Re: New option crypt_batchsign

2022-07-28 Thread Kevin J. McCarthy 

On Thu, Jul 28, 2022 at 12:57:58PM +0200, Werner Koch wrote:

Mutt is very useful as a tool for sending unattended mails.  In
particular the easy way to add attachments is very useful, for example
to send release notes to customers.  However, it is by design not
possible to sign such mails.  The reason for this might be that for
signing you need to unlock your key and without caching the passphrase
in gpg-agent this does make much sense.

The proposed new option allows to overcome this design decision with
less risk of any regression.

I am using this patch for more than a half year now and have
successfully sent thousands of signed mails with attachments using a
straightforward script.

Please consider to add this option to Mutt.


Thanks Werner.  I have comments inline below.  Just as a reminder, I'm 
only maintaining stable releases at this point, but the option is 
interesting and deserves comments.  :-)



diff --git a/init.h b/init.h
index fa1e3b7d..bc80e3dd 100644
--- a/init.h
+++ b/init.h
@@ -797,6 +797,13 @@ struct option_t MuttVars[] = {
  { "crypt_autosign", DT_BOOL, R_NONE, {.l=OPTCRYPTAUTOSIGN}, {.l=0} },
  /*
  ** .pp


Documentation needs to be after the option, to generate the manual 
properly.



+  ** This variable controls whether or not mutt may automatically


"may" or "will"?  The documentation makes it sound like Mutt will 
consider it, subject to other options, such as $crypt_autosign.



+  ** PGP signing messages even in batch mode.  See also


The code below looks like it will turn on signing for S/MIME too.  In 
classic mode (for PGP and S/MIME) this could cause problems.


I think it would be good to check explicitly that they are either using 
GPGME, or else PGP with $pgp_use_gpg_agent set.  This may be a bit 
tricky, since Mutt only checks $crypt_use_gpgme at startup to bind the 
glue functions.




--- a/send.c
+++ b/send.c
@@ -2128,6 +2128,7 @@ static int send_message_resume_first_edit (SEND_CONTEXT 
*sctx)
{
  int rv = -1;
  int killfrom = 0;
+  int sendbatch_flag;

  if (sctx->flags & SENDMAILX)
  {
@@ -2263,14 +2264,18 @@ static int send_message_resume_first_edit (SEND_CONTEXT 
*sctx)
   * 3) we are resending a message
   * 4) we are recalling a postponed message (don't override the user's saved 
settings)
   * 5) we are in mailx mode
-   * 6) we are in batch mode
+   * 6) we are in batch mode (unless crypt_batchsign is set)
   *
   * This is done after allowing the user to edit the message so that security
   * settings can be configured with send2-hook and $edit_headers.
   */
-  if (WithCrypto && (sctx->msg->security == 0) && !(sctx->flags & (SENDBATCH | 
SENDMAILX | SENDPOSTPONED | SENDRESEND)))
+  sendbatch_flag = option (OPTCRYPTBATCHSIGN)? 0 : SENDBATCH;
+  if (WithCrypto && (sctx->msg->security == 0)
+  && !(sctx->flags & (sendbatch_flag | SENDMAILX | SENDPOSTPONED | 
SENDRESEND)))
  {
-if (
+if (option (OPTCRYPTBATCHSIGN))
+  sctx->msg->security |= SIGN;


So again, this logic needs to be different if $crypt_batchsign defers to 
$crypt_autosign to actually enable signing.


Overall I'm a little nervous how the Mutt code behaves with respect to 
quadoptions and prompts and such.  I guess you've tested it quite a bit, 
but I'd still want to look through the code throroughly, since up to 
this point Mutt assumed crypto was always interactive if needed.


--
Kevin J. McCarthy
GPG Fingerprint: 8975 A9B3 3AA3 7910 385C  5308 ADEF 7684 8031 6BDA


signature.asc
Description: PGP signature

New option crypt_batchsign

2022-07-28 Thread Werner Koch 
Hi!

Mutt is very useful as a tool for sending unattended mails.  In
particular the easy way to add attachments is very useful, for example
to send release notes to customers.  However, it is by design not
possible to sign such mails.  The reason for this might be that for
signing you need to unlock your key and without caching the passphrase
in gpg-agent this does make much sense.

The proposed new option allows to overcome this design decision with
less risk of any regression.

I am using this patch for more than a half year now and have
successfully sent thousands of signed mails with attachments using a
straightforward script.

Please consider to add this option to Mutt.


Shalom-Salam,

   Werner


-- 
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
From dd3ca49019259237ab61b3bef33bcfca17b7ed78 Mon Sep 17 00:00:00 2001
From: Werner Koch 
Date: Thu, 28 Jul 2022 12:43:48 +0200
Subject: [PATCH] Add new boolean option "crypt_batchsign"

This option allows to use mutt as a tool to send signed mails with
attachments from scripts.

Use -F to specify a muttrc like

set crypt_use_gpgme
set crypt_autosign
set crypt_batchsign
set pgp_sign_as=xxx
---
 init.h |  7 +++
 mutt.h |  1 +
 send.c | 11 ---
 3 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/init.h b/init.h
index fa1e3b7d..bc80e3dd 100644
--- a/init.h
+++ b/init.h
@@ -797,6 +797,13 @@ struct option_t MuttVars[] = {
   { "crypt_autosign",	DT_BOOL, R_NONE, {.l=OPTCRYPTAUTOSIGN}, {.l=0} },
   /*
   ** .pp
+  ** This variable controls whether or not mutt may automatically
+  ** PGP signing messages even in batch mode.  See also
+  ** $$crypt_autosign.
+  */
+  { "crypt_batchsign",	DT_BOOL, R_NONE, {.l=OPTCRYPTBATCHSIGN}, {.l=0} },
+  /*
+  ** .pp
   ** Setting this variable will cause Mutt to always attempt to
   ** cryptographically sign outgoing messages.  This can be overridden
   ** by use of the pgp menu, when signing is not required or
diff --git a/mutt.h b/mutt.h
index cdeafb6c..8c8f6bd0 100644
--- a/mutt.h
+++ b/mutt.h
@@ -587,6 +587,7 @@ enum
 
   /* PGP options */
 
+  OPTCRYPTBATCHSIGN,
   OPTCRYPTAUTOSIGN,
   OPTCRYPTAUTOENCRYPT,
   OPTCRYPTAUTOPGP,
diff --git a/send.c b/send.c
index 21faafd2..55d922f8 100644
--- a/send.c
+++ b/send.c
@@ -2128,6 +2128,7 @@ static int send_message_resume_first_edit (SEND_CONTEXT *sctx)
 {
   int rv = -1;
   int killfrom = 0;
+  int sendbatch_flag;
 
   if (sctx->flags & SENDMAILX)
   {
@@ -2263,14 +2264,18 @@ static int send_message_resume_first_edit (SEND_CONTEXT *sctx)
* 3) we are resending a message
* 4) we are recalling a postponed message (don't override the user's saved settings)
* 5) we are in mailx mode
-   * 6) we are in batch mode
+   * 6) we are in batch mode (unless crypt_batchsign is set)
*
* This is done after allowing the user to edit the message so that security
* settings can be configured with send2-hook and $edit_headers.
*/
-  if (WithCrypto && (sctx->msg->security == 0) && !(sctx->flags & (SENDBATCH | SENDMAILX | SENDPOSTPONED | SENDRESEND)))
+  sendbatch_flag = option (OPTCRYPTBATCHSIGN)? 0 : SENDBATCH;
+  if (WithCrypto && (sctx->msg->security == 0)
+  && !(sctx->flags & (sendbatch_flag | SENDMAILX | SENDPOSTPONED | SENDRESEND)))
   {
-if (
+if (option (OPTCRYPTBATCHSIGN))
+  sctx->msg->security |= SIGN;
+else if (
 #ifdef USE_AUTOCRYPT
   option (OPTAUTOCRYPT) && option (OPTAUTOCRYPTREPLY)
 #else
-- 
2.32.0



signature.asc
Description: PGP signature