From fe7c1de023adef4802c99c3f8bfd1a7598708c8e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
 <congdanhqx@gmail.com>
Date: Tue, 28 Jul 2020 00:07:57 +0700
Subject: [PATCH] notmuch: update to 0.30.

---
 ...detect-version-by-compiler-for-build.patch |  51 +++++++++
 ...heck-for-pytest-with-python-m-pytest.patch |  37 ++++++
 ...rop-check-for-default-xapian-backend.patch | 108 ++++++++++++++++++
 ...55-specify-hash-algorithm-explicitly.patch |  39 +++++++
 ...ime-session-key-extraction-support-.patch} |  79 ++++---------
 ...mime-x509-certificate-validity-check.patch | 102 +++++++++++++++++
 ...-gmime-verify-with-session-key-check.patch | 101 ++++++++++++++++
 srcpkgs/notmuch/template                      |  62 +++++-----
 8 files changed, 498 insertions(+), 81 deletions(-)
 create mode 100644 srcpkgs/notmuch/patches/0001-configure-detect-version-by-compiler-for-build.patch
 create mode 100644 srcpkgs/notmuch/patches/0002-configure-check-for-pytest-with-python-m-pytest.patch
 create mode 100644 srcpkgs/notmuch/patches/0003-configure-drop-check-for-default-xapian-backend.patch
 create mode 100644 srcpkgs/notmuch/patches/0004-T355-specify-hash-algorithm-explicitly.patch
 rename srcpkgs/notmuch/patches/{cross.patch => 0005-configure-drop-gmime-session-key-extraction-support-.patch} (54%)
 create mode 100644 srcpkgs/notmuch/patches/0006-configure-drop-gmime-x509-certificate-validity-check.patch
 create mode 100644 srcpkgs/notmuch/patches/0007-configure-drop-gmime-verify-with-session-key-check.patch

diff --git a/srcpkgs/notmuch/patches/0001-configure-detect-version-by-compiler-for-build.patch b/srcpkgs/notmuch/patches/0001-configure-detect-version-by-compiler-for-build.patch
new file mode 100644
index 00000000000..ba540c7ab3f
--- /dev/null
+++ b/srcpkgs/notmuch/patches/0001-configure-detect-version-by-compiler-for-build.patch
@@ -0,0 +1,51 @@
+From 5402e4d357d7957942acc4b906b58102b6bd4fdf Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
+ <congdanhqx@gmail.com>
+Date: Mon, 27 Jul 2020 15:46:35 +0700
+Subject: [PATCH] configure: detect version by compiler for build
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+We'll need to run the compiled binary to report our current version.
+
+With the same code base, we should have the same version information
+regardless of compiler and architecture.
+
+Let's use the compiler for building architecture to build the reporting
+binary. Which is usually reported under variable CC_FOR_BUILD,
+a convention established by GNU Autotools, and fall back to CC if it's
+not defined.
+
+Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
+---
+ configure | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/configure b/configure
+index 80cbac4f..6c77960f 100755
+--- a/configure
++++ b/configure
+@@ -85,8 +85,10 @@ fi
+ BASHCMD=${BASHCMD:-bash}
+ PERL=${PERL:-perl}
+ CC=${CC:-cc}
++CC_FOR_BUILD=${CC_FOR_BUILD:-$CC}
+ CXX=${CXX:-c++}
+ CFLAGS=${CFLAGS:--g -O2}
++CFLAGS_FOR_BUILD=${CFLAGS_FOR_BUILD:-$CFLAGS}
+ CPPFLAGS=${CPPFLAGS:-}
+ CXXFLAGS_for_sh=${CXXFLAGS:-${CFLAGS}}
+ CXXFLAGS=${CXXFLAGS:-\$(CFLAGS)}
+@@ -409,7 +411,7 @@ int main(void) {
+     return 0;
+ }
+ EOF
+-if ${CC} ${CFLAGS} -I"$srcdir" _libversion.c -o _libversion > /dev/null 2>&1 \
++if ${CC_FOR_BUILD} ${CFLAGS_FOR_BUILD} -I"$srcdir" _libversion.c -o _libversion > /dev/null 2>&1 \
+        && ./_libversion > _libversion.sh && . ./_libversion.sh
+ then
+     printf "OK.\n"
+-- 
+2.28.0.rc2.21.g5c06d60fc5
+
diff --git a/srcpkgs/notmuch/patches/0002-configure-check-for-pytest-with-python-m-pytest.patch b/srcpkgs/notmuch/patches/0002-configure-check-for-pytest-with-python-m-pytest.patch
new file mode 100644
index 00000000000..c4ba22b0d41
--- /dev/null
+++ b/srcpkgs/notmuch/patches/0002-configure-check-for-pytest-with-python-m-pytest.patch
@@ -0,0 +1,37 @@
+From c5164d1c0f5ba108ace05146218bf3810d590d5b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
+ <congdanhqx@gmail.com>
+Date: Mon, 27 Jul 2020 16:42:02 +0700
+Subject: [PATCH] configure: check for pytest with python -m pytest
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+On different distro, pytest is suffixed with different patterns.
+
+On the other hand, `python3-pytest' could be invoked correctly,
+via `python3 -m pytest', the latter is used by our tests, now.
+
+Switch to `$python -m pytest` to fix address all incompatible naming.
+
+Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
+---
+ configure | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure b/configure
+index 6c77960f..459e0cae 100755
+--- a/configure
++++ b/configure
+@@ -811,7 +811,7 @@ if [ $have_python3 -eq 1 ]; then
+     printf "Checking for python3 pytest (>= 3.0)... "
+     conf=$(mktemp)
+     printf "[pytest]\nminversion=3.0\n" > $conf
+-    if pytest-3 -c $conf --version >/dev/null 2>&1; then
++    if "$python" -m pytest -c $conf --version >/dev/null 2>&1; then
+         printf "Yes.\n"
+         have_python3_pytest=1
+     else
+-- 
+2.28.0.rc2.21.g5c06d60fc5
+
diff --git a/srcpkgs/notmuch/patches/0003-configure-drop-check-for-default-xapian-backend.patch b/srcpkgs/notmuch/patches/0003-configure-drop-check-for-default-xapian-backend.patch
new file mode 100644
index 00000000000..3173d66d68a
--- /dev/null
+++ b/srcpkgs/notmuch/patches/0003-configure-drop-check-for-default-xapian-backend.patch
@@ -0,0 +1,108 @@
+From b7c8661b9a34d048120753fdf27cd288e34e5308 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
+ <congdanhqx@gmail.com>
+Date: Mon, 27 Jul 2020 20:11:00 +0700
+Subject: [PATCH] configure: drop check for default xapian backend
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Starting from xapian 1.3.5, xapian switched default backend to glass.
+
+From 00cdfe10 (build: drop support for xapian versions less than 1.4,
+2020-04-22), we only support xapian 1.4.0+. Effectively, we don't need
+to check for default xapian backend anymore.
+
+Let's drop it.
+
+Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
+---
+ configure                  | 23 -----------------------
+ test/T360-symbol-hiding.sh |  4 ++--
+ test/test-lib.sh           | 11 +----------
+ 3 files changed, 3 insertions(+), 35 deletions(-)
+
+diff --git a/configure b/configure
+index 459e0cae..7dae745c 100755
+--- a/configure
++++ b/configure
+@@ -456,26 +456,6 @@ if [ ${have_xapian} = "0" ]; then
+     errors=$((errors + 1))
+ fi
+ 
+-if [ ${have_xapian} = "1" ]; then
+-    default_xapian_backend=""
+-    printf "Testing default Xapian backend... "
+-    cat >_default_backend.cc <<EOF
+-#include <xapian.h>
+-int main(int argc, char** argv) {
+-   Xapian::WritableDatabase db("test.db",Xapian::DB_CREATE_OR_OPEN);
+-}
+-EOF
+-    ${CXX} ${CXXFLAGS_for_sh} ${xapian_cxxflags} _default_backend.cc -o _default_backend ${xapian_ldflags}
+-    ./_default_backend
+-    if [ -f test.db/iamglass ]; then
+-	default_xapian_backend=glass
+-    else
+-	default_xapian_backend=chert
+-    fi
+-    printf "%s\n" "${default_xapian_backend}";
+-    rm -rf test.db _default_backend _default_backend.cc
+-fi
+-
+ GMIME_MINVER=3.0.3
+ 
+ printf "Checking for GMime development files (>= $GMIME_MINVER)... "
+@@ -1507,9 +1487,6 @@ NOTMUCH_SRCDIR='${NOTMUCH_SRCDIR}'
+ # Whether to have Xapian retry lock
+ NOTMUCH_HAVE_XAPIAN_DB_RETRY_LOCK=${WITH_RETRY_LOCK}
+ 
+-# Which backend will Xapian use by default?
+-NOTMUCH_DEFAULT_XAPIAN_BACKEND=${default_xapian_backend}
+-
+ # Whether GMime can verify X.509 certificate validity
+ NOTMUCH_GMIME_X509_CERT_VALIDITY=${gmime_x509_cert_validity}
+ 
+diff --git a/test/T360-symbol-hiding.sh b/test/T360-symbol-hiding.sh
+index 43921cb4..eb438a7a 100755
+--- a/test/T360-symbol-hiding.sh
++++ b/test/T360-symbol-hiding.sh
+@@ -14,11 +14,11 @@ test_description='exception symbol hiding'
+ test_begin_subtest 'running test' run_test
+ mkdir -p ${PWD}/fakedb/.notmuch
+ $TEST_DIRECTORY/symbol-test ${PWD}/fakedb ${PWD}/nonexistent 2>&1 \
+-	| notmuch_dir_sanitize | sed -e "s,\`,\',g" -e "s,${NOTMUCH_DEFAULT_XAPIAN_BACKEND},backend,g" > OUTPUT
++	| notmuch_dir_sanitize | sed -e "s,\`,\',g" > OUTPUT
+ 
+ cat <<EOF > EXPECTED
+ A Xapian exception occurred opening database: Couldn't stat 'CWD/fakedb/.notmuch/xapian'
+-caught No backend database found at path 'CWD/nonexistent'
++caught No glass database found at path 'CWD/nonexistent'
+ EOF
+ test_expect_equal_file EXPECTED OUTPUT
+ 
+diff --git a/test/test-lib.sh b/test/test-lib.sh
+index 7424881e..dc63ff1a 100644
+--- a/test/test-lib.sh
++++ b/test/test-lib.sh
+@@ -1255,16 +1255,7 @@ ln -s x y 2>/dev/null && test -h y 2>/dev/null && test_set_prereq SYMLINKS
+ rm -f y
+ 
+ # convert variable from configure to more convenient form
+-case "$NOTMUCH_DEFAULT_XAPIAN_BACKEND" in
+-    glass)
+-	db_ending=glass
+-    ;;
+-    chert)
+-	db_ending=DB
+-    ;;
+-    *)
+-	error "Unknown Xapian backend $NOTMUCH_DEFAULT_XAPIAN_BACKEND"
+-esac
++db_ending=glass
+ # declare prerequisites for external binaries used in tests
+ test_declare_external_prereq dtach
+ test_declare_external_prereq emacs
+-- 
+2.28.0.rc2.21.g5c06d60fc5
+
diff --git a/srcpkgs/notmuch/patches/0004-T355-specify-hash-algorithm-explicitly.patch b/srcpkgs/notmuch/patches/0004-T355-specify-hash-algorithm-explicitly.patch
new file mode 100644
index 00000000000..e68bd953fdc
--- /dev/null
+++ b/srcpkgs/notmuch/patches/0004-T355-specify-hash-algorithm-explicitly.patch
@@ -0,0 +1,39 @@
+From 808c43834e9e42be56f0fe1f61da5787784dc0e0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
+ <congdanhqx@gmail.com>
+Date: Mon, 27 Jul 2020 22:05:46 +0700
+Subject: [PATCH] T355: specify hash algorithm explicitly
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+On some systems (notably, the one shipped with LibreSSL),
+default fingerprint digest algorithm is SHA256.
+
+On other systems, users can change default digest algorithm by changing
+default_md in /etc/ssl/default_md.
+
+Let's ask openssl to provide us specific algorithm to make the test
+more deterministic.
+
+Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
+---
+ test/T355-smime.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/T355-smime.sh b/test/T355-smime.sh
+index f8cec62c..8b2b52be 100755
+--- a/test/T355-smime.sh
++++ b/test/T355-smime.sh
+@@ -6,7 +6,7 @@ test_description='S/MIME signature verification and decryption'
+ test_require_external_prereq openssl
+ test_require_external_prereq gpgsm
+ 
+-FINGERPRINT=$(openssl x509 -fingerprint -in "$NOTMUCH_SRCDIR/test/smime/key+cert.pem" -noout | sed -e 's/^.*=//' -e s/://g)
++FINGERPRINT=$(openssl x509 -sha1 -fingerprint -in "$NOTMUCH_SRCDIR/test/smime/key+cert.pem" -noout | sed -e 's/^.*=//' -e s/://g)
+ 
+ add_gpgsm_home
+ 
+-- 
+2.28.0.rc2.21.g5c06d60fc5
+
diff --git a/srcpkgs/notmuch/patches/cross.patch b/srcpkgs/notmuch/patches/0005-configure-drop-gmime-session-key-extraction-support-.patch
similarity index 54%
rename from srcpkgs/notmuch/patches/cross.patch
rename to srcpkgs/notmuch/patches/0005-configure-drop-gmime-session-key-extraction-support-.patch
index 1ceaebafc56..581c6be1559 100644
--- a/srcpkgs/notmuch/patches/cross.patch
+++ b/srcpkgs/notmuch/patches/0005-configure-drop-gmime-session-key-extraction-support-.patch
@@ -1,48 +1,29 @@
-From 7bb539777d688acd5ca6081919047b60d47566d3 Mon Sep 17 00:00:00 2001
-From: Doan Tran Cong Danh <congdanhqx@gmail.com>
-Date: Mon, 10 Jun 2019 20:30:11 +0700
-Subject: [PATCH] configure: cross compile on Void Linux
+From 7589537f76541254d70d1b7df1ce57f0977ef9f0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
+ <congdanhqx@gmail.com>
+Date: Mon, 27 Jul 2020 22:47:15 +0700
+Subject: [PATCH] configure: drop gmime session key extraction support check
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
 
-- Void Linux ships gmime linked against latest gpgme.
-- default Xapian backend is glass from version 1.4
-- cheat some test by running them on host environment
+Void Linux gmime3 always support session key extraction.
+
+No suitable for upstream.
+
+Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
 ---
- configure | 73 +++----------------------------------------------------
- 1 file changed, 4 insertions(+), 69 deletions(-)
+ configure | 58 -------------------------------------------------------
+ 1 file changed, 58 deletions(-)
 
 diff --git a/configure b/configure
-index 8b80f0e0..8e5fd4ce 100755
+index 7dae745c..99b0c328 100755
 --- a/configure
 +++ b/configure
-@@ -380,7 +380,7 @@ int main(void) {
-     return 0;
- }
- EOF
--if ${CC} ${CFLAGS} -I"$srcdir" _libversion.c -o _libversion > /dev/null 2>&1 \
-+if ${BUILD_CC} ${BUILD_CFLAGS} -I"$srcdir" _libversion.c -o _libversion > /dev/null 2>&1 \
-        && ./_libversion > _libversion.sh && . ./_libversion.sh
- then
-     printf "OK.\n"
-@@ -478,13 +478,7 @@ int main(int argc, char** argv) {
-    Xapian::WritableDatabase db("test.db",Xapian::DB_CREATE_OR_OPEN);
- }
- EOF
--    ${CXX} ${CXXFLAGS_for_sh} ${xapian_cxxflags} _default_backend.cc -o _default_backend ${xapian_ldflags}
--    ./_default_backend
--    if [ -f test.db/iamglass ]; then
--	default_xapian_backend=glass
--    else
--	default_xapian_backend=chert
--    fi
-+    default_xapian_backend=glass
-     printf "%s\n" "${default_xapian_backend}";
-     rm -rf test.db _default_backend _default_backend.cc
- fi
-@@ -499,66 +493,7 @@ if pkg-config --exists "gmime-3.0 > $GMIME_MINVER"; then
-     gmime_ldflags=$(pkg-config --libs gmime-3.0)
+@@ -467,65 +467,7 @@ if pkg-config --exists "gmime-3.0 >= $GMIME_MINVER"; then
  
      printf "Checking for GMime session key extraction support... "
--
+ 
 -    cat > _check_session_keys.c <<EOF
 -#include <gmime/gmime.h>
 -#include <stdio.h>
@@ -56,11 +37,11 @@ index 8b80f0e0..8e5fd4ce 100755
 -
 -    g_mime_init ();
 -    parser = g_mime_parser_new ();
--    g_mime_parser_init_with_stream (parser, g_mime_stream_file_open("test/corpora/crypto/basic-encrypted.eml", "r", &error));
+-    g_mime_parser_init_with_stream (parser, g_mime_stream_file_open("$srcdir/test/corpora/crypto/basic-encrypted.eml", "r", &error));
 -    if (error) return !! fprintf (stderr, "failed to instantiate parser with test/corpora/crypto/basic-encrypted.eml\n");
 -
 -    body = GMIME_MULTIPART_ENCRYPTED(g_mime_message_get_mime_part (g_mime_parser_construct_message (parser, NULL)));
--    if (body == NULL) return !!	fprintf (stderr, "did not find a multipart encrypted message\n");
+-    if (body == NULL) return !! fprintf (stderr, "did not find a multipart encrypted message\n");
 -
 -    output = g_mime_multipart_encrypted_decrypt (body, GMIME_DECRYPT_EXPORT_SESSION_KEY, NULL, &decrypt_result, &error);
 -    if (error || output == NULL) return !! fprintf (stderr, "decryption failed\n");
@@ -76,11 +57,11 @@ index 8b80f0e0..8e5fd4ce 100755
 -        printf 'No.\nCould not make tempdir for testing session-key support.\n'
 -        errors=$((errors + 1))
 -    elif ${CC} ${CFLAGS} ${gmime_cflags} _check_session_keys.c ${gmime_ldflags} -o _check_session_keys \
--           && GNUPGHOME=${TEMP_GPG} gpg --batch --quiet --import < test/gnupg-secret-key.asc \
+-           && GNUPGHOME=${TEMP_GPG} gpg --batch --quiet --import < "$srcdir"/test/gnupg-secret-key.asc \
 -           && SESSION_KEY=$(GNUPGHOME=${TEMP_GPG} ./_check_session_keys) \
 -           && [ $SESSION_KEY = 9:0BACD64099D1468AB07C796F0C0AC4851948A658A15B34E803865E9FC635F2F5 ]
 -    then
--        printf "OK.\n"
+         printf "OK.\n"
 -    else
 -        cat <<EOF
 -No.
@@ -102,19 +83,9 @@ index 8b80f0e0..8e5fd4ce 100755
 -    if [ -n "$TEMP_GPG" -a -d "$TEMP_GPG" ]; then
 -        rm -rf "$TEMP_GPG"
 -    fi
-+    printf "OK.\n"
- else
-     have_gmime=0
-     printf "No.\n"
-@@ -581,7 +516,7 @@ else
- fi
  
- if ! pkg-config --exists zlib; then
--  ${CC} -o compat/gen_zlib_pc "$srcdir"/compat/gen_zlib_pc.c >/dev/null 2>&1 &&
-+  ${BUILD_CC} -o compat/gen_zlib_pc "$srcdir"/compat/gen_zlib_pc.c >/dev/null 2>&1 &&
-   compat/gen_zlib_pc > compat/zlib.pc &&
-   PKG_CONFIG_PATH="$PKG_CONFIG_PATH":compat &&
-   export PKG_CONFIG_PATH
+     # see https://github.com/jstedfast/gmime/pull/90
+     # should be fixed in GMime in 3.2.7, but some distros might patch
 -- 
-2.22.0.rc1.479.gd8fdbe21b5
+2.28.0.rc2.21.g5c06d60fc5
 
diff --git a/srcpkgs/notmuch/patches/0006-configure-drop-gmime-x509-certificate-validity-check.patch b/srcpkgs/notmuch/patches/0006-configure-drop-gmime-x509-certificate-validity-check.patch
new file mode 100644
index 00000000000..49b5b3a0795
--- /dev/null
+++ b/srcpkgs/notmuch/patches/0006-configure-drop-gmime-x509-certificate-validity-check.patch
@@ -0,0 +1,102 @@
+From c6188909672b425fda3d0ecc0ec5163251064324 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
+ <congdanhqx@gmail.com>
+Date: Mon, 27 Jul 2020 22:49:47 +0700
+Subject: [PATCH] configure: drop gmime x509 certificate validity check
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The problem has been fixed with gmime 3.2.7 already.
+
+Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
+---
+ configure | 70 -------------------------------------------------------
+ 1 file changed, 70 deletions(-)
+
+diff --git a/configure b/configure
+index 99b0c328..ef602d10 100755
+--- a/configure
++++ b/configure
+@@ -472,78 +472,8 @@ if pkg-config --exists "gmime-3.0 >= $GMIME_MINVER"; then
+     # see https://github.com/jstedfast/gmime/pull/90
+     # should be fixed in GMime in 3.2.7, but some distros might patch
+     printf "Checking for GMime X.509 certificate validity... "
+-
+-    cat > _check_x509_validity.c <<EOF
+-#include <stdio.h>
+-#include <gmime/gmime.h>
+-
+-int main () {
+-    GError *error = NULL;
+-    GMimeParser *parser = NULL;
+-    GMimeApplicationPkcs7Mime *body = NULL;
+-    GMimeSignatureList *sig_list = NULL;
+-    GMimeSignature *sig = NULL;
+-    GMimeCertificate *cert = NULL;
+-    GMimeObject *output = NULL;
+-    GMimeValidity validity = GMIME_VALIDITY_UNKNOWN;
+-    int len;
+-
+-    g_mime_init ();
+-    parser = g_mime_parser_new ();
+-    g_mime_parser_init_with_stream (parser, g_mime_stream_file_open("$srcdir/test/corpora/pkcs7/smime-onepart-signed.eml", "r", &error));
+-    if (error) return !! fprintf (stderr, "failed to instantiate parser with test/corpora/pkcs7/smime-onepart-signed.eml\n");
+-
+-    body = GMIME_APPLICATION_PKCS7_MIME(g_mime_message_get_mime_part (g_mime_parser_construct_message (parser, NULL)));
+-    if (body == NULL) return !!	fprintf (stderr, "did not find a application/pkcs7 message\n");
+-
+-    sig_list = g_mime_application_pkcs7_mime_verify (body, GMIME_VERIFY_NONE, &output, &error);
+-    if (error || output == NULL) return !! fprintf (stderr, "verify failed\n");
+-
+-    if (sig_list == NULL) return !! fprintf (stderr, "no GMimeSignatureList found\n");
+-    len = g_mime_signature_list_length (sig_list);
+-    if (len != 1) return !! fprintf (stderr, "expected 1 signature, got %d\n", len);
+-    sig = g_mime_signature_list_get_signature (sig_list, 0);
+-    if (sig == NULL) return !! fprintf (stderr, "no GMimeSignature found at position 0\n");
+-    cert = g_mime_signature_get_certificate (sig);
+-    if (cert == NULL) return !! fprintf (stderr, "no GMimeCertificate found\n");
+-    validity = g_mime_certificate_get_id_validity (cert);
+-    if (validity != GMIME_VALIDITY_FULL) return !! fprintf (stderr, "Got validity %d, expected %d\n", validity, GMIME_VALIDITY_FULL);
+-
+-    return 0;
+-}
+-EOF
+-    if ! TEMP_GPG=$(mktemp -d "${TMPDIR:-/tmp}/notmuch.XXXXXX"); then
+-        printf 'No.\nCould not make tempdir for testing X.509 certificate validity support.\n'
+-        errors=$((errors + 1))
+-    elif ${CC} ${CFLAGS} ${gmime_cflags} _check_x509_validity.c ${gmime_ldflags} -o _check_x509_validity \
+-            && echo disable-crl-checks > "$TEMP_GPG/gpgsm.conf" \
+-            && echo "4D:E0:FF:63:C0:E9:EC:01:29:11:C8:7A:EE:DA:3A:9A:7F:6E:C1:0D S" >> "$TEMP_GPG/trustlist.txt" \
+-            && GNUPGHOME=${TEMP_GPG} gpgsm --batch --quiet --import < "$srcdir"/test/smime/ca.crt
+-    then
+-        if GNUPGHOME=${TEMP_GPG} ./_check_x509_validity; then
+             gmime_x509_cert_validity=1
+             printf "Yes.\n"
+-        else
+-            gmime_x509_cert_validity=0
+-            printf "No.\n"
+-            if pkg-config --exists "gmime-3.0 >= 3.2.7"; then
+-                cat <<EOF
+-*** Error: GMime fails to calculate X.509 certificate validity, and
+-is later than 3.2.7, which should have fixed this issue.
+-
+-Please follow up on https://github.com/jstedfast/gmime/pull/90 with
+-more details.
+-EOF
+-                errors=$((errors + 1))
+-            fi
+-        fi
+-    else
+-        printf 'No.\nFailed to set up gpgsm for testing X.509 certificate validity support.\n'
+-        errors=$((errors + 1))
+-    fi
+-    if [ -n "$TEMP_GPG" -a -d "$TEMP_GPG" ]; then
+-        rm -rf "$TEMP_GPG"
+-    fi
+ 
+     # see https://dev.gnupg.org/T3464
+     # there are problems verifying signatures when decrypting with session keys with GPGME 1.13.0 and 1.13.1
+-- 
+2.28.0.rc2.21.g5c06d60fc5
+
diff --git a/srcpkgs/notmuch/patches/0007-configure-drop-gmime-verify-with-session-key-check.patch b/srcpkgs/notmuch/patches/0007-configure-drop-gmime-verify-with-session-key-check.patch
new file mode 100644
index 00000000000..5de4f6ff5ce
--- /dev/null
+++ b/srcpkgs/notmuch/patches/0007-configure-drop-gmime-verify-with-session-key-check.patch
@@ -0,0 +1,101 @@
+From 9a5a11fca4e2236d7b559e511fcc686fd382b985 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
+ <congdanhqx@gmail.com>
+Date: Mon, 27 Jul 2020 23:00:13 +0700
+Subject: [PATCH] configure: drop gmime verify with session key check
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The problem is fixed with gpgme 1.14.0.
+
+We'll force a conflicts with gpgme older than 1.14.0, so nothing to
+worry about.
+
+Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
+---
+ configure | 66 -------------------------------------------------------
+ 1 file changed, 66 deletions(-)
+
+diff --git a/configure b/configure
+index ef602d10..204d46d9 100755
+--- a/configure
++++ b/configure
+@@ -478,74 +478,8 @@ if pkg-config --exists "gmime-3.0 >= $GMIME_MINVER"; then
+     # see https://dev.gnupg.org/T3464
+     # there are problems verifying signatures when decrypting with session keys with GPGME 1.13.0 and 1.13.1
+     printf "Checking signature verification when decrypting using session keys... "
+-
+-    cat > _verify_sig_with_session_key.c <<EOF
+-#include <stdio.h>
+-#include <gmime/gmime.h>
+-
+-int main () {
+-    GError *error = NULL;
+-    GMimeParser *parser = NULL;
+-    GMimeMultipartEncrypted *body = NULL;
+-    GMimeDecryptResult *result = NULL;
+-    GMimeSignatureList *sig_list = NULL;
+-    GMimeSignature *sig = NULL;
+-    GMimeObject *output = NULL;
+-    GMimeSignatureStatus status;
+-    int len;
+-
+-    g_mime_init ();
+-    parser = g_mime_parser_new ();
+-    g_mime_parser_init_with_stream (parser, g_mime_stream_file_open("$srcdir/test/corpora/crypto/encrypted-signed.eml", "r", &error));
+-    if (error) return !! fprintf (stderr, "failed to instantiate parser with test/corpora/pkcs7/smime-onepart-signed.eml\n");
+-
+-    body = GMIME_MULTIPART_ENCRYPTED(g_mime_message_get_mime_part (g_mime_parser_construct_message (parser, NULL)));
+-    if (body == NULL) return !!	fprintf (stderr, "did not find a multipart/encrypted message\n");
+-
+-    output = g_mime_multipart_encrypted_decrypt (body, GMIME_DECRYPT_NONE, "9:13607E4217515A70EC8DF9DBC16C5327B94577561D98AD1246FA8756659C7899", &result, &error);
+-    if (error || output == NULL) return !! fprintf (stderr, "decrypt failed\n");
+-
+-    sig_list = g_mime_decrypt_result_get_signatures (result);
+-    if (sig_list == NULL) return !! fprintf (stderr, "sig_list is NULL\n");
+-
+-    if (sig_list == NULL) return !! fprintf (stderr, "no GMimeSignatureList found\n");
+-    len = g_mime_signature_list_length (sig_list);
+-    if (len != 1) return !! fprintf (stderr, "expected 1 signature, got %d\n", len);
+-    sig = g_mime_signature_list_get_signature (sig_list, 0);
+-    if (sig == NULL) return !! fprintf (stderr, "no GMimeSignature found at position 0\n");
+-    status = g_mime_signature_get_status (sig);
+-    if (status & GMIME_SIGNATURE_STATUS_KEY_MISSING) return !! fprintf (stderr, "signature status contains KEY_MISSING (see https://dev.gnupg.org/T3464)\n");
+-
+-    return 0;
+-}
+-EOF
+-    if ! TEMP_GPG=$(mktemp -d "${TMPDIR:-/tmp}/notmuch.XXXXXX"); then
+-        printf 'No.\nCould not make tempdir for testing signature verification when decrypting with session keys.\n'
+-        errors=$((errors + 1))
+-    elif ${CC} ${CFLAGS} ${gmime_cflags} _verify_sig_with_session_key.c ${gmime_ldflags} -o _verify_sig_with_session_key \
+-            && GNUPGHOME=${TEMP_GPG} gpg --batch --quiet --import < "$srcdir"/test/gnupg-secret-key.asc \
+-            && rm -f ${TEMP_GPG}/private-keys-v1.d/*.key
+-    then
+-        if GNUPGHOME=${TEMP_GPG} ./_verify_sig_with_session_key; then
+             gmime_verify_with_session_key=1
+             printf "Yes.\n"
+-        else
+-            gmime_verify_with_session_key=0
+-            printf "No.\n"
+-            cat <<EOF
+-*** Error: GMime fails to verify signatures when decrypting with a session key.
+-
+-This is most likely due to a buggy version of GPGME, which should be fixed in 1.13.2 or later.
+-See https://dev.gnupg.org/T3464 for more details.
+-EOF
+-        fi
+-    else
+-        printf 'No.\nFailed to set up gpg for testing signature verification while decrypting with a session key.\n'
+-        errors=$((errors + 1))
+-    fi
+-    if [ -n "$TEMP_GPG" -a -d "$TEMP_GPG" ]; then
+-        rm -rf "$TEMP_GPG"
+-    fi
+ else
+     have_gmime=0
+     printf "No.\n"
+-- 
+2.28.0.rc2.21.g5c06d60fc5
+
diff --git a/srcpkgs/notmuch/template b/srcpkgs/notmuch/template
index 2c898538069..d9bba6a03b8 100644
--- a/srcpkgs/notmuch/template
+++ b/srcpkgs/notmuch/template
@@ -1,17 +1,26 @@
 # Template file for 'notmuch'
 pkgname=notmuch
-version=0.29.3
-revision=4
-hostmakedepends="perl pkg-config python-devel python3-Sphinx python3-devel texinfo"
-makedepends="bash-completion gmime3-devel talloc-devel xapian-core-devel"
+version=0.30
+revision=1
+hostmakedepends="perl pkg-config python3-Sphinx python3-devel texinfo"
+makedepends="bash-completion gmime3-devel talloc-devel xapian-core-devel
+ python3-cffi python3-setuptools gnupg2"
+depends="gmime3>=3.2.7"
+checkdepends="python3-pytest mdocml dtach gdb tar xz"
 short_desc="Thread-based email index, search, and tagging"
 maintainer="Jan S. <jan.schreib@gmail.com>"
 license="GPL-3.0-or-later"
 homepage="https://notmuchmail.org"
-distfiles="https://notmuchmail.org/releases/notmuch-${version}.tar.xz"
-checksum=d5f704b9a72395e43303de9b1f4d8e14dd27bf3646fdbb374bb3dbb7d150dc35
+distfiles="https://notmuchmail.org/releases/notmuch-${version}.tar.xz
+ https://notmuchmail.org/releases/test-databases/database-v1.tar.xz"
+checksum="5e3baa6fe11d65c67e26ae488be11b320bae04e336acc9c64621f7e3449096fa
+ 4299e051b10e1fa7b33ea2862790a09ebfe96859681804e5251e130f800e69d2"
+skip_extraction="database-v1.tar.xz"
 
-subpackages="libnotmuch libnotmuch-devel notmuch-mutt notmuch-python notmuch-python3"
+# Not a real conflicts, but this package is broken with gpgme 1.13.1-
+# gpgme is optional dependency
+conflicts="gpgme<1.14.0_1"
+subpackages="libnotmuch libnotmuch-devel notmuch-mutt notmuch-python3"
 patch_args=-Np1
 
 if [ ! "$CROSS_BUILD" ]; then
@@ -25,25 +34,35 @@ else
 fi
 
 do_configure() {
+	ln -sf /usr/bin/gpg2 $XBPS_WRAPPERDIR/gpg
 	./configure --prefix=/usr \
 		--bashcompletiondir=/usr/share/bash-completion/completions \
 		--zshcompletiondir=/usr/share/zsh/site-functions ${_args}
 }
 
 do_build() {
-	make ${makejobs} V=1
+	make ${makejobs}
 	make -C contrib/notmuch-mutt
 	cd bindings/python
-	python2 setup.py build --build-base=build-2
-	python3 setup.py build --build-base=build-3
+	python3 setup.py build --build-base=build
+}
+
+do_check() {
+	# We want wrapper-dirs included for gpg being gpg2
+	# But we don't want to use date wrapper in check
+	unset SOURCE_DATE_EPOCH
+	PATH=$XBPS_WRAPPERDIR:$PATH
+	cp $XBPS_SRCDISTDIR/notmuch-$version/database-v1.tar.xz \
+		test/test-databases
+	# 2 tests is failing on musl
+	# glibc is clean
+	make test
 }
 
 do_install() {
 	make DESTDIR=${DESTDIR} install
 	pushd bindings/python
-	python2 setup.py build --build-base=build-2 \
-		install --prefix=/usr --root=${DESTDIR}
-	python3 setup.py build --build-base=build-3 \
+	python3 setup.py build --build-base=build \
 		install --prefix=/usr --root=${DESTDIR}
 	popd
 	if [ ! "$CROSS_BUILD" ]; then
@@ -95,28 +114,17 @@ notmuch-mutt_package() {
 	}
 }
 
-notmuch-python_package() {
-	archs=noarch
-	depends="libnotmuch>=${version}_${revision}"
-	short_desc+=" - Python2 bindings"
-	pycompile_module="notmuch"
-	pkg_install() {
-		vmove ${py2_sitelib}
-	}
-}
-
 notmuch-python3_package() {
 	archs=noarch
-	depends="libnotmuch>=${version}_${revision}"
-	short_desc+=" - Python3 bindings"
-	pycompile_module="notmuch"
+	depends="libnotmuch-${version}_${revision}"
+	short_desc+=" - Python 3 bindings"
 	pkg_install() {
 		vmove ${py3_sitelib}
 	}
 }
 
 notmuch-ruby_package() {
-	depends="libnotmuch>=${version}_${revision} ruby"
+	depends="libnotmuch-${version}_${revision} ruby"
 	short_desc+=" - Ruby bindings"
 	pkg_install() {
 		vmove usr/lib/ruby