From 8ea4a99d74737929f58568505e41c94f65a14743 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 19 Dec 2017 11:40:54 -0500 Subject: [PATCH] cli/show: make --decrypt take a keyword. We also expand tab completion for it, update the emacs bindings, and update T350, T357, and T450 to match. Make use of the bool-to-keyword backward-compatibility feature. --- completion/notmuch-completion.bash | 6 +++++- doc/man1/notmuch-show.rst | 31 +++++++++++++++++------------- emacs/notmuch-lib.el | 2 +- emacs/notmuch-query.el | 2 +- notmuch-show.c | 22 +++++++++------------ test/T350-crypto.sh | 12 ++++++------ test/T357-index-decryption.sh | 6 +++--- test/T450-emacs-show.sh | 2 +- 8 files changed, 44 insertions(+), 39 deletions(-) diff --git a/completion/notmuch-completion.bash b/completion/notmuch-completion.bash index adf64a0a..17f3c5ec 100644 --- a/completion/notmuch-completion.bash +++ b/completion/notmuch-completion.bash @@ -517,10 +517,14 @@ _notmuch_show() COMPREPLY=( $( compgen -W "text json sexp mbox raw" -- "${cur}" ) ) return ;; - --exclude|--body|--decrypt) + --exclude|--body) COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) ) return ;; + --decrypt) + COMPREPLY=( $( compgen -W "true auto false" -- "${cur}" ) ) + return + ;; esac ! $split && diff --git a/doc/man1/notmuch-show.rst b/doc/man1/notmuch-show.rst index 64caa7a6..7d2b38cb 100644 --- a/doc/man1/notmuch-show.rst +++ b/doc/man1/notmuch-show.rst @@ -115,22 +115,27 @@ Supported options for **show** include supported with --format=json and --format=sexp), and the multipart/signed part will be replaced by the signed data. - ``--decrypt`` - Decrypt any MIME encrypted parts found in the selected content - (ie. "multipart/encrypted" parts). Status of the decryption will - be reported (currently only supported with --format=json and - --format=sexp) and on successful decryption the - multipart/encrypted part will be replaced by the decrypted - content. + ``--decrypt=(false|auto|true)`` + If ``true``, decrypt any MIME encrypted parts found in the + selected content (i.e. "multipart/encrypted" parts). Status of + the decryption will be reported (currently only supported + with --format=json and --format=sexp) and on successful + decryption the multipart/encrypted part will be replaced by + the decrypted content. - If a session key is already known for the message, then it - will be decrypted automatically unless the user explicitly - sets ``--decrypt=false``. + If ``auto``, and a session key is already known for the + message, then it will be decrypted, but notmuch will not try + to access the user's keys. - Decryption expects a functioning **gpg-agent(1)** to provide any - needed credentials. Without one, the decryption will fail. + Use ``false`` to avoid even automatic decryption. - Implies --verify. + Non-automatic decryption expects a functioning + **gpg-agent(1)** to provide any needed credentials. Without + one, the decryption will fail. + + Note: ``true`` implies --verify. + + Default: ``auto`` ``--exclude=(true|false)`` Specify whether to omit threads only matching diff --git a/emacs/notmuch-lib.el b/emacs/notmuch-lib.el index 010be454..a7e02710 100644 --- a/emacs/notmuch-lib.el +++ b/emacs/notmuch-lib.el @@ -593,7 +593,7 @@ the given type." (set-buffer-multibyte nil)) (let ((args `("show" "--format=raw" ,(format "--part=%s" (plist-get part :id)) - ,@(when process-crypto '("--decrypt")) + ,@(when process-crypto '("--decrypt=true")) ,(notmuch-id-to-query (plist-get msg :id)))) (coding-system-for-read (if binaryp 'no-conversion diff --git a/emacs/notmuch-query.el b/emacs/notmuch-query.el index 592fd8f1..563e4acf 100644 --- a/emacs/notmuch-query.el +++ b/emacs/notmuch-query.el @@ -32,7 +32,7 @@ is a possibly empty forest of replies. " (let ((args '("show" "--format=sexp" "--format-version=4"))) (if notmuch-show-process-crypto - (setq args (append args '("--decrypt")))) + (setq args (append args '("--decrypt=true")))) (setq args (append args search-terms)) (apply #'notmuch-call-notmuch-sexp args))) diff --git a/notmuch-show.c b/notmuch-show.c index d5adc370..9871159d 100644 --- a/notmuch-show.c +++ b/notmuch-show.c @@ -1085,8 +1085,6 @@ notmuch_show_command (notmuch_config_t *config, int argc, char *argv[]) bool exclude = true; bool entire_thread_set = false; bool single_message; - bool decrypt = false; - bool decrypt_set = false; notmuch_opt_desc_t options[] = { { .opt_keyword = &format, .name = "format", .keywords = @@ -1101,7 +1099,12 @@ notmuch_show_command (notmuch_config_t *config, int argc, char *argv[]) { .opt_bool = ¶ms.entire_thread, .name = "entire-thread", .present = &entire_thread_set }, { .opt_int = ¶ms.part, .name = "part" }, - { .opt_bool = &decrypt, .name = "decrypt", .present = &decrypt_set }, + { .opt_keyword = (int*)(¶ms.crypto.decrypt), .name = "decrypt", + .keyword_no_arg_value = "true", .keywords = + (notmuch_keyword_t []){ { "false", NOTMUCH_DECRYPT_FALSE }, + { "auto", NOTMUCH_DECRYPT_AUTO }, + { "true", NOTMUCH_DECRYPT_NOSTASH }, + { 0, 0 } } }, { .opt_bool = ¶ms.crypto.verify, .name = "verify" }, { .opt_bool = ¶ms.output_body, .name = "body" }, { .opt_bool = ¶ms.include_html, .name = "include-html" }, @@ -1115,16 +1118,9 @@ notmuch_show_command (notmuch_config_t *config, int argc, char *argv[]) notmuch_process_shared_options (argv[0]); - if (decrypt_set) { - if (decrypt) { - /* we do not need or want to ask for session keys */ - params.crypto.decrypt = NOTMUCH_DECRYPT_NOSTASH; - /* decryption implies verification */ - params.crypto.verify = true; - } else { - params.crypto.decrypt = NOTMUCH_DECRYPT_FALSE; - } - } + /* explicit decryption implies verification */ + if (params.crypto.decrypt == NOTMUCH_DECRYPT_NOSTASH) + params.crypto.verify = true; /* specifying a part implies single message display */ single_message = params.part >= 0; diff --git a/test/T350-crypto.sh b/test/T350-crypto.sh index 38615677..761ff553 100755 --- a/test/T350-crypto.sh +++ b/test/T350-crypto.sh @@ -223,7 +223,7 @@ output=$(notmuch search mimetype:multipart/encrypted and mimetype:application/pg test_expect_equal "$output" "thread:XXX 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message 001 (encrypted inbox)" test_begin_subtest "decryption, --format=text" -output=$(notmuch show --format=text --decrypt subject:"test encrypted message 001" \ +output=$(notmuch show --format=text --decrypt=true subject:"test encrypted message 001" \ | notmuch_show_sanitize_all \ | sed -e 's|"created": [1234567890]*|"created": 946728000|') expected=' message{ id:XXXXX depth:0 match:1 excluded:0 filename:XXXXX @@ -255,7 +255,7 @@ test_expect_equal \ "$expected" test_begin_subtest "decryption, --format=json" -output=$(notmuch show --format=json --decrypt subject:"test encrypted message 001" \ +output=$(notmuch show --format=json --decrypt=true subject:"test encrypted message 001" \ | notmuch_json_show_sanitize \ | sed -e 's|"created": [1234567890]*|"created": 946728000|') expected='[[[{"id": "XXXXX", @@ -293,7 +293,7 @@ test_expect_equal_json \ "$expected" test_begin_subtest "decryption, --format=json, --part=4" -output=$(notmuch show --format=json --part=4 --decrypt subject:"test encrypted message 001" \ +output=$(notmuch show --format=json --part=4 --decrypt=true subject:"test encrypted message 001" \ | notmuch_json_show_sanitize \ | sed -e 's|"created": [1234567890]*|"created": 946728000|') expected='{"id": 4, @@ -307,13 +307,13 @@ test_begin_subtest "decrypt attachment (--part=5 --format=raw)" notmuch show \ --format=raw \ --part=5 \ - --decrypt \ + --decrypt=true \ subject:"test encrypted message 001" >OUTPUT test_expect_equal_file TESTATTACHMENT OUTPUT test_begin_subtest "decryption failure with missing key" mv "${GNUPGHOME}"{,.bak} -output=$(notmuch show --format=json --decrypt subject:"test encrypted message 001" \ +output=$(notmuch show --format=json --decrypt=true subject:"test encrypted message 001" \ | notmuch_json_show_sanitize \ | sed -e 's|"created": [1234567890]*|"created": 946728000|') expected='[[[{"id": "XXXXX", @@ -351,7 +351,7 @@ test_expect_success \ test_begin_subtest "decryption + signature verification" test_subtest_broken_gmime_2 -output=$(notmuch show --format=json --decrypt subject:"test encrypted message 002" \ +output=$(notmuch show --format=json --decrypt=true subject:"test encrypted message 002" \ | notmuch_json_show_sanitize \ | sed -e 's|"created": [1234567890]*|"created": 946728000|') expected='[[[{"id": "XXXXX", diff --git a/test/T357-index-decryption.sh b/test/T357-index-decryption.sh index 6b8a8261..2b8e05b8 100755 --- a/test/T357-index-decryption.sh +++ b/test/T357-index-decryption.sh @@ -197,14 +197,14 @@ test_expect_equal \ "$output" \ "$expected" -test_begin_subtest "show one of the messages with --decrypt" -output=$(notmuch show --decrypt thread:0000000000000001 | awk '/^\014part}/{ f=0 }; { if (f) { print $0 } } /^\014part{ ID: 3/{ f=1 }') +test_begin_subtest "show one of the messages with --decrypt=true" +output=$(notmuch show --decrypt=true thread:0000000000000001 | awk '/^\014part}/{ f=0 }; { if (f) { print $0 } } /^\014part{ ID: 3/{ f=1 }') expected='This is a test encrypted message with a wumpus.' test_expect_equal \ "$output" \ "$expected" -test_begin_subtest "Ensure that we cannot show the message without --decrypt" +test_begin_subtest "Ensure that we cannot show the message with --decrypt=auto" output=$(notmuch show thread:0000000000000001 | awk '/^\014part}/{ f=0 }; { if (f) { print $0 } } /^\014part{ ID: 3/{ f=1 }') expected='Non-text part: application/octet-stream' test_expect_equal \ diff --git a/test/T450-emacs-show.sh b/test/T450-emacs-show.sh index 8db0e49b..3555a939 100755 --- a/test/T450-emacs-show.sh +++ b/test/T450-emacs-show.sh @@ -191,7 +191,7 @@ This is an error (see *Notmuch errors* for more details) === ERROR === [XXX] This is an error -command: YYY/notmuch_fail show --format\\=sexp --format-version\\=4 --decrypt --exclude\\=false \\' \\* \\' +command: YYY/notmuch_fail show --format\\=sexp --format-version\\=4 --decrypt\\=true --exclude\\=false \\' \\* \\' exit status: 1 stderr: This is an error