Commit graph

216 commits

Author SHA1 Message Date
David Bremner
c5cf92aa35 CLI: print extra headers in structured output
This is based on a patch from Johan Parin [1], which is in turn
responding to a bug report / feature requiest from Jan Malkhovski.

The update to the structured output documented in schemata is intended
to be upward compatible, so the format version stays the same

[1]: id:20191116162723.18343-1-johan.parin@gmail.com
[2]: id:87h8sdemnr.fsf@oxij.org
2022-01-18 08:11:06 -04:00
David Bremner
2944d59133 CLI/{count, dump, reindex, reply, show}: enable sexp queries
The change in each case is to call notmuch_query_create_with_syntax,
relying on the already inherited shared options.  As a bonus we get
improved error handling from the new query creation API.

The remaining subcommand is 'tag', which is a bit trickier.
2021-09-04 17:07:19 -07:00
David Bremner
d447b694b4 CLI: make variable n_requested_db_uuid file scope.
It turns out that now that we pass an open database into the
subcommands, it is easy to check any requested uuid against the
database at the same time as we process the other shared
arguments. This results in overall less boilerplate code, as well as
making a CLI scope function and variable file scope in notmuch.c.
2021-09-04 17:07:19 -07:00
jao
8316fc3ca1 CLI/show: accept --sort
Add the command-line option --sort to the show command of the CLI
notmuch interface, with the same possible values as the same option in
notmuch search.
2021-07-03 20:27:33 -03:00
Daniel Kahn Gillmor
8c29a5da09 cli/show: produce "email" element in sigstatus
When the certificate that signs a message is known to be valid, GMime
is capable of reporting on the e-mail address embedded in the
certificate.

We pass this information along to the caller of "notmuch show", as
often only the e-mail address of the certificate has actually been
checked/verified.

Furthermore, signature verification should probably at some point
compare the e-mail address of the caller against the sender address of
the message itself.  Having to parse what gmime thinks is a "userid"
to extract an e-mail address seems clunky and unnecessary if gmime
already thinks it knows what the e-mail address is.

See id:878s41ax6t.fsf@fifthhorseman.net for more motivation and discussion.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2021-06-26 13:07:47 -03:00
David Bremner
1c747a501c CLI: drop notmuch_config_t from subcommand interface.
At this point it is unused in all subcommands.
2021-04-06 21:32:36 -03:00
David Bremner
6e6c319c26 CLI/show: complete conversion to new configuration framework.
In order to open the database in main() for this command, we may need
to re-open it in the (possibly less common) case where crypto options
require write access.
2021-03-19 22:06:19 -03:00
uncrustify
eef21c2847 cli: run uncrustify
This is the result of running

     $ uncrustify --replace --config devel/uncrustify.cfg *.c *.h

in the top level source directory

Line breaks were then adjusted manually to keep argc and argv
together.
2021-03-13 08:45:34 -04:00
David Bremner
6c28039ebb CLI/show: mostly switch show to new config framework
This will need some cleanup when the transition completes, and we stop
passing notmuch_config_t structs to the subcommands.

Unlike the general case, we open the database in the subcommand, since
we don't know whether it should be opened read/write until we parse
the command line arguments.

Add a test to make sure passing config file on the command line is not
broken by these or future config related changes.
2021-02-06 19:27:54 -04:00
David Bremner
319efe21c9 CLI: add (unused) database argument to subcommands.
This will allow transitioning individual subcommands to the new
configuration framework. Eventually when they are all converted we can
remove the notmuch_config_t * argument.

For now, live with the parameter shadowing in some some subcommands;
it will go away when they are converted.
2021-02-06 19:05:19 -04:00
Đoàn Trần Công Danh
5648bebe69 notmuch-show: use correct format specifier for ssize_t
Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
2021-02-05 10:07:04 -04:00
David Bremner
ef27194a93 cli/show: replace deprecated notmuch_message_get_flag
This can be seen as moving an abort out of the library, into the CLI
where we can both print to stderr and shut the process down without
ill effect.
2020-07-18 11:03:28 -03:00
Daniel Kahn Gillmor
f12fb4d819 cli/show: If a leaf part has children, show them instead of omitting
Until we did PKCS#7 unwrapping, no leaf MIME part could have a child.

Now, we treat the unwrapped MIME part as the child of the PKCS#7
SignedData object.  So in that case, we want to show it instead of
deliberately omitting the content.

This fixes the test of the protected subject in
id:smime-onepart-signed@protected-headers.example.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-05-22 22:11:17 -03:00
Mark Walters
f140bbcb40 notmuch-show.c: add an option for messages to be returned unthreaded
This adds a --unthreaded option to notmuch show to tell it to return
the matching messages in an unthreaded order (so just by date).

To make it easier for users, in particular for notmuch-tree.el, we
output each message with the same "nesting" as if it were an entire
thread in its own right.

amended by db: s/status= /status = /
2020-03-19 22:05:47 -03:00
Daniel Kahn Gillmor
290eccc640 notmuch-show: run uncrustify
This is the result of running:

    $ uncrustify --replace --config devel/uncrustify.cfg *.c *.h

In the top level source directory.  I was using uncrustify
0.68.1+dfsg1-2.

I do not know why these changes were not caught in
33382c2b5b

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-07-05 17:54:36 +02:00
uncrustify
33382c2b5b cli: run uncrustify
This is the result of running

     $ uncrustify --replace --config devel/uncrustify.cfg *.c *.h

in the top level source directory
2019-06-14 07:41:27 -03:00
David Bremner
be8f0ba92a CLI: replace some constructs with more uncrustify friendly ones
In particular
   - use (bool) instead of !!
   - cuddle the opening parens of function calls
   - add parens in some ternery operators
2019-06-14 07:41:27 -03:00
Daniel Kahn Gillmor
56416a5470 cli/show: add information about which headers were protected
The header-mask member of the per-message crypto object allows a
clever UI frontend to mark whether a header was protected (or not).
And if it was protected, it contains enough information to show useful
detail to an interested user.  For example, an MUA could offer a "show
what this message's Subject looked like on the wire" feature in expert
mode.

As before, we only handle Subject for now, but we might be able to
handle other headers in the future.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Amended by db: tweaked schemata notation.
2019-05-29 08:11:50 -03:00
Daniel Kahn Gillmor
1c7fbbcc99 cli/show: emit payload subject instead of outside subject
Correctly fix the two outstanding tests so that the protected (hidden)
subject is properly reported.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-05-29 08:05:01 -03:00
Daniel Kahn Gillmor
80728a95e6 cli/show: emit headers after emitting body
This paves the way for emitting protected headers after verification
and decryption, because it means that the headers will only be emitted
after the body has been parsed.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-05-29 08:02:32 -03:00
Daniel Kahn Gillmor
4cb789aa09 cli/show: emit new whole-message crypto status output
This allows MUAs that don't want to think about per-mime-part
cryptographic status to have a simple high-level overview of the
message's cryptographic state.

Sensibly structured encrypted and/or signed messages will work fine
with this.  The only requirement for the simplest encryption + signing
is that the message have all of its encryption and signing protection
(the "cryptographic envelope") in a contiguous set of MIME layers at
the very outside of the message itself.

This is because messages with some subparts signed or encrypted, but
with other subparts with no cryptographic protection is very difficult
to reason about, and even harder for the user to make sense of or work
with.

For further characterization of the Cryptographic Envelope and some of
the usability tradeoffs, see here:

   https://dkg.fifthhorseman.net/blog/e-mail-cryptography.html#cryptographic-envelope
2019-05-26 08:20:23 -03:00
David Bremner
103c11822e cli/notmuch-show: support gzipped files
This drops "file" from mime_node_context and just uses a local
variable. It also uses the new gzip aware utility routines recently
added to util/gmime-extra.c. The use of gzopen / gzfile in addition is
a bit icky, but the choice is between that, and providing yet another
readline implimentation that understands GMime streams.
2019-05-03 07:48:43 -03:00
Daniel Kahn Gillmor
bbe3015b3e gmime-cleanup: pass NULL arguments explicitly where GMime 3.0 expects it
Several GMime 2.6 functions sprouted a change in the argument order in
GMime 3.0.  We had a compatibility layer here to be able to handle
compiling against both GMime 2.6 and 3.0.  Now that we're using 3.0
only, rip out the compatibility layer for those functions with changed
argument lists, and explicitly use the 3.0 argument lists.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-05-03 06:57:27 -03:00
Daniel Kahn Gillmor
582f255aeb gmime-cleanup: use GMime 3.0 function names
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-05-03 06:57:16 -03:00
Daniel Kahn Gillmor
38240aafac gmime-cleanup: use GMime 3.0 data types
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-05-03 06:57:06 -03:00
Daniel Kahn Gillmor
bb0b119358 gmime-cleanup: always support session keys
Our minimum version of GMime 3.0 always supports good session key
handling.

signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-05-03 06:55:32 -03:00
Daniel Kahn Gillmor
096d45a878 gmime-cleanup: remove obsolete gpg_path configuration option and crypto contexts
Note that we do keep ignoring the gpg_path configuration option,
though, to avoid breakage of existing installations.  It is ignored
like any other unknown configuration option, but we at least document
that it is ignored so that people who find it in their legacy configs
can know that it's safe to drop.

signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-05-03 06:55:04 -03:00
Daniel Kahn Gillmor
35e21bfb6f gmime-cleanup: remove GMime 2.6 variant codeblocks
signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-05-03 06:50:40 -03:00
David Bremner
570349e132 build: drop support for gmime-2.6
GMime 3.0 is over 2 years old now, and 2.6 has been deprecated in
notmuch for about 1.5 years.

Comments and documentation no longer need to refer to GMime 2.6, so
clean them all up.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-05-03 06:49:49 -03:00
Daniel Kahn Gillmor
325a924227 cli/show: pass the siglist directly to the sigstatus sprinter
This makes it easier to reuse format_part_sigstatus_sprinter() when we
have other places that we want to display a signature status.
2019-04-24 07:17:57 -03:00
Maxime Coste
baa4185c30 cli: notmuch show support for --include-html with --format=text 2018-11-24 09:12:30 -04:00
Maxime Coste
37e5bc00ae cli: notmuch show support for --body=false with --format=text 2018-11-24 09:11:42 -04:00
Sebastian Poeplau
0f08bf7166 lib: detect mislabeled Windows-1252 parts
Use GMime functionality to detect mislabeled messages and apply the
correct (Windows) encoding instead.
2018-08-29 06:34:39 -03:00
Daniel Kahn Gillmor
aa605f7e8a cli/show: enable --decrypt=stash
Add fancy new feature, which makes "notmuch show" capable of actually
indexing messages that it just decrypted.

This enables a workflow where messages can come in in the background
and be indexed using "--decrypt=auto".  But when showing an encrypted
message for the first time, it gets automatically indexed.

This is something of a departure for "notmuch show" -- in particular,
because it requires read/write access to the database.  However, this
might be a common use case -- people get mail delivered and indexed in
the background, but only want access to their secret key to happen
when they're directly interacting with notmuch itself.

In such a scenario, they couldn't search newly-delivered, encrypted
messages, but they could search for them once they've read them.

Documentation of this new feature also uses a table form, similar to
that found in the description of index.decrypt in notmuch-config(1).

A notmuch UI that wants to facilitate this workflow while also
offering an interactive search interface might instead make use of
these additional commands while the user is at the console:

Count received encrypted messages (if > 0, there are some things we
haven't yet tried to index, and therefore can't yet search):

     notmuch count tag:encrypted and \
         not property:index.decryption=success and \
         not property:index.decryption=failure

Reindex those messages:

     notmuch reindex --try-decrypt=true tag:encrypted and \
         not property:index.decryption=success and \
         not property:index.decryption=failure
2018-05-26 07:43:30 -07:00
Daniel Kahn Gillmor
808cababbb cli/show: reindex when we learned new session keys about a message
If the number of session keys for a given message increased after
running "notmuch show" then we just learned something new that might
let us do automatic decryption.  We should reindex this message using
our newfound knowledge.

Amended by db: add previously discussed #if block
2018-05-26 07:39:54 -07:00
Daniel Kahn Gillmor
8ea4a99d74 cli/show: make --decrypt take a keyword.
We also expand tab completion for it, update the emacs bindings, and
update T350, T357, and T450 to match.

Make use of the bool-to-keyword backward-compatibility feature.
2017-12-29 16:45:46 -04:00
David Bremner
040c3236af Merge branch 'release'
Conflicts:
        NEWS

Add in NEWS from point release
2017-12-08 22:19:06 -04:00
Daniel Kahn Gillmor
cb855d8a9d crypto: signature verification reports valid User IDs
When i'm trying to understand a message signature, i care that i know
who it came from (the "validity" of the identity associated with the
key), *not* whether i'm willing to accept the keyholder's other
identity assertions (the "trust" associated with the certificate).

We've been reporting User ID information based on the "trust"
associated with the certificate, because GMime didn't clearly expose
the validity of the User IDs.

This change relies on fixes made in GMime 3.0.3 and later which
include https://github.com/jstedfast/gmime/pull/18.
2017-12-08 20:35:18 -04:00
Daniel Kahn Gillmor
fccebbaeef crypto: add --decrypt=nostash to avoid stashing session keys
Here's the configuration choice for people who want a cleartext index,
but don't want stashed session keys.

Interestingly, this "nostash" decryption policy is actually the same
policy that should be used by "notmuch show" and "notmuch reply",
since they never modify the index or database when they are invoked
with --decrypt.

We take advantage of this parallel to tune the behavior of those
programs so that we're not requesting session keys from GnuPG during
"show" and "reply" that we would then otherwise just throw away.
2017-12-08 08:08:47 -04:00
Daniel Kahn Gillmor
a1260896f6 cli/show: use decryption policy "auto" by default.
When showing a message, if the user doesn't specify --decrypt= at all,
but a stashed session key is known to notmuch, notmuch should just go
ahead and try to decrypt the message with the session key (without
bothering the user for access to their asymmetric secret key).

The user can disable this at the command line with --decrypt=false if
they really don't want to look at the e-mail that they've asked
notmuch to show them.

and of course, "notmuch show --decrypt" still works for accessing the
user's secret keys if necessary.
2017-12-08 08:08:46 -04:00
Daniel Kahn Gillmor
798aa789b5 lib: convert notmuch decryption policy to an enum
Future patches in this series will introduce new policies; this merely
readies the way for them.

We also convert --try-decrypt to a keyword argument instead of a boolean.
2017-12-08 08:07:02 -04:00
Daniel Kahn Gillmor
88f2a72ef1 crypto: rename notmuch_crypto_t to _notmuch_crypto_t
The notmuch_crypto_t struct isn't used externally, and we have no
plans to explicitly export it.  Prefix its name (and associated
functions) with _ to make that intent clear.
2017-10-12 22:11:25 -03:00
Jani Nikula
0f314c0c99 cli: convert notmuch_bool_t to stdbool
C99 stdbool turned 18 this year. There really is no reason to use our
own, except in the library interface for backward
compatibility. Convert the cli and test binaries to stdbool.
2017-10-09 22:24:02 -03:00
Jani Nikula
9a0df8128c cli: use notmuch_bool_t for boolean argument in show
Pedantically correct, although they're the same underlying type.
2017-10-04 22:02:57 -03:00
Jani Nikula
ed43b8ddcd cli: use the arg parser .present feature to handle show --entire-thread
The --entire-thread default depends on other arguments, so we'll have
to figure out if it was explicitly set by the user or not. The arg
parser .present feature helps us clean up the code here.
2017-10-04 22:02:09 -03:00
Jani Nikula
4a6721970a cli: use designated initializers for opt desc
Several changes at once, just to not have to change the same lines
several times over:

- Use designated initializers to initialize opt desc arrays.

- Only initialize the needed fields.

- Remove arg_id (short options) as unused.

- Replace opt_type and output_var with several type safe output
  variables, where the output variable being non-NULL determines the
  type. Introduce checks to ensure only one is set. The downside is
  some waste of const space per argument; this could be saved by
  retaining opt_type and using a union, but that's still pretty
  verbose.

- Fix some variables due to the type safety. Mostly a good thing, but
  leads to some enums being changed to ints. This is pedantically
  correct, but somewhat annoying. We could also cast, but that defeats
  the purpose a bit.

- Terminate the opt desc arrays using {}.

The output variable type safety and the ability to add new fields for
just some output types or arguments are the big wins. For example, if
we wanted to add a variable to set when the argument is present, we
could do so for just the arguments that need it.

Beauty is in the eye of the beholder, but I think this looks nice when
defining the arguments, and reduces some of the verbosity we have
there.
2017-10-04 22:00:42 -03:00
Daniel Kahn Gillmor
23eed88e32 remove boolean "first" argument from format_part_sprinter
This argument seems to be unused, and format_part_sprinter isn't
required to meet any specific API so it seems cleaner and simpler to
drop it.
2017-08-16 21:56:58 -03:00
Daniel Kahn Gillmor
e142de643d config: deprecate/drop crypto.gpg_path under gmime 2.6/3.0
gmime 3.0 no longer offers a means to set the path for gpg.

Users can set $PATH anyway if they want to pick a
differently-installed gpg (e.g. /usr/local/bin/gpg), so this isn't
much of a reduction in functionality.

The one main difference is for people who have tried to use "gpg2" to
make use of gpg 2.1, but that isn't usefully co-installable anyway.
2017-07-14 21:23:52 -03:00
David Bremner
cd853915ec cli: wrap getting uid
Apparently it moved from "name" to "key_id" in gmime-3.0
2017-07-14 21:23:52 -03:00
David Bremner
2b3224a6c4 cli: make keyid from fingerprint in gmime 3.0
The "key_id" field seems to used for userid in gmime-3.0, while the
keyid is dropped in the fingerprint field if the full fingerprint is
not available.
2017-07-14 21:23:52 -03:00