Re: cope with inline PGP encrypted messages

2018-05-10 Thread David Bremner
Daniel Kahn Gillmor writes: > Not sure how to best > represent that in nmbug -- but for now i've removed > notmuch::needs-review and added notmuch::wip. bremner, let me know if > you think i should have done something different. I also marked the other two patches in

Re: emacs: Split wide window vertically for tree mode message pane

2018-05-10 Thread David Bremner
Tomi Ollila writes: > On Wed, May 09 2018, David Bremner wrote: > >> Prof Jayanth R Varma writes: >> >>> This patch modifies the function notmuch-tree-show-message-in in >>> notmuch-tree.el to split the window vertically while creating a >>> message pane

Re: [PATCH] build: Allow user to specify ruby executable

2018-05-10 Thread Tomi Ollila
On Wed, May 09 2018, Thomas Schneider wrote: > This way, one can build for a different Ruby than $PATH/ruby > (e. g. different versions, or Ruby in other paths). LGTM. Tomi > > Signed-off-by: Thomas Schneider > --- > bindings/Makefile.local | 2 +- > configure

Re: [PATCH] build: Allow user to specify ruby executable

2018-05-10 Thread David Bremner
Thomas Schneider writes: > This way, one can build for a different Ruby than $PATH/ruby > (e. g. different versions, or Ruby in other paths). > > Signed-off-by: Thomas Schneider pushed to master. d ___ notmuch

[PATCH 11/20] cli/show: emit payload subject instead of outside subject

2018-05-10 Thread Daniel Kahn Gillmor
Correctly fix the two outstanding tests so that the protected (hidden) subject is properly reported. --- notmuch-client.h | 2 +- notmuch-reply.c| 4 +++- notmuch-show.c | 11 +++ test/T356-protected-headers.sh | 3 --- 4 files changed, 11

[PATCH 10/20] cli/show: add tests for viewing protected headers

2018-05-10 Thread Daniel Kahn Gillmor
Here we add several variant e-mail messages, some of which have correctly-structured protected headers, and some of which do not. The goal of the tests is to ensure that the right protected subjects get reported. --- test/T356-protected-headers.sh| 69 +++

[PATCH 20/20] test: after reindexing, only legitimate protected subjects are searchable

2018-05-10 Thread Daniel Kahn Gillmor
This test scans for all the possible protected headers (including bogus/broken ones) that are present in the protected-headers corpus, trying to make sure that only the ones that are not broken or malformed show up in a search after re-indexing. --- test/T356-protected-headers.sh | 9 + 1

[PATCH 03/20] cli/show: pass the siglist directly to the sigstatus sprinter

2018-05-10 Thread Daniel Kahn Gillmor
This makes it easier to reuse format_part_sigstatus_sprinter() when we have other places that we want to display a signature status. --- notmuch-show.c | 6 ++ 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/notmuch-show.c b/notmuch-show.c index 9871159d..f0be8060 100644 ---

[PATCH 05/20] cli: expose message-wide crypto status from mime-node

2018-05-10 Thread Daniel Kahn Gillmor
The mime node context (a per-message context) gains a cryptographic status object, and the mime_node_t object itself can return a view on that status to an interested party. The status is not yet populated, and for now we can keep that view read-only, so that it can only be populated/modified

[PATCH 09/20] util/crypto: add information about the payload part

2018-05-10 Thread Daniel Kahn Gillmor
When walking the MIME tree, if we discover that we are at the cryptographic payload, then we would like to record at least the Subject header. In the future, we might want to record many other headers as well, but for now we will stick with just the Subject. See

Protected headers in notmuch

2018-05-10 Thread Daniel Kahn Gillmor
Traditionally, encrypted and signed e-mail covers only the body of the message. New standards are emerging that are capable of protecting the headers as well. In particular, Enigmail and an upcoming version of K-9 mail both use the "Memory Hole" approach to encrypt the Subject: header when

[PATCH 13/20] test: add test for missing external subject

2018-05-10 Thread Daniel Kahn Gillmor
Adding another test to ensure that we handle it gracefully when no external subject is present. --- test/T356-protected-headers.sh| 6 .../subjectless-protected-header.eml | 29 +++ 2 files changed, 35 insertions(+) create mode 100644

[PATCH 02/20] crypto: Avoid pretending to verify signatures on unsigned encrypted mail

2018-05-10 Thread Daniel Kahn Gillmor
Unsigned encrypted mail shows up with a weird empty signature list. If we successfully decrypted and there was no signature in it, we should just not show a sigstatus at all. The documentation for g_mime_decrypt_result_get_signatures says: a GMimeSignatureList or NULL if the stream was not

[PATCH 04/20] util/crypto: _notmuch_message_crypto: tracks message-wide crypto state

2018-05-10 Thread Daniel Kahn Gillmor
E-mail encryption and signatures reported by notmuch are at the MIME part level. This makes sense in the dirty details, but for users we need to have a per-message conception of the cryptographic state of the e-mail. (see https://dkg.fifthhorseman.net/blog/e-mail-cryptography.html for more

[PATCH 01/20] test: new test framework to compare json parts

2018-05-10 Thread Daniel Kahn Gillmor
From: Jameson Graef Rollins This makes it easier to write fairly compact, readable tests of json output, without needing to sanitize away parts that we don't care about. Signed-off-by: Daniel Kahn Gillmor --- test/json_check_nodes.py | 112

[PATCH 17/20] cli/reply: add --protected-subject boolean flag

2018-05-10 Thread Daniel Kahn Gillmor
This flag indicates the intent of the client to protect the subject line, which allows "notmuch reply" to safely emit the earlier message's encrypted subject without risking leaking it in the clear in the reply. Obviously, it should only be used by a client that *will* protect the subject line.

[PATCH 08/20] cli/show: emit headers after emitting body

2018-05-10 Thread Daniel Kahn Gillmor
This paves the way for emitting protected headers after verification and decryption, because it means that the headers will only be emitted after the body has been parsed. --- notmuch-show.c| 6 +++--- test/T170-sexp.sh | 8 2 files changed, 7 insertions(+), 7 deletions(-) diff

[PATCH 06/20] mime-node: track whole-message crypto state while walking the tree

2018-05-10 Thread Daniel Kahn Gillmor
Deliberately populate the message's cryptographic status while walking the MIME tree from the CLI. --- mime-node.c | 27 --- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/mime-node.c b/mime-node.c index cbff95d1..6ecd121d 100644 --- a/mime-node.c +++

[PATCH 18/20] indexing: record protected subject when indexing cleartext

2018-05-10 Thread Daniel Kahn Gillmor
When indexing the cleartext of an encrypted message, record any protected subject in the database, which should make it findable and visible in search. --- lib/index.cc | 42 ++ lib/message.cc | 8 +++ lib/notmuch-private.h

[PATCH 07/20] cli/show: emit new whole-message crypto status output

2018-05-10 Thread Daniel Kahn Gillmor
This allows MUAs that don't want to think about per-mime-part cryptographic status to have a simple high-level overview of the message's cryptographic state. Sensibly structured encrypted and/or signed messages will work fine with this. The only requirement for the simplest encryption + signing

[PATCH 12/20] cli/show: add information about which headers were protected

2018-05-10 Thread Daniel Kahn Gillmor
This allows a clever UI frontend to mark whether a header was protected (or not), and if it was protected, to show the details to an interested user. As before, we only handle Subject for now, but we might be able to handle other headers in the future. --- devel/schemata | 6

[PATCH 16/20] cli: introduce flags for format_headers_sprinter

2018-05-10 Thread Daniel Kahn Gillmor
Rather than passing a boolean to indicate whether this is a reply to format_headers_sprinter(), we use a flag field. This will be used shortly to allow clients to indicate that they can responsibly protect the subject line. This changeset has no functional change itself, just modifying the types

[PATCH 19/20] test: protected headers should work when both encrypted and signed.

2018-05-10 Thread Daniel Kahn Gillmor
Up to this point, we've tested protected headers on messages that have either been encrypted or signed, but not both. This adds a couple tests of signed+encrypted messages, one where the subject line is masked (outside subject line is "encrypted message") and another where it is not (outside

[PATCH 14/20] test: show cryptographic envelope information for signed mails

2018-05-10 Thread Daniel Kahn Gillmor
Make sure that we emit the correct cryptographic envelope status for cleartext signed messages. --- test/T356-protected-headers.sh| 11 ++- .../signed-protected-header.eml | 29 +++ .../protected-headers/simple-signed-mail.eml | 28

[PATCH 15/20] cli/reply: ensure encrypted Subject: line does not leak in the clear

2018-05-10 Thread Daniel Kahn Gillmor
Now that we can decrypt headers, we want to make sure that clients using "notmuch reply" to prepare a reply don't leak cleartext in their subject lines. In particular, the ["reply-headers"]["Subject"] should by default show the external Subject. --- test/T356-protected-headers.sh | 7 +++ 1

Re: emacs: Split wide window vertically for tree mode message pane

2018-05-10 Thread Tomi Ollila
On Wed, May 09 2018, David Bremner wrote: > Prof Jayanth R Varma writes: > >> This patch modifies the function notmuch-tree-show-message-in in >> notmuch-tree.el to split the window vertically while creating a >> message pane in tree-mode if the window is wider than 160 (so