-mime into a choice
custom with constant values.  A separate derived value will be used to
provide the correct bool to notmuch-show-process-crypto.

I'll provide another iteration that we can discuss.

jamie.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]