It's now possible to include the cleartext of encrypted e-mails in
the notmuch index. This makes it possible to search your encrypted
e-mails with the same ease as searching cleartext. This can be done
- on a per-message basis with the --try-decrypt argument to indexing
+ on a per-message basis with the --decrypt argument to indexing
commands (new, insert, reindex), or by default by running "notmuch
- config set index.try_decrypt true".
+ config set index.decrypt true".
Note that the contents of the index are sufficient to roughly
reconstruct the cleartext of the message itself, so please ensure
sed "s|^$path/||" | grep -v "\(^\|/\)\(cur\|new\|tmp\)$" ) )
return
;;
- --try-decrypt)
+ --decrypt)
COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) )
return
;;
! $split &&
case "${cur}" in
--*)
- local options="--create-folder --folder= --keep --no-hooks --try-decrypt= ${_notmuch_shared_options}"
+ local options="--create-folder --folder= --keep --no-hooks --decrypt= ${_notmuch_shared_options}"
compopt -o nospace
COMPREPLY=( $(compgen -W "$options" -- ${cur}) )
return
$split &&
case "${prev}" in
- --try-decrypt)
+ --decrypt)
COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) )
return
;;
! $split &&
case "${cur}" in
-*)
- local options="--no-hooks --try-decrypt= --quiet ${_notmuch_shared_options}"
+ local options="--no-hooks --decrypt= --quiet ${_notmuch_shared_options}"
compopt -o nospace
COMPREPLY=( $(compgen -W "${options}" -- ${cur}) )
;;
$split &&
case "${prev}" in
- --try-decrypt)
+ --decrypt)
COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) )
return
;;
! $split &&
case "${cur}" in
-*)
- local options="--try-decrypt= ${_notmuch_shared_options}"
+ local options="--decrypt= ${_notmuch_shared_options}"
compopt -o nospace
COMPREPLY=( $(compgen -W "$options" -- ${cur}) )
;;
Default: ``gpg``.
- **index.try_decrypt**
+ **index.decrypt**
**[STORED IN DATABASE]**
When indexing an encrypted e-mail message, if this variable is
the cleartext. Be aware that the index is likely sufficient
to reconstruct the cleartext of the message itself, so please
ensure that the notmuch message index is adequately protected.
- DO NOT USE ``index.try_decrypt=true`` without considering the
+ DO NOT USE ``index.decrypt=true`` without considering the
security of your index.
Default: ``false``.
``--no-hooks``
Prevent hooks from being run.
- ``--try-decrypt=(true|false)``
+ ``--decrypt=(true|false)``
If true and the message is encrypted, try to decrypt the
message while indexing. If decryption is successful, index
that the index is likely sufficient to reconstruct the
cleartext of the message itself, so please ensure that the
notmuch message index is adequately protected. DO NOT USE
- ``--try-decrypt=true`` without considering the security of
+ ``--decrypt=true`` without considering the security of
your index.
- See also ``index.try_decrypt`` in **notmuch-config(1)**.
+ See also ``index.decrypt`` in **notmuch-config(1)**.
EXIT STATUS
===========
``--quiet``
Do not print progress or results.
- ``--try-decrypt=(true|false)``
+ ``--decrypt=(true|false)``
If true, when encountering an encrypted message, try to
decrypt it while indexing. If decryption is successful, index
the cleartext itself. Be aware that the index is likely
sufficient to reconstruct the cleartext of the message itself,
so please ensure that the notmuch message index is adequately
- protected. DO NOT USE ``--try-decrypt=true`` without
+ protected. DO NOT USE ``--decrypt=true`` without
considering the security of your index.
- See also ``index.try_decrypt`` in **notmuch-config(1)**.
+ See also ``index.decrypt`` in **notmuch-config(1)**.
EXIT STATUS
===========
Supported options for **reindex** include
- ``--try-decrypt=(true|false)``
+ ``--decrypt=(true|false)``
If true, when encountering an encrypted message, try to
decrypt it while reindexing. If decryption is successful,
index the cleartext itself. Be aware that the index is likely
sufficient to reconstruct the cleartext of the message itself,
so please ensure that the notmuch message index is adequately
- protected. DO NOT USE ``--try-decrypt=true`` without
+ protected. DO NOT USE ``--decrypt=true`` without
considering the security of your index.
- See also ``index.try_decrypt`` in **notmuch-config(1)**.
+ See also ``index.decrypt`` in **notmuch-config(1)**.
SEE ALSO
========
properties will be set on the message as a whole.
If notmuch never tried to decrypt an encrypted message during
- indexing (which is the default, see ``index.try_decrypt`` in
+ indexing (which is the default, see ``index.decrypt`` in
**notmuch-config(1)**), then this property will not be set on that
message.
if (!ret)
return ret;
- char * try_decrypt;
- notmuch_status_t err = notmuch_database_get_config (db, "index.try_decrypt", &try_decrypt);
+ char * decrypt;
+ notmuch_status_t err = notmuch_database_get_config (db, "index.decrypt", &decrypt);
if (err)
return ret;
- if (try_decrypt &&
- ((!(strcasecmp(try_decrypt, "true"))) ||
- (!(strcasecmp(try_decrypt, "yes"))) ||
- (!(strcasecmp(try_decrypt, "1")))))
+ if (decrypt &&
+ ((!(strcasecmp(decrypt, "true"))) ||
+ (!(strcasecmp(decrypt, "yes"))) ||
+ (!(strcasecmp(decrypt, "1")))))
notmuch_indexopts_set_try_decrypt (ret, true);
- free (try_decrypt);
+ free (decrypt);
return ret;
}
_stored_in_db (const char *item)
{
const char * db_configs[] = {
- "index.try_decrypt",
+ "index.decrypt",
};
if (STRNCMP_LITERAL (item, "query.") == 0)
return true;
const notmuch_opt_desc_t notmuch_shared_indexing_options [] = {
{ .opt_bool = &indexing_cli_choices.try_decrypt,
.present = &indexing_cli_choices.try_decrypt_set,
- .name = "try-decrypt" },
+ .name = "decrypt" },
{ }
};
return NOTMUCH_STATUS_OUT_OF_MEMORY;
status = notmuch_indexopts_set_try_decrypt (indexing_cli_choices.opts, indexing_cli_choices.try_decrypt);
if (status != NOTMUCH_STATUS_SUCCESS) {
- fprintf (stderr, "Error: Failed to set try_decrypt to %s. (%s)\n",
+ fprintf (stderr, "Error: Failed to set index decryption policy to %s. (%s)\n",
indexing_cli_choices.try_decrypt ? "True" : "False", notmuch_status_to_string (status));
notmuch_indexopts_destroy (indexing_cli_choices.opts);
indexing_cli_choices.opts = NULL;
# create a test encrypted message that is indexed in the clear
test_begin_subtest 'emacs delivery of encrypted message'
test_expect_success \
-'emacs_fcc_message --try-decrypt=true \
+'emacs_fcc_message --decrypt=true \
"test encrypted message for cleartext index 002" \
"This is a test encrypted message with a wumpus.\n" \
"(mml-secure-message-encrypt)"'
# try reinserting it with decryption, should appear again, but now we
# have two copies of the message:
-test_begin_subtest "message cleartext is present after reinserting with --try-decrypt"
-notmuch insert --folder=sent --try-decrypt <<<"$contents"
+test_begin_subtest "message cleartext is present after reinserting with --decrypt"
+notmuch insert --folder=sent --decrypt <<<"$contents"
output=$(notmuch search wumpus)
expected='thread:0000000000000003 2000-01-01 [1/1(2)] Notmuch Test Suite; test encrypted message for cleartext index 002 (encrypted inbox unread)'
test_expect_equal \
# try inserting it with decryption, should appear as a single copy
# (note: i think thread id skips 4 because of duplicate message-id
# insertion, above)
-test_begin_subtest "message cleartext is present with insert --try-decrypt"
-notmuch insert --folder=sent --try-decrypt <<<"$contents"
+test_begin_subtest "message cleartext is present with insert --decrypt"
+notmuch insert --folder=sent --decrypt <<<"$contents"
output=$(notmuch search wumpus)
expected='thread:0000000000000005 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message for cleartext index 002 (encrypted inbox unread)'
test_expect_equal \
"$output" \
"$expected"
-# see if first message shows up after reindexing with --try-decrypt=true (same $expected, untouched):
+# see if first message shows up after reindexing with --decrypt=true (same $expected, untouched):
test_begin_subtest 'reindex old messages'
-test_expect_success 'notmuch reindex --try-decrypt=true tag:encrypted and not property:index.decryption=success'
+test_expect_success 'notmuch reindex --decrypt=true tag:encrypted and not property:index.decryption=success'
test_begin_subtest "reindexed encrypted message, including cleartext"
output=$(notmuch search wumpus)
test_expect_equal \
add_email_corpus crypto
test_begin_subtest "indexing message fails when secret key not available"
-notmuch reindex --try-decrypt id:simple-encrypted@crypto.notmuchmail.org
+notmuch reindex --decrypt id:simple-encrypted@crypto.notmuchmail.org
output=$(notmuch dump )
expected='#notmuch-dump batch-tag:3 config,properties,tags
+encrypted +inbox +unread -- id:simple-encrypted@crypto.notmuchmail.org
#notmuch-dump batch-tag:3 config,properties,tags
#= simple-encrypted@crypto.notmuchmail.org session-key=9%3AFC09987F5F927CC0CC0EE80A96E4C5BBF4A499818FB591207705DFDDD6112CF9
EOF
-notmuch reindex --try-decrypt id:simple-encrypted@crypto.notmuchmail.org
+notmuch reindex --decrypt id:simple-encrypted@crypto.notmuchmail.org
output=$(notmuch search sekrit)
expected='thread:0000000000000001 2016-12-22 [1/1] Daniel Kahn Gillmor; encrypted message (encrypted inbox unread)'
if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
# before sending, which is useful to doing things like attaching files
# to the message and encrypting/signing.
#
-# If any GNU-style long-arguments (like --quiet or --try-decrypt=true) are
+# If any GNU-style long-arguments (like --quiet or --decrypt=true) are
# at the head of the argument list, they are sent directly to "notmuch
# new" after message delivery
emacs_fcc_message ()
projects / notmuch / commitdiff