Commit graph

128 commits

Author SHA1 Message Date
David Bremner
d7f9572413 python-cffi: switch to notmuch_database_{open,create}_with_config
Since release 0.32, libnotmuch provides searching for database and
configuration paths. This commit changes the python module notmuch2 to
use those facilities.

This fixes the bug reported in [1], along with a couple of the
deprecation warnings in the python bindings.

Database.default_path is deprecated, since it no longer faithfully
reflects what libnotmuch is doing, and it is also no longer used in
the bindings themselves.

This commit choose the default of config=CONFIG.EMPTY (equivalent to
passing "" to notmuch_database_open_with_config).  This makes the
change upward compatible API-wise (at least as far as the test suite
verifies), but changing the default to CONFIG.SEARCH would probably be
more convenient for bindings users.

[1]: id:87h7d4wp6b.fsf@tethera.net
2021-12-04 08:42:31 -04:00
David Bremner
81b9dbd110 CLI/config support saving s-expression queries
This commit does not enable using saved s-expression queries, only
saving and retrieving them from the config file or the database. Use
in queries will be enabled in a following commit.
2021-09-04 17:07:19 -07:00
David Bremner
be6edee496 doc: document database search algorithm.
Essentially a translation of the function _choose_database_path for
human consumption. As a bonus, document environment variable
NOTMUCH_DATABASE
2021-08-21 07:54:44 -07:00
David Bremner
dd91621d80 replace references to freenode with references to libera
I left the reference to freenode in the test suite data, since it is
historical.
2021-07-06 17:20:03 -03:00
jao
32f42581e3 doc: new notmuch show --sort and related emacs commands
New --sort CLI option documented in notmuch-show's man page, and
notmuch-search-toggle-order mentioned in doc/notmuch-emacs.rst and
devel/emacs-keybindings.org (in the latter, there's also some
whitespace changes in a table introduced by org-mode).
2021-07-03 20:38:34 -03:00
David Bremner
42b5cb53ef doc: document database.autocommit variable
This exposes some database internals that most users will probably not
understand.
2021-06-27 14:04:43 -03:00
David Bremner
4b0c6fb2f1 Merge branch 'release' 2021-06-25 09:34:29 -03:00
David Bremner
5be9e024d1 doc: tweak hook configuration documentation.
Add a historical note, and hint to look below for more about hooks.
Capitalized the heading for consistency, removed blank line.
2021-06-23 08:42:48 -03:00
Jani Nikula
1222cba7e4 doc: example command-line option reference
Example reference to a command-line option using the option role
reference. This creates a hyperlink in html, and the usual boldface
style in man page. This could be used throughout the man pages.
2021-05-22 16:47:32 -03:00
Jani Nikula
f2e2f2aa96 doc: use program and option directives to document options
Use the program and option directives to document the subcommand
options. This unifies a lot of option documentation throughout.

This also makes it possible to reference options with :option:`--foo`
(within .. program::) or :option:`subcommand --foo` (globally). This
is left for later work.

See https://www.sphinx-doc.org/en/master/usage/restructuredtext/domains.html#directive-program

Note: There is a lot of indentation change, but intentionally there is
no reflow. Using 'git diff -w' or 'git show -w' to ignore white space
changes makes this a very easy change to review.
2021-05-22 16:43:24 -03:00
Jani Nikula
574b2436ee doc: use envvar directive and role for environment variables
Make man1/notmuch.rst the single point of truth for describing notmuch
environment variables. Use the envvar directive for that, and
reference them with the envvar role.

Drive-by cleanup configuration file and hook directory search order
documentation.
2021-05-22 16:41:20 -03:00
Jani Nikula
ff4e81ac57 doc: cross-reference notmuch man pages with actual links
Add internal hyperlink targets for man pages and cross-reference them
using the any role reference. There are a number of alternatives to
accomplish this, but this seems like the combination that retains the
man page section number and the same boldface style in the man pages.

As a bonus, we get sanity checking on the links; for example
notmuch-search-terms.rst had a reference to notmuch-properties(1)
i.e. the wrong section.

The obvious semantic follow-up change would be to only have meaningful
"see also" references instead of having them all everywhere.
2021-05-22 16:38:56 -03:00
Jani Nikula
3baa61e0e5 doc: use manpage role references to external man pages
Using manpage role references generates helpful links in html
documentation, while retaining the same boldface style in the man
pages.

The external man page site is configurable. The Debian manpage site
seems like a good fit for Notmuch.
2021-05-22 09:56:52 -03:00
David Bremner
bfbe2e55f2 doc: document database.backup_dir
Most users will not need to change this, but documenting it helps
preserve the interface.
2021-05-10 11:14:57 -03:00
David Bremner
a7de593f72 doc: document (tersely) the intended behaviour of relative paths. 2021-05-10 11:14:57 -03:00
David Bremner
dd9112e7d8 CLI/config: default to storing all config in external files
Previously the fact that some configuration options were only stored
in the database (and thus editing the config file had no effect) was a
source of user confusion. This was fixed with the series ending at
d9af0af164.

On the other hand, the underlying partition of config options into
those stored by default in the database and those stored in the config
file remained. This is also confusing, since now some invocations of
"notmuch config set" modify the config file, and others silently
modify the database instead.

With this commit, it is up to the user to decide which configuration
to modify. A new "--database" option is provided for notmuch config to
enable modifying the configuration information in the database;
otherwise the default is to update an external config file.
2021-03-27 09:26:14 -03:00
David Bremner
e823d05ae6 lib: support splitting mail from database location.
Introduce a new configuration value for the mail root, and use it to
locate mail messages in preference to the database.path (which
previously implied the mail messages were also in this location.

Initially only a subset of the CLI is tested in a split
configuration. Further changes will be needed for the remainder of the
CLI to work in split configurations.
2021-03-20 07:39:12 -03:00
David Bremner
d9af0af164 doc: describe new config framework
Remove STORED IN DATABASE discussion, describe search rules.
Currently profiles seem a bit pointless. They will make more sense
when they apply to databases as well.
2021-02-06 19:59:47 -04:00
Tomi Ollila
507d2f07a6 doc: field processor support now always included, adjust manual pages
The features that require field processor support, are now just
documented w/o mentioning **Xapian Field Processors**' is needed
for those.

Replaced "compact" and "field_processor" with "retry_lock" in
build_with config option, as it is currently the only one that
is optionally excluded. The former 2 are now documented as
features always included.

Dropped one 'we' "passive" in notmuch-search-terms.rst. It was the
only one, and inconsistent with rest of the documentation in that
file.

Dropped message about conditional open-ended ranges support, as
those are now always supported.
2020-06-06 07:54:34 -03:00
Daniel Kahn Gillmor
02a2bf1b25 notmuch(1): clarify documentation about --option/value separators
id:CA+Tk8fzRiqxWpd=r8=DRvEewNZXUZgD7MKyRLB1A=R-LxxGEZw@mail.gmail.com
started a thread of discussion that showed that the cli's current
idiosyncrasies around dealing with boolean options were not
understandable.

This attempts to improve the documentation at least (actual changes to
the API might be better, but have not reached consensus).

Note that no one in the discussion thread identified any other
(non-boolean) command-line options that cannot use space as a
separator.  If such an option is identified (or introduced in the
future), it should be added explicitly to this part of the manual.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-05-08 08:58:46 -03:00
Daniel Kahn Gillmor
018ad3703b Drop deprecated/unused crypto.gpg_path
crypto.gpg_path was only used when we built against gmime versions
before 3.0.  Since we now depend on gmime 3.0.3 or later, it is
meaningless.

The removal of the field from the _notmuch_config struct would be an
ABI change if that struct were externally exposed, but it is not, so
it's safe to unilaterally remove it.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-02-19 08:17:49 -04:00
Daniel Kahn Gillmor
aba7fb375b doc: clean up manpage description of "notmuch-config list" output
The escaping in the description of the output of "notmuch-config list"
appears to have been inherited from some previous attempts at
documentation.  It leaked out in the actual generated manpage
documentation, where it looks like this:

       list   Every  configuration  item is printed to stdout, each on a
              separate line of the form:

                 *section*.\ *item*\ =\ *value*

This simplification cleans up the overescaping.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-01-16 06:38:29 -04:00
David Bremner
9dedb23b47 doc: document user header indexing.
It's a bit odd that the primary documentation is in notmuch-config,
but it is consistent with the "query:" prefix.
2019-05-25 07:21:21 -03:00
Michal Sojka
1e69bb6f46 doc: document notmuch new --verbose 2019-03-31 11:59:46 -03:00
Peter Wang
6784d5bc60 doc: fix references to search.exclude_tags
The documentation incorrectly referred to a configuration item
"search.tag_exclude" in some places, instead of "search.exclude_tags".
2019-01-27 08:18:38 -04:00
Maxime Coste
baa4185c30 cli: notmuch show support for --include-html with --format=text 2018-11-24 09:12:30 -04:00
Maxime Coste
37e5bc00ae cli: notmuch show support for --body=false with --format=text 2018-11-24 09:11:42 -04:00
Daniel Kahn Gillmor
fd3c93650d doc: clean up manpages
Many of the manpages didn't treat literal text as literal text.  I've
tried to normalize some of the restructured text to make it a bit more
regular.

several of the synopsis lines are still untouched by this cleanup, but
i'm not sure what the right way to represent those is in .rst,
actually.

In particular find that if i rebuild the manpages, sometimes i end up
with some of the synopsis lines showing – (U+2013 EN DASH) where they
should have -- (2 × U+002D HYPHEN-MINUS) in the generated nroff
output, though i have not tracked down the source of this error yet.
2018-06-24 21:59:37 -03:00
Daniel Kahn Gillmor
aa605f7e8a cli/show: enable --decrypt=stash
Add fancy new feature, which makes "notmuch show" capable of actually
indexing messages that it just decrypted.

This enables a workflow where messages can come in in the background
and be indexed using "--decrypt=auto".  But when showing an encrypted
message for the first time, it gets automatically indexed.

This is something of a departure for "notmuch show" -- in particular,
because it requires read/write access to the database.  However, this
might be a common use case -- people get mail delivered and indexed in
the background, but only want access to their secret key to happen
when they're directly interacting with notmuch itself.

In such a scenario, they couldn't search newly-delivered, encrypted
messages, but they could search for them once they've read them.

Documentation of this new feature also uses a table form, similar to
that found in the description of index.decrypt in notmuch-config(1).

A notmuch UI that wants to facilitate this workflow while also
offering an interactive search interface might instead make use of
these additional commands while the user is at the console:

Count received encrypted messages (if > 0, there are some things we
haven't yet tried to index, and therefore can't yet search):

     notmuch count tag:encrypted and \
         not property:index.decryption=success and \
         not property:index.decryption=failure

Reindex those messages:

     notmuch reindex --try-decrypt=true tag:encrypted and \
         not property:index.decryption=success and \
         not property:index.decryption=failure
2018-05-26 07:43:30 -07:00
David Bremner
8a1eeecdfe doc: document notmuch new --full-scan 2018-05-22 09:31:33 -07:00
David Bremner
a07b28a488 doc: fix notmuch-search example
For some reason the searched tag did not match the displayed results.
2018-05-09 10:31:57 -04:00
Daniel Kahn Gillmor
f6430bc06d doc: Examples of notmuch-reindex use and crypto policy
Currently, notmuch has the levers needed to set coherent crypto policy
around how cleartext is indexed, which also has an impact on how
messages are rendered.  But we don't have a lot of documentation about
how to do sensible things.  This is an initial attempt to address
that.

The first example shows a way to selectively index specific messages.

The next two examples are about aligning the existing database with
crypto indexing policy

The default crypto policy is to not index cleartext, and to only
decrypt messages on display when explicitly requested.

The other sensible crypto policy is to index cleartext while stashing
session keys. messages indexed in this way will be searchable, and
will be decrypted on display automatically unless the user explicitly
asks for it to *not* be decrypted.

The policy for indexing *new* messages is stored in the database as
the config variable index.decrypt.

But setting policy for new messages doesn't retroactively affect
already indexed messages.

This patch attempts to document ways that someone can efficiently
align their pre-existing database with their new policy.

I'm not sure this is the right place to document these examples, but i
do want them to be user-facing and relatively easy to find.  I'm happy
to entertain suggestions for where else we should put them.
2018-03-24 20:08:27 -03:00
Daniel Kahn Gillmor
b6e3efde05 cli/insert: add --world-readable flag
In some cases (e.g. when building a publicly-visible e-mail archive)
it doesn't make any sense to restrict visibility of the message to the
current user account.

This adds a --world-readable boolean option for "notmuch insert", so
that those who want to archive their mail publicly can feed their
archiver with:

    notmuch insert --world-readable

Other local delivery agents (postfix's local, and dovecot's lda) all
default to delivery in mode 0600 rather than relying on the user's
umask, so this fix doesn't change the default.

Also, this does not override the user's umask.  if the umask is
already set tight, it will not become looser as the result of passing
--world-readable.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-03-24 20:08:11 -03:00
Daniel Kahn Gillmor
54982e520c fix typos 2018-01-04 20:35:58 -04:00
David Bremner
d0dffdae31 doc/{reply, show}: match indentation
This is essentially a conflict resolution Jani's normalization and
Daniel's doc changes, but it's easier to do as a second commit.
2017-12-31 09:34:28 -04:00
David Bremner
99407db25c Merge branch 'release'
Conflicts:
        doc/man1/notmuch-reply.rst
	doc/man1/notmuch-show.rst

Conflicts taken from release (dkg's doc changes)
2017-12-31 09:26:13 -04:00
Jani Nikula
e5e252de55 doc: unify definition list usage across man pages
Make all parameter descriptions etc. use reStructuredText definition
lists with uniform style and indentation. Remove redundant indentation
from around the lists. Remove blank lines between term lines and
definition blocks. Use four spaces for indentation.

This is almost completely whitespace and paragraph reflow changes.
2017-12-31 09:06:11 -04:00
Daniel Kahn Gillmor
af8255fb71 cli/reply: make --decrypt take a keyword
This brings the --decrypt argument to "notmuch reply" into line with
the other --decrypt arguments (in "show", "new", "insert", and
"reindex").  This patch is really just about bringing consistency to
the user interface.

We also use the recommended form in the emacs MUA when replying, and
update test T350 to match.
2017-12-29 16:45:55 -04:00
Daniel Kahn Gillmor
8ea4a99d74 cli/show: make --decrypt take a keyword.
We also expand tab completion for it, update the emacs bindings, and
update T350, T357, and T450 to match.

Make use of the bool-to-keyword backward-compatibility feature.
2017-12-29 16:45:46 -04:00
Jani Nikula
f2a6790583 cli/new: support /<regex>/ in new.ignore
Add support for using /<regex>/ style regular expressions in
new.ignore, mixed with the old style verbatim file and directory
basenames. The regex is matched against the relative path from the
database path.
2017-12-15 07:54:33 -04:00
Jani Nikula
f3fc97c000 cli: add support for only printing the addresses in notmuch address
The notmuch address output is much more useful for scripts with just
the addresses printed. Support this using the --output=address option.
2017-12-14 21:28:50 -04:00
Daniel Kahn Gillmor
be555b9d27 docs: clean up documentation about decryption policies
Now that the range of sensible decryption policies has come into full
view, we take a bit of space to document the distinctions.

Most people will use either "auto" or "true" -- but we provide "false"
and "nostash" to handle use cases that might reasonably be requested.

Note also that these can be combined in sensible ways.  Like, if your
mail comes in regularly to a service that doesn't have access to your
secret keys, but does have access to your index, and you feel
comfortable adding selected encrypted messages to the index after
you've read them, you could stay in "auto" normally, and then when you
find yourself reading an indexable message (e.g. one you want to be
able to search for in the future, and that you don't mind exposing to
whatever entities have access to your inde), you can do:

    notmuch reindex --decrypt=true id:whatever@example.biz

That leaves your default the same (still "auto") but you get the
cleartext index and stashed session key benefits for that particular
message.
2017-12-08 08:08:47 -04:00
Daniel Kahn Gillmor
fccebbaeef crypto: add --decrypt=nostash to avoid stashing session keys
Here's the configuration choice for people who want a cleartext index,
but don't want stashed session keys.

Interestingly, this "nostash" decryption policy is actually the same
policy that should be used by "notmuch show" and "notmuch reply",
since they never modify the index or database when they are invoked
with --decrypt.

We take advantage of this parallel to tune the behavior of those
programs so that we're not requesting session keys from GnuPG during
"show" and "reply" that we would then otherwise just throw away.
2017-12-08 08:08:47 -04:00
Daniel Kahn Gillmor
29648a137c crypto: actually stash session keys when decrypt=true
If you're going to store the cleartext index of an encrypted message,
in most situations you might just as well store the session key.
Doing this storage has efficiency and recoverability advantages.

Combined with a schedule of regular OpenPGP subkey rotation and
destruction, this can also offer security benefits, like "deletable
e-mail", which is the store-and-forward analog to "forward secrecy".

But wait, i hear you saying, i have a special need to store cleartext
indexes but it's really bad for me to store session keys!  Maybe
(let's imagine) i get lots of e-mails with incriminating photos
attached, and i want to be able to search for them by the text in the
e-mail, but i don't want someone with access to the index to be
actually able to see the photos themselves.

Fret not, the next patch in this series will support your wacky
uncommon use case.
2017-12-08 08:08:47 -04:00
Daniel Kahn Gillmor
6a9626a2fd cli/reindex: destroy stashed session keys when --decrypt=false
There are some situations where the user wants to get rid of the
cleartext index of a message.  For example, if they're indexing
encrypted messages normally, but suddenly they run across a message
that they really don't want any trace of in their index.

In that case, the natural thing to do is:

   notmuch reindex --decrypt=false id:whatever@example.biz

But of course, clearing the cleartext index without clearing the
stashed session key is just silly.  So we do the expected thing and
also destroy any stashed session keys while we're destroying the index
of the cleartext.

Note that stashed session keys are stored in the xapian database, but
xapian does not currently allow safe deletion (see
https://trac.xapian.org/ticket/742).

As a workaround, after removing session keys and cleartext material
from the database, the user probably should do something like "notmuch
compact" to try to purge whatever recoverable data is left in the
xapian freelist.  This problem really needs to be addressed within
xapian, though, if we want it fixed right.
2017-12-08 08:08:47 -04:00
Daniel Kahn Gillmor
076f86025d cli/new, insert, reindex: change index.decrypt to "auto" by default
The new "auto" decryption policy is not only good for "notmuch show"
and "notmuch reindex".  It's also useful for indexing messages --
there's no good reason to not try to go ahead and index the cleartext
of a message that we have a stashed session key for.

This change updates the defaults and tunes the test suite to make sure
that they have taken effect.
2017-12-08 08:08:46 -04:00
Daniel Kahn Gillmor
181d4091c4 cli/new, insert, reindex: update documentation for --decrypt=auto
we also include --decrypt=auto in the tab completion.
2017-12-08 08:08:46 -04:00
Daniel Kahn Gillmor
a1260896f6 cli/show: use decryption policy "auto" by default.
When showing a message, if the user doesn't specify --decrypt= at all,
but a stashed session key is known to notmuch, notmuch should just go
ahead and try to decrypt the message with the session key (without
bothering the user for access to their asymmetric secret key).

The user can disable this at the command line with --decrypt=false if
they really don't want to look at the e-mail that they've asked
notmuch to show them.

and of course, "notmuch show --decrypt" still works for accessing the
user's secret keys if necessary.
2017-12-08 08:08:46 -04:00
Daniel Kahn Gillmor
6802b333eb cli/reply: use decryption policy "auto" by default.
If the user doesn't specify --decrypt= at all, but a stashed session
key is known to notmuch, when replying to an encrypted message,
notmuch should just go ahead and decrypt.

The user can disable this at the command line with --decrypt=false,
though it's not clear why they would ever want to do that.
2017-12-08 08:08:46 -04:00
Daniel Kahn Gillmor
e4890b5bf9 crypto: new decryption policy "auto"
This new automatic decryption policy should make it possible to
decrypt messages that we have stashed session keys for, without
incurring a call to the user's asymmetric keys.
2017-12-08 08:07:53 -04:00