From 6802b333eb356fdeafd97a4e4ed74999d055a852 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 8 Dec 2017 01:23:54 -0500 Subject: [PATCH] cli/reply: use decryption policy "auto" by default. If the user doesn't specify --decrypt= at all, but a stashed session key is known to notmuch, when replying to an encrypted message, notmuch should just go ahead and decrypt. The user can disable this at the command line with --decrypt=false, though it's not clear why they would ever want to do that. --- completion/notmuch-completion.bash | 6 +++++- doc/man1/notmuch-reply.rst | 6 +++++- notmuch-reply.c | 9 +++++---- test/T357-index-decryption.sh | 10 ++++++++++ 4 files changed, 25 insertions(+), 6 deletions(-) diff --git a/completion/notmuch-completion.bash b/completion/notmuch-completion.bash index e462a82a..1cd616b3 100644 --- a/completion/notmuch-completion.bash +++ b/completion/notmuch-completion.bash @@ -350,12 +350,16 @@ _notmuch_reply() COMPREPLY=( $( compgen -W "all sender" -- "${cur}" ) ) return ;; + --decrypt) + COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) ) + return + ;; esac ! $split && case "${cur}" in -*) - local options="--format= --format-version= --reply-to= --decrypt ${_notmuch_shared_options}" + local options="--format= --format-version= --reply-to= --decrypt= ${_notmuch_shared_options}" compopt -o nospace COMPREPLY=( $(compgen -W "$options" -- ${cur}) ) ;; diff --git a/doc/man1/notmuch-reply.rst b/doc/man1/notmuch-reply.rst index b6aec3c8..ede77930 100644 --- a/doc/man1/notmuch-reply.rst +++ b/doc/man1/notmuch-reply.rst @@ -80,8 +80,12 @@ Supported options for **reply** include multipart/encrypted part will be replaced by the decrypted content. + If a session key is already known for the message, then it + will be decrypted automatically unless the user explicitly + sets ``--decrypt=false``. + Decryption expects a functioning **gpg-agent(1)** to provide any - needed credentials. Without one, the decryption will fail. + needed credentials. Without one, the decryption will likely fail. See **notmuch-search-terms(7)** for details of the supported syntax for . diff --git a/notmuch-reply.c b/notmuch-reply.c index eec34bed..fd990a9a 100644 --- a/notmuch-reply.c +++ b/notmuch-reply.c @@ -700,11 +700,12 @@ notmuch_reply_command (notmuch_config_t *config, int argc, char *argv[]) int opt_index; notmuch_show_params_t params = { .part = -1, - .crypto = { .decrypt = NOTMUCH_DECRYPT_FALSE }, + .crypto = { .decrypt = NOTMUCH_DECRYPT_AUTO }, }; int format = FORMAT_DEFAULT; int reply_all = true; bool decrypt = false; + bool decrypt_set = false; notmuch_opt_desc_t options[] = { { .opt_keyword = &format, .name = "format", .keywords = @@ -718,7 +719,7 @@ notmuch_reply_command (notmuch_config_t *config, int argc, char *argv[]) (notmuch_keyword_t []){ { "all", true }, { "sender", false }, { 0, 0 } } }, - { .opt_bool = &decrypt, .name = "decrypt" }, + { .opt_bool = &decrypt, .name = "decrypt", .present = &decrypt_set }, { .opt_inherit = notmuch_shared_options }, { } }; @@ -728,8 +729,8 @@ notmuch_reply_command (notmuch_config_t *config, int argc, char *argv[]) return EXIT_FAILURE; notmuch_process_shared_options (argv[0]); - if (decrypt) - params.crypto.decrypt = NOTMUCH_DECRYPT_TRUE; + if (decrypt_set) + params.crypto.decrypt = decrypt ? NOTMUCH_DECRYPT_TRUE : NOTMUCH_DECRYPT_FALSE; notmuch_exit_if_unsupported_format (); diff --git a/test/T357-index-decryption.sh b/test/T357-index-decryption.sh index 7996ec67..31991e22 100755 --- a/test/T357-index-decryption.sh +++ b/test/T357-index-decryption.sh @@ -200,6 +200,16 @@ test_expect_equal \ "$output" \ "$expected" +test_begin_subtest "notmuch reply should show cleartext if session key is present" +output=$(notmuch reply id:simple-encrypted@crypto.notmuchmail.org | grep '^>') +expected='> This is a top sekrit message.' +if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then + test_subtest_known_broken +fi +test_expect_equal \ + "$output" \ + "$expected" + # TODO: test removal of a message from the message store between # indexing and reindexing.