Commit graph

269 commits

Author SHA1 Message Date
David Bremner
ee8dba1c30 doc: fix for out-of-tree builds of notmuch-emacs docs
The sphinx-doc include directive does not have the ability to include
files from the build tree, so we replace the include with reading the
files in conf.py. The non-trivial downside of this is that the emacs
docstrings are now defined for every rst source file. They are
namespaced with docstring::, so hopefully there will not be any
surprises. One thing that is noticable is a small (absolute) time
penalty in running sphinx-doc.
2020-06-01 09:07:50 -03:00
Daniel Kahn Gillmor
02a2bf1b25 notmuch(1): clarify documentation about --option/value separators
id:CA+Tk8fzRiqxWpd=r8=DRvEewNZXUZgD7MKyRLB1A=R-LxxGEZw@mail.gmail.com
started a thread of discussion that showed that the cli's current
idiosyncrasies around dealing with boolean options were not
understandable.

This attempts to improve the documentation at least (actual changes to
the API might be better, but have not reached consensus).

Note that no one in the discussion thread identified any other
(non-boolean) command-line options that cannot use space as a
separator.  If such an option is identified (or introduced in the
future), it should be added explicitly to this part of the manual.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-05-08 08:58:46 -03:00
Daniel Kahn Gillmor
bd0b5abd5d doc: Drop obsolete MSCGEN_PATH, PERL_PATH from doxygen configuration
Since doxygen 1.8.16, MSCGEN_PATH and PERL_PATH are obsolete:

MSCGEN_PATH:
  873e0ccfbe
PERL_PATH:
  6d1535c38f

I don't think that the notmuch builds ever depended on them in the
first place, and including them in the default config yields the
following two warnings:

```
doxygen ./doc/doxygen.cfg
warning: Tag 'PERL_PATH' at line 267 of file './doc/doxygen.cfg' has become obsolete.
         To avoid this warning please remove this line from your configuration file or upgrade it using "doxygen -u"
warning: Tag 'MSCGEN_PATH' at line 272 of file './doc/doxygen.cfg' has become obsolete.
         To avoid this warning please remove this line from your configuration file or upgrade it using "doxygen -u"
```

Remove them to avoid the warnings.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-04-01 22:46:58 -03:00
Daniel Kahn Gillmor
018ad3703b Drop deprecated/unused crypto.gpg_path
crypto.gpg_path was only used when we built against gmime versions
before 3.0.  Since we now depend on gmime 3.0.3 or later, it is
meaningless.

The removal of the field from the _notmuch_config struct would be an
ABI change if that struct were externally exposed, but it is not, so
it's safe to unilaterally remove it.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-02-19 08:17:49 -04:00
Daniel Kahn Gillmor
aba7fb375b doc: clean up manpage description of "notmuch-config list" output
The escaping in the description of the output of "notmuch-config list"
appears to have been inherited from some previous attempts at
documentation.  It leaked out in the actual generated manpage
documentation, where it looks like this:

       list   Every  configuration  item is printed to stdout, each on a
              separate line of the form:

                 *section*.\ *item*\ =\ *value*

This simplification cleans up the overescaping.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-01-16 06:38:29 -04:00
Daniel Kahn Gillmor
4b1a8fd183 index: repair "Mixed Up" messages before indexing.
When encountering a message that has been mangled in the "mixed up"
way by an intermediate MTA, notmuch should instead repair it and index
the repaired form.

When it does this, it also associates the index.repaired=mixedup
property with the message.  If a problem is found with this repair
process, or an improved repair process is proposed later, this should
make it easy for people to reindex the relevant message.  The property
will also hopefully make it easier to diagnose this particular problem
in the future.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-09-15 19:07:06 -04:00
Daniel Kahn Gillmor
9829533e92 index: avoid indexing legacy-display parts
When we notice a legacy-display part during indexing, it makes more
sense to avoid indexing it as part of the message body.

Given that the protected subject will already be indexed, there is no
need to index this part at all, so we skip over it.

If this happens during indexing, we set a property on the message:
index.repaired=skip-protected-headers-legacy-display

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-09-01 08:45:30 -03:00
Daniel Kahn Gillmor
1b29822cf5 repair: set up codebase for repair functionality
This adds no functionality directly, but is a useful starting point
for adding new repair functionality.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-09-01 08:20:25 -03:00
David Bremner
a6a8df7e03 build: drop variable HAVE_EMACS. use WITH_EMACS instead
The extra flexibility of having both HAVE_EMACS (for yes, there is an
emacs we can use) and WITH_EMACS (the user wants emacs support) lead
to confusion and bugs. We now just force WITH_EMACS to 0 if no
suitable emacs is detected.
2019-06-12 19:58:30 -03:00
David Bremner
3ec47e1165 doc: Don't install emacs docs when they are not built
In 40b025 we stopped building the notmuch-emacs documentation if
HAVE_EMACS=0 (i.e. no emacs was detected by configure). Unfortunately
we continued to try to install the (non-existent) documentation, which
causes build/install failures.

As a bonus, we also avoid installing the documentation if the user
configures --without-emacs.

Thanks to Ralph Seichter for reporting the problem, and testing
previous versions of this fix.
2019-06-10 21:48:03 -03:00
David Bremner
71bf459596 doc: don't build notmuch-emacs.info for configure --without-emacs
Since the docstrings are not built in the case of --without-emacs,
even if emacs is detected, don't let sphinx build the emacs docs. This
avoids a large number of error messages due to missing includes. It's
actually a bit surprising sphinx doesn't generate an error for the
missing include files.
2019-06-10 21:46:55 -03:00
David Bremner
6edc073e44 doc: use separate doctrees for distinct builders
It seems our previous attempt with order-only targets was not
sufficient to avoid problems with sphinx-builds doctree cache [0].
Looking around at other people's approaches [1], using separate
doctrees was suggested. I guess there might be a slight loss of
efficiency, but it seems more robust.

[0]: build failures were first noticed in Debian experimental, but I was able to duplicate it in
     my usual build environment about 1 in 8 builds.

[1]: in particular
     9e3fc1657d
2019-06-03 07:35:30 -03:00
David Bremner
9dedb23b47 doc: document user header indexing.
It's a bit odd that the primary documentation is in notmuch-config,
but it is consistent with the "query:" prefix.
2019-05-25 07:21:21 -03:00
David Bremner
40b025c5f1 doc: exclude notmuch-emacs.rst if emacs is not present.
This will still generate a warning about an excluded document in the
toctree, but it cuts down on the noise quite a lot.
2019-04-24 06:53:13 -03:00
David Bremner
4f0fe36c47 doc: use stamp file for html docs
These are less time consuming than the texi docs to rebuild (because
the texi rebuild triggers info rebuild), but still take noticable time.
2019-04-24 06:53:13 -03:00
David Bremner
f0399db513 doc: use stamp file to control rebuilding texi
Apparently the sphinx-doc texinfo builder is not smart enough to only
rebuild those files where the source has changed.
2019-04-24 06:53:07 -03:00
David Bremner
319dd95ebb lib: add 'body:' field, stop indexing headers twice.
The new `body:` field (in Xapian terms) or prefix (in slightly
sloppier notmuch) terms allows matching terms that occur only in the
body.

Unprefixed query terms should continue to match anywhere (header or
body) in the message.

This follows a suggestion of Olly Betts to use the facility (since
Xapian 1.0.4) to add the same field with multiple prefixes. The double
indexing of previous versions is thus replaced with a query time
expension of unprefixed query terms to the various prefixed
equivalent.

Reindexing will be needed for 'body:' searches to work correctly;
otherwise they will also match messages where the term occur in
headers (demonstrated by the new tests in T530-upgrade.sh)
2019-04-17 08:48:16 -03:00
Michal Sojka
1e69bb6f46 doc: document notmuch new --verbose 2019-03-31 11:59:46 -03:00
Daniel Kahn Gillmor
cbeb0da595 doc: Clean up warnings when building notmuch-emacs docs
Without this change, we see this during the build:

    sphinx-build -b html -d doc/_build/doctrees -q ./doc doc/_build/html
    …/doc/notmuch-emacs.rst:67: WARNING: Unexpected indentation.
    …/doc/notmuch-emacs.rst:165: WARNING: Unexpected indentation.
    …/doc/notmuch-emacs.rst:306: WARNING: Unexpected indentation.

This source change doesn't seem to have any effect on the generated
HTML, at least.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-03-27 17:45:27 -03:00
David Bremner
0557c5a033 doc/build: use $(MAKE) instead of make
This should silence some warnings about the jobserver, but also make
it easier to build the docs where GNU make is called something other
than make.

Based on a patch from aidecoe.
2019-03-19 20:54:15 -03:00
David Bremner
71eaa19350 Merge branch 'release'
Changes from 0.28.3
2019-03-06 08:53:26 -04:00
David Bremner
dcf7fca2d9 doc: sequentialize calls to sphinx-build
In certain conditions the parallel calls to sphinx-build could
collide, yielding a crash like

Exception occurred:
  File "/usr/lib/python3/dist-packages/sphinx/environment.py", line 1261, in get_doctree
    doctree = pickle.load(f)
EOFError: Ran out of input
2019-03-05 21:46:41 -04:00
Matt Armstrong
adde6dfaef Emacs: bind "g" to 'notuch-refresh-this-buffer
Using "g" for refresh operations is a pretty common Emacs convention,
codified by `special-mode' in simple.el.
2019-02-21 07:16:53 -04:00
David Bremner
87eb477ba5 notmuch 0.28.1 release
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCAAdFiEE3VS2dnyDRXKVCQCp8gKXHaSnniwFAlxUOSIACgkQ8gKXHaSn
 nizwvAv8DPoLLssPfwY1AJtc7+JQzAl5scpkjJbGYlzXWTkhD14Efnb0FzMFulRG
 fG4gpsqFA9iNJGT2uTKtYRvKayoMNQMk2eSk8IKyINIVO/jclNbsaSFhL7vqyzsm
 8l+A1UBQ2BsmUsv58ImoS/F65iF2ZBXu5OEEzqxzL+m+WBh9rNyuBaN4Arr64eVy
 f0V/CWYr9VmauuWg0UW3lZ2kwT2+eJDdw7/UwkdeaesuqypPrb+PyRbSDozr4yEj
 n+l0LsbP2iN2i8b0MBNS1vf9fSkUxhBmLzSoqJWbsEZFKwXLFTp5+TLyVxYDzKO5
 D5ug22DG4VFUOmvBaKkMdnavr8z0QZrfL1/z6998Ux+iYG/YrITsrAv02+BxXr5a
 MPmmhW+9x5AZBSP/qasvNCu/Zhczcu/DZ0oUe5qLXTY0yPsOWZRv/+iAWTxXbk+Q
 iS5wbmeZsF/WSH1l3vtK9PnD1wePqITQPK22bKCjSXhPxWOO6AxNcfpy3/lsZ2j2
 9NPLfpFl
 =G2Qd
 -----END PGP SIGNATURE-----

Merge tag '0.28.1'

notmuch 0.28.1 release
2019-02-01 08:35:20 -04:00
David Bremner
32fb3c420a bump copyright year 2019-02-01 08:08:13 -04:00
Peter Wang
6784d5bc60 doc: fix references to search.exclude_tags
The documentation incorrectly referred to a configuration item
"search.tag_exclude" in some places, instead of "search.exclude_tags".
2019-01-27 08:18:38 -04:00
David Bremner
e52535029b doc: make man pages depend on emacs docstrings
This is nonsensical on the face of it, but is needed (for now) because
the notmuch-emacs page is unconditionally included in index.rst.
2018-12-20 17:30:11 +09:00
David Bremner
fcf68eec31 doc/emacs: document notmuch-cycle-notmuch-buffers
For some reason I couldn't find this when I searched, so add it to the
manual.
2018-12-08 09:07:09 -04:00
David Bremner
3324544d42 doc/emacs: document notmuch-poll*
The current "documentation" for these variables consists of only the
variable names.
2018-12-08 09:05:25 -04:00
David Bremner
fd5f666476 doc/emacs: document notmuch-tagging-keys
Calling these "Global keys" is arguably a bit of a stretch, but they
do work in all notmuch modes except notmuch-hello.
2018-12-08 09:02:42 -04:00
David Bremner
1f6778d349 doc/emacs: document notmuch-message-headers*
More precisely, copy the docstrings into notmuch-emacs documentation pages.
2018-12-08 09:00:50 -04:00
David Bremner
241373cd3f doc/emacs: add documentation for stashing 'c X' bindings
This is the first of a series of changes requiring the extracted docstrings.
2018-12-08 08:56:17 -04:00
David Bremner
0601d2337e doc/emacs: require extracted docstrings for sphinx or info manual
We need to use the stamp file here in order not to depend on the order
the submakefiles are included.
2018-12-08 08:53:09 -04:00
Maxime Coste
baa4185c30 cli: notmuch show support for --include-html with --format=text 2018-11-24 09:12:30 -04:00
Maxime Coste
37e5bc00ae cli: notmuch show support for --body=false with --format=text 2018-11-24 09:11:42 -04:00
Daniel Kahn Gillmor
fd3c93650d doc: clean up manpages
Many of the manpages didn't treat literal text as literal text.  I've
tried to normalize some of the restructured text to make it a bit more
regular.

several of the synopsis lines are still untouched by this cleanup, but
i'm not sure what the right way to represent those is in .rst,
actually.

In particular find that if i rebuild the manpages, sometimes i end up
with some of the synopsis lines showing – (U+2013 EN DASH) where they
should have -- (2 × U+002D HYPHEN-MINUS) in the generated nroff
output, though i have not tracked down the source of this error yet.
2018-06-24 21:59:37 -03:00
David Bremner
b50fb1b642 docs: add initial documentation for notmuch-tag-jump
This is mainly to improve discoverability. It seems that doing
variable cross-references is not easy without using some sphinx
extension/customization.
2018-05-26 08:31:03 -07:00
David Bremner
7a58c1c44b doc: initial documentation for notmuch-tree mode 2018-05-26 08:29:35 -07:00
David Bremner
eb6fb36d63 doc: initial documentation for notmuch-show-mode
This is pretty minimal, but will hopefully inspire others to
contribute more complete documentation. If nothing else, it points out
'?'.
2018-05-26 08:28:18 -07:00
David Bremner
7a6d4a0852 doc: install build and install info pages
All of the man pages are installed as info pages, plus
the (unfinished) notmuch-emacs manual
2018-05-26 08:26:13 -07:00
Daniel Kahn Gillmor
aa605f7e8a cli/show: enable --decrypt=stash
Add fancy new feature, which makes "notmuch show" capable of actually
indexing messages that it just decrypted.

This enables a workflow where messages can come in in the background
and be indexed using "--decrypt=auto".  But when showing an encrypted
message for the first time, it gets automatically indexed.

This is something of a departure for "notmuch show" -- in particular,
because it requires read/write access to the database.  However, this
might be a common use case -- people get mail delivered and indexed in
the background, but only want access to their secret key to happen
when they're directly interacting with notmuch itself.

In such a scenario, they couldn't search newly-delivered, encrypted
messages, but they could search for them once they've read them.

Documentation of this new feature also uses a table form, similar to
that found in the description of index.decrypt in notmuch-config(1).

A notmuch UI that wants to facilitate this workflow while also
offering an interactive search interface might instead make use of
these additional commands while the user is at the console:

Count received encrypted messages (if > 0, there are some things we
haven't yet tried to index, and therefore can't yet search):

     notmuch count tag:encrypted and \
         not property:index.decryption=success and \
         not property:index.decryption=failure

Reindex those messages:

     notmuch reindex --try-decrypt=true tag:encrypted and \
         not property:index.decryption=success and \
         not property:index.decryption=failure
2018-05-26 07:43:30 -07:00
David Bremner
8a1eeecdfe doc: document notmuch new --full-scan 2018-05-22 09:31:33 -07:00
David Bremner
a07b28a488 doc: fix notmuch-search example
For some reason the searched tag did not match the displayed results.
2018-05-09 10:31:57 -04:00
David Bremner
f2e6f76a04 doc: document thread subqueries
Mention both performance and quoting issues.
2018-05-07 08:42:53 -03:00
David Bremner
20ba0b7dfa doc: add a section on quoting to notmuch-search-terms(7)
I think we've diverged enough from the Xapian query parser
that we can't rely on that syntax description [1]. As far as I can
tell, [1] also only discusses quotes in the context of phrases.

[1]: https://xapian.org/docs/queryparser.html
2018-04-24 23:08:10 -03:00
Daniel Kahn Gillmor
f6430bc06d doc: Examples of notmuch-reindex use and crypto policy
Currently, notmuch has the levers needed to set coherent crypto policy
around how cleartext is indexed, which also has an impact on how
messages are rendered.  But we don't have a lot of documentation about
how to do sensible things.  This is an initial attempt to address
that.

The first example shows a way to selectively index specific messages.

The next two examples are about aligning the existing database with
crypto indexing policy

The default crypto policy is to not index cleartext, and to only
decrypt messages on display when explicitly requested.

The other sensible crypto policy is to index cleartext while stashing
session keys. messages indexed in this way will be searchable, and
will be decrypted on display automatically unless the user explicitly
asks for it to *not* be decrypted.

The policy for indexing *new* messages is stored in the database as
the config variable index.decrypt.

But setting policy for new messages doesn't retroactively affect
already indexed messages.

This patch attempts to document ways that someone can efficiently
align their pre-existing database with their new policy.

I'm not sure this is the right place to document these examples, but i
do want them to be user-facing and relatively easy to find.  I'm happy
to entertain suggestions for where else we should put them.
2018-03-24 20:08:27 -03:00
Daniel Kahn Gillmor
b6e3efde05 cli/insert: add --world-readable flag
In some cases (e.g. when building a publicly-visible e-mail archive)
it doesn't make any sense to restrict visibility of the message to the
current user account.

This adds a --world-readable boolean option for "notmuch insert", so
that those who want to archive their mail publicly can feed their
archiver with:

    notmuch insert --world-readable

Other local delivery agents (postfix's local, and dovecot's lda) all
default to delivery in mode 0600 rather than relying on the user's
umask, so this fix doesn't change the default.

Also, this does not override the user's umask.  if the umask is
already set tight, it will not become looser as the result of passing
--world-readable.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-03-24 20:08:11 -03:00
Matthew Lear
0cbe982bfd Clarify the syntax required when searching using timestamps.
Need to be clearer about specifying time ranges using timestamps.
Legacy syntax which predates the date prefix is still supported, but
timestamps used in conjunction with the date prefix require additional
syntax.
2018-03-24 20:07:20 -03:00
Antoine Amarilli
cf8c689eab doc: create manpage folders with right permissions
Avoids the issue where umask can make man pages unreadable after
installation. Relevant email on the mailing-list:
<87h8rt30sy.fsf@fifthhorseman.net>
2018-01-31 21:22:04 -04:00
Daniel Kahn Gillmor
54982e520c fix typos 2018-01-04 20:35:58 -04:00
David Bremner
c8fc3d1428 notmuch 0.26~rc1 release
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCAAdFiEE3VS2dnyDRXKVCQCp8gKXHaSnniwFAlpK4EkACgkQ8gKXHaSn
 niygiQv/TxmOsXmlxOqBI3pWqhvRjiqE7XlF7ueCBADOxET6cQRfj6CG31vbjAUd
 xNH4SLZR7pKE7K3Dx7jNfqSESgM48Ianlau8ofC2eNpSXegRqX3vTE+9IM64xYpo
 BrdrHJlwOmM2JN/X02mTQFexNgoXZG88Y7WXQOo3ktLxBOna3I1+dS/cEMuHKkGC
 zs80sjqJKixBigI3u9Sg1TMEg/gKj0K3jTRiNtsrR2k3W0ktPmYjMf6l5CKleKx1
 8HGT2VWUip4V3Ih18addQdyxfKPAtvb74SFMu/W6qegTvctr8UIsQhpCzlnzq+37
 UnaTLlmVCWNqMzxt3TUDRq6w4R5MW8wG4iBRuQOYiuzq7vCVV9etRFlWY1KzFbp2
 frtFvq48PyfTupC1B/B6/402V6mooUJXfmu9FP0WxAYawuCsaVVGFXjOwkCeXf6d
 JHuN1Gog4DYPq6y0gakUgFG8sWGouvJVncLHHn26nyDNXnRl5NTGIUrRfce8nXBH
 GV5fHOJ4
 =0A1D
 -----END PGP SIGNATURE-----

Merge tag '0.26_rc1'

notmuch 0.26~rc1 release
2018-01-01 21:50:24 -04:00
David Bremner
b75797150b doc: add 2018 to copyright year 2018-01-01 21:17:05 -04:00
David Bremner
d0dffdae31 doc/{reply, show}: match indentation
This is essentially a conflict resolution Jani's normalization and
Daniel's doc changes, but it's easier to do as a second commit.
2017-12-31 09:34:28 -04:00
David Bremner
99407db25c Merge branch 'release'
Conflicts:
        doc/man1/notmuch-reply.rst
	doc/man1/notmuch-show.rst

Conflicts taken from release (dkg's doc changes)
2017-12-31 09:26:13 -04:00
Jani Nikula
e5e252de55 doc: unify definition list usage across man pages
Make all parameter descriptions etc. use reStructuredText definition
lists with uniform style and indentation. Remove redundant indentation
from around the lists. Remove blank lines between term lines and
definition blocks. Use four spaces for indentation.

This is almost completely whitespace and paragraph reflow changes.
2017-12-31 09:06:11 -04:00
Daniel Kahn Gillmor
af8255fb71 cli/reply: make --decrypt take a keyword
This brings the --decrypt argument to "notmuch reply" into line with
the other --decrypt arguments (in "show", "new", "insert", and
"reindex").  This patch is really just about bringing consistency to
the user interface.

We also use the recommended form in the emacs MUA when replying, and
update test T350 to match.
2017-12-29 16:45:55 -04:00
Daniel Kahn Gillmor
8ea4a99d74 cli/show: make --decrypt take a keyword.
We also expand tab completion for it, update the emacs bindings, and
update T350, T357, and T450 to match.

Make use of the bool-to-keyword backward-compatibility feature.
2017-12-29 16:45:46 -04:00
Jani Nikula
f2a6790583 cli/new: support /<regex>/ in new.ignore
Add support for using /<regex>/ style regular expressions in
new.ignore, mixed with the old style verbatim file and directory
basenames. The regex is matched against the relative path from the
database path.
2017-12-15 07:54:33 -04:00
Jani Nikula
89f651a403 doc: arrange search prefix documentation in a definition list
Having first a list of prefixes followed by detailed descriptions was
viable when we didn't have all that many prefixes. Now, arranging the
prefix descriptions in a definition list makes more sense.

While at it, include all the supported prefix forms, especially some
missing regex ones.
2017-12-14 21:41:39 -04:00
Jani Nikula
f3fc97c000 cli: add support for only printing the addresses in notmuch address
The notmuch address output is much more useful for scripts with just
the addresses printed. Support this using the --output=address option.
2017-12-14 21:28:50 -04:00
Daniel Kahn Gillmor
be555b9d27 docs: clean up documentation about decryption policies
Now that the range of sensible decryption policies has come into full
view, we take a bit of space to document the distinctions.

Most people will use either "auto" or "true" -- but we provide "false"
and "nostash" to handle use cases that might reasonably be requested.

Note also that these can be combined in sensible ways.  Like, if your
mail comes in regularly to a service that doesn't have access to your
secret keys, but does have access to your index, and you feel
comfortable adding selected encrypted messages to the index after
you've read them, you could stay in "auto" normally, and then when you
find yourself reading an indexable message (e.g. one you want to be
able to search for in the future, and that you don't mind exposing to
whatever entities have access to your inde), you can do:

    notmuch reindex --decrypt=true id:whatever@example.biz

That leaves your default the same (still "auto") but you get the
cleartext index and stashed session key benefits for that particular
message.
2017-12-08 08:08:47 -04:00
Daniel Kahn Gillmor
fccebbaeef crypto: add --decrypt=nostash to avoid stashing session keys
Here's the configuration choice for people who want a cleartext index,
but don't want stashed session keys.

Interestingly, this "nostash" decryption policy is actually the same
policy that should be used by "notmuch show" and "notmuch reply",
since they never modify the index or database when they are invoked
with --decrypt.

We take advantage of this parallel to tune the behavior of those
programs so that we're not requesting session keys from GnuPG during
"show" and "reply" that we would then otherwise just throw away.
2017-12-08 08:08:47 -04:00
Daniel Kahn Gillmor
29648a137c crypto: actually stash session keys when decrypt=true
If you're going to store the cleartext index of an encrypted message,
in most situations you might just as well store the session key.
Doing this storage has efficiency and recoverability advantages.

Combined with a schedule of regular OpenPGP subkey rotation and
destruction, this can also offer security benefits, like "deletable
e-mail", which is the store-and-forward analog to "forward secrecy".

But wait, i hear you saying, i have a special need to store cleartext
indexes but it's really bad for me to store session keys!  Maybe
(let's imagine) i get lots of e-mails with incriminating photos
attached, and i want to be able to search for them by the text in the
e-mail, but i don't want someone with access to the index to be
actually able to see the photos themselves.

Fret not, the next patch in this series will support your wacky
uncommon use case.
2017-12-08 08:08:47 -04:00
Daniel Kahn Gillmor
6a9626a2fd cli/reindex: destroy stashed session keys when --decrypt=false
There are some situations where the user wants to get rid of the
cleartext index of a message.  For example, if they're indexing
encrypted messages normally, but suddenly they run across a message
that they really don't want any trace of in their index.

In that case, the natural thing to do is:

   notmuch reindex --decrypt=false id:whatever@example.biz

But of course, clearing the cleartext index without clearing the
stashed session key is just silly.  So we do the expected thing and
also destroy any stashed session keys while we're destroying the index
of the cleartext.

Note that stashed session keys are stored in the xapian database, but
xapian does not currently allow safe deletion (see
https://trac.xapian.org/ticket/742).

As a workaround, after removing session keys and cleartext material
from the database, the user probably should do something like "notmuch
compact" to try to purge whatever recoverable data is left in the
xapian freelist.  This problem really needs to be addressed within
xapian, though, if we want it fixed right.
2017-12-08 08:08:47 -04:00
Daniel Kahn Gillmor
076f86025d cli/new, insert, reindex: change index.decrypt to "auto" by default
The new "auto" decryption policy is not only good for "notmuch show"
and "notmuch reindex".  It's also useful for indexing messages --
there's no good reason to not try to go ahead and index the cleartext
of a message that we have a stashed session key for.

This change updates the defaults and tunes the test suite to make sure
that they have taken effect.
2017-12-08 08:08:46 -04:00
Daniel Kahn Gillmor
181d4091c4 cli/new, insert, reindex: update documentation for --decrypt=auto
we also include --decrypt=auto in the tab completion.
2017-12-08 08:08:46 -04:00
Daniel Kahn Gillmor
f845fb2a51 cli/show, reply: document use of stashed session keys in notmuch-properties
The stashed session keys are stored internally as notmuch properties.
So a user or developer who is reading about those properties might
want to understand how they fit into the bigger picture.

Note here that decrypting with a stored session key no longer needs
-decrypt for "notmuch show" and "notmuch reply".
2017-12-08 08:08:46 -04:00
Daniel Kahn Gillmor
a1260896f6 cli/show: use decryption policy "auto" by default.
When showing a message, if the user doesn't specify --decrypt= at all,
but a stashed session key is known to notmuch, notmuch should just go
ahead and try to decrypt the message with the session key (without
bothering the user for access to their asymmetric secret key).

The user can disable this at the command line with --decrypt=false if
they really don't want to look at the e-mail that they've asked
notmuch to show them.

and of course, "notmuch show --decrypt" still works for accessing the
user's secret keys if necessary.
2017-12-08 08:08:46 -04:00
Daniel Kahn Gillmor
6802b333eb cli/reply: use decryption policy "auto" by default.
If the user doesn't specify --decrypt= at all, but a stashed session
key is known to notmuch, when replying to an encrypted message,
notmuch should just go ahead and decrypt.

The user can disable this at the command line with --decrypt=false,
though it's not clear why they would ever want to do that.
2017-12-08 08:08:46 -04:00
Daniel Kahn Gillmor
e4890b5bf9 crypto: new decryption policy "auto"
This new automatic decryption policy should make it possible to
decrypt messages that we have stashed session keys for, without
incurring a call to the user's asymmetric keys.
2017-12-08 08:07:53 -04:00
Daniel Kahn Gillmor
d3964e81ac indexing: Change from try_decrypt to decrypt
the command-line interface for indexing (reindex, new, insert) used
--try-decrypt; and the configuration records used index.try_decrypt.
But by comparison with "show" and "reply", there doesn't seem to be
any reason for the "try" prefix.

This changeset adjusts the command-line interface and the
configuration interface.

For the moment, i've left indexopts_{set,get}_try_decrypt alone.  The
subsequent changeset will address those.
2017-12-08 08:05:53 -04:00
Daniel Kahn Gillmor
a990585408 crypto: use stashed session-key properties for decryption, if available
When doing any decryption, if the notmuch database knows of any
session keys associated with the message in question, try them before
defaulting to using default symmetric crypto.

This changeset does the primary work in _notmuch_crypto_decrypt, which
grows some new parameters to handle it.

The primary advantage this patch offers is a significant speedup when
rendering large encrypted threads ("notmuch show") if session keys
happen to be cached.

Additionally, it permits message composition without access to
asymmetric secret keys ("notmuch reply"); and it permits recovering a
cleartext index when reindexing after a "notmuch restore" for those
messages that already have a session key stored.

Note that we may try multiple decryptions here (e.g. if there are
multiple session keys in the database), but we will ignore and throw
away all the GMime errors except for those that come from last
decryption attempt.  Since we don't necessarily know at the time of
the decryption that this *is* the last decryption attempt, we'll ask
for the errors each time anyway.

This does nothing if no session keys are stashed in the database,
which is fine.  Actually stashing session keys in the database will
come as a subsequent patch.
2017-12-04 21:48:31 -04:00
Jani Nikula
733ccfabca cli: allow empty strings for notmuch insert --folder argument
Now that it's easy to add argument specific modifiers in opt
descriptions, add a new .allow_empty field to allow empty strings for
individual string arguments while retaining strict checks
elsewhere. Use this for notmuch insert --folder, where the empty
string means top level folder.
2017-11-08 09:46:44 -05:00
Daniel Kahn Gillmor
8116891744 cli/reindex: add --try-decrypt=(true|false)
Enable override of the index.try_decrypt setting on a per-run basis
when invoking "notmuch reindex".  This allows the possibility of (for
example) an emacs keybinding that adds the cleartext of the currently
shown decrypted message to the index, making it searchable in the
future.

It also enables one-time indexing of all messages matching some query,
like so:

    notmuch reindex tag:encrypted and\
       not property:index.decryption=success and\
       from:alice@example.org

We also update the documentation and tab completion, and add a few
more tests.
2017-10-21 19:58:52 -03:00
Daniel Kahn Gillmor
c5356b9ed5 cli/insert: add --try-decrypt=(true|false)
Enable override of the index.try_decrypt setting on a per-message
basis when invoking "notmuch insert".

We also update the documentation and tab completion, and add more tests.
2017-10-21 19:58:43 -03:00
Daniel Kahn Gillmor
35456d4b0c cli/new: add --try-decrypt=(true|false)
Enable override of the index.try_decrypt setting during "notmuch new"
on a per-invocation basis.

We update the documentation and tab completion, and also add a test.
2017-10-21 19:58:32 -03:00
Daniel Kahn Gillmor
d0da7a0a1c config: define new option index.try_decrypt
By default, notmuch won't try to decrypt on indexing.  With this
patch, we make it possible to indicate a per-database preference using
the config variable "index.try_decrypt", which by default will be
false.

At indexing time, the database needs some way to know its internal
defaults for how to index encrypted parts.  It shouldn't be contingent
on an external config file (since that can't be retrieved from the
database object itself), so we store it in the database.

This behaves similarly to the query.* configurations, which are also
stored in the database itself, so we're not introducing any new
dependencies by requiring that it be stored in the database.
2017-10-21 19:54:33 -03:00
Daniel Kahn Gillmor
886c0b1666 config: test whether an item is stored in the database by name
QUERY_STRING was only used in two places, both to test whether a
variable should be stored in (or retrieved from) the database.

Since other configuration variables might be stored in the database in
the future, consolidate that test into a single function.

We also document that these configuration options should not be placed
in the config file.
2017-10-21 19:54:24 -03:00
Daniel Kahn Gillmor
4dfcc8c9b2 crypto: index encrypted parts when indexopts try_decrypt is set.
If we see index options that ask us to decrypt when indexing a
message, and we encounter an encrypted part, we'll try to descend into
it.

If we can decrypt, we add the property index.decryption=success.

If we can't decrypt (or recognize the encrypted type of mail), we add
the property index.decryption=failure.

Note that a single message may have both values of the
"index.decryption" property: "success" and "failure".  For example,
consider a message that includes multiple layers of encryption.  If we
manage to decrypt the outer layer ("index.decryption=success"), but
fail on the inner layer ("index.decryption=failure").

Because of the property name, this will be automatically cleared (and
possibly re-set) during re-indexing.  This means it will subsequently
correspond to the actual semantics of the stored index.
2017-10-21 19:53:19 -03:00
Daniel Kahn Gillmor
0bb05ff693 reindex: drop all properties named with prefix "index."
This allows us to create new properties that will be automatically set
during indexing, and cleared during re-indexing, just by choice of
property name.
2017-10-21 19:53:08 -03:00
Daniel Kahn Gillmor
6575b7eb31 doc: add notmuch-properties(7)
We will want a user-facing place to record details about the use of
notmuch properties shortly.  This establishes a new manual page for
that purpose.
2017-10-21 19:52:55 -03:00
Daniel Kahn Gillmor
6499fce391 doc: make SEE ALSO references one-per-line
This will make future diffs cleaner, make it easier to keep them
alphabetical, and make it easier to scan and search the documentation
sources.
2017-10-18 22:36:39 -03:00
Daniel Kahn Gillmor
5fb0f5f113 doc: fix documentation typos and copy/paste-os 2017-10-18 22:36:09 -03:00
Jakub Wilk
073188e690 doc: fix typos 2017-09-28 09:00:20 -03:00
Vladimir Panteleev
938ec0f80c doc: Disable SmartyPants in generated manual pages
By default, Sphinx tries to pre-process text through SmartyPants,
which attempts to convert ASCII quotes and dashes to Unicode
characters. Unfortunately, this mangles technical text such as command
lines. For instance, this excerpt from notmuch-tag.rst:

  **notmuch** **tag** **--batch** [--input=<*filename*>]

got turned into:

  notmuch tag –batch [–input=<filename>]

That's an en-dash and an em-dash respectively.

Not only are these characters visually confusing and could easily be
mistaken for a single dash, copying and pasting such command lines
into a terminal is doomed to result in incomprehensible error
messages.

* doc/conf.py: Disable SmartyPants.
2017-08-20 08:32:29 -03:00
Vladimir Panteleev
ca4688e103 Use rooted paths in .gitignore files
A leading / in paths in a .gitignore file matches the beginning of the
path, meaning that for patterns without slashes, git will match files
only in the current directory as opposed to in any subdirectory.

Prefix relevant paths with / in .gitignore files, to prevent
accidentally ignoring files in subdirectories and possibly slightly
improve the performance of "git status".
2017-08-18 19:42:35 -03:00
Daniel Kahn Gillmor
e5beec39d6 add "notmuch reindex" subcommand
This new subcommand takes a set of search terms, and re-indexes the
list of matching messages.
2017-08-01 21:17:47 -04:00
David Bremner
ed4a9082c0 cli/search: print total number of files matched in summary output.
The structured output formats already have all of the filenames. This
is an easy bit of UI change to make the multiple files visible.
2017-08-01 21:17:47 -04:00
Daniel Kahn Gillmor
87bdfbc91f Fix orthography 2017-07-18 06:50:44 -03:00
Daniel Kahn Gillmor
e142de643d config: deprecate/drop crypto.gpg_path under gmime 2.6/3.0
gmime 3.0 no longer offers a means to set the path for gpg.

Users can set $PATH anyway if they want to pick a
differently-installed gpg (e.g. /usr/local/bin/gpg), so this isn't
much of a reduction in functionality.

The one main difference is for people who have tried to use "gpg2" to
make use of gpg 2.1, but that isn't usefully co-installable anyway.
2017-07-14 21:23:52 -03:00
David Bremner
a32dd81a55 cli: add space separator for keyword, string, and int arguments
Defer the complication of optional boolean arguments for later (never?).
2017-07-12 17:46:29 -03:00
David Bremner
d47e184118 cli/dump: bump dump format version to 3
No changes to the format of the body, but the header format was
fixed, and version 2 headers probably shouldn't be relied on.
2017-04-01 09:10:15 -03:00
Jani Nikula
02421015fd man: document external subcommand handling in notmuch(1)
The documentation for this was overlooked when adding the subcommand
handling. This seems like the proper place for it.
2017-03-07 09:05:50 -04:00
David Bremner
55524bb063 lib: regexp matching in 'subject' and 'from'
the idea is that you can run

% notmuch search subject:/<your-favourite-regexp>/
% notmuch search from:/<your-favourite-regexp>/

or

% notmuch search subject:"your usual phrase search"
% notmuch search from:"usual phrase search"

This feature is only available with recent Xapian, specifically
support for field processors is needed.

It should work with bindings, since it extends the query parser.

This is easy to extend for other value slots, but currently the only
value slots are date, message_id, from, subject, and last_mod. Date is
already searchable;  message_id is left for a followup commit.

This was originally written by Austin Clements, and ported to Xapian
field processors (from Austin's custom query parser) by yours truly.
2017-03-03 17:46:48 -04:00
David Bremner
b15b96f846 Merge branch 'release'
These are the (tentative) changes for 0.23.5
2017-01-08 08:42:26 -04:00
David Bremner
44520bb6ad docs: add 2017 to copyright years 2017-01-08 08:35:17 -04:00
David Bremner
5de84d0752 Merge branch 'release'
Add back in no-display parameter by hand.
2016-12-15 21:57:10 +09:00
David Bremner
3d312e2577 cli/insert: document the use of EX_TEMPFAIL 2016-12-15 20:21:02 +09:00
Tomi Ollila
ef763a9e8b doc: whitespace cleanup
In most part, our .rst documents are indented with 8 spaces instead
of tabs. Bring the rest of the lines to the same format.
Also, on one (supposedly empty) line, trailing spaces were removed.
2016-11-28 21:58:17 -04:00
David Bremner
c970de6dc5 Merge branch 'release'
Add Jani's fix for notmuch-new
2016-11-26 08:43:31 -04:00