Re: New option crypt_batchsign
On Thu, Jul 28, 2022 at 12:57:58PM +0200, Werner Koch wrote: Mutt is very useful as a tool for sending unattended mails. In particular the easy way to add attachments is very useful, for example to send release notes to customers. However, it is by design not possible to sign such mails. The reason for this might be that for signing you need to unlock your key and without caching the passphrase in gpg-agent this does make much sense. The proposed new option allows to overcome this design decision with less risk of any regression. I am using this patch for more than a half year now and have successfully sent thousands of signed mails with attachments using a straightforward script. Please consider to add this option to Mutt. Thanks Werner. I have comments inline below. Just as a reminder, I'm only maintaining stable releases at this point, but the option is interesting and deserves comments. :-) diff --git a/init.h b/init.h index fa1e3b7d..bc80e3dd 100644 --- a/init.h +++ b/init.h @@ -797,6 +797,13 @@ struct option_t MuttVars[] = { { "crypt_autosign", DT_BOOL, R_NONE, {.l=OPTCRYPTAUTOSIGN}, {.l=0} }, /* ** .pp Documentation needs to be after the option, to generate the manual properly. + ** This variable controls whether or not mutt may automatically "may" or "will"? The documentation makes it sound like Mutt will consider it, subject to other options, such as $crypt_autosign. + ** PGP signing messages even in batch mode. See also The code below looks like it will turn on signing for S/MIME too. In classic mode (for PGP and S/MIME) this could cause problems. I think it would be good to check explicitly that they are either using GPGME, or else PGP with $pgp_use_gpg_agent set. This may be a bit tricky, since Mutt only checks $crypt_use_gpgme at startup to bind the glue functions. --- a/send.c +++ b/send.c @@ -2128,6 +2128,7 @@ static int send_message_resume_first_edit (SEND_CONTEXT *sctx) { int rv = -1; int killfrom = 0; + int sendbatch_flag; if (sctx->flags & SENDMAILX) { @@ -2263,14 +2264,18 @@ static int send_message_resume_first_edit (SEND_CONTEXT *sctx) * 3) we are resending a message * 4) we are recalling a postponed message (don't override the user's saved settings) * 5) we are in mailx mode - * 6) we are in batch mode + * 6) we are in batch mode (unless crypt_batchsign is set) * * This is done after allowing the user to edit the message so that security * settings can be configured with send2-hook and $edit_headers. */ - if (WithCrypto && (sctx->msg->security == 0) && !(sctx->flags & (SENDBATCH | SENDMAILX | SENDPOSTPONED | SENDRESEND))) + sendbatch_flag = option (OPTCRYPTBATCHSIGN)? 0 : SENDBATCH; + if (WithCrypto && (sctx->msg->security == 0) + && !(sctx->flags & (sendbatch_flag | SENDMAILX | SENDPOSTPONED | SENDRESEND))) { -if ( +if (option (OPTCRYPTBATCHSIGN)) + sctx->msg->security |= SIGN; So again, this logic needs to be different if $crypt_batchsign defers to $crypt_autosign to actually enable signing. Overall I'm a little nervous how the Mutt code behaves with respect to quadoptions and prompts and such. I guess you've tested it quite a bit, but I'd still want to look through the code throroughly, since up to this point Mutt assumed crypto was always interactive if needed. -- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA signature.asc Description: PGP signature
New option crypt_batchsign
Hi! Mutt is very useful as a tool for sending unattended mails. In particular the easy way to add attachments is very useful, for example to send release notes to customers. However, it is by design not possible to sign such mails. The reason for this might be that for signing you need to unlock your key and without caching the passphrase in gpg-agent this does make much sense. The proposed new option allows to overcome this design decision with less risk of any regression. I am using this patch for more than a half year now and have successfully sent thousands of signed mails with attachments using a straightforward script. Please consider to add this option to Mutt. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein From dd3ca49019259237ab61b3bef33bcfca17b7ed78 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 28 Jul 2022 12:43:48 +0200 Subject: [PATCH] Add new boolean option "crypt_batchsign" This option allows to use mutt as a tool to send signed mails with attachments from scripts. Use -F to specify a muttrc like set crypt_use_gpgme set crypt_autosign set crypt_batchsign set pgp_sign_as=xxx --- init.h | 7 +++ mutt.h | 1 + send.c | 11 --- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/init.h b/init.h index fa1e3b7d..bc80e3dd 100644 --- a/init.h +++ b/init.h @@ -797,6 +797,13 @@ struct option_t MuttVars[] = { { "crypt_autosign", DT_BOOL, R_NONE, {.l=OPTCRYPTAUTOSIGN}, {.l=0} }, /* ** .pp + ** This variable controls whether or not mutt may automatically + ** PGP signing messages even in batch mode. See also + ** $$crypt_autosign. + */ + { "crypt_batchsign", DT_BOOL, R_NONE, {.l=OPTCRYPTBATCHSIGN}, {.l=0} }, + /* + ** .pp ** Setting this variable will cause Mutt to always attempt to ** cryptographically sign outgoing messages. This can be overridden ** by use of the pgp menu, when signing is not required or diff --git a/mutt.h b/mutt.h index cdeafb6c..8c8f6bd0 100644 --- a/mutt.h +++ b/mutt.h @@ -587,6 +587,7 @@ enum /* PGP options */ + OPTCRYPTBATCHSIGN, OPTCRYPTAUTOSIGN, OPTCRYPTAUTOENCRYPT, OPTCRYPTAUTOPGP, diff --git a/send.c b/send.c index 21faafd2..55d922f8 100644 --- a/send.c +++ b/send.c @@ -2128,6 +2128,7 @@ static int send_message_resume_first_edit (SEND_CONTEXT *sctx) { int rv = -1; int killfrom = 0; + int sendbatch_flag; if (sctx->flags & SENDMAILX) { @@ -2263,14 +2264,18 @@ static int send_message_resume_first_edit (SEND_CONTEXT *sctx) * 3) we are resending a message * 4) we are recalling a postponed message (don't override the user's saved settings) * 5) we are in mailx mode - * 6) we are in batch mode + * 6) we are in batch mode (unless crypt_batchsign is set) * * This is done after allowing the user to edit the message so that security * settings can be configured with send2-hook and $edit_headers. */ - if (WithCrypto && (sctx->msg->security == 0) && !(sctx->flags & (SENDBATCH | SENDMAILX | SENDPOSTPONED | SENDRESEND))) + sendbatch_flag = option (OPTCRYPTBATCHSIGN)? 0 : SENDBATCH; + if (WithCrypto && (sctx->msg->security == 0) + && !(sctx->flags & (sendbatch_flag | SENDMAILX | SENDPOSTPONED | SENDRESEND))) { -if ( +if (option (OPTCRYPTBATCHSIGN)) + sctx->msg->security |= SIGN; +else if ( #ifdef USE_AUTOCRYPT option (OPTAUTOCRYPT) && option (OPTAUTOCRYPTREPLY) #else -- 2.32.0 signature.asc Description: PGP signature