[PATCH v2 07/10] config: define new option index.try_decrypt

Jani Nikula jani at nikula.org
Sat Sep 23 09:17:09 PDT 2017 

On Fri, 15 Sep 2017, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> By default, notmuch won't try to decrypt on indexing.  With this
> patch, we make it possible to indicate a per-database preference using
> the config variable "index.try_decrypt", which by default will be
> false.
> ---
>  doc/man1/notmuch-config.rst | 12 ++++++++++++
>  lib/indexopts.c             | 16 +++++++++++++++-
>  2 files changed, 27 insertions(+), 1 deletion(-)
>
> diff --git a/doc/man1/notmuch-config.rst b/doc/man1/notmuch-config.rst
> index 6a51e64f..6f35d127 100644
> --- a/doc/man1/notmuch-config.rst
> +++ b/doc/man1/notmuch-config.rst
> @@ -134,6 +134,18 @@ The available configuration items are described below.
>  
>          Default: ``gpg``.
>  
> +    **index.try_decrypt**
> +
> +        When indexing an encrypted e-mail message, if this variable is
> +        set to true, notmuch will try to decrypt the message and index
> +        the cleartext.  Be aware that the index is likely sufficient
> +        to reconstruct the cleartext of the message itself, so please
> +        ensure that the notmuch message index is adequately protected.
> +        DO NOT USE ``index.try_decrypt=true`` without considering the
> +        security of your index.
> +
> +        Default: ``false``.
> +
>      **built_with.<name>**
>  
>          Compile time feature <name>. Current possibilities include
> diff --git a/lib/indexopts.c b/lib/indexopts.c
> index 1162900c..5bd396ff 100644
> --- a/lib/indexopts.c
> +++ b/lib/indexopts.c
> @@ -23,7 +23,21 @@
>  notmuch_indexopts_t *
>  notmuch_database_get_default_indexopts (notmuch_database_t *db)
>  {
> -    return talloc_zero (db, notmuch_indexopts_t);
> +    notmuch_indexopts_t *ret = talloc_zero (db, notmuch_indexopts_t);
> +    if (ret) {
> +	char * try_decrypt;
> +	notmuch_status_t err;
> +	if (!(err = notmuch_database_get_config (db, "index.try_decrypt", &try_decrypt))) {

I like the style of always separating assigment and conditional.

I wonder if this function would look cleaner by doing early returns
every step of the way instead of nested ifs.

if (!ret)
	return ret;

err = notmuch_database_get_config();
if (err)
	return ret;

and so on.


> +	    if (try_decrypt &&
> +		((!(strcasecmp(try_decrypt, "true"))) ||
> +		 (!(strcasecmp(try_decrypt, "yes"))) ||
> +		 (!(strcasecmp(try_decrypt, "1")))))
> +		notmuch_indexopts_set_try_decrypt (ret, TRUE);
> +
> +	    free (try_decrypt);
> +	}
> +    }
> +    return ret;
>  }
>  
>  notmuch_status_t
> -- 
> 2.14.1
>
> _______________________________________________
> notmuch mailing list
> notmuch at notmuchmail.org
> https://notmuchmail.org/mailman/listinfo/notmuch

More information about the notmuch mailing list