Commit graph

1393 commits

Author SHA1 Message Date
Jonas Bernoulli
caaa108760 emacs: Fix indentation 2020-08-09 20:48:09 -03:00
Đoàn Trần Công Danh
f5ae8040b3 T355: specify hash algorithm explicitly
On some systems (notably, the one shipped with LibreSSL),
default fingerprint digest algorithm is SHA256.

On other systems, users can change default digest algorithm by changing
default_md in /etc/ssl/default_md.

Let's ask openssl to provide us specific algorithm to make the test
more deterministic.

Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
2020-08-08 16:04:27 -03:00
David Bremner
0e4695abaa test: regression tests for n_indexopts_{get,set}_decrypt_policy
The main criteria is that they don't crash. Working with a closed
database is a bonus.
2020-08-03 21:05:29 -03:00
David Bremner
e3f88436b7 test: regression test for traversing config list with closed db
Also mention error return in API docs
2020-08-03 21:03:43 -03:00
David Bremner
a0b2a54aa7 test: regression test for n_d_get_config_list on closed db.
Exception is caught.
2020-08-03 21:01:53 -03:00
David Bremner
e8ffbf84ff test: regression test for n_directory_{get,set}_mtime
The mtime is cached, so closing the db is not a problem. Writing the
mtime throws an exception, which is caught.
2020-08-03 21:00:25 -03:00
David Bremner
f4f5db0f1a lib: fix return value for n_directory_delete
Falling out of the catch meant the error return was lost
2020-08-03 20:59:06 -03:00
David Bremner
b03cc6cf90 test: known broken test for n_directory_delete with closed db.
There is a return value bug in notmuch_directory_delete that is hiding
the exception.
2020-08-03 20:57:43 -03:00
David Bremner
337665e26a lib: catch exceptions in n_directory_get_child_files
Also clarify API in error case.
2020-08-03 20:56:09 -03:00
David Bremner
3890d98966 test: add known broken test for n_directory_get_child_files
This is a clone of the one for get_child_directories
2020-08-03 20:54:26 -03:00
David Bremner
9668583a49 lib: catch exceptions in n_directory_get_child_directories
Also clarify API in error case.
2020-08-03 20:53:04 -03:00
David Bremner
919b89156c test: add known broken test for n_directory_get_child_directories
Start a new test file (for the notmuch_directory_* API group) to hold
this test.
2020-08-03 20:51:40 -03:00
David Bremner
c151506773 test: regression test for n_m_get_filenames
Closing the database after the iterator is created is not a problem.
2020-08-03 20:50:15 -03:00
David Bremner
2b6e73d895 test: split header for lib-message tests.
This allows finer control over when to close the database.
2020-08-03 20:48:51 -03:00
David Bremner
e5e17926db test: add regression test for n_messages_collect_tags
Also test n_messages_destroy.
2020-08-03 20:47:18 -03:00
David Bremner
31dab9b1cd lib: return NULL from n_d_get_default_indexopts on error
This is a rare and probably serious programming error, so better not
to silently return a default value.
2020-08-03 20:45:58 -03:00
David Bremner
99a7aac8f2 test: drop use of db_ending
This will allow the dropping of the test for the default ending from
configure.
2020-08-01 20:27:30 -03:00
David Bremner
29a58ecf4a test: drop NOTMUCH_DEFAULT_XAPIAN_BACKEND from T360-symbol-test
Inspired by the suggestion of

         id:20200727154108.16269-3-congdanhqx@gmail.com

to drop the configuration test for the default backend. This version
is hopefully robust against backend changes.
2020-07-31 21:30:06 -03:00
David Bremner
00f48f397a test: destroy thread from closed database
Check for (non)-crash.
2020-07-31 07:41:00 -03:00
David Bremner
864f422f14 test: regression test for n_thread_get_tags
Code is taken from the API docs, with the twist that the underlying
database is closed. Not crashing is the main point.
2020-07-31 07:41:00 -03:00
David Bremner
43406e7d4c test: add regression tests for oldest and newest dates
These are strictly to watch for crashes, so don't be too fussy about
the actual timestamps.
2020-07-31 07:41:00 -03:00
David Bremner
c5017c76d9 test: add regression tests for n_t_get_{authors, subject}
This is returning explicitely cached data, so no database access is needed.
2020-07-31 07:41:00 -03:00
David Bremner
70b30066f6 test: add regression test for n_t_get_messages
This is similar to the case of toplevel messages. Currently everything
is cached, so no database access is necessary. This might change in
the future, but it should not crash in either case.
2020-07-31 07:41:00 -03:00
David Bremner
6ccc4338a4 test: add regression tests for n_thread_get_toplevel_messages
Include a test for the previously omitted non-trivial code path for
notmuch_thread_get_replies.
2020-07-31 07:41:00 -03:00
David Bremner
02ab473115 test: add regression test for n_thread_get_total_{messages,files}
This is returning cached info, so does not need to access the (closed)
database.
2020-07-31 07:41:00 -03:00
David Bremner
0baa581e6e test: regression test for n_t_get_thread_id
This is just cached data, so as long as we don't prematurely free
anything, it should be fine.
2020-07-31 07:41:00 -03:00
David Bremner
46468baa5a test: regression test for notmuch_query_destroy
As with other void API entries, not crashing counts as success.
2020-07-29 12:20:41 -03:00
David Bremner
451c0ce3fc test: regression tests for n_q_count_{messages, threads}
At least these exceptions are caught.
2020-07-29 12:20:30 -03:00
David Bremner
0a4c6cdeb1 test: regression test for n_q_search_messages
Exception handling matches notmuch_query_search_threads, at least for
this case.
2020-07-29 12:20:22 -03:00
David Bremner
25fc8662ed test: regression test for n_q_search_threads
At least this exception is caught.
2020-07-29 12:20:14 -03:00
David Bremner
4130b4e514 test: add regression test for n_q_add_tag_exclude
This relies on the change to not tear down the auxilary Xapian
objects, in particular the query parser, when the database is closed.
2020-07-29 12:20:06 -03:00
David Bremner
d5c84c8289 test: regression test for n_q_{set, get}_sort
We just want to make sure accessing the query owned by a closed db
does not cause a crash.
2020-07-29 12:19:57 -03:00
David Bremner
a292461e65 test: regression test for set_omit_excluded 2020-07-29 12:19:48 -03:00
David Bremner
768efe88d0 test: regression test for notmuch_query_get_database
Current functionality is too trivial to really justify a test, but
it's simpler just to test the complete API.
2020-07-29 12:19:39 -03:00
David Bremner
cbf9f890aa test: add regression test for n_q_{create,_get_query_string}
Start a new file of tests, to keep to the (emerging) scheme of one
notmuch_foo group per file
2020-07-29 12:19:09 -03:00
David Bremner
85da95e266 test: move notmuch_message_* tests to their own file
This is for consistency with the recently added tests for
notmuch_database_*.
2020-07-29 12:18:11 -03:00
Jonas Bernoulli
8b162b40f8 test: Explicitly state that we want to sign with sender
Since Emacs 27 'mml-secure-epg-sign' errors out if we don't opt-in to
signing as the sender using 'mml-secure-openpgp-sign-with-sender'.
2020-07-28 08:40:30 -03:00
Jonas Bernoulli
7b752e9eb4 test: Remove misguided emacs testing utilities
The goal of this abstraction was to save space.  But that failed as
the result actually was that four trivial lines got replace with 15
fairly complicated lines.  The opposite of what it was supposed to
do.

Also it made it harder to come up with the fix in the previous commit;
simply grepping for the relevant symbols did not work because they get
constructed at run-time instead of appearing in the source file.
2020-07-28 08:39:58 -03:00
Jonas Bernoulli
d5d8846c32 test: Deal with Emacs 27 switching to lexical scope by default
Starting with Emacs 27 undeclared variables in evaluated interactive
code uses lexical scope.  This includes code passed with '--eval' as
we do in the Emacs tests, which also happen to assume dynamic scope.

- This can affect variables defined by libraries that we use.  We
  let-bind such variables to change the behavior of functions which we
  then call with these bindings in effect.  If these libraries are not
  loaded beforehand, then the bindings are lexical and fail to have
  the effect we intended.

  At this time only 'smtpmail' has to be loaded explicitly (for the
  variables let-bound in emacs_deliver_message and emacs_fcc_message).

  'message' doesn't have to be loaded explicitly, because loading
  'notmuch' (in 'run_emacs') already takes care of that, indirectly.

- Our own testing-only variables also have to be declared explicitly.
  We should have done that anyway, but because of how and where these
  variables are used it was very easy to overlook that (i.e. it isn't
  something the byte-compiler ever looks at).  Not so in Emacs 27
  anymore; here this oversight caused four tests to fail.

  The numeric values of these variables get incremented by functions
  that we add to hooks that are run by many tests, not just the tests
  where we actually inspect the value and therefore take care to let-
  bind the values to 0 before we begin.  The global values therefore
  have to be numeric values as well.  I have chosen -100 instead of 0
  as the default in case someone writes a test that inspects the value
  but forgets to let-bind the value.  I hope that the unusual negative
  value that one is going to see in such a case will help debugging
  the issue.
2020-07-28 08:39:44 -03:00
David Bremner
24cf4381b8 test: add known broken test for n_d_get_default_indexopts
Xapian exceptions are swallowed and turned into default return value.
2020-07-22 19:52:55 -03:00
David Bremner
b268c8c071 lib: fix error return bug with n_d_set_config.
The catch block either needs to return, or the function needs to
return "status". Choose the latter for consistency with
n_d_get_config.
2020-07-22 19:52:55 -03:00
David Bremner
f6d74be840 test: add known broken test for n_d_set_config
Error status is currently lost.
2020-07-22 19:52:55 -03:00
David Bremner
a5e13d5218 test: add regression test for n_d_get_config
Xapian exceptions seem to handled OK, at least for this case.
2020-07-22 19:52:55 -03:00
David Bremner
dfab190a40 lib: add regresion test for n_d_get_all_tags
Existing error handling seems adequate, if not ideal.
2020-07-22 19:52:55 -03:00
David Bremner
64aa896151 lib: add regression test for n_d_find_message_by_filename
At least this Xapian exception is caught. Make sure it stays that way.
2020-07-22 19:52:55 -03:00
David Bremner
ce360ce4c9 lib: rename _n_d_create to _n_d_find_or_create
The error message and name were confusing when called in some "read
only" context.
2020-07-22 19:52:55 -03:00
David Bremner
97c887282a test: add known broken test for notmuch_database_remove_message
The current error message is a bit confusing; fix in next commit.
2020-07-22 19:52:55 -03:00
David Bremner
c477d7ce31 lib: convert relative filenames to absolute in n_d_index_file
The API docs promise to handle relative filenames, but the code did
not do it.

Also check for files outside the mail root, as implied by the API
description.

This fixes the bug reported at

     id:87sgdqo0rz.fsf@tethera.net
2020-07-22 19:52:55 -03:00
David Bremner
be3f4aec3f test: add known broken test for indexing relative path
The current code seems to look for the path relative to the current
working directory, rather than the mail store root.
2020-07-22 19:52:55 -03:00
David Bremner
9ab3e2e77d test: regression test for n_d_index_file closed db
Current exception handling seems OK, at least for this case.
2020-07-22 19:52:55 -03:00
David Bremner
1ca805a962 test: add regression test for n_d_get_directory
At least this exception is already handled correctly.
2020-07-22 19:52:55 -03:00
David Bremner
959cb4b7a7 test: regression test for n_d_get_revision
This function only accesses data cached by notmuch, so being closed is
not a problem.
2020-07-22 19:52:55 -03:00
David Bremner
bcb02dd8fc test: add regression test for n_d_{begin,end}_atomic
Xapian currently succeeds to begin/end a transaction on a closed database,
or at least does not throw an exception. Make the test robust against
this changing.
2020-07-22 19:52:55 -03:00
David Bremner
3f121d636e test: regression test for n_d_upgrade
The logic is that if it's acceptable to return SUCCESS for read only
database, it's acceptable for a closed one.
2020-07-22 19:52:55 -03:00
David Bremner
f25fc8e211 lib/n_d_needs_upgrade: handle error return from n_d_get_version
Also clarify documentation of error return from n_d_needs_upgrade.
2020-07-22 19:52:55 -03:00
David Bremner
cf90431cbf test: add known broken test for n_d_needs_upgrade
It's a bit arbitrary which value to return for errors, but the same
argument as for read only databases applies for errors.
2020-07-22 19:52:55 -03:00
David Bremner
37dc6045e4 test: add regression tests for notmuch database destroy
Either an open or closed database should be ok to destroy
2020-07-22 19:52:55 -03:00
David Bremner
964e783fd4 test: regression test for closing a closed database
This does not currently throw an error, and it should stay that way.
2020-07-22 19:52:55 -03:00
David Bremner
ab45654192 lib/n_d_get_version: catch exceptions and clarify the API
notmuch_database_get_version previously returned 0 on some errors, but
did not document this. Luckily 0 is not a valid database version.
2020-07-22 19:52:55 -03:00
David Bremner
920dc56e60 test: add known broken test for n_d_get_version on closed db
This should not crash, but it does currently.
2020-07-22 19:52:55 -03:00
David Bremner
f3a56b5f6d test: regression tests for n_d_status_string and n_d_get_path
These do not crash on a closed database, and we want to keep it that
way.

Start a new file of tests as T560-lib-error was starting to get unwieldy.
2020-07-22 19:52:55 -03:00
David Bremner
e9867b818b lib: fix exception messages for n_m_message_*
The original generic handler had an extra '%s' in the format
string. Update tests that failed to catch this because the template to
print status strings checked 'stat', which was not set.
2020-07-22 19:52:55 -03:00
David Bremner
1a8060b81f test: sanitize line numbers in exception reports
Prevent test suite churn when reported line numbers change.
2020-07-22 19:52:55 -03:00
David Bremner
765ca7bc08 lib: fix return value for n_m_reindex
Also update the documentation for the behaviour of n_m_get_thread_id
that this fix relies on.
2020-07-20 08:54:42 -03:00
David Bremner
a0c83e1fac test: add known broken test for n_m_reindex on closed db
This is another case where the code should not call INTERNAL_ERROR.
2020-07-20 08:54:42 -03:00
David Bremner
a2279c322e test: regression for retrieving closed db from message
This is actually one of the few potentially useful things you can do
with a message belonging to a closed database, since in principle you
could re-open the database.
2020-07-20 08:54:42 -03:00
David Bremner
1578e2af6a test: regression test for destroying message with closed db
This should be fine because the message belongs to the
database (talloc context wise).
2020-07-20 08:54:42 -03:00
David Bremner
9244f58860 test: regression tests of n_m_freeze and n_m_thaw on closed db
Neither of these accesses the database, so should be safe. Add the
tests to catch any changes in exception throwing.
2020-07-20 08:54:42 -03:00
David Bremner
a2b90dc084 lib: handle xapian exception in n_m_remove_all_tags
At least the exception we already catch should be reported properly.
2020-07-20 08:54:42 -03:00
David Bremner
a4ac9941a8 test: add broken test for n_m_remove_all_tags
The Xapian exception is actually caught here, but the NULL return is
not dealt with properly.
2020-07-20 08:54:42 -03:00
David Bremner
e32f66d0e3 test: add regression test for n_m_maildir_flags_to_tags
This function currently catches at least the obvious Xapian exceptions
and we want to keep it that way.
2020-07-20 08:54:42 -03:00
David Bremner
b7572ceb14 lib: add notmuch_message_has_maildir_flag_st
Initially the new function is mainly tested indirectly via the
wrapper.
2020-07-20 08:54:42 -03:00
David Bremner
b21f0fcb6a test: add regression test for notmuch_message_has_maildir_flag
This passes the NULL return inside _ensure_maildir_flags does not
break anything. Probably this should be handled more explicitely.
2020-07-20 08:45:15 -03:00
David Bremner
2d04ed2631 lib: catch exceptions in n_m_get_flag, provide n_m_get_flag_st
It's not very nice to return FALSE for an error, so provide
notmuch_message_get_flag_st as a migration path.

Bump LIBNOTMUCH_MINOR_VERSION because the API is extended.
2020-07-18 09:52:27 -03:00
David Bremner
aa8e3f4487 lib: catch Xapian exceptions in n_m_remove_tag
The churn here is again mainly re-indentation.
2020-07-14 07:31:45 -03:00
David Bremner
0fc769aa4f test: add broken test for n_m_remove_tag
Exception will be caught in next commit.
2020-07-14 07:31:45 -03:00
David Bremner
33dd5fdc69 lib: catch Xapian exceptions in n_m_add_tag
This is mostly just (horizontal) code movement due to wrapping
everything in a try / catch.
2020-07-14 07:31:45 -03:00
David Bremner
503c035077 test: add known broken test for n_m_add_tag with closed db
Exception will be caught in next commit.
2020-07-14 07:31:45 -03:00
David Bremner
96befd0dd0 lib: catch Xapian exceptions in n_m_count_files
This will require some care for the caller to check the sign, and not
just add error returns into a running total.
2020-07-14 07:31:37 -03:00
David Bremner
6dc62d8bea test: add known broken test for n_m_count_files
This will be fixed in the next commit.
2020-07-14 07:31:30 -03:00
David Bremner
00f1abfdf4 lib: catch Xapian exceptions in n_m_get_tags
This allows the function to return an error value rather than
crashing.
2020-07-14 07:12:52 -03:00
David Bremner
d284dc00da test: add known broken test for n_m_get_tags
This will be fixed in the next commit.
2020-07-14 07:12:52 -03:00
David Bremner
6eaadb43ad lib: add regression test for n_m_get_date; clarify API
This function catches Xapian exceptions. The test is intended to make
sure it stays that way.
2020-07-14 07:12:52 -03:00
David Bremner
ef15946def test: add known broken for n_m_get_flag on closed db
Exception caught in next commit. Note that FLAG_GHOST is the only one
that triggers the I/O code path.
2020-07-13 07:19:22 -03:00
David Bremner
286161b703 lib: catch exceptions in n_m_get_filenames
This is essentially copied from the change to notmuch_message_get_filename
2020-07-13 07:19:22 -03:00
David Bremner
2c2ba7d6e2 test: add known broken test for n_m_get_filenames
This will be fixed in the next commit
2020-07-13 07:19:22 -03:00
David Bremner
a606cba32b lib/n_m_g_filename: catch Xapian exceptions, document NULL return
This is the same machinery as applied for

     notmuch_message_get_{thread,message}_id
2020-07-13 07:19:22 -03:00
David Bremner
46e8076281 lib: add known broken test for notmuch_message_get_filename
This will be fixed in the next commit
2020-07-13 07:19:22 -03:00
David Bremner
a962bd2bf8 lib/n_m_get_replies: doc return, initial regression test
We need to to set a query and retrieve the threads to meaningfully
test this function.
2020-07-13 07:19:22 -03:00
David Bremner
056794a60d test: add regression test for n_m_get_header
This function already catches Xapian exceptions, and we want to make
sure it stays that way.
2020-07-13 07:19:22 -03:00
David Bremner
cca551a736 test: drop use of assert in closed db tests
Instead of printing the same static string for each test, can replace
the assert with something simpler (or at least easier to integrate
into the test suite).
2020-07-13 07:19:22 -03:00
David Bremner
a280d2a1a1 test: remove unused backup_database calls
Since these backups are never restored, they should be safe to remove.
2020-07-13 07:19:22 -03:00
David Bremner
ee897cab8b test: drop upgrade from v1 tests
These are less crucial since we stopped generating new database
versions and relied primarily on features. They also rely on a
pre-generated v1 database which happens to be chert format. This
backend is not supported by Xapian 1.5.

Also drop the tool gen-testdb.sh, which is currently broken, due to
changes in the testing infrastructure.
2020-07-11 17:20:09 -03:00
David Bremner
dbdb860bb9 lib/message: catch exception in n_m_get_thread_id
This allows us to return an error value from the library.
2020-07-03 21:04:43 -03:00
David Bremner
bb51f3aa29 test: add known broken test for n_m_get_thread_id on closed db
This will be fixed in the next commit.
2020-07-03 21:04:02 -03:00
David Bremner
87d462a204 lib: catch error from closed db in n_m_get_message_id
By catching it at the library top level, we can return an error value.
2020-07-03 21:03:51 -03:00
David Bremner
2c17327ee5 test: add known broken test for error handling on closed database
Based on id:87d05je1j6.fsf@powell.devork.be
2020-07-03 21:01:39 -03:00
David Bremner
e9f8ffd882 test: fix python 3.8.4 related regression in T210-raw
It seems (at least in 3.8.4~rc1-1 on Debian) that set_content requires
at least one line.
2020-07-03 07:23:32 -03:00
Daniel Kahn Gillmor
18a1522948 tests: mark sig verification known-broken with session keys on buggy gpgme
We make use of the just-introduced configure test.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-07-02 21:23:28 -03:00
David Bremner
b46d842782 test: mark two tests broken on machines with 32 bit time_t
I haven't traced the code path as exhaustively for the SMIME test, but
the expiry date in question is larger then representable in a signed
32 bit integer.
2020-06-26 22:16:51 -03:00
Daniel Kahn Gillmor
b624b406ff tests/ruby: Ensure that test works for out-of-tree builds 2020-05-31 13:52:33 -03:00
Daniel Kahn Gillmor
ef0ab496b3 python-cffi: enable out-of-tree builds
This is a simple hack to enable out-of-tree builds, a concern raised
by Tomi in id:m24kzjib9a.fsf@guru.guru-group.fi

This change at least enables "make check" to complete without error,
but I'm sure it could be improved.  I am not expert enough in
setuptools to know how.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Amended by db per id:87d06usa31.fsf@powell.devork.be
2020-05-30 12:42:14 -03:00
Tomi Ollila
c9e55a712e test/test-lib.sh: fix two out of tree test issues
json_check_nodes.py exists in source tree, not in out of tree
build tree. Added -B to the execution so source tree is not
"polluted" by a .pyc file when json_check_nodes.py is executed.

When creating run_emacs.sh make it load .elc files from out of
tree build tree, not from source tree if such files existed.
If existed, those may be outdated, or even created by some other
emacs than the one that was used to build .elc files in out of
tree build dir.
2020-05-30 12:42:14 -03:00
Jonas Bernoulli
291ef68ede emacs: Use dolist' instead of mapcar' for side-effects
As recommended by the byte-compiler.
2020-05-26 20:23:14 -03:00
Daniel Kahn Gillmor
6cdf4b7e38 smime: Index cleartext of envelopedData when requested
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-05-22 22:12:00 -03:00
Daniel Kahn Gillmor
cb88b51fe5 smime: Pass PKCS#7 envelopedData to node_decrypt_and_verify
This change means we can support "notmuch show --decrypt=true" for
S/MIME encrypted messages, resolving several outstanding broken tests,
including all the remaining S/MIME protected header examples.

We do not yet handle indexing the cleartext of S/MIME encrypted
messages, though.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-05-22 22:11:51 -03:00
Daniel Kahn Gillmor
1b9f4a9863 cli/reply: Ignore PKCS#7 wrapper parts when replying
When composing a reply, no one wants to see this line in the proposed
message:

    Non-text part: application/pkcs7-mime

So we hide it, the same way we hide PGP/MIME cruft.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-05-22 22:11:25 -03:00
Daniel Kahn Gillmor
f12fb4d819 cli/show: If a leaf part has children, show them instead of omitting
Until we did PKCS#7 unwrapping, no leaf MIME part could have a child.

Now, we treat the unwrapped MIME part as the child of the PKCS#7
SignedData object.  So in that case, we want to show it instead of
deliberately omitting the content.

This fixes the test of the protected subject in
id:smime-onepart-signed@protected-headers.example.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-05-22 22:11:17 -03:00
Daniel Kahn Gillmor
5f4aceee26 cli: include wrapped part of PKCS#7 SignedData in the MIME tree
Unwrap a PKCS#7 SignedData part unconditionally when the cli is
traversing the MIME tree, and return it as a "child" of what would
otherwise be a leaf in the tree.

Unfortunately, this also breaks the JSON output.  We will fix that
next.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-05-22 22:11:07 -03:00
Daniel Kahn Gillmor
ad60e5d4e8 smime: Identify encrypted S/MIME parts during indexing
We don't handle them correctly yet, but we can at least mark them as
being encrypted.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-05-22 22:10:55 -03:00
Daniel Kahn Gillmor
38bd0df922 lib: index PKCS7 SignedData parts
When we are indexing, we should treat SignedData parts the same way
that we treat a multipart object, indexing the wrapped part as a
distinct MIME object.

Unfortunately, this means doing some sort of cryptographic
verification whose results we throw away, because GMime doesn't offer
us any way to unwrap without doing signature verification.

I've opened https://github.com/jstedfast/gmime/issues/67 to request
the capability from GMime but for now, we'll just accept the
additional performance hit.

As we do this indexing, we also apply the "signed" tag, by analogy
with how we handle multipart/signed messages.  These days, that kind
of change should probably be done with a property instead, but that's
a different set of changes.  This one is just for consistency.

Note that we are currently *only* handling signedData parts, which are
basically clearsigned messages.  PKCS#7 parts can also be
envelopedData and authEnvelopedData (which are effectively encryption
layers), and compressedData (which afaict isn't implemented anywhere,
i've never encountered it).  We're laying the groundwork for indexing
these other S/MIME types here, but we're only dealing with signedData
for now.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-05-22 22:10:46 -03:00
Daniel Kahn Gillmor
b14d9ae204 smime: tests of X.509 certificate validity are known-broken on GMime < 3.2.7
When checking cryptographic signatures, Notmuch relies on GMime to
tell it whether the certificate that signs a message has a valid User
ID or not.

If the User ID is not valid, then notmuch does not report the signer's
User ID to the user.  This means that the consumer of notmuch's
cryptographic summary of a message (or of its protected headers) can
be confident in relaying the reported identity to the user.

However, some versions of GMime before 3.2.7 cannot report Certificate
validity for X.509 certificates.  This is resolved upstream in GMime
at https://github.com/jstedfast/gmime/pull/90.

We adapt to this by marking tests of reported User IDs for
S/MIME-signed messages as known-broken if GMime is older than 3.2.7
and has not been patched.

If GMime >= 3.2.7 and certificate validity still doesn't work for
X.509 certs, then there has likely been a regression in GMime and we
should fail early, during ./configure.

To break out these specific User ID checks from other checks, i had to
split some tests into two parts, and reuse $output across the two
subtests.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-05-22 22:04:57 -03:00
Daniel Kahn Gillmor
627460d7bb test-lib: mark function variables as local
Several functions in test/test-lib.sh used variable names that are
also used outside of those functions (e.g. $output and $expected are
used in many of the test scripts), but they are not expected to
communicate via those variables.

We mark those variables "local" within test-lib.sh so that they do not
get clobbered when used outside test-lib.

We also move the local variable declarations to beginning of each
function, to avoid weird gotchas with local variable declarations as
described in https://tldp.org/LDP/abs/html/localvar.html.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-05-09 08:32:51 -03:00
David Bremner
45cfeb2e55 lib: replace STRNCMP_LITERAL in __message_remove_indexed_terms
strncmp looks for a prefix that matches, which is very much not what
we want here. This fixes the bug reported by Franz Fellner in
id:1588595993-ner-8.651@TPL520
2020-05-04 10:55:43 -03:00
David Bremner
accfee5c6e test: known broken test for reindex tag preservation
In id:1588595993-ner-8.651@TPL520 Franz Fellner reported that tags
starting with 'attachment' are removed by 'notmuch reindex'. This is
probably related to the use of STRNCMP_LITERAL in
_notmuch_message_remove_indexed_terms.
2020-05-04 10:49:43 -03:00
Daniel Kahn Gillmor
9055dfdae4 tests: disable CRL checks from gpgsm
GPGME has a strange failure mode when it is in offline mode, and/or
when certificates don't have any CRLs: in particular, it refuses to
accept the validity of any certificate other than a "root" cert.

This can be worked around by setting the `disable-crl-checks`
configuration variable for gpgsm.

I've reported this to the GPGME upstream at
https://dev.gnupg.org/T4883, but I have no idea how it will be
resolved.  In the meantime, we'll just work around it.

Note that this fixes the test for verification of
id:smime-multipart-signed@protected-headers.example, because
multipart/signed messages are already handled correctly (one-part
PKCS#7 messages will get fixed later).

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-30 18:02:38 -03:00
Daniel Kahn Gillmor
b415ec06c3 test/protected-headers: Add tests for S/MIME protected headers
Recognize the protected subject for S/MIME example protected header
messages.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-30 17:57:37 -03:00
Daniel Kahn Gillmor
b1a04bddc2 tests/smime: add tests for S/MIME SignedData
Add a simple S/MIME SignedData message, taken from an upcoming draft
of
https://datatracker.ietf.org/doc/draft-autocrypt-lamps-protected-headers/

RFC 8551 describes a SignedData, a one-part clearsigned object that is
more resistant to common patterns of MTA message munging than
multipart/signed (but has the downside that it is only readable by
clients that implement S/MIME).

To make sure sure notmuch can handle this kind of object, we want to
know a few things:

Already working:

 - Is the content of the SignedData object indexed?  It actually is
   right now because of dumb luck -- i think we're indexing the raw
   CMS object and it happens to contain the cleartext of the message
   in a way that we can consume it before passing it on to Xapian.
 - Are we accidentally indexing the embedded PKCS#7 certificates? We
   don't want to, and for some reason I don't understand, our indexing
   is actually skipping the embedded certificates already.  That's
   good!

Still need fixing:
 - do we know the MIME type of the embedded part?
 - do we know that the message is signed?
 - can notmuch-show read its content?
 - can notmuch-show indicate the signature validity?
 - can notmuch-reply properly quote and attribute content?

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-30 17:57:26 -03:00
Daniel Kahn Gillmor
488e91f42b test-lib.sh: add test_valid_json
This test does exactly what it says on the tin.  It expects JSON data
to be parseable by Python, at least.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-30 17:57:16 -03:00
Daniel Kahn Gillmor
92149485cb tests/smime: Test indexing cleartext of envelopedData
These tests describe some simple behavior we would expect to work if
we were to correctly index the cleartext of encrypted S/MIME messages
(PKCS#7 envelopedData).

Of course, they don't currently pass, so we mark them known-broken.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-30 17:56:13 -03:00
Daniel Kahn Gillmor
a8bf94af44 tests/smime: Verify cryptographic message status
When consuming a signed+encrypted S/MIME message generated by emacs,
we expect to see the same cryptographic properties for the message as
a whole.  This is not done correctly yet, so the test is marked as
known broken.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-30 17:56:02 -03:00
Daniel Kahn Gillmor
482af5a031 tests: Add S/MIME messages to protected-headers corpus
These sample messages are taken directly from the Protected Headers
draft:

https://www.ietf.org/id/draft-autocrypt-lamps-protected-headers-02.html

Note that this commit doesn't strictly pass the common git pre-commit
hook due to introducing some trailing whitespace.  That's just the
nature of the corpus, though.  We should have that trailing
whitespace, so I've made this commit with --no-verify.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-30 17:55:19 -03:00
Daniel Kahn Gillmor
7c7cebffe6 tests/smime: include secret key material for Bob
This is taken from the same Internet Draft that test/smime/ca.crt
comes from.  See that draft for more details.
https://www.ietf.org/id/draft-dkg-lamps-samples-02.html#name-pkcs12-object-for-bob

We don't use it yet, but it will be used to decrypt other messages in
the test suite.

Note that we include it here with an empty passphrase, rather than
with the passphrase "bob" that it is supplied with in the I-D.  The
underlying cryptographic material is the same, but this way we can
import cleanly into gpgsm without having a passphrase set on it (gpgsm
converts an empty-string passphrase into no passphrase at all on
import).

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-30 17:55:11 -03:00
Daniel Kahn Gillmor
51c43d0e92 test: Allow tests to have both gpg and gpgsm active at once
Without this fix, we couldn't run both add_gnupg_home and
add_gpgsm_home in the same test script.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-30 17:54:58 -03:00
Daniel Kahn Gillmor
7eaac52ddb tests/smime: avoid copying the key+cert.pem around
No functional change.

We no longer need to identify the key and cert to mml-mode when
sending an S/MIME message, so making a copy of key+cert.pem to
test_suite.pem is superfluous.  Get rid of the extra file.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-30 17:54:48 -03:00
Daniel Kahn Gillmor
2e351d10c2 tests/smime: Use gpgsm instead of openssl for mml creation of S/MIME msgs
The documentation for message mode clearly states that EasyPG (which
uses GnuPG) is the default and recommended way to use S/MIME with
mml-secure:

[0] https://www.gnu.org/software/emacs/manual/html_node/message/Using-S_002fMIME.html

To ensure that this mode works, we just need to import the secret key
in question into gpgsm in addition to the public key.  gpgsm should be
able pick the right keys+certificates to use based on To/From headers,
so we don't have to specify anything manually in the #secure mml tag.

The import process from the OpenSSL-preferred form (cert+secretkey) is
rather ugly, because gpgsm wants to see a PKCS#12 object when
importing secret keys.

Note that EasyPG generates the more modern Content-Type:
application/pkcs7-signature instead of application/x-pkcs7-signature
for the detached signature.

We are also obliged to manually set gpgsm's include-certs setting to 1
because gpgsm defaults to send "everything but the root cert".  In our
weird test case, the certificate we're using is self-signed, so it
*is* the root cert, which means that gpgsm doesn't include it by
default.  Setting it to 1 forces inclusion of the signer's cert, which
satisfies openssl's smime subcommand. See https://dev.gnupg.org/T4878
for more details.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-30 17:54:37 -03:00
Daniel Kahn Gillmor
f7921e6e1c tests/smime: consistently quote $GNUPGHOME
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-30 17:54:03 -03:00
Daniel Kahn Gillmor
1f21465205 tests/smime: Include the Sample LAMPS Certificate Authority
This CA is useful for test suites and the like, but is not an
actually-secure CA, because its secret key material is also published.

I plan to use it for its intended purpose in the notmuch test suite.

It was copied from this Internet Draft:

https://tools.ietf.org/id/draft-dkg-lamps-samples-01.html#name-certificate-authority-certi

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-30 17:53:54 -03:00
Daniel Kahn Gillmor
6d843b8199 tests/smime: Always use --batch with gpgsm
GnuPG's gpgsm, like gpg, should always be used with --batch when it is
invoked in a non-interactive environment.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-30 17:53:43 -03:00
Daniel Kahn Gillmor
055e0917d7 tests: move add_gpgsm_home to test-lib.sh
This allows us to test S/MIME messages in other tests.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-30 17:53:34 -03:00
Jonas Bernoulli
11ac932a45 emacs: Use cl-lib' instead of deprecated cl'
Starting with Emacs 27 the old `cl' implementation is finally
considered obsolete.  Previously its use was strongly discouraged
at run-time but one was still allowed to use it at compile-time.

For the most part the transition is very simple and boils down to
adding the "cl-" prefix to some symbols.  A few replacements do not
follow that simple pattern; e.g. `first' is replaced with `car',
even though the alias `cl-first' exists, because the latter is not
idiomatic emacs-lisp.

In a few cases we start using `pcase-let' or `pcase-lambda' instead
of renaming e.g. `first' to `car'.  That way we can remind the reader
of the meaning of the various parts of the data that is being
deconstructed.

An obsolete `lexical-let' and a `lexical-let*' are replaced with their
regular variants `let' and `let*' even though we do not at the same
time enable `lexical-binding' for that file.  That is the right thing
to do because it does not actually make a difference in those cases
whether lexical bindings are used or not, and because this should be
enabled in a separate commit.

We need to explicitly depend on the `cl-lib' package because Emacs
24.1 and 24.2 lack that library.  When using these releases we end
up using the backport from GNU Elpa.

We need to explicitly require the `pcase' library because
`pcase-dolist' was not autoloaded until Emacs 25.1.
2020-04-27 07:36:10 -03:00
Olivier Taïbi
7b756d1e38 test: sort the output of the "prefix" test in T610-message-property
This test extracts values from a (key,value) map where multiple entries
can have the same key, and the entries are sorted by key, but not by
value.  The test incorrectly assumes that the values will be sorted as
well, so sort the output.
2020-04-23 21:31:37 -03:00
Tomi Ollila
00cdfe1071 build: drop support for xapian versions less than 1.4
Xapian 1.4 is over 3 years old now (1.4.0 released 2016-06-24),
and 1.2 has been deprecated in Notmuch version 0.27 (2018-06-13).

Xapian 1.4 supports compaction, field processors and retry locking;
conditionals checking compaction and field processors were removed
but user may want to disable retry locking at configure time so it
is kept.
2020-04-23 21:28:45 -03:00
David Bremner
690e36bacd cli/dump: replace use of gzprintf with gzputs for config values
These can be large, and hit buffer limitations of gzprintf.
2020-04-13 17:14:50 -03:00
David Bremner
d50f41c0fd test: add known_broken test for dumping large stored queries
'qsx' reported a bug on #notmuch with notmuch-dump and large stored
queries. This test will pass (on my machine) if the value of `repeat'
is made smaller.

Reported-By: Thomas Schneider <qsx@chaotikum.eu>
2020-04-13 09:35:14 -03:00
Daniel Kahn Gillmor
1c39065245 tests/smime: fix typo in README
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseaman.net>
2020-03-19 21:55:20 -03:00
Peter Wang
c17fca40e2 sprinter: change integer method to use int64_t
In particular, timestamps beyond 2038 could overflow the sprinter
interface on systems where time_t is 64-bit but 'int' is a signed 32-bit
integer type.
2020-02-13 19:10:42 -04:00
Peter Wang
e091427d98 test: add known broken test with timestamp beyond 2038 2020-02-13 19:08:56 -04:00
Örjan Ekeberg
757ed001aa test: extend test of attachment warnings
Check that attachment warnings are not raised when the word
"attach" only occurs in a forwarded message.
2019-12-14 07:29:00 -04:00
David Bremner
6cd47227de test: add a known broken test for S/MIME decryption
This should serve to clarify this feature is not implimented in
notmuch yet.
2019-12-14 07:25:06 -04:00
David Bremner
85adc756c9 tests: run python-cffi tests
The entire python-cffi test suite is considered as a single test at
the level of the notmuch test suite. This might or might not be ideal,
but it gets them run.
2019-12-03 08:12:30 -04:00
David Bremner
1979145b91 Merge branch 'release' 2019-10-13 09:24:48 -03:00
David Bremner
4c5b17b10b util: unreference objects referenced by the returned stream obj
We want freeing the returned stream to also free these underlying
objects. Compare tests/test-filters.c in the gmime 3.2.x source, which
uses this same idiom.

Thanks to James Troup for the report and the fix.
2019-10-12 08:45:55 -03:00
David Bremner
2cf38f8e1c test: known broken test file descriptor leak in gzip file open
James Troup reported this bug in id:87pnjsf9q5.fsf@canonical.com
2019-10-12 08:43:39 -03:00
Daniel Kahn Gillmor
23bcd00363 cli/{show,reply}: use repaired form of "Mixed Up" mangled messages
When showing or replying to a message that has been mangled in transit
by an MTA in the "Mixed up" way, notmuch should instead use the
repaired form of the message.

Tracking the repaired GMimeObject for the lifetime of the mime_node so
that it is cleaned up properly is probably the trickiest part of this
patch, but the choices here are based on the idea that the
mime_node_context is the memory manager for the whole mime_node tree
in the first place, so new GMimeObject tree created on-the-fly during
message parsing should be disposed of in the same place.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-09-15 19:07:06 -04:00
Daniel Kahn Gillmor
4b1a8fd183 index: repair "Mixed Up" messages before indexing.
When encountering a message that has been mangled in the "mixed up"
way by an intermediate MTA, notmuch should instead repair it and index
the repaired form.

When it does this, it also associates the index.repaired=mixedup
property with the message.  If a problem is found with this repair
process, or an improved repair process is proposed later, this should
make it easy for people to reindex the relevant message.  The property
will also hopefully make it easier to diagnose this particular problem
in the future.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-09-15 19:07:06 -04:00
Daniel Kahn Gillmor
cb522fb06e test: add test for "Mixed-Up Mime" message mangling
Some MTAs mangle e-mail messages in transit in ways that are
repairable.

Microsoft Exchange (in particular, the version running today on
Office365's mailservers) appears to mangle multipart/encrypted
messages in a way that makes them undecryptable by the recipient.

I've documented this in section 4.1 "Mixed-up encryption" of draft -00
of
https://tools.ietf.org/html/draft-dkg-openpgp-pgpmime-message-mangling

Fortunately, it's possible to repair such a message, and notmuch can
do that so that a user who receives an encrypted message from a user
of office365.com can still decrypt the message.

Enigmail already knows about this particular kind of mangling.  It
describes it as "broken PGP email format probably caused by an old
Exchange server", and it tries to repair by directly changing the
message held by the user.  if this kind of repair goes wrong, the
repair process can cause data loss
(https://sourceforge.net/p/enigmail/bugs/987/, yikes).

The tests introduced here are currently broken.  In subsequent
patches, i'll introduce a non-destructive form of repair for notmuch
so that notmuch users can read mail that has been mangled in this way,
and the tests will succeed.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-09-15 01:20:03 -04:00
Daniel Kahn Gillmor
9829533e92 index: avoid indexing legacy-display parts
When we notice a legacy-display part during indexing, it makes more
sense to avoid indexing it as part of the message body.

Given that the protected subject will already be indexed, there is no
need to index this part at all, so we skip over it.

If this happens during indexing, we set a property on the message:
index.repaired=skip-protected-headers-legacy-display

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-09-01 08:45:30 -03:00
Daniel Kahn Gillmor
c61e22d5cb cli/{show,reply}: skip over legacy-display parts
Make use of the previous changes to fast-forward past any
legacy-display parts during "notmuch show" and "notmuch reply".

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-09-01 08:44:17 -03:00
Daniel Kahn Gillmor
27b25e45dc test: avoid showing legacy-display parts
Enigmail generates a "legacy-display" part when it sends encrypted
mail with a protected Subject: header.  This part is intended to
display the Subject for mail user agents that are capable of
decryption, but do not know how to deal with embedded protected
headers.

This part is the first child of a two-part multipart/mixed
cryptographic payload within a cryptographic envelope that includes
encryption (that is, it is not just a cleartext signed message).  It
uses Content-Type: text/rfc822-headers.

That is:

A └┬╴multipart/encrypted
B  ├─╴application/pgp-encrypted
C  └┬╴application/octet-stream
*   ╤ <decryption>
D   └┬╴multipart/mixed; protected-headers=v1 (cryptographic payload)
E    ├─╴text/rfc822-headers; protected-headers=v1 (legacy-display part)
F    └─╴… (actual message body)

In discussions with jrollins, i've come to the conclusion that a
legacy-display part should be stripped entirely from "notmuch show"
and "notmuch reply" now that these tools can understand and interpret
protected headers.

You can tell when a message part is a protected header part this way:

 * is the payload (D) multipart/mixed with exactly two children?
 * is its first child (E) Content-Type: text/rfc822-headers?
 * does the first child (E) have the property protected-headers=v1?
 * do all the headers in the body of the first child (E) match
   the protected headers in the payload part (D) itself?

If this is the case, and we already know how to deal with the
protected header, then there is no reason to try to render the
legacy-display part itself for the user.

Furthermore, when indexing, if we are indexing properly, we should
avoid indexing the text in E as part of the message body.

'notmuch reply' is an interesting case: the standard use of 'notmuch
reply' will end up omitting all mention of protected Subject:.

The right fix is for the replying MUA to be able to protect its
headers, and for it to set them appropriately based on headers found
in the original message.

If a replying MUA is unable to protect headers, but still wants the
user to be able to see the original header, a replying MUA that
notices that the original message's subject differs from the proposed
reply subject may choose to include the original's subject in the
quoted/attributed text. (this would be a stopgap measure; it's not
even clear that there is user demand for it)

This test suite change indicates what we want to happen for this case
(the tests are currently broken), and includes three additional TODO
suggestions of subtle cases for anyone who wants to flesh out the test
suite even further.  (i believe all these cases should be already
fixed by the rest of this series, but haven't had time to write the
tests for the unusual cases)

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-09-01 08:32:56 -03:00