config: define new option index.try_decrypt

By default, notmuch won't try to decrypt on indexing. With this patch, we make it possible to indicate a per-database preference using the config variable "index.try_decrypt", which by default will be false. At indexing time, the database needs some way to know its internal defaults for how to index encrypted parts. It shouldn't be contingent on an external config file (since that can't be retrieved from the database object itself), so we store it in the database. This behaves similarly to the query.* configurations, which are also stored in the database itself, so we're not introducing any new dependencies by requiring that it be stored in the database.
2024-11-24 03:48:10 +01:00 · 2017-10-20 22:25:43 -04:00 · 2017-10-20 22:25:43 -04:00 · d0da7a0a1c
commit d0da7a0a1c
parent 886c0b1666
4 changed files with 40 additions and 3 deletions
--- a/doc/man1/notmuch-config.rst
+++ b/doc/man1/notmuch-config.rst
@ -138,6 +138,19 @@ The available configuration items are described below.

        Default: ``gpg``.

+    **index.try_decrypt**
+
+        **[STORED IN DATABASE]**
+        When indexing an encrypted e-mail message, if this variable is
+        set to true, notmuch will try to decrypt the message and index
+        the cleartext.  Be aware that the index is likely sufficient
+        to reconstruct the cleartext of the message itself, so please
+        ensure that the notmuch message index is adequately protected.
+        DO NOT USE ``index.try_decrypt=true`` without considering the
+        security of your index.
+
+        Default: ``false``.
+
    **built_with.<name>**

        Compile time feature <name>. Current possibilities include
--- a/doc/man7/notmuch-properties.rst
+++ b/doc/man7/notmuch-properties.rst
@ -70,13 +70,15 @@ of its normal activity.
    properties will be set on the message as a whole.

    If notmuch never tried to decrypt an encrypted message during
-    indexing (which is the default), then this property will not be
-    set on that message.
+    indexing (which is the default, see ``index.try_decrypt`` in
+    **notmuch-config(1)**), then this property will not be set on that
+    message.

 SEE ALSO
 ========

 **notmuch(1)**,
+**notmuch-config(1)**,
 **notmuch-dump(1)**,
 **notmuch-insert(1)**,
 **notmuch-new(1)**,
--- a/lib/indexopts.c
+++ b/lib/indexopts.c
@ -23,7 +23,23 @@
 notmuch_indexopts_t *
 notmuch_database_get_default_indexopts (notmuch_database_t *db)
 {
-    return talloc_zero (db, notmuch_indexopts_t);
+    notmuch_indexopts_t *ret = talloc_zero (db, notmuch_indexopts_t);
+    if (!ret)
+	return ret;
+
+    char * try_decrypt;
+    notmuch_status_t err = notmuch_database_get_config (db, "index.try_decrypt", &try_decrypt);
+    if (err)
+	return ret;
+
+    if (try_decrypt &&
+	((!(strcasecmp(try_decrypt, "true"))) ||
+	 (!(strcasecmp(try_decrypt, "yes"))) ||
+	 (!(strcasecmp(try_decrypt, "1")))))
+	notmuch_indexopts_set_try_decrypt (ret, true);
+
+    free (try_decrypt);
+    return ret;
 }

 notmuch_status_t
--- a/notmuch-config.c
+++ b/notmuch-config.c
@ -812,8 +812,14 @@ _item_split (char *item, char **group, char **key)
 static bool
 _stored_in_db (const char *item)
 {
+    const char * db_configs[] = {
+	"index.try_decrypt",
+    };
    if (STRNCMP_LITERAL (item, "query.") == 0)
 	return true;
+    for (size_t i = 0; i < ARRAY_SIZE (db_configs); i++)
+	if (strcmp (item, db_configs[i]) == 0)
+	    return true;
    return false;
 }