[PATCH v2 07/10] config: define new option index.try_decrypt
Jani Nikula
jani at nikula.org
Sat Sep 23 09:17:09 PDT 2017
On Fri, 15 Sep 2017, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> By default, notmuch won't try to decrypt on indexing. With this
> patch, we make it possible to indicate a per-database preference using
> the config variable "index.try_decrypt", which by default will be
> false.
> ---
> doc/man1/notmuch-config.rst | 12 ++++++++++++
> lib/indexopts.c | 16 +++++++++++++++-
> 2 files changed, 27 insertions(+), 1 deletion(-)
>
> diff --git a/doc/man1/notmuch-config.rst b/doc/man1/notmuch-config.rst
> index 6a51e64f..6f35d127 100644
> --- a/doc/man1/notmuch-config.rst
> +++ b/doc/man1/notmuch-config.rst
> @@ -134,6 +134,18 @@ The available configuration items are described below.
>
> Default: ``gpg``.
>
> + **index.try_decrypt**
> +
> + When indexing an encrypted e-mail message, if this variable is
> + set to true, notmuch will try to decrypt the message and index
> + the cleartext. Be aware that the index is likely sufficient
> + to reconstruct the cleartext of the message itself, so please
> + ensure that the notmuch message index is adequately protected.
> + DO NOT USE ``index.try_decrypt=true`` without considering the
> + security of your index.
> +
> + Default: ``false``.
> +
> **built_with.<name>**
>
> Compile time feature <name>. Current possibilities include
> diff --git a/lib/indexopts.c b/lib/indexopts.c
> index 1162900c..5bd396ff 100644
> --- a/lib/indexopts.c
> +++ b/lib/indexopts.c
> @@ -23,7 +23,21 @@
> notmuch_indexopts_t *
> notmuch_database_get_default_indexopts (notmuch_database_t *db)
> {
> - return talloc_zero (db, notmuch_indexopts_t);
> + notmuch_indexopts_t *ret = talloc_zero (db, notmuch_indexopts_t);
> + if (ret) {
> + char * try_decrypt;
> + notmuch_status_t err;
> + if (!(err = notmuch_database_get_config (db, "index.try_decrypt", &try_decrypt))) {
I like the style of always separating assigment and conditional.
I wonder if this function would look cleaner by doing early returns
every step of the way instead of nested ifs.
if (!ret)
return ret;
err = notmuch_database_get_config();
if (err)
return ret;
and so on.
> + if (try_decrypt &&
> + ((!(strcasecmp(try_decrypt, "true"))) ||
> + (!(strcasecmp(try_decrypt, "yes"))) ||
> + (!(strcasecmp(try_decrypt, "1")))))
> + notmuch_indexopts_set_try_decrypt (ret, TRUE);
> +
> + free (try_decrypt);
> + }
> + }
> + return ret;
> }
>
> notmuch_status_t
> --
> 2.14.1
>
> _______________________________________________
> notmuch mailing list
> notmuch at notmuchmail.org
> https://notmuchmail.org/mailman/listinfo/notmuch
More information about the notmuch
mailing list