the command-line interface for indexing (reindex, new, insert) used
--try-decrypt; and the configuration records used index.try_decrypt.
But by comparison with "show" and "reply", there doesn't seem to be
any reason for the "try" prefix.
This changeset adjusts the command-line interface and the
configuration interface.
For the moment, i've left indexopts_{set,get}_try_decrypt alone. The
subsequent changeset will address those.
12 files changed:
It's now possible to include the cleartext of encrypted e-mails in
the notmuch index. This makes it possible to search your encrypted
e-mails with the same ease as searching cleartext. This can be done
It's now possible to include the cleartext of encrypted e-mails in
the notmuch index. This makes it possible to search your encrypted
e-mails with the same ease as searching cleartext. This can be done
- on a per-message basis with the --try-decrypt argument to indexing
+ on a per-message basis with the --decrypt argument to indexing
commands (new, insert, reindex), or by default by running "notmuch
commands (new, insert, reindex), or by default by running "notmuch
- config set index.try_decrypt true".
+ config set index.decrypt true".
Note that the contents of the index are sufficient to roughly
reconstruct the cleartext of the message itself, so please ensure
Note that the contents of the index are sufficient to roughly
reconstruct the cleartext of the message itself, so please ensure
sed "s|^$path/||" | grep -v "\(^\|/\)\(cur\|new\|tmp\)$" ) )
return
;;
sed "s|^$path/||" | grep -v "\(^\|/\)\(cur\|new\|tmp\)$" ) )
return
;;
COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) )
return
;;
COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) )
return
;;
! $split &&
case "${cur}" in
--*)
! $split &&
case "${cur}" in
--*)
- local options="--create-folder --folder= --keep --no-hooks --try-decrypt= ${_notmuch_shared_options}"
+ local options="--create-folder --folder= --keep --no-hooks --decrypt= ${_notmuch_shared_options}"
compopt -o nospace
COMPREPLY=( $(compgen -W "$options" -- ${cur}) )
return
compopt -o nospace
COMPREPLY=( $(compgen -W "$options" -- ${cur}) )
return
$split &&
case "${prev}" in
$split &&
case "${prev}" in
COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) )
return
;;
COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) )
return
;;
! $split &&
case "${cur}" in
-*)
! $split &&
case "${cur}" in
-*)
- local options="--no-hooks --try-decrypt= --quiet ${_notmuch_shared_options}"
+ local options="--no-hooks --decrypt= --quiet ${_notmuch_shared_options}"
compopt -o nospace
COMPREPLY=( $(compgen -W "${options}" -- ${cur}) )
;;
compopt -o nospace
COMPREPLY=( $(compgen -W "${options}" -- ${cur}) )
;;
$split &&
case "${prev}" in
$split &&
case "${prev}" in
COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) )
return
;;
COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) )
return
;;
! $split &&
case "${cur}" in
-*)
! $split &&
case "${cur}" in
-*)
- local options="--try-decrypt= ${_notmuch_shared_options}"
+ local options="--decrypt= ${_notmuch_shared_options}"
compopt -o nospace
COMPREPLY=( $(compgen -W "$options" -- ${cur}) )
;;
compopt -o nospace
COMPREPLY=( $(compgen -W "$options" -- ${cur}) )
;;
**[STORED IN DATABASE]**
When indexing an encrypted e-mail message, if this variable is
**[STORED IN DATABASE]**
When indexing an encrypted e-mail message, if this variable is
the cleartext. Be aware that the index is likely sufficient
to reconstruct the cleartext of the message itself, so please
ensure that the notmuch message index is adequately protected.
the cleartext. Be aware that the index is likely sufficient
to reconstruct the cleartext of the message itself, so please
ensure that the notmuch message index is adequately protected.
- DO NOT USE ``index.try_decrypt=true`` without considering the
+ DO NOT USE ``index.decrypt=true`` without considering the
security of your index.
Default: ``false``.
security of your index.
Default: ``false``.
``--no-hooks``
Prevent hooks from being run.
``--no-hooks``
Prevent hooks from being run.
- ``--try-decrypt=(true|false)``
+ ``--decrypt=(true|false)``
If true and the message is encrypted, try to decrypt the
message while indexing. If decryption is successful, index
If true and the message is encrypted, try to decrypt the
message while indexing. If decryption is successful, index
that the index is likely sufficient to reconstruct the
cleartext of the message itself, so please ensure that the
notmuch message index is adequately protected. DO NOT USE
that the index is likely sufficient to reconstruct the
cleartext of the message itself, so please ensure that the
notmuch message index is adequately protected. DO NOT USE
- ``--try-decrypt=true`` without considering the security of
+ ``--decrypt=true`` without considering the security of
- See also ``index.try_decrypt`` in **notmuch-config(1)**.
+ See also ``index.decrypt`` in **notmuch-config(1)**.
``--quiet``
Do not print progress or results.
``--quiet``
Do not print progress or results.
- ``--try-decrypt=(true|false)``
+ ``--decrypt=(true|false)``
If true, when encountering an encrypted message, try to
decrypt it while indexing. If decryption is successful, index
the cleartext itself. Be aware that the index is likely
sufficient to reconstruct the cleartext of the message itself,
so please ensure that the notmuch message index is adequately
If true, when encountering an encrypted message, try to
decrypt it while indexing. If decryption is successful, index
the cleartext itself. Be aware that the index is likely
sufficient to reconstruct the cleartext of the message itself,
so please ensure that the notmuch message index is adequately
- protected. DO NOT USE ``--try-decrypt=true`` without
+ protected. DO NOT USE ``--decrypt=true`` without
considering the security of your index.
considering the security of your index.
- See also ``index.try_decrypt`` in **notmuch-config(1)**.
+ See also ``index.decrypt`` in **notmuch-config(1)**.
Supported options for **reindex** include
Supported options for **reindex** include
- ``--try-decrypt=(true|false)``
+ ``--decrypt=(true|false)``
If true, when encountering an encrypted message, try to
decrypt it while reindexing. If decryption is successful,
index the cleartext itself. Be aware that the index is likely
sufficient to reconstruct the cleartext of the message itself,
so please ensure that the notmuch message index is adequately
If true, when encountering an encrypted message, try to
decrypt it while reindexing. If decryption is successful,
index the cleartext itself. Be aware that the index is likely
sufficient to reconstruct the cleartext of the message itself,
so please ensure that the notmuch message index is adequately
- protected. DO NOT USE ``--try-decrypt=true`` without
+ protected. DO NOT USE ``--decrypt=true`` without
considering the security of your index.
considering the security of your index.
- See also ``index.try_decrypt`` in **notmuch-config(1)**.
+ See also ``index.decrypt`` in **notmuch-config(1)**.
properties will be set on the message as a whole.
If notmuch never tried to decrypt an encrypted message during
properties will be set on the message as a whole.
If notmuch never tried to decrypt an encrypted message during
- indexing (which is the default, see ``index.try_decrypt`` in
+ indexing (which is the default, see ``index.decrypt`` in
**notmuch-config(1)**), then this property will not be set on that
message.
**notmuch-config(1)**), then this property will not be set on that
message.
- char * try_decrypt;
- notmuch_status_t err = notmuch_database_get_config (db, "index.try_decrypt", &try_decrypt);
+ char * decrypt;
+ notmuch_status_t err = notmuch_database_get_config (db, "index.decrypt", &decrypt);
- if (try_decrypt &&
- ((!(strcasecmp(try_decrypt, "true"))) ||
- (!(strcasecmp(try_decrypt, "yes"))) ||
- (!(strcasecmp(try_decrypt, "1")))))
+ if (decrypt &&
+ ((!(strcasecmp(decrypt, "true"))) ||
+ (!(strcasecmp(decrypt, "yes"))) ||
+ (!(strcasecmp(decrypt, "1")))))
notmuch_indexopts_set_try_decrypt (ret, true);
notmuch_indexopts_set_try_decrypt (ret, true);
_stored_in_db (const char *item)
{
const char * db_configs[] = {
_stored_in_db (const char *item)
{
const char * db_configs[] = {
};
if (STRNCMP_LITERAL (item, "query.") == 0)
return true;
};
if (STRNCMP_LITERAL (item, "query.") == 0)
return true;
const notmuch_opt_desc_t notmuch_shared_indexing_options [] = {
{ .opt_bool = &indexing_cli_choices.try_decrypt,
.present = &indexing_cli_choices.try_decrypt_set,
const notmuch_opt_desc_t notmuch_shared_indexing_options [] = {
{ .opt_bool = &indexing_cli_choices.try_decrypt,
.present = &indexing_cli_choices.try_decrypt_set,
- .name = "try-decrypt" },
return NOTMUCH_STATUS_OUT_OF_MEMORY;
status = notmuch_indexopts_set_try_decrypt (indexing_cli_choices.opts, indexing_cli_choices.try_decrypt);
if (status != NOTMUCH_STATUS_SUCCESS) {
return NOTMUCH_STATUS_OUT_OF_MEMORY;
status = notmuch_indexopts_set_try_decrypt (indexing_cli_choices.opts, indexing_cli_choices.try_decrypt);
if (status != NOTMUCH_STATUS_SUCCESS) {
- fprintf (stderr, "Error: Failed to set try_decrypt to %s. (%s)\n",
+ fprintf (stderr, "Error: Failed to set index decryption policy to %s. (%s)\n",
indexing_cli_choices.try_decrypt ? "True" : "False", notmuch_status_to_string (status));
notmuch_indexopts_destroy (indexing_cli_choices.opts);
indexing_cli_choices.opts = NULL;
indexing_cli_choices.try_decrypt ? "True" : "False", notmuch_status_to_string (status));
notmuch_indexopts_destroy (indexing_cli_choices.opts);
indexing_cli_choices.opts = NULL;
# create a test encrypted message that is indexed in the clear
test_begin_subtest 'emacs delivery of encrypted message'
test_expect_success \
# create a test encrypted message that is indexed in the clear
test_begin_subtest 'emacs delivery of encrypted message'
test_expect_success \
-'emacs_fcc_message --try-decrypt=true \
+'emacs_fcc_message --decrypt=true \
"test encrypted message for cleartext index 002" \
"This is a test encrypted message with a wumpus.\n" \
"(mml-secure-message-encrypt)"'
"test encrypted message for cleartext index 002" \
"This is a test encrypted message with a wumpus.\n" \
"(mml-secure-message-encrypt)"'
# try reinserting it with decryption, should appear again, but now we
# have two copies of the message:
# try reinserting it with decryption, should appear again, but now we
# have two copies of the message:
-test_begin_subtest "message cleartext is present after reinserting with --try-decrypt"
-notmuch insert --folder=sent --try-decrypt <<<"$contents"
+test_begin_subtest "message cleartext is present after reinserting with --decrypt"
+notmuch insert --folder=sent --decrypt <<<"$contents"
output=$(notmuch search wumpus)
expected='thread:0000000000000003 2000-01-01 [1/1(2)] Notmuch Test Suite; test encrypted message for cleartext index 002 (encrypted inbox unread)'
test_expect_equal \
output=$(notmuch search wumpus)
expected='thread:0000000000000003 2000-01-01 [1/1(2)] Notmuch Test Suite; test encrypted message for cleartext index 002 (encrypted inbox unread)'
test_expect_equal \
# try inserting it with decryption, should appear as a single copy
# (note: i think thread id skips 4 because of duplicate message-id
# insertion, above)
# try inserting it with decryption, should appear as a single copy
# (note: i think thread id skips 4 because of duplicate message-id
# insertion, above)
-test_begin_subtest "message cleartext is present with insert --try-decrypt"
-notmuch insert --folder=sent --try-decrypt <<<"$contents"
+test_begin_subtest "message cleartext is present with insert --decrypt"
+notmuch insert --folder=sent --decrypt <<<"$contents"
output=$(notmuch search wumpus)
expected='thread:0000000000000005 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message for cleartext index 002 (encrypted inbox unread)'
test_expect_equal \
output=$(notmuch search wumpus)
expected='thread:0000000000000005 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message for cleartext index 002 (encrypted inbox unread)'
test_expect_equal \
-# see if first message shows up after reindexing with --try-decrypt=true (same $expected, untouched):
+# see if first message shows up after reindexing with --decrypt=true (same $expected, untouched):
test_begin_subtest 'reindex old messages'
test_begin_subtest 'reindex old messages'
-test_expect_success 'notmuch reindex --try-decrypt=true tag:encrypted and not property:index.decryption=success'
+test_expect_success 'notmuch reindex --decrypt=true tag:encrypted and not property:index.decryption=success'
test_begin_subtest "reindexed encrypted message, including cleartext"
output=$(notmuch search wumpus)
test_expect_equal \
test_begin_subtest "reindexed encrypted message, including cleartext"
output=$(notmuch search wumpus)
test_expect_equal \
add_email_corpus crypto
test_begin_subtest "indexing message fails when secret key not available"
add_email_corpus crypto
test_begin_subtest "indexing message fails when secret key not available"
-notmuch reindex --try-decrypt id:simple-encrypted@crypto.notmuchmail.org
+notmuch reindex --decrypt id:simple-encrypted@crypto.notmuchmail.org
output=$(notmuch dump )
expected='#notmuch-dump batch-tag:3 config,properties,tags
+encrypted +inbox +unread -- id:simple-encrypted@crypto.notmuchmail.org
output=$(notmuch dump )
expected='#notmuch-dump batch-tag:3 config,properties,tags
+encrypted +inbox +unread -- id:simple-encrypted@crypto.notmuchmail.org
#notmuch-dump batch-tag:3 config,properties,tags
#= simple-encrypted@crypto.notmuchmail.org session-key=9%3AFC09987F5F927CC0CC0EE80A96E4C5BBF4A499818FB591207705DFDDD6112CF9
EOF
#notmuch-dump batch-tag:3 config,properties,tags
#= simple-encrypted@crypto.notmuchmail.org session-key=9%3AFC09987F5F927CC0CC0EE80A96E4C5BBF4A499818FB591207705DFDDD6112CF9
EOF
-notmuch reindex --try-decrypt id:simple-encrypted@crypto.notmuchmail.org
+notmuch reindex --decrypt id:simple-encrypted@crypto.notmuchmail.org
output=$(notmuch search sekrit)
expected='thread:0000000000000001 2016-12-22 [1/1] Daniel Kahn Gillmor; encrypted message (encrypted inbox unread)'
if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
output=$(notmuch search sekrit)
expected='thread:0000000000000001 2016-12-22 [1/1] Daniel Kahn Gillmor; encrypted message (encrypted inbox unread)'
if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
# before sending, which is useful to doing things like attaching files
# to the message and encrypting/signing.
#
# before sending, which is useful to doing things like attaching files
# to the message and encrypting/signing.
#
-# If any GNU-style long-arguments (like --quiet or --try-decrypt=true) are
+# If any GNU-style long-arguments (like --quiet or --decrypt=true) are
# at the head of the argument list, they are sent directly to "notmuch
# new" after message delivery
emacs_fcc_message ()
# at the head of the argument list, they are sent directly to "notmuch
# new" after message delivery
emacs_fcc_message ()
projects / notmuch / commitdiff