Re: cope with inline PGP encrypted messages
On Tue 2017-12-12 01:15:48 -0500, Daniel Kahn Gillmor wrote: > Inline PGP encrypted messages are clearly worse than PGP/MIME > structured encrypted messages. There are no standards for how they > are formed, and they don't offer any structured metadata about how to > interpret the bytestream produced by decrypting them. > > However, some other MUAs and end-user workflows may make creation of > inline PGP encrypted messages the only available option for message > encryption, and when Notmuch encounters such a message, it should make > a reasonable best-effort to render the cleartext to the user. Jamie Rollins points out that I need to think more about some of the security implications of this patch series, so i'd prefer to withdraw it from consideration for notmuch at the moment. i'd say it's a WIP but really not ready for general consumption. Not sure how to best represent that in nmbug -- but for now i've removed notmuch::needs-review and added notmuch::wip. bremner, let me know if you think i should have done something different. I do think that we need to come up with *some* way of letting people read messages with inline PGP encrypted chunks in them safely. Otherwise, notmuch users will resort to dirty tricks (because they want to read the mail), and those dirty tricks will possibly be worse than anything we come up with. But higher-priority issues are drawing my attention right now, and i don't want this series to distract from them. --dkg ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH v2 4/5] cli/show: reindex when we learned new session keys about a message
On Tue 2018-05-01 22:36:31 -0300, David Bremner wrote: > Daniel Kahn Gillmorwrites: > >> + >> +if (params->crypto.decrypt == NOTMUCH_DECRYPT_TRUE && >> session_key_count_error == NOTMUCH_STATUS_SUCCESS) { >> +unsigned int new_session_keys = 0; >> +if (notmuch_message_count_properties (message, "session-key", >> _session_keys) == NOTMUCH_STATUS_SUCCESS && >> +new_session_keys > session_keys) { >> +/* try a quiet re-indexing */ >> +notmuch_indexopts_t *indexopts = >> notmuch_database_get_default_indexopts (notmuch_message_get_database >> (message)); >> +if (indexopts) { >> +notmuch_indexopts_set_decrypt_policy (indexopts, >> NOTMUCH_DECRYPT_AUTO); >> +status = notmuch_message_reindex (message, indexopts); >> +if (status) >> +fprintf (stderr, "Error re-indexing message with >> --decrypt=stash. (%d) %s\n", status, notmuch_status_to_string (status)); >> +} >> +} >> +} > > I'm wondering about the lack of #if HAVE_GMIME_SESSION_KEYS here. Are > you relying here on the number of session keys not increasing when > running a binary without session key support? Is there some advantage to > doing it this way? It seems a bit harder to reason about. yes, i'm relying on the number of session keys not increasing if we don't know how to extract the session keys. I suppose i could also imagine some other way that session keys get supplied during a "show", but then i guess that'd make the reindex moot, which would be a Bad Thing. I avoided #if'ing out these sections because i thought the general strategy was to avoid preprocessor shenanigans where possible, as it makes the code harder to think about given the combinatorial explosion of #define options. But I don't mind wrapping the hunks of this patch in an #if if the consensus is that this approach is preferable. --dkg ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: emacs: Split wide window vertically for tree mode message pane
Prof Jayanth R Varmawrites: > This patch modifies the function notmuch-tree-show-message-in in > notmuch-tree.el to split the window vertically while creating a > message pane in tree-mode if the window is wider than 160 (so that > after splitting, the message pane can show the standard 76 > character plain text email lines without wrapping). First, I'm sorry to take so long to review this. A few comments. 1) I'm reluctant to add new features to notmuch without corresponding tests. Currently all of our emacs tests use a standard terminal width (I think 80). Perhaps Tomi knows how hard it would be to override for a single test. 2) I noticed that the horizontal splitting leads to truncation of tag display. So I think not everyone will want this (it would be pretty frustrating to widen the emacs frame to see a full tag list, just to have it truncated). One option would be to control the splitting by a variable specifying the minimum width at which to switch to horizonal splitting. 3) The commit message / NEWS talks about splitting the window vertically, but that seems contrary to the emacs terminology (as evinced by the source code in the patch) ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
[PATCH] WIP: overload 'is:' prefix to support matching all, and roots
- "*" is problematic because it is not composable. is:* works as part of any valid query - is:root matches messages w/o replyto terms in the database. Except for the case of reference loops, these correspond to roots of threads. --- this is a quick prototype. It's not clear the constructor really needs the query parser and the database, currently they are unused. I'm not sure how people feel about overloading is. Personally I never use it, so the threat of collisions is small. We could also choose a different prefix. Also this version doesn't deal with regular expressions for is://, but it could. I'd have to think about how to limit code duplication. lib/Makefile.local | 3 ++- lib/database.cc| 3 +++ lib/is-fp.cc | 50 ++ lib/is-fp.h| 42 ++ 4 files changed, 97 insertions(+), 1 deletion(-) create mode 100644 lib/is-fp.cc create mode 100644 lib/is-fp.h diff --git a/lib/Makefile.local b/lib/Makefile.local index 5dc057c0..e2b60ee0 100644 --- a/lib/Makefile.local +++ b/lib/Makefile.local @@ -59,7 +59,8 @@ libnotmuch_cxx_srcs = \ $(dir)/config.cc\ $(dir)/regexp-fields.cc \ $(dir)/thread.cc \ - $(dir)/thread-fp.cc + $(dir)/thread-fp.cc \ + $(dir)/is-fp.cc libnotmuch_modules := $(libnotmuch_c_srcs:.c=.o) $(libnotmuch_cxx_srcs:.cc=.o) diff --git a/lib/database.cc b/lib/database.cc index 9cf8062c..4c3ca281 100644 --- a/lib/database.cc +++ b/lib/database.cc @@ -22,6 +22,7 @@ #include "parse-time-vrp.h" #include "query-fp.h" #include "thread-fp.h" +#include "is-fp.h" #include "regexp-fields.h" #include "string-util.h" @@ -321,6 +322,8 @@ _setup_query_field (const prefix_t *prefix, notmuch_database_t *notmuch) fp = (new QueryFieldProcessor (*notmuch->query_parser, notmuch))->release (); else if (STRNCMP_LITERAL(prefix->name, "thread") == 0) fp = (new ThreadFieldProcessor (*notmuch->query_parser, notmuch))->release (); + else if (STRNCMP_LITERAL(prefix->name, "is") == 0) + fp = (new IsFieldProcessor (*notmuch->query_parser, notmuch))->release (); else fp = (new RegexpFieldProcessor (prefix->name, prefix->flags, *notmuch->query_parser, notmuch))->release (); diff --git a/lib/is-fp.cc b/lib/is-fp.cc new file mode 100644 index ..23c62c9b --- /dev/null +++ b/lib/is-fp.cc @@ -0,0 +1,50 @@ +/* is-fp.cc - "is:" field processor glue + * + * This file is part of notmuch. + * + * Copyright © 2018 David Bremner + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see https://www.gnu.org/licenses/ . + * + * Author: David Bremner+ */ + +#include "database-private.h" +#include "is-fp.h" +#include + +#if HAVE_XAPIAN_FIELD_PROCESSOR + +Xapian::Query +IsFieldProcessor::operator() (const std::string & str) +{ +if (str == "root") { + const char *reply_to_prefix = _find_prefix("replyto"); + return Xapian::Query (Xapian::Query::OP_AND_NOT, + Xapian::Query::MatchAll, + Xapian::Query(Xapian::Query::OP_WILDCARD, + reply_to_prefix, + 1, + Xapian::Query::WILDCARD_LIMIT_FIRST)); +} else if (str == "*") { + return Xapian::Query::MatchAll; +} else { + /* fall back on tag */ + const char *is_prefix = _find_prefix ("is"); + std::string term = is_prefix + str; + return Xapian::Query (term); +} + +} +#endif diff --git a/lib/is-fp.h b/lib/is-fp.h new file mode 100644 index ..635e2931 --- /dev/null +++ b/lib/is-fp.h @@ -0,0 +1,42 @@ +/* is-fp.h - thread field processor glue + * + * This file is part of notmuch. + * + * Copyright © 2018 David Bremner + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU
Re: [PATCH] doc: fix notmuch-search example
David Bremnerwrites: > For some reason the searched tag did not match the displayed results. pushed, d ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
[PATCH] build: Allow user to specify ruby executable
This way, one can build for a different Ruby than $PATH/ruby (e. g. different versions, or Ruby in other paths). Signed-off-by: Thomas Schneider--- bindings/Makefile.local | 2 +- configure | 11 ++- test/test-lib.sh| 2 +- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/bindings/Makefile.local b/bindings/Makefile.local index 17b561ca..2ba2775c 100644 --- a/bindings/Makefile.local +++ b/bindings/Makefile.local @@ -9,7 +9,7 @@ ifeq ($(HAVE_RUBY_DEV),1) EXTRA_LDFLAGS="$(NO_UNDEFINED_LDFLAGS)" \ LIBNOTMUCH="../../lib/$(LINKER_NAME)" \ NOTMUCH_SRCDIR='$(NOTMUCH_SRCDIR)' \ - ruby extconf.rb --vendor + $(RUBY) extconf.rb --vendor $(MAKE) -C $(dir)/ruby endif diff --git a/configure b/configure index b177b141..392213b6 100755 --- a/configure +++ b/configure @@ -62,6 +62,7 @@ CXXFLAGS=${CXXFLAGS:-\$(CFLAGS)} LDFLAGS=${LDFLAGS:-} XAPIAN_CONFIG=${XAPIAN_CONFIG:-} PYTHON=${PYTHON:-} +RUBY=${RUBY:-ruby} # We don't allow the EMACS or GZIP Makefile variables inherit values # from the environment as we do with CC and CXX above. The reason is @@ -118,6 +119,8 @@ Other environment variables can be used to control configure itself, library. [$XAPIAN_CONFIG] PYTHON Name of python command to use in configure and the test suite. + RUBYName of ruby command to use in + configure and the test suite. Additionally, various options can be specified on the configure command line. @@ -621,7 +624,7 @@ fi have_ruby_dev=0 if [ $WITH_RUBY = "1" ] ; then printf "Checking for ruby development files... " -if ruby -e "require 'mkmf'"> /dev/null 2>&1; then +if ${RUBY} -e "require 'mkmf'"> /dev/null 2>&1; then printf "Yes.\n" have_ruby_dev=1 else @@ -1027,6 +1030,9 @@ WARN_CFLAGS=${WARN_CFLAGS} # Name of python interpreter PYTHON = ${python} +# Name of ruby interpreter +RUBY = ${RUBY} + # The prefix to which notmuch should be installed # Note: If you change this value here, be sure to ensure that the # LIBDIR_IN_LDCONFIG value below is still set correctly. @@ -1234,6 +1240,9 @@ NOTMUCH_HAVE_MAN=$((have_sphinx)) # Name of python interpreter NOTMUCH_PYTHON=${python} +# Name of ruby interpreter +NOTMUCH_RUBY=${RUBY} + # Are the ruby development files (and ruby) available? If not skip # building/testing ruby bindings. NOTMUCH_HAVE_RUBY_DEV=${have_ruby_dev} diff --git a/test/test-lib.sh b/test/test-lib.sh index 5b212514..7e064021 100644 --- a/test/test-lib.sh +++ b/test/test-lib.sh @@ -1003,7 +1003,7 @@ test_python() { } test_ruby() { -MAIL_DIR=$MAIL_DIR ruby -I $NOTMUCH_SRCDIR/bindings/ruby> OUTPUT +MAIL_DIR=$MAIL_DIR $NOTMUCH_RUBY -I $NOTMUCH_SRCDIR/bindings/ruby> OUTPUT } test_C () { -- 2.17.0 ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch