diff --git a/completion/notmuch-completion.bash b/completion/notmuch-completion.bash index 1cd616b3..f94dbeed 100644 --- a/completion/notmuch-completion.bash +++ b/completion/notmuch-completion.bash @@ -517,7 +517,7 @@ _notmuch_show() COMPREPLY=( $( compgen -W "text json sexp mbox raw" -- "${cur}" ) ) return ;; - --exclude|--body) + --exclude|--body|--decrypt) COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) ) return ;; @@ -526,7 +526,7 @@ _notmuch_show() ! $split && case "${cur}" in -*) - local options="--entire-thread= --format= --exclude= --body= --format-version= --part= --verify --decrypt --include-html ${_notmuch_shared_options}" + local options="--entire-thread= --format= --exclude= --body= --format-version= --part= --verify --decrypt= --include-html ${_notmuch_shared_options}" compopt -o nospace COMPREPLY=( $(compgen -W "$options" -- ${cur}) ) ;; diff --git a/doc/man1/notmuch-show.rst b/doc/man1/notmuch-show.rst index 7ba091cf..64caa7a6 100644 --- a/doc/man1/notmuch-show.rst +++ b/doc/man1/notmuch-show.rst @@ -123,6 +123,10 @@ Supported options for **show** include multipart/encrypted part will be replaced by the decrypted content. + If a session key is already known for the message, then it + will be decrypted automatically unless the user explicitly + sets ``--decrypt=false``. + Decryption expects a functioning **gpg-agent(1)** to provide any needed credentials. Without one, the decryption will fail. diff --git a/notmuch-show.c b/notmuch-show.c index 7ee9685a..c8f5a48f 100644 --- a/notmuch-show.c +++ b/notmuch-show.c @@ -1083,13 +1083,14 @@ notmuch_show_command (notmuch_config_t *config, int argc, char *argv[]) .part = -1, .omit_excluded = true, .output_body = true, - .crypto = { .decrypt = NOTMUCH_DECRYPT_FALSE }, + .crypto = { .decrypt = NOTMUCH_DECRYPT_AUTO }, }; int format = NOTMUCH_FORMAT_NOT_SPECIFIED; bool exclude = true; bool entire_thread_set = false; bool single_message; bool decrypt = false; + bool decrypt_set = false; notmuch_opt_desc_t options[] = { { .opt_keyword = &format, .name = "format", .keywords = @@ -1104,7 +1105,7 @@ notmuch_show_command (notmuch_config_t *config, int argc, char *argv[]) { .opt_bool = ¶ms.entire_thread, .name = "entire-thread", .present = &entire_thread_set }, { .opt_int = ¶ms.part, .name = "part" }, - { .opt_bool = &decrypt, .name = "decrypt" }, + { .opt_bool = &decrypt, .name = "decrypt", .present = &decrypt_set }, { .opt_bool = ¶ms.crypto.verify, .name = "verify" }, { .opt_bool = ¶ms.output_body, .name = "body" }, { .opt_bool = ¶ms.include_html, .name = "include-html" }, @@ -1118,10 +1119,14 @@ notmuch_show_command (notmuch_config_t *config, int argc, char *argv[]) notmuch_process_shared_options (argv[0]); - if (decrypt) { - params.crypto.decrypt = NOTMUCH_DECRYPT_TRUE; - /* decryption implies verification */ - params.crypto.verify = true; + if (decrypt_set) { + if (decrypt) { + params.crypto.decrypt = NOTMUCH_DECRYPT_TRUE; + /* decryption implies verification */ + params.crypto.verify = true; + } else { + params.crypto.decrypt = NOTMUCH_DECRYPT_FALSE; + } } /* specifying a part implies single message display */ diff --git a/test/T357-index-decryption.sh b/test/T357-index-decryption.sh index 31991e22..c3730488 100755 --- a/test/T357-index-decryption.sh +++ b/test/T357-index-decryption.sh @@ -210,6 +210,23 @@ test_expect_equal \ "$output" \ "$expected" +test_begin_subtest "notmuch show should show cleartext if session key is present" +output=$(notmuch show id:simple-encrypted@crypto.notmuchmail.org | awk '/^\014part}/{ f=0 }; { if (f) { print $0 } } /^\014part{ ID: 3/{ f=1 }') +expected='This is a top sekrit message.' +if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then + test_subtest_known_broken +fi +test_expect_equal \ + "$output" \ + "$expected" + +test_begin_subtest "notmuch show should show nothing if decryption is explicitly disallowed" +output=$(notmuch show --decrypt=false id:simple-encrypted@crypto.notmuchmail.org | awk '/^\014part}/{ f=0 }; { if (f) { print $0 } } /^\014part{ ID: 3/{ f=1 }') +expected='Non-text part: application/octet-stream' +test_expect_equal \ + "$output" \ + "$expected" + # TODO: test removal of a message from the message store between # indexing and reindexing.