notmuch/test, branch debian/0.29.1-1

test: update test description.

2019-05-29T11:40:02Z

I missed this fix in dkg's revisions.

cli/reply: pull proposed subject line from the message, not the index

2019-05-29T11:17:33Z

Protected subject lines were being emitted in reply when the cleartext of documents was indexed. create_reply_message() was pulling the subject line from the index, rather than pulling it from the GMimeMessage object that it already has on hand. This one-line fix to notmuch-reply.c solves that problem, and doesn't cause any additional tests to fail. Signed-off-by: Daniel Kahn Gillmor

test: reply (in cli and emacs) should protect indexed sensitive headers

2019-05-29T11:17:20Z

These tests are currently broken! When a protected subject is indexed in the clear, it leaks in the reply headers :( For emacs, we set up separate tests for when the protected header is indexed in the clear and when it is unindexed. neither case should leak, but the former wasn't tested yet. We will fix the two broken tests in a subsequent patch. Signed-off-by: Daniel Kahn Gillmor

test: emacs/show: ensure that protected headers appear as expected

2019-05-29T11:17:12Z

This tests notmuch-show; headers appear appropriately based on the setting of notmuch-crypto-process-mime. Signed-off-by: Daniel Kahn Gillmor

test: ensure that protected headers appear in notmuch-emacs search as expected

2019-05-29T11:16:58Z

We initially test only notmuch-search; tests for other functionality come in different patchsets later. Signed-off-by: Daniel Kahn Gillmor

test: try indexing nested messages and protected headers

2019-05-29T11:15:28Z

We want to make sure that internally-forwarded messages don't end up "bubbling up" when they aren't actually the cryptographic payload. Signed-off-by: Daniel Kahn Gillmor

test: after reindexing, only legitimate protected subjects are searchable

2019-05-29T11:15:18Z

This test scans for all the possible protected headers (including bogus/broken ones) that are present in the protected-headers corpus, trying to make sure that only the ones that are not broken or malformed show up in a search after re-indexing. Signed-off-by: Daniel Kahn Gillmor

test: protected headers should work when both encrypted and signed.

2019-05-29T11:14:57Z

Up to this point, we've tested protected headers on messages that have either been encrypted or signed, but not both. This adds a couple tests of signed+encrypted messages, one where the subject line is masked (outside subject line is "Subject Unavailable") and another where it is not (outside Subject: matches inner Subject:) See the discussion at https://dkg.fifthhorseman.net/blog/e-mail-cryptography.html#protected-headers for more details about the nuances between signed, stripped, and stubbed headers. Signed-off-by: Daniel Kahn Gillmor

indexing: record protected subject when indexing cleartext

2019-05-29T11:14:44Z

When indexing the cleartext of an encrypted message, record any protected subject in the database, which should make it findable and visible in search. Signed-off-by: Daniel Kahn Gillmor

cli/reply: ensure encrypted Subject: line does not leak in the clear

2019-05-29T11:14:32Z

Now that we can decrypt headers, we want to make sure that clients using "notmuch reply" to prepare a reply don't leak cleartext in their subject lines. In particular, the ["reply-headers"]["Subject"] should by default show the external Subject. A replying MUA that intends to protect the Subject line should show the user the Subject from ["original"]["headers"]["Subject"] instead of using ["reply-headers"]["Subject"]. This minor asymmetry with "notmuch show" is intentional. While both tools always render the cleartext subject line when they know it (in ["headers"]["Subject"] for "notmuch show" and in ["original"]["headers"]["Subject"] for "notmuch reply"), "notmuch reply" should never leak something that should stay under encrypted cover in "reply-headers". Signed-off-by: Daniel Kahn Gillmor