It was decided that auto-signing is potentially too troublesome for the
apparently common case of users who enable crypto processing for the
purpose of checking signature validity but who are not in a position to
sign out-going messages. Users can still manually invoke signing as needed.
Encrypting replies to encrypted messages is more of a security issue
so we leave it in place.
This is a simple approach to improving security when replying to
signed or encrypted messages. If the message being replied to was
signed, add mml tag to sign the reply. If the message being replied to
was encrypted, add mml tag to sign and encrypt the reply.
This may need configuration; I for one might want to encrypt replies
to encrypted messages, but not always sign replies to signed messages.
This still includes a slight bug: if any mml tags are added, they are
included in the region containing the quoted parts. Killing the region
will kill the mml tags too.
We push mark on reply so user can cut the quote. Push the mark before
signature, if any, instead of end of buffer so the signature is
preserved.
This is consistent with message-kill-to-signature.
`notmuch-mua-prompt-for-sender' is over-engineered and often wrong.
It attempts to detect when all identities have the same name and
specialize the prompt to just the email address part. However, to do
this it uses `mail-extract-address-components', which is meant for
displaying email addresses, not general-purpose parsing, and hence
performs many canonicalizations that can interfere with this use. For
example, configuring notmuch-identities to ("Austin
<austin@example.com>"), will cause `notmuch-mua-prompt-for-sender' to
lose the name part entirely and return " <austin@example.com>".
This patch rewrites `notmuch-mua-prompt-for-sender' to simply prompt
for a full identity when notmuch-identities is configured, or to
prompt for a sender address when it isn't.
The original code also did several strange things, like using `eval'
and specifying that this function was interactive. As a side-effect,
this patch fixes these problems. And it adds a docstring.
Previously, we used `message-forward' to build forwarded messages, but
this function is simply too high-level to be a good fit for some of
what we do.
First, since `message-forward' builds a full forward message buffer
given the message to forward, we have to duplicate much of the logic
in `notmuch-mua-mail' to patch the notmuch-y things into the built
buffer.
Second, `message-forward' constructs the From header from
user-full-name and user-mail-address. As a result, if we prompt the
user for an identity, we have to parse it into name and address
components, just to have it put back together by `message-forward'.
This process is not entirely loss-less because
`mail-extract-address-components' does a lot of canonicalization
(since it's intended for displaying addresses, not for parsing them).
To fix these problems, don't use `message-forward' at all.
`message-forward' itself is basically just a call to `message-mail'
and `message-forward-make-body'. Do this ourselves, but call
`notmuch-mua-mail' instead of `message-mail' so we can directly build
a notmuch-y message and control the From header.
This also fixes a bug that was a direct consequence of our use of
`mail-extract-address-components': if the user chose an identity that
had no name part (or the name part matched the mailbox), we would bind
user-full-name to nil, which would cause an exception in the bowels of
message-mode because user-full-name is expected to always be a string
(even if it's just "").
In current emacs (24.3) select-active-regions is set to t by
default. The reply insertion code sets the region to the quoted
message to make it easy to delete (kill-region or C-w). These two
things combine to put the quoted message in the primary selection.
This is not what the user wanted and is a privacy risk (accidental
pasting of the quoted message). We can avoid some of the problems
by let-binding select-active-regions to nil. This fixes if the
primary selection was previously in a non-emacs window but not if
it was in an emacs window. To avoid the problem in the latter case
we deactivate mark.
One key test (which fails under many simpler "fixes") is: open emacs
24.3 with notmuch, open 2 windows (viewing different notmuch buffers),
highlight some text in one, and then reply to a message in the
other. In many of my earlier attempts to fix this big this test fails.
This improves the function documentation for many interactive
commands, either by improving their documentation string where the
improvement also makes sense for programmatic use or by adding a
'notmuch-doc property where it doesn't.
For nearly all commands that support a prefix argument, this adds a
'notmuch-prefix-doc property to document their prefixed behavior This
omits prefix documentation for a few commands where I thought the
prefixed behavior was too obscure (or too complex to fit in one line).
Like `notmuch-mua-new-forward-message', this is meant to be invoked
programmatically by something that can provide a reasonable query
string.
In fact, `notmuch-mua-new-reply's interactive specification didn't
match its arguments, so it wouldn't have worked interactively.
`notmuch-mua-new-forward-message' must be called from a buffer
containing a raw RFC2822-formatted message to forward. Hence, it's
intended to be invoked programmatically through something else that
sets up this buffer (like `notmuch-show-forward-message'), not
interactively.
Remove its interactive specification and update the documentation
string to mention the requirements on the current buffer.
When composing a reply, notmuch-mua-reply attempts to cite the
the original message by inserting it before the user signature, if
one is present. The existing method used to search the signature
separator backward from the end of the buffer and then move one
line up. In case of variable `message-signature-insert-empty-line'
being nil this caused point to go to the beginning of
'--text follows this line--'
separator line, and citation was inserted there.
This change checks the value of `message-signature-insert-empty-line'
and doesn't move point if that is nil. Additional narrowing to
the body region ensures that point never goes to the separator line
(or beyond).
`message-signature-setup-hook' or `message-setup-hook' may already have
added some other content to the message body, therefore using simply
(message-goto-body) to move point to the beginning of body might lead
to unexpected results.
Original patch from "Geoffrey H. Ferrari", continued with iterations
from Jani and Mark.
In reply, insert quotable parts using notmuch-show-insert-bodypart
instead of calling notmuch-mm-display-part-inline directly to render
the quoted parts as they are rendered in show view.
We use a temp buffer to not leak text properties from the show
renderer into the reply. This way we also don't need to worry about
narrowing or point placement. Credits to Mark Walters
<markwalters1009@gmail.com> and Austin Clements <amdragon@MIT.EDU> for
getting this part straight.
The notable change is that replies to text/calendar parts quote the
pretty printed output of icalendar-import-buffer rather than the ugly
raw vcalendar.
Notmuch cli provides all structured data previously provided
in json format now in s-expression format, rendering all current
json functionality obsolete.
This switches `notmuch-mua-reply' and `notmuch-query-get-threads' to
the S-exp format. These were the last two uses of the JSON format in
the Emacs frontend.
Sometimes, notmuch reply outputs something to stderr, for example:
"Failed to verify signed part: Cannot verify multipart/signed part:
unsupported signature protocol". When this happens, replying in emacs
fails, because emacs cannot parse the error message as JSON.
This patch causes emacs to ignore stderr when reading reply from
notmuch.
Introduce a new defcustom notmuch-mua-compose-in that allows users to
specify where new mails are composed, either in the current window or
in a new window or frame.
Signed-off-by: Jameson Rollins <jrollins@finestructure.net>
Quote non-text parts nicely by displaying them with mm-display-part
before calling message-cite-original to quote them. HTML-only emails
can now be quoted correctly. We re-use some code from notmuch-show
(notmuch-show-mm-display-part-inline), which has been moved to
notmuch-lib.el.
Mark the test for this feature as not broken.
In the new reply code, the References header gets inserted by
message.el using a function called message-shorten-references. Unlike
all the other header-inserting functions, it doesn't put a newline
after the header, causing the next header to end up on the same
line. In our case, this header happened to be User-Agent, so it's hard
to notice. This is probably a bug in message.el, but we need to work
around it.
This fixes the problem by wrapping message-shorten-references in a
function that inserts a newline after if necessary. This should
protect against the message.el bug being fixed in the future.
Bug 1: Replying from alternate addresses
----------------------------------------
The reply code was inconsistent in its use of symbols and strings for
header names being passed to message.el functions. This caused the
From header to be lookup up incorrectly, causing an additional From
header to be added with the user's primary address instead of the
correct alternate address.
This is fixed by using symbols everywhere, i.e. never using strings
for header names when interacting with message.el.
This change also removes our use of `mail-header`, since we don't use
it anywhere else, and using assq makes it clear how the header lists
are expected to work.
Bug 2: Duplicate headers in emacs 23.2
--------------------------------------
The message.el code in emacs 23.2 assumes that header names will
always be passed as symbols, so our use of strings caused
problems. The symptom was that on 23.2 (and presumably on earlier
versions) the reply message would end up with two of some headers.
Converting everything to symbols also fixes this issue.
Use the new JSON reply format to create replies in emacs. Quote HTML
parts nicely by using mm-display-part to turn them into displayable
text, then quoting them with message-cite-original. This is very
useful for users who regularly receive HTML-only email.
Use message-mode's message-cite-original function to create the
quoted body for reply messages. In order to make this act like the
existing notmuch defaults, you will need to set the following in
your emacs configuration:
message-citation-line-format "On %a, %d %b %Y, %f wrote:"
message-citation-line-function 'message-insert-formatted-citation-line
The tests have been updated to reflect the (ugly) emacs default.
The reply MML quoting added in commit ae438cc unintentionally MML
quotes also the signature/encryption MML tags added via
message-setup-hook, causing the reply not to be signed/encrypted.
MML quote just the original message in the temp buffer before
inserting it to the message buffer, to not interfere with message mode
hooks or message construction in general.
See [1] and [2] for bug reports.
Thanks to Tim Bielawa <tbielawa@redhat.com> for testing.
[1] id:"87hay78x6l.fsf@wyzanski.jamesvasile.com"
[2] id:"1330812262-28272-1-git-send-email-tbielawa@redhat.com".
Signed-off-by: Jani Nikula <jani@nikula.org>
As Aaron explains in id:"m2vco72tf3.fsf@wal122.wireless-pennnet.upenn.edu"
Using point-max would include the signature in the quoting as well.
It would probably be fairly odd to want to put an MML tag in one’s
signature, but that doesn’t mean that we should break that usage.
We had to use point-max in the 0.11.1 bug-fix release, because the
mark functionality was added post 0.11.
Emacs message-mode uses certain text strings to indicate how to attach
files to outgoing mail. If these are present in the text of an email,
and a user is tricked into replying to the message, the user’s files
could be exposed.
Edited-by: Pieter Praet <pieter@praet.org>: Rebased to release branch.
To allow for expansion whilst keeping everything tidy and organized,
move all defcustom/defface variables to the following subgroups,
defined in notmuch-lib.el:
- Hello
- Search
- Show
- Send
- Crypto
- Hooks
- External Commands
- Appearance
As an added benefit, defcustom keyword args are now consistently
ordered as they appear @ defcustom's docstring (OCD much?).
Proper defgroup docstrings and various other improvements
by courtesy of Austin Clements.
Provide reply to sender counterparts to the search and show reply
functions. Add key binding 'R' to reply to sender, while keeping 'r' as
reply to all, both in search and show views.
Signed-off-by: Jani Nikula <jani@nikula.org>
The :options keyword is not meaningful for function type. Also, it was not
possible to enter nil value, contrary to the notmuch-mua-user-agent
defcustom documentation. Specify the alternatives using choice type, taking
nil into account.
Signed-off-by: Jani Nikula <jani@nikula.org>
From the emacs changelog:
** `compose-mail' now accepts an optional 8th arg, RETURN-ACTION, and
passes it to the mail user agent function. This argument specifies an
action for returning to the caller after finishing with the mail.
This is currently used by Rmail to delete a mail window.
Under Emacs 24, notmuch breaks when this argument is passed to it by a
function in another part of Emacs. One example of a functon that does
this is report-emacs-bug -- so notmuch users cannot file emacs bug
reports!
This patch also adds a &rest argument to the arg-list of this function,
to future-proof against such changes. This is adapted from the approach
taken by message-mail, a similar function built into emacs.
This patch was originally submitted by richardmurri@gmail.com on Aug. 1:
id:"877h6x6oor.fsf@veracitynetworks.com"
Emacs lisp function 'member' takes element and list as an
argument. I.e. the second argument is list, not symbol
referencing the list.
On emacs 23.x the member call always returned nil (thus buggy),
on emacs 22.x the call failed, making it unusable.
Most of the time, every entry in the list of identities has the same user name
part. It can then be filled in automatically, and the user can only be prompted
for the email address, which makes the interface much cleaner.
A new emacs configuration variable "notmuch-crypto-process-mime"
controls the processing of PGP/MIME signatures and encrypted parts.
When this is set true, notmuch-query will use the notmuch show
--decrypt flag to decrypt encrypted messages and/or calculate the
sigstatus of signed messages. If sigstatus is available, notmuch-show
will place a specially color-coded header at the begining of the
signed message.
Also included is the ability to switch decryption/verification on/off
on the fly, which is bound to M-RET in notmuch-search-mode.
This adds functions and variables needed for this feature to be implemented.
Once it's done, the user will be able to use a prefix argument (e.g. pressing
C-u m instead of m) and be able to select a From address.
By default the list of names/addresses to be used during completion will be
automatically generated by the settings in the notmuch configuration file. The
user can customize the notmuch-identities variable to provide an alternate list.
This is based on a previous patch by Carl Worth
(id:"87wrhfvk6a.fsf@yoom.home.cworth.org" and follow-ups).
The original code was intended to work, but clearly wasn't tested. Use
mail-header (as in existing code) to extract a header from a header alist.
This fixes the duplicate-from-line bug that is exercised by the test
just added to the test suite.
In notmuch-mua-reply we were filtering out the Subject and To headers
manually in a loop, but message mode offers a nice function for
exactly that. Simplify the code by using it. Also, as notmuch-mua-mail
already sorts and hides headers that we want sorted and hidden, we can
safely remove those 2 functions from here as well. Also remove the
(require 'cl), the only reason for its existence was the now removed
"loop" function.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
It's possible that the user has instructed message-mode to use some
other separator. If so, then that's what we should look for when
looking for the signature.
Thanks to David Edmondson <dme@dme.org> for pointing this out.
The existing code inserts the signature before inserting the message
body (which it puts at the very end of the buffer - therefore AFTER
the signature). This little snippet makes us search backwards and
insert the message body before a signature, if it exists.
This also fixes a small indentation issue in David's code.
Signed-off-by: Dirk Hohndel <hohndel@infradead.org>
For composing new messages and forwarding, leave the cursor on the
'To:' field. For replies, leave the cursor at the start of the
body. In all cases, mark the buffer as not modified so that the user
is not prompted if she decides to immediately kill the buffer.
"notmuch-address.el" tries to be careful to insinuate itself into
message mode only if it will do something useful, so it's safe to load
it all of the time.
Define a new `mail-user-agent' (`notmuch-user-agent') and use it by
default. Re-arrange various routines that send mail to use this
(compose, reply, forward). Insert a `User-Agent:' header by default.
This is the real commit for this functionality this time. The
previous attempt to merge this code:
commit 57926bc7b0
was botched (by Carl Worth, not David) to include only the Makefile
change. So the build was broken until this commit that actually adds
the new file.