cli/new, insert, reindex: update documentation for --decrypt=auto

we also include --decrypt=auto in the tab completion.
2024-11-21 10:28:09 +01:00 · 2017-12-08 01:23:57 -05:00 · 2017-12-08 01:23:57 -05:00 · 181d4091c4
commit 181d4091c4
parent f845fb2a51
4 changed files with 33 additions and 20 deletions
--- a/completion/notmuch-completion.bash
+++ b/completion/notmuch-completion.bash
@ -288,7 +288,7 @@ _notmuch_insert()
 	    return
 	    ;;
 	--decrypt)
-	    COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) )
+	    COMPREPLY=( $( compgen -W "true false auto" -- "${cur}" ) )
 	    return
 	    ;;
    esac
@ -320,7 +320,7 @@ _notmuch_new()
    $split &&
    case "${prev}" in
 	--decrypt)
-	    COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) )
+	    COMPREPLY=( $( compgen -W "true false auto" -- "${cur}" ) )
 	    return
 	    ;;
    esac
@ -442,7 +442,7 @@ _notmuch_reindex()
    $split &&
    case "${prev}" in
 	--decrypt)
-	    COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) )
+	    COMPREPLY=( $( compgen -W "true false auto" -- "${cur}" ) )
 	    return
 	    ;;
    esac
--- a/doc/man1/notmuch-insert.rst
+++ b/doc/man1/notmuch-insert.rst
@ -51,14 +51,18 @@ Supported options for **insert** include
    ``--no-hooks``
        Prevent hooks from being run.

-    ``--decrypt=(true|false)``
+    ``--decrypt=(true|auto|false)``

-        If true and the message is encrypted, try to decrypt the
-        message while indexing.  If decryption is successful, index
+        If ``true`` and the message is encrypted, try to decrypt the
+        message while indexing.  If ``auto``, and notmuch already
+        knows about a session key for the message, it will try
+        decrypting using that session key but will not try to access
+        the user's secret keys.  If decryption is successful, index
        the cleartext itself.  Either way, the message is always
-        stored to disk in its original form (ciphertext).  Be aware
-        that the index is likely sufficient to reconstruct the
-        cleartext of the message itself, so please ensure that the
+        stored to disk in its original form (ciphertext).
+
+        Be aware that the index is likely sufficient to reconstruct
+        the cleartext of the message itself, so please ensure that the
        notmuch message index is adequately protected. DO NOT USE
        ``--decrypt=true`` without considering the security of
        your index.
--- a/doc/man1/notmuch-new.rst
+++ b/doc/man1/notmuch-new.rst
@ -43,11 +43,15 @@ Supported options for **new** include
    ``--quiet``
        Do not print progress or results.

-    ``--decrypt=(true|false)``
+    ``--decrypt=(true|auto|false)``

-        If true, when encountering an encrypted message, try to
+        If ``true``, when encountering an encrypted message, try to
        decrypt it while indexing.  If decryption is successful, index
-        the cleartext itself.  Be aware that the index is likely
+        the cleartext itself.  If ``auto``, try to use any session key
+        already known to belong to this message, but do not attempt to
+        use the user's secret keys.
+
+        Be aware that the index is likely
        sufficient to reconstruct the cleartext of the message itself,
        so please ensure that the notmuch message index is adequately
        protected.  DO NOT USE ``--decrypt=true`` without
--- a/doc/man1/notmuch-reindex.rst
+++ b/doc/man1/notmuch-reindex.rst
@ -21,15 +21,20 @@ messages using the supplied options.

 Supported options for **reindex** include

-    ``--decrypt=(true|false)``
+    ``--decrypt=(true|auto|false)``

-        If true, when encountering an encrypted message, try to
-        decrypt it while reindexing.  If decryption is successful,
-        index the cleartext itself.  Be aware that the index is likely
-        sufficient to reconstruct the cleartext of the message itself,
-        so please ensure that the notmuch message index is adequately
-        protected. DO NOT USE ``--decrypt=true`` without
-        considering the security of your index.
+        If ``true``, when encountering an encrypted message, try to
+        decrypt it while reindexing.  If ``auto``, and notmuch already
+        knows about a session key for the message, it will try
+        decrypting using that session key but will not try to access
+        the user's secret keys.  If decryption is successful, index
+        the cleartext itself.
+
+        Be aware that the index is likely sufficient to reconstruct
+        the cleartext of the message itself, so please ensure that the
+        notmuch message index is adequately protected. DO NOT USE
+        ``--decrypt=true`` without considering the security of your
+        index.

        See also ``index.decrypt`` in **notmuch-config(1)**.