From d3964e81ac98825a025a6120c488ebd73de2a281 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 8 Dec 2017 01:23:50 -0500 Subject: [PATCH] indexing: Change from try_decrypt to decrypt the command-line interface for indexing (reindex, new, insert) used --try-decrypt; and the configuration records used index.try_decrypt. But by comparison with "show" and "reply", there doesn't seem to be any reason for the "try" prefix. This changeset adjusts the command-line interface and the configuration interface. For the moment, i've left indexopts_{set,get}_try_decrypt alone. The subsequent changeset will address those. --- NEWS | 4 ++-- completion/notmuch-completion.bash | 12 ++++++------ doc/man1/notmuch-config.rst | 4 ++-- doc/man1/notmuch-insert.rst | 6 +++--- doc/man1/notmuch-new.rst | 6 +++--- doc/man1/notmuch-reindex.rst | 6 +++--- doc/man7/notmuch-properties.rst | 2 +- lib/indexopts.c | 14 +++++++------- notmuch-config.c | 2 +- notmuch.c | 4 ++-- test/T357-index-decryption.sh | 18 +++++++++--------- test/test-lib.sh | 2 +- 12 files changed, 40 insertions(+), 40 deletions(-) diff --git a/NEWS b/NEWS index 412c678d..0465b9e8 100644 --- a/NEWS +++ b/NEWS @@ -19,9 +19,9 @@ Indexing cleartext of encrypted e-mails It's now possible to include the cleartext of encrypted e-mails in the notmuch index. This makes it possible to search your encrypted e-mails with the same ease as searching cleartext. This can be done - on a per-message basis with the --try-decrypt argument to indexing + on a per-message basis with the --decrypt argument to indexing commands (new, insert, reindex), or by default by running "notmuch - config set index.try_decrypt true". + config set index.decrypt true". Note that the contents of the index are sufficient to roughly reconstruct the cleartext of the message itself, so please ensure diff --git a/completion/notmuch-completion.bash b/completion/notmuch-completion.bash index 7aae4297..e462a82a 100644 --- a/completion/notmuch-completion.bash +++ b/completion/notmuch-completion.bash @@ -287,7 +287,7 @@ _notmuch_insert() sed "s|^$path/||" | grep -v "\(^\|/\)\(cur\|new\|tmp\)$" ) ) return ;; - --try-decrypt) + --decrypt) COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) ) return ;; @@ -296,7 +296,7 @@ _notmuch_insert() ! $split && case "${cur}" in --*) - local options="--create-folder --folder= --keep --no-hooks --try-decrypt= ${_notmuch_shared_options}" + local options="--create-folder --folder= --keep --no-hooks --decrypt= ${_notmuch_shared_options}" compopt -o nospace COMPREPLY=( $(compgen -W "$options" -- ${cur}) ) return @@ -319,7 +319,7 @@ _notmuch_new() $split && case "${prev}" in - --try-decrypt) + --decrypt) COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) ) return ;; @@ -328,7 +328,7 @@ _notmuch_new() ! $split && case "${cur}" in -*) - local options="--no-hooks --try-decrypt= --quiet ${_notmuch_shared_options}" + local options="--no-hooks --decrypt= --quiet ${_notmuch_shared_options}" compopt -o nospace COMPREPLY=( $(compgen -W "${options}" -- ${cur}) ) ;; @@ -437,7 +437,7 @@ _notmuch_reindex() $split && case "${prev}" in - --try-decrypt) + --decrypt) COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) ) return ;; @@ -446,7 +446,7 @@ _notmuch_reindex() ! $split && case "${cur}" in -*) - local options="--try-decrypt= ${_notmuch_shared_options}" + local options="--decrypt= ${_notmuch_shared_options}" compopt -o nospace COMPREPLY=( $(compgen -W "$options" -- ${cur}) ) ;; diff --git a/doc/man1/notmuch-config.rst b/doc/man1/notmuch-config.rst index 6961737f..ea3d9754 100644 --- a/doc/man1/notmuch-config.rst +++ b/doc/man1/notmuch-config.rst @@ -138,7 +138,7 @@ The available configuration items are described below. Default: ``gpg``. - **index.try_decrypt** + **index.decrypt** **[STORED IN DATABASE]** When indexing an encrypted e-mail message, if this variable is @@ -146,7 +146,7 @@ The available configuration items are described below. the cleartext. Be aware that the index is likely sufficient to reconstruct the cleartext of the message itself, so please ensure that the notmuch message index is adequately protected. - DO NOT USE ``index.try_decrypt=true`` without considering the + DO NOT USE ``index.decrypt=true`` without considering the security of your index. Default: ``false``. diff --git a/doc/man1/notmuch-insert.rst b/doc/man1/notmuch-insert.rst index c500b251..eb9ff11b 100644 --- a/doc/man1/notmuch-insert.rst +++ b/doc/man1/notmuch-insert.rst @@ -51,7 +51,7 @@ Supported options for **insert** include ``--no-hooks`` Prevent hooks from being run. - ``--try-decrypt=(true|false)`` + ``--decrypt=(true|false)`` If true and the message is encrypted, try to decrypt the message while indexing. If decryption is successful, index @@ -60,10 +60,10 @@ Supported options for **insert** include that the index is likely sufficient to reconstruct the cleartext of the message itself, so please ensure that the notmuch message index is adequately protected. DO NOT USE - ``--try-decrypt=true`` without considering the security of + ``--decrypt=true`` without considering the security of your index. - See also ``index.try_decrypt`` in **notmuch-config(1)**. + See also ``index.decrypt`` in **notmuch-config(1)**. EXIT STATUS =========== diff --git a/doc/man1/notmuch-new.rst b/doc/man1/notmuch-new.rst index bc26aa48..1df86f06 100644 --- a/doc/man1/notmuch-new.rst +++ b/doc/man1/notmuch-new.rst @@ -43,17 +43,17 @@ Supported options for **new** include ``--quiet`` Do not print progress or results. - ``--try-decrypt=(true|false)`` + ``--decrypt=(true|false)`` If true, when encountering an encrypted message, try to decrypt it while indexing. If decryption is successful, index the cleartext itself. Be aware that the index is likely sufficient to reconstruct the cleartext of the message itself, so please ensure that the notmuch message index is adequately - protected. DO NOT USE ``--try-decrypt=true`` without + protected. DO NOT USE ``--decrypt=true`` without considering the security of your index. - See also ``index.try_decrypt`` in **notmuch-config(1)**. + See also ``index.decrypt`` in **notmuch-config(1)**. EXIT STATUS =========== diff --git a/doc/man1/notmuch-reindex.rst b/doc/man1/notmuch-reindex.rst index 21f6c7a9..782b0d7b 100644 --- a/doc/man1/notmuch-reindex.rst +++ b/doc/man1/notmuch-reindex.rst @@ -21,17 +21,17 @@ messages using the supplied options. Supported options for **reindex** include - ``--try-decrypt=(true|false)`` + ``--decrypt=(true|false)`` If true, when encountering an encrypted message, try to decrypt it while reindexing. If decryption is successful, index the cleartext itself. Be aware that the index is likely sufficient to reconstruct the cleartext of the message itself, so please ensure that the notmuch message index is adequately - protected. DO NOT USE ``--try-decrypt=true`` without + protected. DO NOT USE ``--decrypt=true`` without considering the security of your index. - See also ``index.try_decrypt`` in **notmuch-config(1)**. + See also ``index.decrypt`` in **notmuch-config(1)**. SEE ALSO ======== diff --git a/doc/man7/notmuch-properties.rst b/doc/man7/notmuch-properties.rst index 9e033e14..05444f6c 100644 --- a/doc/man7/notmuch-properties.rst +++ b/doc/man7/notmuch-properties.rst @@ -70,7 +70,7 @@ of its normal activity. properties will be set on the message as a whole. If notmuch never tried to decrypt an encrypted message during - indexing (which is the default, see ``index.try_decrypt`` in + indexing (which is the default, see ``index.decrypt`` in **notmuch-config(1)**), then this property will not be set on that message. diff --git a/lib/indexopts.c b/lib/indexopts.c index 15c31d24..ca6bf6c9 100644 --- a/lib/indexopts.c +++ b/lib/indexopts.c @@ -27,18 +27,18 @@ notmuch_database_get_default_indexopts (notmuch_database_t *db) if (!ret) return ret; - char * try_decrypt; - notmuch_status_t err = notmuch_database_get_config (db, "index.try_decrypt", &try_decrypt); + char * decrypt; + notmuch_status_t err = notmuch_database_get_config (db, "index.decrypt", &decrypt); if (err) return ret; - if (try_decrypt && - ((!(strcasecmp(try_decrypt, "true"))) || - (!(strcasecmp(try_decrypt, "yes"))) || - (!(strcasecmp(try_decrypt, "1"))))) + if (decrypt && + ((!(strcasecmp(decrypt, "true"))) || + (!(strcasecmp(decrypt, "yes"))) || + (!(strcasecmp(decrypt, "1"))))) notmuch_indexopts_set_try_decrypt (ret, true); - free (try_decrypt); + free (decrypt); return ret; } diff --git a/notmuch-config.c b/notmuch-config.c index 1cba2661..e1b16609 100644 --- a/notmuch-config.c +++ b/notmuch-config.c @@ -813,7 +813,7 @@ static bool _stored_in_db (const char *item) { const char * db_configs[] = { - "index.try_decrypt", + "index.decrypt", }; if (STRNCMP_LITERAL (item, "query.") == 0) return true; diff --git a/notmuch.c b/notmuch.c index fa866d86..7ee3ad0b 100644 --- a/notmuch.c +++ b/notmuch.c @@ -101,7 +101,7 @@ struct _notmuch_client_indexing_cli_choices indexing_cli_choices = { }; const notmuch_opt_desc_t notmuch_shared_indexing_options [] = { { .opt_bool = &indexing_cli_choices.try_decrypt, .present = &indexing_cli_choices.try_decrypt_set, - .name = "try-decrypt" }, + .name = "decrypt" }, { } }; @@ -117,7 +117,7 @@ notmuch_process_shared_indexing_options (notmuch_database_t *notmuch, g_mime_3_u return NOTMUCH_STATUS_OUT_OF_MEMORY; status = notmuch_indexopts_set_try_decrypt (indexing_cli_choices.opts, indexing_cli_choices.try_decrypt); if (status != NOTMUCH_STATUS_SUCCESS) { - fprintf (stderr, "Error: Failed to set try_decrypt to %s. (%s)\n", + fprintf (stderr, "Error: Failed to set index decryption policy to %s. (%s)\n", indexing_cli_choices.try_decrypt ? "True" : "False", notmuch_status_to_string (status)); notmuch_indexopts_destroy (indexing_cli_choices.opts); indexing_cli_choices.opts = NULL; diff --git a/test/T357-index-decryption.sh b/test/T357-index-decryption.sh index 3efaa61f..2047d145 100755 --- a/test/T357-index-decryption.sh +++ b/test/T357-index-decryption.sh @@ -29,7 +29,7 @@ test_expect_equal \ # create a test encrypted message that is indexed in the clear test_begin_subtest 'emacs delivery of encrypted message' test_expect_success \ -'emacs_fcc_message --try-decrypt=true \ +'emacs_fcc_message --decrypt=true \ "test encrypted message for cleartext index 002" \ "This is a test encrypted message with a wumpus.\n" \ "(mml-secure-message-encrypt)"' @@ -71,8 +71,8 @@ test_expect_equal \ # try reinserting it with decryption, should appear again, but now we # have two copies of the message: -test_begin_subtest "message cleartext is present after reinserting with --try-decrypt" -notmuch insert --folder=sent --try-decrypt <<<"$contents" +test_begin_subtest "message cleartext is present after reinserting with --decrypt" +notmuch insert --folder=sent --decrypt <<<"$contents" output=$(notmuch search wumpus) expected='thread:0000000000000003 2000-01-01 [1/1(2)] Notmuch Test Suite; test encrypted message for cleartext index 002 (encrypted inbox unread)' test_expect_equal \ @@ -93,8 +93,8 @@ test_expect_equal \ # try inserting it with decryption, should appear as a single copy # (note: i think thread id skips 4 because of duplicate message-id # insertion, above) -test_begin_subtest "message cleartext is present with insert --try-decrypt" -notmuch insert --folder=sent --try-decrypt <<<"$contents" +test_begin_subtest "message cleartext is present with insert --decrypt" +notmuch insert --folder=sent --decrypt <<<"$contents" output=$(notmuch search wumpus) expected='thread:0000000000000005 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message for cleartext index 002 (encrypted inbox unread)' test_expect_equal \ @@ -113,9 +113,9 @@ test_expect_equal \ "$output" \ "$expected" -# see if first message shows up after reindexing with --try-decrypt=true (same $expected, untouched): +# see if first message shows up after reindexing with --decrypt=true (same $expected, untouched): test_begin_subtest 'reindex old messages' -test_expect_success 'notmuch reindex --try-decrypt=true tag:encrypted and not property:index.decryption=success' +test_expect_success 'notmuch reindex --decrypt=true tag:encrypted and not property:index.decryption=success' test_begin_subtest "reindexed encrypted message, including cleartext" output=$(notmuch search wumpus) test_expect_equal \ @@ -159,7 +159,7 @@ test_expect_equal \ add_email_corpus crypto test_begin_subtest "indexing message fails when secret key not available" -notmuch reindex --try-decrypt id:simple-encrypted@crypto.notmuchmail.org +notmuch reindex --decrypt id:simple-encrypted@crypto.notmuchmail.org output=$(notmuch dump ) expected='#notmuch-dump batch-tag:3 config,properties,tags +encrypted +inbox +unread -- id:simple-encrypted@crypto.notmuchmail.org @@ -180,7 +180,7 @@ notmuch restore <