From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id D5DEE6DE00DB for ; Sat, 23 Sep 2017 09:46:51 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: 0.035 X-Spam-Level: X-Spam-Status: No, score=0.035 tagged_above=-999 required=5 tests=[AWL=0.055, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6H3I3xisP0C6 for ; Sat, 23 Sep 2017 09:46:50 -0700 (PDT) Received: from mail-lf0-f52.google.com (mail-lf0-f52.google.com [209.85.215.52]) by arlo.cworth.org (Postfix) with ESMTPS id 11A176DE00C5 for ; Sat, 23 Sep 2017 09:46:50 -0700 (PDT) Received: by mail-lf0-f52.google.com with SMTP id a18so3480292lfl.13 for ; Sat, 23 Sep 2017 09:46:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nikula-org.20150623.gappssmtp.com; s=20150623; h=from:to:subject:in-reply-to:references:date:message-id:mime-version; bh=XhlgYwG8tJPNfFcjeBd+K5X4xbtOdMhxIQVb8xRbr4A=; b=mLB/Rv6ZPtp+TdbYQcuISCTRgFhEvThR0YtxeJWCyoI3HFX527ki5tJNK2mRYizvsy QMF40wqx8FTUmt6gkX669a7WOqNlnMZkJWbrPxnbP14pnZRDP83KsD+jGdK/gtBy4m7O LQFwc0dKF1YhuYu6w3Z53Krw0s8yztMzghsYpUHG9pVRUxn7OWf7aR3FD4HQanKfAUkf ECGN5MDIZcsZFp2fG0gA3okuMZ/JUsNt9ESeLTECa4LkXKIKsNsNgUGaux7XuwjMrYuz LDxUR7BpqqU/pCbw4RhotnsFsZHAe4UfiI29H000QEYtl0zCDmjPtvBAPFElOUUTBx5l ZrZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:in-reply-to:references:date :message-id:mime-version; bh=XhlgYwG8tJPNfFcjeBd+K5X4xbtOdMhxIQVb8xRbr4A=; b=s8UeAlbFQQCYBLvYn8Pmvrneobu/kNOVv77eVz87qR3nlLfCeKf/EkM3qbZ8MJnOsB dGQBTSQdmh+vS2IfTmp2yRBNu4FqIjYzfrLq+YecK0zMn6Sx9+9nIbB/XBVEEYz4Rv57 a2B4gQcs3XO9cvI8hUCVvszP008EJgCisntDZOaKGpKoe402pQXvRMELMwV6Mz8vupRa cNQoslOPwzHjGdk257hkTaXMC/rNaVNkz3Ndy61CpNUgf2DKTsbmeDnTj0n1pU4pz2lj 9iFyIAKBiodpA2QC6mGPOLsW1Zu0O0UhfPsZadP3AiJ0Ix/PyEHwMMZCg6nfzPUZMQ0m c4SA== X-Gm-Message-State: AHPjjUjHAMV9sIYjuwxEYeJ+Cn8O4adHx0qef0oUJ3Yr1K7Lf0JhUB0e 7MAOndlRQ+nBwhnZD8XNqgiyKdZO0Os= X-Google-Smtp-Source: AOwi7QCLcVZLNvgqxNFDfW2cWbmsHKWwp4m0ULN+yW853HU9D3R8c3uF/wo/Wfd744x1Lcbq/2VBNw== X-Received: by 10.25.201.22 with SMTP id z22mr855585lff.142.1506185208160; Sat, 23 Sep 2017 09:46:48 -0700 (PDT) Received: from localhost (mobile-access-5d6a60-234.dhcp.inet.fi. [93.106.96.234]) by smtp.gmail.com with ESMTPSA id m12sm544138lje.21.2017.09.23.09.46.46 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 23 Sep 2017 09:46:47 -0700 (PDT) From: Jani Nikula To: Daniel Kahn Gillmor , Notmuch Mail Subject: Re: [PATCH v2 08/10] cli/new: add --try-decrypt=(true|false) In-Reply-To: <20170915055359.24123-9-dkg@fifthhorseman.net> References: <20170912230153.4175-10-dkg@fifthhorseman.net> <20170915055359.24123-1-dkg@fifthhorseman.net> <20170915055359.24123-9-dkg@fifthhorseman.net> Date: Sat, 23 Sep 2017 19:46:43 +0300 Message-ID: <87h8vtfjm4.fsf@nikula.org> MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Sep 2017 16:46:51 -0000 On Fri, 15 Sep 2017, Daniel Kahn Gillmor wrote: > Try to decrypt any encrypted parts of newly-discovered messages while > indexing them. The cleartext of any successfully-decrypted messages > will be indexed, with tags applied in the same form as from notmuch > insert --try-decrypt=true. > > Note: if the deprecated crypto.gpg_path configuration option is set to > anything other than "gpg", we ignore it (and print a warning on > stderr, if built against gmime < 3.0). > > We also add a new test making use of this functionality. This > requires a bit of reorganization, because we need to allow passing > --long-arguments to "notmuch new" via emacs_fcc_message > --- > completion/notmuch-completion.bash | 13 ++++++++-- > doc/man1/notmuch-new.rst | 12 +++++++++ > notmuch-new.c | 29 +++++++++++++++++++++- > test/T357-index-decryption.sh | 51 ++++++++++++++++++++++++++++++++++++++ > test/test-lib.sh | 11 +++++++- > 5 files changed, 112 insertions(+), 4 deletions(-) > create mode 100755 test/T357-index-decryption.sh > > diff --git a/completion/notmuch-completion.bash b/completion/notmuch-completion.bash > index 5201be63..17be6b8f 100644 > --- a/completion/notmuch-completion.bash > +++ b/completion/notmuch-completion.bash > @@ -311,11 +311,20 @@ _notmuch_insert() > _notmuch_new() > { > local cur prev words cword split > - _init_completion || return > + _init_completion -s || return > + > + $split && > + case "${prev}" in > + --try-decrypt) > + COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) ) > + return > + ;; > + esac > > + ! $split && > case "${cur}" in > -*) > - local options="--no-hooks --quiet ${_notmuch_shared_options}" > + local options="--no-hooks --try-decrypt= --quiet ${_notmuch_shared_options}" > compopt -o nospace > COMPREPLY=( $(compgen -W "${options}" -- ${cur}) ) > ;; > diff --git a/doc/man1/notmuch-new.rst b/doc/man1/notmuch-new.rst > index 6acfa112..c255f980 100644 > --- a/doc/man1/notmuch-new.rst > +++ b/doc/man1/notmuch-new.rst > @@ -43,6 +43,18 @@ Supported options for **new** include > ``--quiet`` > Do not print progress or results. > > + ``--try-decrypt=(true|false)`` > + > + If true, when encountering an encrypted message, try to > + decrypt it while indexing. If decryption is successful, index > + the cleartext itself. Be aware that the index is likely > + sufficient to reconstruct the cleartext of the message itself, > + so please ensure that the notmuch message index is adequately > + protected. DO NOT USE ``--try-decrypt=true`` without > + considering the security of your index. > + > + See also ``index.try_decrypt`` in **notmuch-config(1)**. > + > EXIT STATUS > =========== > > diff --git a/notmuch-new.c b/notmuch-new.c > index faeb8f0a..cffcd8bc 100644 > --- a/notmuch-new.c > +++ b/notmuch-new.c > @@ -49,6 +49,7 @@ typedef struct { > size_t new_tags_length; > const char **new_ignore; > size_t new_ignore_length; > + notmuch_indexopts_t *indexopts; > > int total_files; > int processed_files; > @@ -267,7 +268,7 @@ add_file (notmuch_database_t *notmuch, const char *filename, > if (status) > goto DONE; > > - status = notmuch_database_index_file (notmuch, filename, NULL, &message); > + status = notmuch_database_index_file (notmuch, filename, state->indexopts, &message); > switch (status) { > /* Success. */ > case NOTMUCH_STATUS_SUCCESS: > @@ -949,6 +950,7 @@ notmuch_new_command (notmuch_config_t *config, int argc, char *argv[]) > unsigned int i; > notmuch_bool_t timer_is_active = FALSE; > notmuch_bool_t no_hooks = FALSE; > + int try_decrypt = -1; > notmuch_bool_t quiet = FALSE, verbose = FALSE; > notmuch_status_t status; > > @@ -957,6 +959,7 @@ notmuch_new_command (notmuch_config_t *config, int argc, char *argv[]) > { NOTMUCH_OPT_BOOLEAN, &verbose, "verbose", 'v', 0 }, > { NOTMUCH_OPT_BOOLEAN, &add_files_state.debug, "debug", 'd', 0 }, > { NOTMUCH_OPT_BOOLEAN, &no_hooks, "no-hooks", 'n', 0 }, > + { NOTMUCH_OPT_BOOLEAN, &try_decrypt, "try-decrypt", 0, 0 }, > { NOTMUCH_OPT_INHERIT, (void *) ¬much_shared_options, NULL, 0, 0 }, > { 0, 0, 0, 0, 0 } > }; > @@ -1074,6 +1077,30 @@ notmuch_new_command (notmuch_config_t *config, int argc, char *argv[]) > if (notmuch == NULL) > return EXIT_FAILURE; > > + add_files_state.indexopts = notmuch_database_get_default_indexopts (notmuch); > + if (!add_files_state.indexopts) { > + fprintf (stderr, "Error: could not create index options.\n"); > + return EXIT_FAILURE; > + } > + if (try_decrypt == TRUE || try_decrypt == FALSE) { As discussed in the argument parsing thread, I'm not really fond of these implicit "tristate booleans". It's surprising to look at a boolean option and check if it's either true or false... But looks like we need to involve other folks here, and figure out what we want to do wrt stdbools and my --no-arg idea for --arg=false, etc. > + status = notmuch_indexopts_set_try_decrypt (add_files_state.indexopts, try_decrypt); > + if (status != NOTMUCH_STATUS_SUCCESS) { > + fprintf (stderr, "Error: Failed to set try_decrypt to %s. (%s)\n", > + try_decrypt ? "True" : "False", notmuch_status_to_string (status)); > + notmuch_indexopts_destroy (add_files_state.indexopts); > + return EXIT_FAILURE; > + } > + } > +#if (GMIME_MAJOR_VERSION < 3) > + if (notmuch_indexopts_get_try_decrypt (add_files_state.indexopts)) { > + const char* gpg_path = notmuch_config_get_crypto_gpg_path (config); > + if (gpg_path && strcmp(gpg_path, "gpg")) > + fprintf (stderr, "Warning: deprecated crypto.gpg_path is set to '%s'\n" > + "\tbut ignoring (use $PATH instead)\n", gpg_path); > + } > +#endif > + Seems like there's quite a bit of duplication with the other commands here. BR, Jani. > + > /* Set up our handler for SIGINT. We do this after having > * potentially done a database upgrade we this interrupt handler > * won't support. */ > diff --git a/test/T357-index-decryption.sh b/test/T357-index-decryption.sh > new file mode 100755 > index 00000000..7bbd81f6 > --- /dev/null > +++ b/test/T357-index-decryption.sh > @@ -0,0 +1,51 @@ > +#!/usr/bin/env bash > + > +# TODO: test index-decryption-failed > + > +test_description='indexing decrypted mail' > +. ./test-lib.sh || exit 1 > + > +################################################## > + > +add_gnupg_home > +# get key fingerprint > +FINGERPRINT=$(gpg --no-tty --list-secret-keys --with-colons --fingerprint | grep '^fpr:' | cut -d: -f10) > + > +# create a test encrypted message > +test_begin_subtest 'emacs delivery of encrypted message' > +test_expect_success \ > +'emacs_fcc_message \ > + "test encrypted message for cleartext index 001" \ > + "This is a test encrypted message with a wumpus.\n" \ > + "(mml-secure-message-encrypt)"' > + > +test_begin_subtest "search for unindexed cleartext" > +output=$(notmuch search wumpus) > +expected='' > +test_expect_equal \ > + "$output" \ > + "$expected" > + > +# create a test encrypted message that is indexed in the clear > +test_begin_subtest 'emacs delivery of encrypted message' > +test_expect_success \ > +'emacs_fcc_message --try-decrypt=true \ > + "test encrypted message for cleartext index 002" \ > + "This is a test encrypted message with a wumpus.\n" \ > + "(mml-secure-message-encrypt)"' > + > +test_begin_subtest "emacs delivery of encrypted message, indexed cleartext" > +output=$(notmuch search wumpus) > +expected='thread:0000000000000002 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message for cleartext index 002 (encrypted inbox)' > +test_expect_equal \ > + "$output" \ > + "$expected" > + > +# and the same search, but by property ($expected is untouched): > +test_begin_subtest "emacs search by property for one message" > +output=$(notmuch search property:index-decryption=success) > +test_expect_equal \ > + "$output" \ > + "$expected" > + > +test_done > diff --git a/test/test-lib.sh b/test/test-lib.sh > index b8427d97..6a47354f 100644 > --- a/test/test-lib.sh > +++ b/test/test-lib.sh > @@ -338,8 +338,17 @@ emacs_deliver_message () > # Accepts arbitrary extra emacs/elisp functions to modify the message > # before sending, which is useful to doing things like attaching files > # to the message and encrypting/signing. > +# > +# If any GNU-style long-arguments (like --quiet or --try-decrypt=true) are > +# at the head of the argument list, they are sent directly to "notmuch > +# new" after message delivery > emacs_fcc_message () > { > + local nmn_args='' > + while [[ "$1" =~ ^-- ]]; do > + nmn_args="$nmn_args $1" > + shift > + done > local subject="$1" > local body="$2" > shift 2 > @@ -358,7 +367,7 @@ emacs_fcc_message () > (insert \"${body}\") > $@ > (notmuch-mua-send-and-exit))" || return 1 > - notmuch new >/dev/null > + notmuch new $nmn_args >/dev/null > } > > # Add an existing, fixed corpus of email to the database. > -- > 2.14.1 > > _______________________________________________ > notmuch mailing list > notmuch@notmuchmail.org > https://notmuchmail.org/mailman/listinfo/notmuch