On Fri, 15 Sep 2017, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote: > By default, notmuch won't try to decrypt on indexing. With this > patch, we make it possible to indicate a per-database preference using > the config variable "index.try_decrypt", which by default will be > false. > --- > doc/man1/notmuch-config.rst | 12 ++++++++++++ > lib/indexopts.c | 16 +++++++++++++++- > 2 files changed, 27 insertions(+), 1 deletion(-) > > diff --git a/doc/man1/notmuch-config.rst b/doc/man1/notmuch-config.rst > index 6a51e64f..6f35d127 100644 > --- a/doc/man1/notmuch-config.rst > +++ b/doc/man1/notmuch-config.rst > @@ -134,6 +134,18 @@ The available configuration items are described below. > > Default: ``gpg``. > > + **index.try_decrypt** > + > + When indexing an encrypted e-mail message, if this variable is > + set to true, notmuch will try to decrypt the message and index > + the cleartext. Be aware that the index is likely sufficient > + to reconstruct the cleartext of the message itself, so please > + ensure that the notmuch message index is adequately protected. > + DO NOT USE ``index.try_decrypt=true`` without considering the > + security of your index. > + > + Default: ``false``. > + > **built_with.<name>** > > Compile time feature <name>. Current possibilities include > diff --git a/lib/indexopts.c b/lib/indexopts.c > index 1162900c..5bd396ff 100644 > --- a/lib/indexopts.c > +++ b/lib/indexopts.c > @@ -23,7 +23,21 @@ > notmuch_indexopts_t * > notmuch_database_get_default_indexopts (notmuch_database_t *db) > { > - return talloc_zero (db, notmuch_indexopts_t); > + notmuch_indexopts_t *ret = talloc_zero (db, notmuch_indexopts_t); > + if (ret) { > + char * try_decrypt; > + notmuch_status_t err; > + if (!(err = notmuch_database_get_config (db, "index.try_decrypt", &try_decrypt))) { I like the style of always separating assigment and conditional. I wonder if this function would look cleaner by doing early returns every step of the way instead of nested ifs. if (!ret) return ret; err = notmuch_database_get_config(); if (err) return ret; and so on. > + if (try_decrypt && > + ((!(strcasecmp(try_decrypt, "true"))) || > + (!(strcasecmp(try_decrypt, "yes"))) || > + (!(strcasecmp(try_decrypt, "1"))))) > + notmuch_indexopts_set_try_decrypt (ret, TRUE); > + > + free (try_decrypt); > + } > + } > + return ret; > } > > notmuch_status_t > -- > 2.14.1 > > _______________________________________________ > notmuch mailing list > notmuch@notmuchmail.org > https://notmuchmail.org/mailman/listinfo/notmuch _______________________________________________ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch