David Bremner [Sun, 12 May 2019 02:45:59 +0000 (20:45 -0600)]
test/emacs: revert invalid-from test to pre-86f89385 behaviour
To the best of my understanding, this original behaviour was what
Carl's homebrew parser produced. With commit 86f89385 Austin switched
to using GMime (2.6). This produced arguably worse results, but since
the input was bad, we could live with it. Now with GMime 3.0 we are
getting the original results again, and there is no reason to consider
this test broken.
configure: Ensure that GMime can extract session keys
GMime 3.0 and higher can extract session keys, but it will *not*
extract session keys if it was built with --disable-crypto, or if it
was built against GPGME version < 1.8.0.
Notmuch currently expects to be able to extract session keys, and
tests will fail if it is not possible, so we ensure that this is the
case during ./configure time.
Part of this feels awkward because notmuch doesn't directly depend on
gpg at all. Rather, it depends on GMime, and the current
implementation of GMime depends on GPGME for its crypto, and GPGME in
turn depends on gpg.
So the use of gpg in ./configure isn't actually introducing a new
dependency, though if a future version of GMime were ever to move away
from GnuPG, we might need to reconsider.
Note that this changeset depends on
id:20190506174327.13457-1-dkg@fifthhorseman.net , which supplies the
rfc822 message test/corpora/crypto/basic-encrypted.eml used in it.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
tests: fail and report when a parallel build fails (or times out)
When a parallel build fails (or when it times out, if timeout is
present), the test suite should not blithely succeed. Catch these
failures and at least report them.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
tests: make timeout configurable with NOTMUCH_TEST_TIMEOUT (default: 2m)
The current 2 minute timeout is reasonable, but to exercise the test
suite or induce timeout failures, we might want to make it shorter.
This makes it configurable so you can run (for example):
make check NOTMUCH_TEST_TIMEOUT=10s
We stick with the default of 2m.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
test: avoid unnecessary extraction of the test fingerprint
FINGERPRINT is already exported by add_gnupg_home, so this is
unnecessary. This change also happens to get rid of the superfluous
check-trustdb spew from the test suite that looked like this:
emacs: test notmuch-show during message decryption
We did not have a test showing what message decryption looks like
within notmuch-emacs. This change gives us a baseline for future work
on the notmuch-emacs interface.
This differs from previous revisions of this patch in that it should
be insensitive to the order in which the local filesystem readdir()s
the underlying maildir.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
If either the moreutils or GNU parallel utility are available, run all
tests in parallel. On my eight core machine this makes for a ~x7
speed-up in the full test suite (1m24s -> 12s).
The design of the test suite makes this parallelization trivial.
tests: remove entangling corpus index optimization
The add_email_corpus test utility includes logic that tries to re-use
an index of the corpus if available. This was seemingly done as an
optimization, so that every test that uses the corpus didn't have to
create it's own index of the corpus. However, this has the perverse
side effect of entangling tests together, and breaks parallelization.
Forcing each test to do it's own index does increase the overall time
of the test slightly (~6%), but this will be more than made up for in
the next patch that introduces paraellization.
test/crypto: add_gnupg_home should have ultimate trust on "its own" key
The typical use case for gpg is that if you control a secret key, you
mark it with "ultimate" ownertrust.
The opaque --import-ownertrust mechanism is GnuPG's standard mechanism
to set up ultimate ownertrust (the ":6:" means "ultimate", for
whatever reason).
We adjust the test suite to match this change, inverting the sense of
one test: since the default is now that the user ID of the suite's own
key is valid, we change the test to make sure that the user ID is not
emitted when it is *not* valid.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
The user ID on the self-test is a little bit clunky-looking. It also
may end up showing up elsewhere in the test suite. Centralizing the
user ID in one place should make it easier to handle if it ever
changes, and should make tests easier to read.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
test/crypto: clarify the difference between ownertrust and validity
This is a subtle difference, but the output of notmuch shouldn't ever
change based on ownertrust itself -- notmuch is intended to show valid
User IDs, and to avoid showing invalid User IDs.
It so happens that setting ownertrust of a key to ultimate sets all
associated user IDs to "full" validity, so the test is correct, but
just misnamed.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Apparently, message-default-charset is deprecated, which causes the
following warning messages during the build:
In notmuch-maildir-setup-message-for-saving:
emacs/notmuch-maildir-fcc.el:172:31:Warning: ‘message-default-charset’ is an
obsolete variable (as of 26.1); The default charset comes from the
language environment
In discussion with emacs upstream over on
https://debbugs.gnu.org/35370, it appears that we can just drop this
entirely and things should still work with emacs 25.
https://launchpad.net/~notmuch/+archive/ubuntu/notmuch/+packages
contains backports of gmime and gpgme and related cryptographic tools
to ubuntu xenial.
I tried to do a simple backport of gmime alone, and it failed due to
the older gpgme in xenial, so this setup resolves those problems.
This should allow us to continue to use the Travis continuous
integration build.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
David Bremner [Sat, 4 May 2019 22:29:08 +0000 (19:29 -0300)]
cli/show: avoid empty write to stdout in format_part_raw
Previously if the input was exactly a multiple of the internal buffer
size, notmuch would attempt to fwrite nothing to stdout, but still
expected fwrite to return 1, causing a failure that looked like this:
$ notmuch show --format=raw id:87o96f1cya.fsf@codeaurora.org
...entire message shown as expected..
Error: Write failed
$ echo $?
1
To fix the problem don't call fwrite at all when there's nothing to
write.
Amended by db: add some tests of message sizes likely to cause this
problem.
David Bremner [Sun, 24 Mar 2019 03:32:44 +0000 (00:32 -0300)]
cli/notmuch-show: support gzipped files
This drops "file" from mime_node_context and just uses a local
variable. It also uses the new gzip aware utility routines recently
added to util/gmime-extra.c. The use of gzopen / gzfile in addition is
a bit icky, but the choice is between that, and providing yet another
readline implimentation that understands GMime streams.
David Bremner [Sun, 24 Mar 2019 03:32:43 +0000 (00:32 -0300)]
lib/message_file: open gzipped files
Rather than storing the lower level stdio FILE object, we store a
GMime stream. This allows both transparent decompression, and passing
the stream into GMime for parsing. As a side effect, we can let GMime
close the underlying OS stream (indeed, that stream isn't visible here
anymore).
This change is enough to get notmuch-{new,search} working, but there is still
some work required for notmuch-show, to be done in a following commit.
gmime-cleanup: pass NULL as default GMimeParserOptions
This is a functional change, not a straight translation, because we
are no longer directly invoking g_mime_parser_options_get_default(),
but the GMime source has indicated that the options parameter for
g_mime_parser_construct_message() is "nullable" since upstream commit d0ebdd2ea3e6fa635a2a551c846e9bc8b6040353 (which itself precedes GMime
3.0).
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
gmime-cleanup: pass NULL arguments explicitly where GMime 3.0 expects it
Several GMime 2.6 functions sprouted a change in the argument order in
GMime 3.0. We had a compatibility layer here to be able to handle
compiling against both GMime 2.6 and 3.0. Now that we're using 3.0
only, rip out the compatibility layer for those functions with changed
argument lists, and explicitly use the 3.0 argument lists.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
gmime-cleanup: drop unused gmime #defines and simplify g_mime_init ()
Several of these #defines were not actually used in the notmuch
codebase any longer. And as of GMime 3.0, g_mime_init takes no
arguments, so we can also drop the bogus RFC2047 argument that we were
passing and then #defining away.
signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
gmime-cleanup: tests should only care about gmime 3
note that "notmuch-show for message with invalid From" is still broken
in T310-emacs.sh. It would be good to debug what's going on there and
try to get it fixed!
signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
gmime-cleanup: remove obsolete gpg_path configuration option and crypto contexts
Note that we do keep ignoring the gpg_path configuration option,
though, to avoid breakage of existing installations. It is ignored
like any other unknown configuration option, but we at least document
that it is ignored so that people who find it in their legacy configs
can know that it's safe to drop.
signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
emacs: Make first documentation line distinct for "a" and "x" commands.
Since only the first line of the documentation is shown by the
help command, it is confusing when "x" and "a" seem to have the same
binding in show-mode. This commit makes the two function documentations
first lines different and (hopefully) clearer.
crypto: Avoid pretending to verify signatures on unsigned encrypted mail
Unsigned encrypted mail shows up with a weird empty signature list.
If we successfully decrypted and there was no signature in it, we
should just not show a sigstatus at all.
The documentation for g_mime_decrypt_result_get_signatures says:
a GMimeSignatureList or NULL if the stream was not signed.
tests: move FINGERPRINT definition to add_gnupg_home
If a test has added a GnuPG homedir, it may well want to know the
fingerprint. This saves us from having to redefine this magic string
in multiple places when more tests eventually use the GnuPG homedir.
David Bremner [Tue, 16 Apr 2019 01:46:15 +0000 (22:46 -0300)]
CLI/reindex: fix memory leak
Since message is owned by messages, it was held for the entire run of
the program. This in turn means that the Xapian::Document objects are
not freed, and thus one ends up with (effectively) a copy of one's
entire mailstore in memory when running
notmuch reindex '*'
Thanks to Olly Betts for the patient help debugging, and the
suggestion of a fix.
The new `body:` field (in Xapian terms) or prefix (in slightly
sloppier notmuch) terms allows matching terms that occur only in the
body.
Unprefixed query terms should continue to match anywhere (header or
body) in the message.
This follows a suggestion of Olly Betts to use the facility (since
Xapian 1.0.4) to add the same field with multiple prefixes. The double
indexing of previous versions is thus replaced with a query time
expension of unprefixed query terms to the various prefixed
equivalent.
Reindexing will be needed for 'body:' searches to work correctly;
otherwise they will also match messages where the term occur in
headers (demonstrated by the new tests in T530-upgrade.sh)
Add test of forwarding messages from within emacs.
The first test checks that a references header is properly
added to the new message. The second test checks that the
send-hook of the forwarding message adds a forwarded-tag
to the original message.
emacs: Use a buffer-local variable to update tags when sending replies
Instead of relying on the "In-Reply-To" header, use a buffer-local variable,
notmuch-message-queued-tag-changes, to add and remove tags to affected
messages when the message-send-hook is triggered.
emacs: Add References header to forwarded messages
Include the message-id of forwarded messages in the new message.
This ensures that the new (forwarding) message is linked to the
same thread as the message being forwarded.
David Bremner [Mon, 1 Apr 2019 10:31:51 +0000 (07:31 -0300)]
performance-tests: tests for renamed/copied files in notmuch new
Several people have observed that this is surprisingly slow, and we
have a proposal to add tagging into this code path, so we want to make
sure it doesn't imply too much of a performance hit.
Yang Sheng [Sun, 3 Mar 2019 04:35:33 +0000 (23:35 -0500)]
Fix notmuch-describe-key
Fix notmuch-describe-key crashing for the following two cases
1. format-kbd-macro cannot deal with keys like [(32 . 126)], switch to
use key-description instead.
2. if a function in the current keymap is not bounded, it will crash
the whole process. We check if it is bounded and silently skip it to
avoid crashing.
David Bremner [Sun, 30 Sep 2018 16:27:54 +0000 (13:27 -0300)]
test: add two known broken tests searching for xapian keywords
Thanks to plujon for pointing out this problem on IRC. The underlying
issue is that the quotes are stripped before the field processors get
the query string, and the heuristic for putting them back is not quite
right.
David Edmondson [Thu, 8 Nov 2018 10:45:08 +0000 (10:45 +0000)]
emacs: Easy access to URLs mentioned in the current message
Add a new binding when looking at messages, B, that prompts with a
list of URLs found in the current message, if any. Open the one that
is selected in a browser.
This is just a semantic cleanup -- we have multiple files that are
OpenPGP signatures. And while we're probably making signatures with
GnuPG, they can be verified with any OpenPGP implementation, so "GPG_"
is arguably both not specific enough, and overly-specific.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Distribute clearsigned sha256sum file in addition to the detached
signature.
Verifies that use the sha256sum ensure that the thing signed includes
the name of the tarball. This defends the verifier by default against
a freeze, rollback, or project substitution attack.
A verifier can use something like the following (as expressed in
bash):
David Bremner [Wed, 13 Feb 2019 02:17:03 +0000 (22:17 -0400)]
build: sign tarball instead of sha256sum
Adam Majer pointed out in [1] the way were signing releases was
unusual. Neither Carl nor I could think of a good reason for
explicitely signing the checksum (internally of course that's what GPG
is going anyway).
David Bremner [Sat, 2 Mar 2019 20:26:06 +0000 (16:26 -0400)]
util: make remaining headers includable from C++
libnotmuch_util.a is supposed to be usable from the library and the
CLI, but much the library is compiled as C++. Add in appropriate
wrapping to prevent symbol mangling. These wrappers already existed in
string-util.h; it seems better to be consistent.
Luis Ressel [Mon, 11 Mar 2019 17:14:49 +0000 (18:14 +0100)]
Prepend regerror() messages with "regexp error: "
The exact error messages returned by regerror() aren't standardized;
relying on them isn't portable. Thus, add a a prefix to make clear that
the subsequent message is a regexp parsing error, and only look for this
prefix in the test suite, ignoring the rest of the message.
Luis Ressel [Mon, 11 Mar 2019 17:14:48 +0000 (18:14 +0100)]
test/T030-config: Separate stdout and stderr output
POSIX doesn't specify the flushing behaviour of the STDOUT stream, so
it's invalid to assume a particular order between the stdout and stderr
output. The current test breaks on musl due to this.
David Bremner [Sun, 3 Mar 2019 03:30:59 +0000 (23:30 -0400)]
doc: sequentialize calls to sphinx-build
In certain conditions the parallel calls to sphinx-build could
collide, yielding a crash like
Exception occurred:
File "/usr/lib/python3/dist-packages/sphinx/environment.py", line 1261, in get_doctree
doctree = pickle.load(f)
EOFError: Ran out of input