]> git.notmuchmail.org Git - notmuch/log
notmuch
4 years agomention python 2 changes
David Bremner [Wed, 27 Nov 2019 12:11:53 +0000 (08:11 -0400)]
mention python 2 changes

4 years agoversion: bump to 0.29.3
David Bremner [Wed, 27 Nov 2019 12:06:59 +0000 (08:06 -0400)]
version: bump to 0.29.3

4 years agoNEWS for 0.29.3
David Bremner [Wed, 27 Nov 2019 12:06:15 +0000 (08:06 -0400)]
NEWS for 0.29.3

4 years agonotmuch-dump.c: Fix output file being closed twice
Ralph Seichter [Tue, 23 Jul 2019 20:48:23 +0000 (22:48 +0200)]
notmuch-dump.c: Fix output file being closed twice

Fixed: If the output file for a dump was non-writeable, gzclose_w()
was called twice on the output file handle, resulting in SIGABRT.

(cherry picked from commit 17806ecc955ce0375146ea1df51eae061a72bef8)

4 years agolib: fix memory error in notmuch_config_list_value
David Bremner [Mon, 25 Nov 2019 02:31:34 +0000 (22:31 -0400)]
lib: fix memory error in notmuch_config_list_value

The documentation for notmuch_config_list_key warns that that the
returned value will be destroyed by the next call to
notmuch_config_list_key, but it neglected to mention that calling
notmuch_config_list_value would also destroy it (by calling
notmuch_config_list_key). This is surprising, and caused a use after
free bug in _setup_user_query_fields (first noticed by an OpenBSD
porter, so kudos to the OpenBSD malloc implementation).  This change
fixes that use-after-free bug.

5 years agodebian upload 0.29.2-2: goodbye python2 support archive/debian/0.29.2-2 debian/0.29.2-2
David Bremner [Sat, 2 Nov 2019 20:33:20 +0000 (17:33 -0300)]
debian upload 0.29.2-2: goodbye python2 support

Convert to pybuild while we are at it.

5 years agoupdate NEWS for 0.29.2 0.29.2 archive/debian/0.29.2-1 debian/0.29.2-1
David Bremner [Sat, 19 Oct 2019 10:37:37 +0000 (07:37 -0300)]
update NEWS for 0.29.2

5 years agoChangelog stanza for 0.29.2-1
David Bremner [Sat, 19 Oct 2019 10:24:08 +0000 (07:24 -0300)]
Changelog stanza for 0.29.2-1

5 years agobump version
David Bremner [Sat, 19 Oct 2019 10:21:53 +0000 (07:21 -0300)]
bump version

5 years agoutil: whitespace cleanup for 4c5b17b1
David Bremner [Sun, 13 Oct 2019 12:18:24 +0000 (09:18 -0300)]
util: whitespace cleanup for 4c5b17b1

Oops. This should make the merge back to master smoother.

5 years agoutil: unreference objects referenced by the returned stream obj
David Bremner [Sun, 22 Sep 2019 22:44:01 +0000 (19:44 -0300)]
util: unreference objects referenced by the returned stream obj

We want freeing the returned stream to also free these underlying
objects. Compare tests/test-filters.c in the gmime 3.2.x source, which
uses this same idiom.

Thanks to James Troup for the report and the fix.

5 years agotest: known broken test file descriptor leak in gzip file open
David Bremner [Sun, 22 Sep 2019 22:44:00 +0000 (19:44 -0300)]
test: known broken test file descriptor leak in gzip file open

James Troup reported this bug in id:87pnjsf9q5.fsf@canonical.com

5 years agoremove stray ` from NEWS
David Bremner [Tue, 24 Sep 2019 00:34:07 +0000 (21:34 -0300)]
remove stray ` from NEWS

5 years agoMerge branch 'debian/unstable' into release
David Bremner [Sun, 21 Jul 2019 19:06:41 +0000 (16:06 -0300)]
Merge branch 'debian/unstable' into release

5 years agodebian: Changelog for re-upload to unstable debian/unstable archive/debian/0.29.1-2 debian/0.29.1-2
David Bremner [Sun, 21 Jul 2019 14:49:38 +0000 (11:49 -0300)]
debian: Changelog for re-upload to unstable

5 years agoconfigure: fix mktemp call for macOS
Ralph Seichter [Sun, 16 Jun 2019 15:18:47 +0000 (17:18 +0200)]
configure: fix mktemp call for macOS

Add missing template to mktemp, as required by macOS / OS X.

Signed-off-by: Ralph Seichter <abbot@monksofcool.net>
5 years agodebian: changelog for 0.29.1-1 0.29.1 archive/debian/0.29.1-1 debian/0.29.1-1
David Bremner [Tue, 11 Jun 2019 23:16:48 +0000 (20:16 -0300)]
debian: changelog for 0.29.1-1

5 years agoNEWS: news for 0.29.1
David Bremner [Tue, 11 Jun 2019 23:15:04 +0000 (20:15 -0300)]
NEWS: news for 0.29.1

5 years agoversion: bump to 0.29.1
David Bremner [Tue, 11 Jun 2019 23:11:45 +0000 (20:11 -0300)]
version: bump to 0.29.1

5 years agodoc: Don't install emacs docs when they are not built
David Bremner [Mon, 10 Jun 2019 10:11:50 +0000 (07:11 -0300)]
doc: Don't install emacs docs when they are not built

In 40b025 we stopped building the notmuch-emacs documentation if
HAVE_EMACS=0 (i.e. no emacs was detected by configure). Unfortunately
we continued to try to install the (non-existent) documentation, which
causes build/install failures.

As a bonus, we also avoid installing the documentation if the user
configures --without-emacs.

Thanks to Ralph Seichter for reporting the problem, and testing
previous versions of this fix.

5 years agodoc: don't build notmuch-emacs.info for configure --without-emacs
David Bremner [Tue, 11 Jun 2019 00:06:57 +0000 (21:06 -0300)]
doc: don't build notmuch-emacs.info for configure --without-emacs

Since the docstrings are not built in the case of --without-emacs,
even if emacs is detected, don't let sphinx build the emacs docs. This
avoids a large number of error messages due to missing includes. It's
actually a bit surprising sphinx doesn't generate an error for the
missing include files.

5 years agodebian: fix desktop install archive/debian/0.29-2 debian/0.29-2
David Bremner [Fri, 7 Jun 2019 10:06:22 +0000 (07:06 -0300)]
debian: fix desktop install

Previous version expected full upstream install to be run, and also
caused lintian whine about the the desktop file being in a different
package than the script. I'm not sure they shouldn't both be in
elpa-notmuch, but I can see how they should be together.

5 years agodebian: install desktop file 0.29 debian/0.29-1
David Bremner [Fri, 7 Jun 2019 00:35:28 +0000 (21:35 -0300)]
debian: install desktop file

5 years agoNEWS: set release date for 0.29
David Bremner [Fri, 7 Jun 2019 00:29:45 +0000 (21:29 -0300)]
NEWS: set release date for 0.29

5 years agoversion: bump to 0.29
David Bremner [Fri, 7 Jun 2019 00:27:35 +0000 (21:27 -0300)]
version: bump to 0.29

5 years agodebian: start changelog for 0.29-1
David Bremner [Fri, 7 Jun 2019 00:23:29 +0000 (21:23 -0300)]
debian: start changelog for 0.29-1

5 years agodebian: install logo
David Bremner [Fri, 7 Jun 2019 00:14:48 +0000 (21:14 -0300)]
debian: install logo

Thanks to Tim Retout for the patch

5 years agoNEWS: add Emacs front end changes by various people.
David Bremner [Wed, 5 Jun 2019 23:46:01 +0000 (20:46 -0300)]
NEWS: add Emacs front end changes by various people.

These are most of the remaining emacs related chagnes.

5 years agoNEWS: add a note about protected headers
Daniel Kahn Gillmor [Wed, 29 May 2019 19:13:21 +0000 (15:13 -0400)]
NEWS: add a note about protected headers

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agodebian: changelog for 0.29~rc1-1 0.29_rc1 archive/debian/0.29_rc1-1 debian/0.29_rc1-1
David Bremner [Mon, 3 Jun 2019 11:10:19 +0000 (08:10 -0300)]
debian: changelog for 0.29~rc1-1

5 years agoversion: bump to 0.29~rc1
David Bremner [Mon, 3 Jun 2019 11:08:00 +0000 (08:08 -0300)]
version: bump to 0.29~rc1

5 years agodoc: use separate doctrees for distinct builders
David Bremner [Sat, 1 Jun 2019 02:24:52 +0000 (23:24 -0300)]
doc: use separate doctrees for distinct builders

It seems our previous attempt with order-only targets was not
sufficient to avoid problems with sphinx-builds doctree cache [0].
Looking around at other people's approaches [1], using separate
doctrees was suggested. I guess there might be a slight loss of
efficiency, but it seems more robust.

[0]: build failures were first noticed in Debian experimental, but I was able to duplicate it in
     my usual build environment about 1 in 8 builds.

[1]: in particular
     https://salsa.debian.org/mpd-team/mpc/commit/9e3fc1657d043d75755993846c93f7700b97f907

5 years agodebian: changelog for 0.29~rc0-1 0.29_rc0 archive/debian/0.29_rc0-1 debian/0.29_rc0-1
David Bremner [Fri, 31 May 2019 11:16:34 +0000 (08:16 -0300)]
debian: changelog for 0.29~rc0-1

5 years agoversion: bump to 0.29~rc0
David Bremner [Fri, 31 May 2019 11:11:12 +0000 (08:11 -0300)]
version: bump to 0.29~rc0

5 years agomime-node: be clearer about decryption
Daniel Kahn Gillmor [Fri, 31 May 2019 01:18:53 +0000 (21:18 -0400)]
mime-node: be clearer about decryption

Part 0 of a multipart/encrypted object is
GMIME_MULTIPART_ENCRYPTED_VERSION; part 1 is
GMIME_MULTIPART_ENCRYPTED_CONTENT.  Using the name for what we want
describes our intent more clearly than using a magic number in the
code.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agotest: update test description.
David Bremner [Wed, 29 May 2019 11:40:02 +0000 (08:40 -0300)]
test: update test description.

I missed this fix in dkg's revisions.

5 years agocli/reply: pull proposed subject line from the message, not the index
Daniel Kahn Gillmor [Sun, 26 May 2019 22:16:10 +0000 (18:16 -0400)]
cli/reply: pull proposed subject line from the message, not the index

Protected subject lines were being emitted in reply when the cleartext
of documents was indexed.  create_reply_message() was pulling the
subject line from the index, rather than pulling it from the
GMimeMessage object that it already has on hand.

This one-line fix to notmuch-reply.c solves that problem, and doesn't
cause any additional tests to fail.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agotest: reply (in cli and emacs) should protect indexed sensitive headers
Daniel Kahn Gillmor [Sun, 26 May 2019 22:16:09 +0000 (18:16 -0400)]
test: reply (in cli and emacs) should protect indexed sensitive headers

These tests are currently broken!  When a protected subject is indexed
in the clear, it leaks in the reply headers :(

For emacs, we set up separate tests for when the protected header is
indexed in the clear and when it is unindexed.  neither case should
leak, but the former wasn't tested yet.

We will fix the two broken tests in a subsequent patch.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agotest: emacs/show: ensure that protected headers appear as expected
Daniel Kahn Gillmor [Sun, 26 May 2019 22:16:08 +0000 (18:16 -0400)]
test: emacs/show: ensure that protected headers appear as expected

This tests notmuch-show; headers appear appropriately based on the
setting of notmuch-crypto-process-mime.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agotest: ensure that protected headers appear in notmuch-emacs search as expected
Daniel Kahn Gillmor [Sun, 26 May 2019 22:16:07 +0000 (18:16 -0400)]
test: ensure that protected headers appear in notmuch-emacs search as expected

We initially test only notmuch-search; tests for other functionality
come in different patchsets later.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agotest: try indexing nested messages and protected headers
Daniel Kahn Gillmor [Sun, 26 May 2019 22:16:06 +0000 (18:16 -0400)]
test: try indexing nested messages and protected headers

We want to make sure that internally-forwarded messages don't end up
"bubbling up" when they aren't actually the cryptographic payload.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agotest: after reindexing, only legitimate protected subjects are searchable
Daniel Kahn Gillmor [Sun, 26 May 2019 22:16:05 +0000 (18:16 -0400)]
test: after reindexing, only legitimate protected subjects are searchable

This test scans for all the possible protected headers (including
bogus/broken ones) that are present in the protected-headers corpus,
trying to make sure that only the ones that are not broken or
malformed show up in a search after re-indexing.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agotest: protected headers should work when both encrypted and signed.
Daniel Kahn Gillmor [Sun, 26 May 2019 22:16:04 +0000 (18:16 -0400)]
test: protected headers should work when both encrypted and signed.

Up to this point, we've tested protected headers on messages that have
either been encrypted or signed, but not both.

This adds a couple tests of signed+encrypted messages, one where the
subject line is masked (outside subject line is "Subject Unavailable")
and another where it is not (outside Subject: matches inner Subject:)

See the discussion at
https://dkg.fifthhorseman.net/blog/e-mail-cryptography.html#protected-headers
for more details about the nuances between signed, stripped, and
stubbed headers.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agoindexing: record protected subject when indexing cleartext
Daniel Kahn Gillmor [Mon, 27 May 2019 22:40:28 +0000 (18:40 -0400)]
indexing: record protected subject when indexing cleartext

When indexing the cleartext of an encrypted message, record any
protected subject in the database, which should make it findable and
visible in search.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agocli/reply: ensure encrypted Subject: line does not leak in the clear
Daniel Kahn Gillmor [Sun, 26 May 2019 22:16:02 +0000 (18:16 -0400)]
cli/reply: ensure encrypted Subject: line does not leak in the clear

Now that we can decrypt headers, we want to make sure that clients
using "notmuch reply" to prepare a reply don't leak cleartext in their
subject lines.  In particular, the ["reply-headers"]["Subject"] should
by default show the external Subject.

A replying MUA that intends to protect the Subject line should show
the user the Subject from ["original"]["headers"]["Subject"] instead
of using ["reply-headers"]["Subject"].

This minor asymmetry with "notmuch show" is intentional.  While both
tools always render the cleartext subject line when they know it (in
["headers"]["Subject"] for "notmuch show" and in
["original"]["headers"]["Subject"] for "notmuch reply"), "notmuch
reply" should never leak something that should stay under encrypted
cover in "reply-headers".

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agotest: show cryptographic envelope information for signed mails
Daniel Kahn Gillmor [Sun, 26 May 2019 22:16:01 +0000 (18:16 -0400)]
test: show cryptographic envelope information for signed mails

Make sure that we emit the correct cryptographic envelope status for
cleartext signed messages.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agotest: add test for missing external subject
Daniel Kahn Gillmor [Sun, 26 May 2019 22:16:00 +0000 (18:16 -0400)]
test: add test for missing external subject

Adding another test to ensure that we handle protected headers
gracefully when no external subject is present.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agocli/show: add information about which headers were protected
Daniel Kahn Gillmor [Mon, 27 May 2019 22:14:16 +0000 (18:14 -0400)]
cli/show: add information about which headers were protected

The header-mask member of the per-message crypto object allows a
clever UI frontend to mark whether a header was protected (or not).
And if it was protected, it contains enough information to show useful
detail to an interested user.  For example, an MUA could offer a "show
what this message's Subject looked like on the wire" feature in expert
mode.

As before, we only handle Subject for now, but we might be able to
handle other headers in the future.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Amended by db: tweaked schemata notation.

5 years agocli/show: emit payload subject instead of outside subject
Daniel Kahn Gillmor [Sun, 26 May 2019 22:15:58 +0000 (18:15 -0400)]
cli/show: emit payload subject instead of outside subject

Correctly fix the two outstanding tests so that the protected (hidden)
subject is properly reported.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agocli/show: add tests for viewing protected headers
Daniel Kahn Gillmor [Sun, 26 May 2019 22:15:57 +0000 (18:15 -0400)]
cli/show: add tests for viewing protected headers

Here we add several variant e-mail messages, some of which have
correctly-structured protected headers, and some of which do not.  The
goal of the tests is to ensure that the right protected subjects get
reported.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agotest: new test framework to compare json parts
Jameson Graef Rollins [Mon, 27 May 2019 18:35:10 +0000 (18:35 +0000)]
test: new test framework to compare json parts

This makes it easier to write fairly compact, readable tests of json
output, without needing to sanitize away parts that we don't care
about.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agoutil/crypto: add information about the payload part
Daniel Kahn Gillmor [Sun, 26 May 2019 22:15:55 +0000 (18:15 -0400)]
util/crypto: add information about the payload part

When walking the MIME tree, if we discover that we are at the
cryptographic payload, then we would like to record at least the
Subject header of the current MIME part.

In the future, we might want to record many other headers as well, but
for now we will stick with just the Subject.

See
https://dkg.fifthhorseman.net/blog/e-mail-cryptography.html#cryptographic-envelope
for more description of the Cryptographic Payload vs. the
Cryptographic Envelope.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agocli/show: emit headers after emitting body
Daniel Kahn Gillmor [Sun, 26 May 2019 22:15:54 +0000 (18:15 -0400)]
cli/show: emit headers after emitting body

This paves the way for emitting protected headers after verification
and decryption, because it means that the headers will only be emitted
after the body has been parsed.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agoNEWS: note parallel test suite
Daniel Kahn Gillmor [Mon, 27 May 2019 23:08:18 +0000 (19:08 -0400)]
NEWS: note parallel test suite

5 years agoNEWS: include information about per-message cryptographic status
Daniel Kahn Gillmor [Mon, 27 May 2019 23:08:17 +0000 (19:08 -0400)]
NEWS: include information about per-message cryptographic status

5 years agoNEWS: News for my changes for 0.29
David Bremner [Mon, 27 May 2019 10:46:55 +0000 (07:46 -0300)]
NEWS: News for my changes for 0.29

These could be expanded in future commits.

5 years agotest: report summary even when aborting
Daniel Kahn Gillmor [Sun, 26 May 2019 15:03:13 +0000 (11:03 -0400)]
test: report summary even when aborting

In certain cases of test suite failure, the summary report was not
being printed.  In particular, any failure on the parallel test suite,
and any aborted test in the serialized test suite would end up hiding
the summary.

It's better to always show the summary where we can (while preserving
the return code).  If we do abort due to this high-level failure,
though, we should also announce to the user that we're doing so as
close to the end of the process as possible, to make it easier to find
the problem.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agoNEWS: The minimum supported major version of Emacs is now 24.
Tomi Ollila [Sun, 26 May 2019 13:49:48 +0000 (16:49 +0300)]
NEWS: The minimum supported major version of Emacs is now 24.

5 years agocli/show: emit new whole-message crypto status output
Daniel Kahn Gillmor [Sat, 25 May 2019 18:04:06 +0000 (14:04 -0400)]
cli/show: emit new whole-message crypto status output

This allows MUAs that don't want to think about per-mime-part
cryptographic status to have a simple high-level overview of the
message's cryptographic state.

Sensibly structured encrypted and/or signed messages will work fine
with this.  The only requirement for the simplest encryption + signing
is that the message have all of its encryption and signing protection
(the "cryptographic envelope") in a contiguous set of MIME layers at
the very outside of the message itself.

This is because messages with some subparts signed or encrypted, but
with other subparts with no cryptographic protection is very difficult
to reason about, and even harder for the user to make sense of or work
with.

For further characterization of the Cryptographic Envelope and some of
the usability tradeoffs, see here:

   https://dkg.fifthhorseman.net/blog/e-mail-cryptography.html#cryptographic-envelope

5 years agomime-node: track whole-message crypto state while walking the tree
Daniel Kahn Gillmor [Sat, 25 May 2019 18:04:05 +0000 (14:04 -0400)]
mime-node: track whole-message crypto state while walking the tree

Deliberately populate the message's cryptographic status while walking
the MIME tree from the CLI.

Note that the additional numchild argument added to _mime_node_create
is a passthrough needed to be able to adequately populate the crypto
state object.

5 years agocli: expose message-wide crypto status from mime-node
Daniel Kahn Gillmor [Sat, 25 May 2019 18:04:04 +0000 (14:04 -0400)]
cli: expose message-wide crypto status from mime-node

The mime node context (a per-message context) gains a cryptographic
status object, and the mime_node_t object itself can return a view on
that status to an interested party.

The status is not yet populated, and for now we can keep that view
read-only, so that it can only be populated/modified during MIME tree
traversal.

5 years agoutil/crypto: _notmuch_message_crypto: tracks message-wide crypto state
Daniel Kahn Gillmor [Sat, 25 May 2019 18:04:03 +0000 (14:04 -0400)]
util/crypto: _notmuch_message_crypto: tracks message-wide crypto state

E-mail encryption and signatures reported by notmuch are at the MIME
part level.  This makes sense in the dirty details, but for users we
need to have a per-message conception of the cryptographic state of
the e-mail.  (see
https://dkg.fifthhorseman.net/blog/e-mail-cryptography.html for more
discussion of why this is important).

The object created in this patch is a useful for tracking the
cryptographic state of the underlying message as a whole, based on a
depth-first search of the message's MIME structure.

This object stores a signature list of the message, but we don't
handle it yet.  Further patches in this series will make use of the
signature list.

5 years agoemacs: Drop content-free "Unknown signature status" button
Daniel Kahn Gillmor [Mon, 22 Apr 2019 17:18:14 +0000 (13:18 -0400)]
emacs: Drop content-free "Unknown signature status" button

When we have not been able to evaluate the signature status of a given
MIME part, showing a content-free (and interaction-free) "[ Unknown
signature status ]" button doesn't really help the user at all, and
takes up valuable screen real-estate.

A visual reminder that a given message is *not* signed isn't helpful
unless it is always present, in which case we'd want to see "[ Unknown
signature status ]" buttons on all messages, even ones that don't have
a signing structure, but i don't think we want that.

Amended by db to drop the unused initialization of 'label'

5 years agotest: allow disabling timeout with NOTMUCH_TEST_TIMEOUT=0
Daniel Kahn Gillmor [Mon, 20 May 2019 23:25:35 +0000 (19:25 -0400)]
test: allow disabling timeout with NOTMUCH_TEST_TIMEOUT=0

To aid in diagnosing test suite tooling that interacts poorly with
coreutils' timeout, it's handy to be able to bypass it entirely.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agodoc: document user header indexing.
David Bremner [Mon, 18 Feb 2019 13:08:48 +0000 (09:08 -0400)]
doc: document user header indexing.

It's a bit odd that the primary documentation is in notmuch-config,
but it is consistent with the "query:" prefix.

5 years agolib/database: index user headers.
David Bremner [Tue, 26 Feb 2019 02:10:29 +0000 (22:10 -0400)]
lib/database: index user headers.

This essentially involves calling _notmuch_message_gen_terms once for
each user defined header.

5 years agolib: support user prefix names in term generation
David Bremner [Tue, 26 Feb 2019 01:57:40 +0000 (21:57 -0400)]
lib: support user prefix names in term generation

This should not change the indexing process yet as nothing calls
_notmuch_message_gen_terms with a user prefix name. On the other hand,
it should not break anything either.

_notmuch_database_prefix does a linear walk of the list of (built-in)
prefixes, followed by a logarithmic time search of the list of user
prefixes. The latter is probably not really noticable.

5 years agolib: cache user prefixes in database object
David Bremner [Sat, 17 Nov 2018 14:09:00 +0000 (10:09 -0400)]
lib: cache user prefixes in database object

This will be used to avoid needing a database access to resolve a db
prefix from the corresponding UI prefix (e.g. when indexing). Arguably
the setup of the separate header map does not belong here, since it is
about indexing rather than querying, but we currently don't have any
other indexing setup to do.

5 years agolib: setup user headers in query parser
David Bremner [Sat, 17 Nov 2018 14:08:59 +0000 (10:08 -0400)]
lib: setup user headers in query parser

These tests will need to be updated if the Xapian
query print/debug format changes.

5 years agocli/config: check syntax of user configured field names
David Bremner [Wed, 27 Mar 2019 10:13:31 +0000 (07:13 -0300)]
cli/config: check syntax of user configured field names

These restrictions are meant to prevent incompatibilities with the
Xapian query parser (which will split at non-word characters) and
clashes with future notmuch builtin fields.

5 years agocli/config: support user header index config
David Bremner [Sat, 17 Nov 2018 14:08:58 +0000 (10:08 -0400)]
cli/config: support user header index config

We don't do anything with this configuration information information
yet, but nonetheless add a couple of regression tests to make sure we
don't break standard functionality when we do use the configuration
information.

5 years agocli/config: refactor _stored_in_db
David Bremner [Sat, 17 Nov 2018 14:08:57 +0000 (10:08 -0400)]
cli/config: refactor _stored_in_db

This will make it easier to add other prefixes that are stored in the
database, compared to special casing each one as "query." was. This
commit also adds the ability to validate keys with a given
prefix. This ability will be used in a future commit.

5 years agoutil: add unicode_word_utf8
David Bremner [Tue, 26 Mar 2019 02:07:24 +0000 (23:07 -0300)]
util: add unicode_word_utf8

This originally use Xapian::Unicode::is_wordchar, but that forces
clients to link directly to libxapian, which seems like it might be
busywork if nothing else.

5 years agoemacs: make notmuch-search-interactive-region obsolete
Leo Vivier [Mon, 20 May 2019 12:21:13 +0000 (14:21 +0200)]
emacs: make notmuch-search-interactive-region obsolete

`notmuch-search-interactive-region' was moved to notmuch-lib.el in
f3cba19f882471a396a6b6175a709ccd1f6f34a0 and renamed to
`notmuch-interactive-region' without making the old function
obsolete, thereby breaking user-commands which made use of it.

This commit marks the function as obsolete and makes it an alias for
the new function.

5 years agon_m_remove_indexed_terms: reduce number of Xapian API calls.
David Bremner [Tue, 16 Apr 2019 01:46:16 +0000 (22:46 -0300)]
n_m_remove_indexed_terms: reduce number of Xapian API calls.

Previously this functioned scanned every term attached to a given
Xapian document. It turns out we know how to read only the terms we
need to preserve (and we might have already done so). This commit
replaces many calls to Xapian::Document::remove_term with one call to
::clear_terms, and a (typically much smaller) number of calls to
::add_term. Roughly speaking this is based on the assumption that most
messages have more text than they have tags.

According to the performance test suite, this yields a roughly 40%
speedup on "notmuch reindex '*'"

5 years agotest-lib.sh: colors to test output when parallel(1) is run on tty
Tomi Ollila [Wed, 8 May 2019 18:51:47 +0000 (21:51 +0300)]
test-lib.sh: colors to test output when parallel(1) is run on tty

Done via $COLORS_WITHOUT_TTY environment variable as passing options
to commands through parallel(1) does not look trivial.

Reorganized color checking in test-lib.sh a bit for this (perhaps
were not fully necessary but rest still an improvement):

  - color checking commands in subshell are not run before arg parsing
    (args may disable colors with --no-color)

  - [ -t 1 ] is checked before forking subshell

5 years agotest-lib.sh: "tidied" emacs_deliver_message ()
Tomi Ollila [Thu, 16 May 2019 20:43:51 +0000 (23:43 +0300)]
test-lib.sh: "tidied" emacs_deliver_message ()

Added initialization and checking of smtp_dummy_port
like it was done with smtp_dummy_pid.

Made those function-local variables.

One 8 spaces to tab consistency conversion.

And last, but definitely not least; while doing above
noticed that there were quite a few double-quoted strings
where $@ was in the middle of it -- replaced those with $*
for robustness ("...$@..." expands params to separate words,
"...$*..." params expands to single word).

5 years agotest: redirect STDIN from /dev/null
Tomi Ollila [Tue, 21 May 2019 20:17:02 +0000 (23:17 +0300)]
test: redirect STDIN from /dev/null

Without this stdin may be anything that parent process provided for it.

Test processes might have tried to read something from it, which would
have caused undeterministic behavior.

E.g. gdb(1) tries to do tty related ioctls on fd 0 (and fd 1 and fd 2,
but those are redirected to 'test.output' before test runs).

5 years agoconfigure: make _check_session_keys work with an as-needed linker
Daniel Kahn Gillmor [Mon, 20 May 2019 20:52:01 +0000 (16:52 -0400)]
configure: make _check_session_keys work with an as-needed linker

When using a promiscuous linker, _check_session_keys was working fine.

But some OSes (including some versions of Ubuntu) have set their
linker to always link in "--as-needed" mode, which means that the
order of the objects linked is relevant.  If a library is loaded
before it is needed, that library will no longer be linked in the
final outcome.  _check_session_keys.c was failing on those systems.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agoconfigure: handle TEMP_GPG more robustly
Daniel Kahn Gillmor [Mon, 20 May 2019 20:52:00 +0000 (16:52 -0400)]
configure: handle TEMP_GPG more robustly

We never want ./configure to try to do something with an unassigned
variable.  So, make the directory $TEMP_GPG at the start of the
testing of session-key handling, and clean it up afterwards as long as
the directory exists.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agoconfigure: better error handling on session key check.
Daniel Kahn Gillmor [Mon, 20 May 2019 20:51:59 +0000 (16:51 -0400)]
configure: better error handling on session key check.

There are a few changes bundled here:

 * say "No." explicitly if there's a failure.

 * try to avoid implying that gpgme-config is necessary to build
   notmuch itself (it's not, though it may be useful if you need to
   rebuild gmime).

 * leave _check_session_keys and _check_session_keys.c around if
   ./configure fails, so that the user can play with it more easily
   for debugging.

 * let error messages show when _check_session_keys.c is built.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Amended by DB: use command -v instead of which.

5 years agotest/emacs: revert invalid-from test to pre-86f89385 behaviour
David Bremner [Sun, 12 May 2019 02:45:59 +0000 (20:45 -0600)]
test/emacs: revert invalid-from test to pre-86f89385 behaviour

To the best of my understanding, this original behaviour was what
Carl's homebrew parser produced. With commit 86f89385 Austin switched
to using GMime (2.6). This produced arguably worse results, but since
the input was bad, we could live with it. Now with GMime 3.0 we are
getting the original results again, and there is no reason to consider
this test broken.

5 years agoconfigure: Ensure that GMime can extract session keys
Daniel Kahn Gillmor [Mon, 6 May 2019 20:16:55 +0000 (16:16 -0400)]
configure: Ensure that GMime can extract session keys

GMime 3.0 and higher can extract session keys, but it will *not*
extract session keys if it was built with --disable-crypto, or if it
was built against GPGME version < 1.8.0.

Notmuch currently expects to be able to extract session keys, and
tests will fail if it is not possible, so we ensure that this is the
case during ./configure time.

Part of this feels awkward because notmuch doesn't directly depend on
gpg at all.  Rather, it depends on GMime, and the current
implementation of GMime depends on GPGME for its crypto, and GPGME in
turn depends on gpg.

So the use of gpg in ./configure isn't actually introducing a new
dependency, though if a future version of GMime were ever to move away
from GnuPG, we might need to reconsider.

Note that this changeset depends on
id:20190506174327.13457-1-dkg@fifthhorseman.net , which supplies the
rfc822 message test/corpora/crypto/basic-encrypted.eml used in it.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agotests: fail and report when a parallel build fails (or times out)
Daniel Kahn Gillmor [Mon, 20 May 2019 17:20:57 +0000 (13:20 -0400)]
tests: fail and report when a parallel build fails (or times out)

When a parallel build fails (or when it times out, if timeout is
present), the test suite should not blithely succeed.  Catch these
failures and at least report them.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agotests: make timeout configurable with NOTMUCH_TEST_TIMEOUT (default: 2m)
Daniel Kahn Gillmor [Mon, 20 May 2019 17:20:56 +0000 (13:20 -0400)]
tests: make timeout configurable with NOTMUCH_TEST_TIMEOUT (default: 2m)

The current 2 minute timeout is reasonable, but to exercise the test
suite or induce timeout failures, we might want to make it shorter.
This makes it configurable so you can run (for example):

    make check NOTMUCH_TEST_TIMEOUT=10s

We stick with the default of 2m.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agotest: show what emacs sees of an encrypted message when crypto is disabled
Daniel Kahn Gillmor [Mon, 22 Apr 2019 17:18:13 +0000 (13:18 -0400)]
test: show what emacs sees of an encrypted message when crypto is disabled

Some users may set notmuch-crypto-process-mime to nil, disabling all
crypto use.  We should have a baseline for what that looks like.

5 years agolib/message-file: close stream in destructor
David Bremner [Fri, 10 May 2019 00:23:24 +0000 (21:23 -0300)]
lib/message-file: close stream in destructor

Without this,

$ make time-test OPTIONS=--small

leads to fatal errors from too many open files.

Thanks to st-gourichon-fid for bringing this problem to my attention in IRC.

5 years agotest: avoid unnecessary extraction of the test fingerprint
Daniel Kahn Gillmor [Tue, 7 May 2019 13:01:35 +0000 (09:01 -0400)]
test: avoid unnecessary extraction of the test fingerprint

FINGERPRINT is already exported by add_gnupg_home, so this is
unnecessary.  This change also happens to get rid of the superfluous
check-trustdb spew from the test suite that looked like this:

gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agotest: let the OS choose a port for smtp-dummy
David Bremner [Tue, 7 May 2019 10:20:49 +0000 (07:20 -0300)]
test: let the OS choose a port for smtp-dummy

This should avoid potential collisions if we start running multiple
smtp-dummy processes in parallel.

5 years agoemacs: test notmuch-show during message decryption
Daniel Kahn Gillmor [Mon, 6 May 2019 17:43:27 +0000 (13:43 -0400)]
emacs: test notmuch-show during message decryption

We did not have a test showing what message decryption looks like
within notmuch-emacs.  This change gives us a baseline for future work
on the notmuch-emacs interface.

This differs from previous revisions of this patch in that it should
be insensitive to the order in which the local filesystem readdir()s
the underlying maildir.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agotests: environment variable to specify that tests should be serialized
Jameson Graef Rollins [Mon, 6 May 2019 04:44:09 +0000 (04:44 +0000)]
tests: environment variable to specify that tests should be serialized

If NOTMUCH_TEST_SERIALIZE is non-null all tests will be run in series,
rather than in parallel.

5 years agotests: run all tests in parallel, if available
Jameson Graef Rollins [Sat, 4 May 2019 20:57:43 +0000 (20:57 +0000)]
tests: run all tests in parallel, if available

If either the moreutils or GNU parallel utility are available, run all
tests in parallel.  On my eight core machine this makes for a ~x7
speed-up in the full test suite (1m24s -> 12s).

The design of the test suite makes this parallelization trivial.

5 years agotests: remove entangling corpus index optimization
Jameson Graef Rollins [Sat, 4 May 2019 20:57:43 +0000 (20:57 +0000)]
tests: remove entangling corpus index optimization

The add_email_corpus test utility includes logic that tries to re-use
an index of the corpus if available.  This was seemingly done as an
optimization, so that every test that uses the corpus didn't have to
create it's own index of the corpus.  However, this has the perverse
side effect of entangling tests together, and breaks parallelization.

Forcing each test to do it's own index does increase the overall time
of the test slightly (~6%), but this will be more than made up for in
the next patch that introduces paraellization.

5 years agotests: remove some redundant pre-cleanup of the corpus MAIL_DIR
Jameson Graef Rollins [Sat, 4 May 2019 20:57:45 +0000 (20:57 +0000)]
tests: remove some redundant pre-cleanup of the corpus MAIL_DIR

add_email_corpus itself does an rm -rf $MAIL_DIR, so these are not necessary.

5 years agotest/crypto: add_gnupg_home should have ultimate trust on "its own" key
Daniel Kahn Gillmor [Sat, 4 May 2019 21:33:28 +0000 (17:33 -0400)]
test/crypto: add_gnupg_home should have ultimate trust on "its own" key

The typical use case for gpg is that if you control a secret key, you
mark it with "ultimate" ownertrust.

The opaque --import-ownertrust mechanism is GnuPG's standard mechanism
to set up ultimate ownertrust (the ":6:" means "ultimate", for
whatever reason).

We adjust the test suite to match this change, inverting the sense of
one test: since the default is now that the user ID of the suite's own
key is valid, we change the test to make sure that the user ID is not
emitted when it is *not* valid.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agotest: simplify user ID handling
Daniel Kahn Gillmor [Sat, 4 May 2019 21:33:27 +0000 (17:33 -0400)]
test: simplify user ID handling

The user ID on the self-test is a little bit clunky-looking.  It also
may end up showing up elsewhere in the test suite.  Centralizing the
user ID in one place should make it easier to handle if it ever
changes, and should make tests easier to read.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agotest/crypto: clarify the difference between ownertrust and validity
Daniel Kahn Gillmor [Sat, 4 May 2019 21:33:26 +0000 (17:33 -0400)]
test/crypto: clarify the difference between ownertrust and validity

This is a subtle difference, but the output of notmuch shouldn't ever
change based on ownertrust itself -- notmuch is intended to show valid
User IDs, and to avoid showing invalid User IDs.

It so happens that setting ownertrust of a key to ultimate sets all
associated user IDs to "full" validity, so the test is correct, but
just misnamed.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agoutil/crypto: improve comment
Daniel Kahn Gillmor [Mon, 6 May 2019 19:45:51 +0000 (15:45 -0400)]
util/crypto: improve comment

The comment line here lingers from when we were using some fancy
version checking about session keys.  Correct it to match the current
state.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 years agoemacs: drop use of message-default-charset
Daniel Kahn Gillmor [Mon, 22 Apr 2019 20:51:16 +0000 (16:51 -0400)]
emacs: drop use of message-default-charset

Apparently, message-default-charset is deprecated, which causes the
following warning messages during the build:

  In notmuch-maildir-setup-message-for-saving:
  emacs/notmuch-maildir-fcc.el:172:31:Warning: â€˜message-default-charset’ is an
      obsolete variable (as of 26.1); The default charset comes from the
      language environment

In discussion with emacs upstream over on
https://debbugs.gnu.org/35370, it appears that we can just drop this
entirely and things should still work with emacs 25.

5 years agoemacs: Move notmuch-search-interactive-region to notmuch-lib as notmuch-interactive...
Pierre Neidhardt [Tue, 9 Apr 2019 16:47:12 +0000 (18:47 +0200)]
emacs: Move notmuch-search-interactive-region to notmuch-lib as notmuch-interactive-region