[PATCH 2/2] fix thread breakage via ghost-on-removal

diff --git a/ad/ba16ca11b3a8525627ed170b0189fe03830a10 b/ad/ba16ca11b3a8525627ed170b0189fe03830a10
new file mode 100644 (file)
index 0000000..6fee0ca
--- /dev/null
+++ b/ad/ba16ca11b3a8525627ed170b0189fe03830a10
@@ -0,0 +1,103 @@
+Return-Path: <dkg@fifthhorseman.net>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+ by arlo.cworth.org (Postfix) with ESMTP id B3ED46DE02DD\r
+ for <notmuch@notmuchmail.org>; Fri,  1 Apr 2016 18:50:29 -0700 (PDT)\r
+X-Virus-Scanned: Debian amavisd-new at cworth.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: 0\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none]\r
+ autolearn=disabled\r
+Received: from arlo.cworth.org ([127.0.0.1])\r
+ by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024)\r
+ with ESMTP id YRAGzcKQhmN8 for <notmuch@notmuchmail.org>;\r
+ Fri,  1 Apr 2016 18:50:21 -0700 (PDT)\r
+Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108])\r
+ by arlo.cworth.org (Postfix) with ESMTP id 994166DE0281\r
+ for <notmuch@notmuchmail.org>; Fri,  1 Apr 2016 18:50:16 -0700 (PDT)\r
+Received: from fifthhorseman.net (unknown [190.172.4.74])\r
+ by che.mayfirst.org (Postfix) with ESMTPSA id 3C305F99D\r
+ for <notmuch@notmuchmail.org>; Fri,  1 Apr 2016 21:50:15 -0400 (EDT)\r
+Received: by fifthhorseman.net (Postfix, from userid 1000)\r
+ id 83EFD203D9; Fri,  1 Apr 2016 20:31:55 -0300 (BRT)\r
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>\r
+To: Notmuch Mail <notmuch@notmuchmail.org>\r
+Subject: [PATCH 2/2] fix thread breakage via ghost-on-removal\r
+Date: Fri,  1 Apr 2016 20:31:55 -0300\r
+Message-Id: <1459553515-18802-2-git-send-email-dkg@fifthhorseman.net>\r
+X-Mailer: git-send-email 2.8.0.rc3\r
+In-Reply-To: <1459553515-18802-1-git-send-email-dkg@fifthhorseman.net>\r
+References: <1459445693-3900-1-git-send-email-dkg@fifthhorseman.net>\r
+ <1459553515-18802-1-git-send-email-dkg@fifthhorseman.net>\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.20\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+ <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <https://notmuchmail.org/mailman/options/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch/>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <https://notmuchmail.org/mailman/listinfo/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Sat, 02 Apr 2016 01:50:29 -0000\r
+\r
+This is the solution to T590-thread-breakage.sh that just adds a ghost\r
+message after removing each message.\r
+\r
+It leaks information about whether we've ever seen a given message id,\r
+but it's a fairly simple implementation.\r
+\r
+Note that _resolve_message_id_to_thread_id also introduces new\r
+message_ids to the database, so i think just searching for a given\r
+message ID may introduce the same metadata leakage.\r
+---\r
+ lib/database.cc | 28 ++++++++++++++++++++++++++--\r
+ 1 file changed, 26 insertions(+), 2 deletions(-)\r
+\r
+diff --git a/lib/database.cc b/lib/database.cc\r
+index 3b342f1..6c9e34a 100644\r
+--- a/lib/database.cc\r
++++ b/lib/database.cc\r
+@@ -2557,9 +2557,33 @@ notmuch_database_remove_message (notmuch_database_t *notmuch,\r
+ \r
+     if (status == NOTMUCH_STATUS_SUCCESS && message) {\r
+           status = _notmuch_message_remove_filename (message, filename);\r
+-          if (status == NOTMUCH_STATUS_SUCCESS)\r
++          if (status == NOTMUCH_STATUS_SUCCESS) {\r
++              const char *mid, *tid;\r
++              notmuch_message_t *ghost;\r
++              notmuch_private_status_t private_status;\r
++          \r
++              mid = notmuch_message_get_message_id (message);\r
++              tid = notmuch_message_get_thread_id (message);\r
++              /* remove the message */\r
+               _notmuch_message_delete (message);\r
+-          else if (status == NOTMUCH_STATUS_DUPLICATE_MESSAGE_ID)\r
++          \r
++              /* and reintroduce a ghost in its place */\r
++              ghost = _notmuch_message_create_for_message_id (notmuch, mid, &private_status);\r
++              if (private_status == NOTMUCH_PRIVATE_STATUS_SUCCESS) {\r
++                  /* this is deeply weird, and we should not have\r
++                     gotten into this state.  is there a better\r
++                     error message to return here? */\r
++                  status = NOTMUCH_STATUS_DUPLICATE_MESSAGE_ID;\r
++              } else if (private_status == NOTMUCH_PRIVATE_STATUS_NO_DOCUMENT_FOUND) {\r
++                  private_status = _notmuch_message_initialize_ghost (ghost, tid);\r
++                  if (! private_status) {\r
++                      _notmuch_message_sync (ghost);\r
++                      notmuch_message_destroy (ghost);\r
++                  }\r
++              }\r
++          \r
++              status = COERCE_STATUS (private_status, "Error converting to ghost message");\r
++          } else if (status == NOTMUCH_STATUS_DUPLICATE_MESSAGE_ID)\r
+               _notmuch_message_sync (message);\r
+ \r
+           notmuch_message_destroy (message);\r
+-- \r
+2.8.0.rc3\r
+\r