[PATCH v3 05/15] cli/reply: use decryption policy "auto" by default.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Dec 7 22:23:54 PST 2017
If the user doesn't specify --decrypt= at all, but a stashed session
key is known to notmuch, when replying to an encrypted message,
notmuch should just go ahead and decrypt.
The user can disable this at the command line with --decrypt=false,
though it's not clear why they would ever want to do that.
---
completion/notmuch-completion.bash | 6 +++++-
doc/man1/notmuch-reply.rst | 6 +++++-
notmuch-reply.c | 9 +++++----
test/T357-index-decryption.sh | 10 ++++++++++
4 files changed, 25 insertions(+), 6 deletions(-)
diff --git a/completion/notmuch-completion.bash b/completion/notmuch-completion.bash
index e462a82a..1cd616b3 100644
--- a/completion/notmuch-completion.bash
+++ b/completion/notmuch-completion.bash
@@ -350,12 +350,16 @@ _notmuch_reply()
COMPREPLY=( $( compgen -W "all sender" -- "${cur}" ) )
return
;;
+ --decrypt)
+ COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) )
+ return
+ ;;
esac
! $split &&
case "${cur}" in
-*)
- local options="--format= --format-version= --reply-to= --decrypt ${_notmuch_shared_options}"
+ local options="--format= --format-version= --reply-to= --decrypt= ${_notmuch_shared_options}"
compopt -o nospace
COMPREPLY=( $(compgen -W "$options" -- ${cur}) )
;;
diff --git a/doc/man1/notmuch-reply.rst b/doc/man1/notmuch-reply.rst
index b6aec3c8..ede77930 100644
--- a/doc/man1/notmuch-reply.rst
+++ b/doc/man1/notmuch-reply.rst
@@ -80,8 +80,12 @@ Supported options for **reply** include
multipart/encrypted part will be replaced by the decrypted
content.
+ If a session key is already known for the message, then it
+ will be decrypted automatically unless the user explicitly
+ sets ``--decrypt=false``.
+
Decryption expects a functioning **gpg-agent(1)** to provide any
- needed credentials. Without one, the decryption will fail.
+ needed credentials. Without one, the decryption will likely fail.
See **notmuch-search-terms(7)** for details of the supported syntax for
<search-terms>.
diff --git a/notmuch-reply.c b/notmuch-reply.c
index eec34bed..fd990a9a 100644
--- a/notmuch-reply.c
+++ b/notmuch-reply.c
@@ -700,11 +700,12 @@ notmuch_reply_command (notmuch_config_t *config, int argc, char *argv[])
int opt_index;
notmuch_show_params_t params = {
.part = -1,
- .crypto = { .decrypt = NOTMUCH_DECRYPT_FALSE },
+ .crypto = { .decrypt = NOTMUCH_DECRYPT_AUTO },
};
int format = FORMAT_DEFAULT;
int reply_all = true;
bool decrypt = false;
+ bool decrypt_set = false;
notmuch_opt_desc_t options[] = {
{ .opt_keyword = &format, .name = "format", .keywords =
@@ -718,7 +719,7 @@ notmuch_reply_command (notmuch_config_t *config, int argc, char *argv[])
(notmuch_keyword_t []){ { "all", true },
{ "sender", false },
{ 0, 0 } } },
- { .opt_bool = &decrypt, .name = "decrypt" },
+ { .opt_bool = &decrypt, .name = "decrypt", .present = &decrypt_set },
{ .opt_inherit = notmuch_shared_options },
{ }
};
@@ -728,8 +729,8 @@ notmuch_reply_command (notmuch_config_t *config, int argc, char *argv[])
return EXIT_FAILURE;
notmuch_process_shared_options (argv[0]);
- if (decrypt)
- params.crypto.decrypt = NOTMUCH_DECRYPT_TRUE;
+ if (decrypt_set)
+ params.crypto.decrypt = decrypt ? NOTMUCH_DECRYPT_TRUE : NOTMUCH_DECRYPT_FALSE;
notmuch_exit_if_unsupported_format ();
diff --git a/test/T357-index-decryption.sh b/test/T357-index-decryption.sh
index 7996ec67..31991e22 100755
--- a/test/T357-index-decryption.sh
+++ b/test/T357-index-decryption.sh
@@ -200,6 +200,16 @@ test_expect_equal \
"$output" \
"$expected"
+test_begin_subtest "notmuch reply should show cleartext if session key is present"
+output=$(notmuch reply id:simple-encrypted at crypto.notmuchmail.org | grep '^>')
+expected='> This is a top sekrit message.'
+if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
+ test_subtest_known_broken
+fi
+test_expect_equal \
+ "$output" \
+ "$expected"
+
# TODO: test removal of a message from the message store between
# indexing and reindexing.
--
2.15.0
More information about the notmuch
mailing list