notmuch/Makefile.global, branch 0.31_rc2

emacs: Use makefile-gmake-mode in Makefile*s

2020-08-10T00:14:36Z

Use `makefile-gmake-mode' instead of `makefile-mode' because the former also highlights ifdef et al. while the latter does not. "./Makefile.global" and one "Makefile.local" failed to specify any major mode at all but doing so is necessary because Emacs does not automatically figure out that these are Makefiles (of any flavor).

build: upload html docs as part of release process

2020-08-03T23:44:51Z

Use a URL https://notmuchmail.org/doc/latest to leave room for a future more ambitious scheme deploying multiple versions. This also forces the html docs to built as part of the release process. In the future this should be updated to tolerate generating a release without sphinx installed. This needs a new target analogous to build-info and build-man that does nothing if sphinx is not installed.

Makefile.global: drop -std=gnu99. C11 (or later) compiler required

2020-06-27T00:48:56Z

Since October 2018 building notmuch has actually required compiler that knows C11. Also this -std=gnu99 was not used in code compiled by configure, so in theory this could have caused problems... ...but no related reports have been sent, perhaps ever. Both gcc and clang has been shipping compilers supporting C11 (or later) by default for more than four years now. Therefore, just dropping -std=gnu99 (and not checking C11 compatibility for now, for simplicity) is easiest to do, and removes inconsistency between configure and build time compilations.

release: use xz compression

2019-03-27T20:59:40Z

This produces tarballs that are roughly 30% smaller.

build: Rename GPG_FILE to DETACHED_SIG_FILE

2019-03-27T20:54:12Z

This is just a semantic cleanup -- we have multiple files that are OpenPGP signatures. And while we're probably making signatures with GnuPG, they can be verified with any OpenPGP implementation, so "GPG_" is arguably both not specific enough, and overly-specific. Signed-off-by: Daniel Kahn Gillmor

build: distribute signed sha256sums

2019-03-27T20:53:41Z

Distribute clearsigned sha256sum file in addition to the detached signature. Verifies that use the sha256sum ensure that the thing signed includes the name of the tarball. This defends the verifier by default against a freeze, rollback, or project substitution attack. A verifier can use something like the following (as expressed in bash): set -o pipefail wget https://notmuchmail.org/releases/notmuch-$VERSION.tar.gz{,.sha256.asc} gpgv --keyring ./notmuch-signers.pgp --output - notmuch-$VERSION.tar.gz.sha256.asc | sha256sum -c - See id:87r2b8w956.fsf@fifthhorseman.net and other messages in that thread for discussion. Signed-off-by: Daniel Kahn Gillmor

build: sign tarball instead of sha256sum

2019-03-12T01:28:11Z

Adam Majer pointed out in [1] the way were signing releases was unusual. Neither Carl nor I could think of a good reason for explicitely signing the checksum (internally of course that's what GPG is going anyway). [1] mid:b3fd556d-c346-7af9-a7a2-13b0f3235071@suse.de

rename libutil.a to libnotmuch_util.a

2017-03-19T00:37:43Z

Apparently some systems (MacOS?) have a system library called libutil and the name conflict causes problems. Since this library is quite notmuch specific, rename it to something less generic.

build: use sha256sum instead of sha1sum to sign releases

2017-03-02T21:31:15Z

build/emacs: add target to create elpa package

2016-11-26T11:57:58Z

This package can be created without emacs, but will only be usable in versions of emacs supporting package.el