From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Arsen =?UTF-8?Q?Arsenovi=C4=87?= via "Bug reports for GNU Emacs, the Swiss army knife of text editors" Newsgroups: gmane.emacs.bugs Subject: bug#67937: 30.0.50; auth-source-pass relies on epa-file being enabled Date: Wed, 20 Nov 2024 18:18:43 +0100 Message-ID: <86h6814ydo.fsf@aarsen.me> References: <8734vwq06i.fsf@aarsen.me> <87jzp6is0s.fsf@aarsen.me> <87ttoas466.fsf@neverwas.me> <878r5mm3el.fsf@gmx.de> <875y0qrmhj.fsf@neverwas.me> <871qbdmagw.fsf@gmx.de> <87bkahlzzp.fsf@neverwas.me> <868r5lszxm.fsf@aarsen.me> <87plywlus1.fsf@gmx.de> <86r0jcn100.fsf@aarsen.me> <87h6k8kk4l.fsf@gmx.de> <867cl3kh4p.fsf@aarsen.me> <83a5pzde0a.fsf@gnu.org> <86h6k77qco.fsf@aarsen.me> <87v88nk5md.fsf@gmx.de> <86y1dj4l71.fsf@aarsen.me> <87le9jjyu6.fsf@gmx.de> <8734vlflpf.fsf@aarsen.me> <87bka9ic18.fsf@gmx.de> <86wmgz769s.fsf@aarsen.me> <871pz69go8.fsf@gmx.de> Reply-To: Arsen =?UTF-8?Q?Arsenovi=C4=87?= Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="14024"; mail-complaints-to="usenet@ciao.gmane.io" Cc: damien@cassou.me, Eli Zaretskii , 67937@debbugs.gnu.org, jp@neverwas.me To: Michael Albinus Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Wed Nov 20 18:20:29 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1tDoNR-0003UB-0V for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 20 Nov 2024 18:20:29 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tDoN4-0003WD-6p; Wed, 20 Nov 2024 12:20:06 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tDoN2-0003V3-9m for bug-gnu-emacs@gnu.org; Wed, 20 Nov 2024 12:20:04 -0500 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tDoN1-0002nX-Sy for bug-gnu-emacs@gnu.org; Wed, 20 Nov 2024 12:20:04 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:In-Reply-To:From:To:Subject; bh=Q12ltCymyQ7ZhT6/wVOB34qXFzU4jl+gXDDxE1vndU8=; b=Wuq5hW9ANJlm8qewaQIeYcnrxj/Fmkd/TdBK81rIooCbknDGycVSNfXd8b2laxXN3h5iVyY7XO/4o54NLWZsiaxJyOU74W9JzZ1q+2NGgoS95AwTW2+8/80RHgCm2RfkMmXrxVDcSNluZ1ohLeLPtrEynyKaEMOzXvpeY0iJxNViTUeRPpqAh+A3+LDq/o+Trb+DBm11z0+Y3OEMhLvdGWvprC6NYDM2o0uqidXRKRh+heg4HSGaQ42KK8BUe8NeTm2Y9QJnx3TAIIbT4pGzL5G+5q6OSp8EmpBo4WPXHiP03UDy+Y88bgjGoqOnalGs6FDE1nI0d0W7eG4OjLX/Ag==; Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tDoN0-0006u6-OM for bug-gnu-emacs@gnu.org; Wed, 20 Nov 2024 12:20:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Arsen =?UTF-8?Q?Arsenovi=C4=87?= Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 20 Nov 2024 17:20:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67937 X-GNU-PR-Package: emacs Original-Received: via spool by 67937-submit@debbugs.gnu.org id=B67937.173212316626466 (code B ref 67937); Wed, 20 Nov 2024 17:20:02 +0000 Original-Received: (at 67937) by debbugs.gnu.org; 20 Nov 2024 17:19:26 +0000 Original-Received: from localhost ([127.0.0.1]:47600 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tDoMP-0006sn-Mu for submit@debbugs.gnu.org; Wed, 20 Nov 2024 12:19:26 -0500 Original-Received: from mout-p-102.mailbox.org ([80.241.56.152]:58954) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tDoMN-0006sZ-2K for 67937@debbugs.gnu.org; Wed, 20 Nov 2024 12:19:24 -0500 Original-Received: from smtp202.mailbox.org (smtp202.mailbox.org [10.196.197.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-102.mailbox.org (Postfix) with ESMTPS id 4Xtp452kb9z9tJN; Wed, 20 Nov 2024 18:18:45 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aarsen.me; s=MBO0001; t=1732123125; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Q12ltCymyQ7ZhT6/wVOB34qXFzU4jl+gXDDxE1vndU8=; b=LAJC3Z+6RPkh0TVEQ4g23Tdlw/825Pvi/xWQoMnRX/PtjgjwQObYVtGhXDo8ifaEiGCzI0 LSdRmcf5cyNPVsKUtyh9MaosQ7v4H+rrOFy0E0cqZ42LAMwB5OlYsFqXLZ8XWelGgAV6Ra 8fCMC4TuZ1QZeS8//MkNN4nA0CzxdTwyixjmMsXYfqFuNFoURscjWftsNZWAPTQSzCcmDb qzQJMTvV70lpCfRFPG+PLPYBybODWnPXC9EmfpgbjeA4KY0E4vstJadagVDcLqU2AA+Mf4 tkfmssHIaFxvs2yGW5+DMmt5LKo2cM6PzRgIXElyNungwTECb2DT5qN7rf5f6A== In-Reply-To: <871pz69go8.fsf@gmx.de> (Michael Albinus's message of "Wed, 20 Nov 2024 14:29:59 +0100") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:295683 Archived-At: --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Michael, Michael Albinus writes: >> In the meanwhile, I'd like to understand your opinion on my conclusion >> from the above: if epa-file-handler is the only reasonable handler for >> the .gpg filenames in a pass store, there's no reason to rely on the >> file-name handler system. > > A .gpg file could be taken from a remote location. In that case, you > have two file name handlers, which must cooperate: epa-file-handler, and > tramp-file-name-handler. No, just one: tramp-file-name-handler. epa-file-handler has nothing to do with remote file access. > Furthermore, a .gpg file could be compressed, like file.gpg.gz. No, it cannot, not in a pass store. Here's an example: ~/.password-store$ touch thing.gpg.gz ~/.password-store$ pass show thing Error: thing is not in the password store. In general, a pass file is _specifically_ a gpg-encrypted file (and it says so in the manual), and, indeed, pass assumes so, a lot: =2D-8<---------------cut here---------------start------------->8--- ~$ grep -F .gpg /usr/bin/pass while [[ $current !=3D "$PREFIX" && ! -f $current/.gpg-id ]]; do current=3D"$current/.gpg-id" passfile_display=3D"${passfile_display%.gpg}" done < <(find "$1" -path '*/.git' -prune -o -iname '*.gpg' -print0) local gpg_id=3D"$PREFIX/$id_path/.gpg-id" $GPG "${GPG_OPTS[@]}" "${signing_keys[@]}" --detach-sign "$gpg_id" || di= e "Could not sign .gpg_id." [[ -n $key ]] || die "Signing of .gpg_id unsuccessful." local passfile=3D"$PREFIX/$path.gpg" tree -N -C -l --noreport "$PREFIX/$path" | tail -n +2 | sed -E 's/\.gpg(\= x1B\[[0-9]+m)?( ->|$)/\1\2/g' # remove .gpg at end of line, but keep colors tree -N -C -l --noreport -P "${terms%|*}" --prune --matchdirs --ignore-cas= e "$PREFIX" | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' passfile=3D"${passfile%.gpg}" done < <(find -L "$PREFIX" -path '*/.git' -prune -o -iname '*.gpg' -print0) local passfile=3D"$PREFIX/$path.gpg" local passfile=3D"$PREFIX/$path.gpg" local passfile=3D"$PREFIX/$path.gpg" local passfile=3D"$PREFIX/$path.gpg" if ! [[ -f $old_path.gpg && -d $old_path && $1 =3D=3D */ || ! -f $old_path= .gpg ]]; then old_path=3D"${old_path}.gpg" [[ -d $old_path || -d $new_path || $new_path =3D=3D */ ]] || new_path=3D"$= {new_path}.gpg" echo '*.gpg diff=3Dgpg' > "$PREFIX/.gitattributes" git -C "$INNER_GIT_DIR" config --local diff.gpg.binary true git -C "$INNER_GIT_DIR" config --local diff.gpg.textconv "$GPG -d ${GPG_O= PTS[*]}" =2D-8<---------------cut here---------------end--------------->8--- ... as does auth-source-pass: =2D-8<---------------cut here---------------start------------->8--- (defun auth-source-pass--read-entry (entry) "Return a string with the file content of ENTRY." (with-temp-buffer (insert-file-contents (expand-file-name (format "%s.gpg" entry) auth-source-pass-filename)) (buffer-substring-no-properties (point-min) (point-max)))) ;; TODO: add tests for that when `assess-with-filesystem' is included ;; in Emacs (defun auth-source-pass-entries () "Return a list of all password store entries." (let ((store-dir (expand-file-name auth-source-pass-filename))) (mapcar (lambda (file) (file-name-sans-extension (file-relative-name file stor= e-dir))) (directory-files-recursively store-dir "\\.gpg\\'")))) =2D-8<---------------cut here---------------end--------------->8--- This is fine, of course, not making this assumption would be unreasonable because of what the format of pass stores is. I do understand that pass also does not cover TRAMP the same way it does not cover compressed files, but I don't believe this is relevant here: when we discuss a filesystem hierarchy, the TRAMP handler serves to remap it to a remote location, while the EPA file handler serves to _alter contents_. This is quite different. Emacs recognizes this: '-literally' file operations support TRAMP, but not the content-altering handlers. This is neat, I think. > In that case, you have two file name handlers, which must cooperate: > epa-file-handler and jka-compr-handler. > > Furthermore, a .gpg file could be located inside an archive, like > archive.tar/file.gpg. In that case, you have two file name handlers, > which must cooperate: epa-file-handler and > tramp-archive-file-name-handler. > > No, it doesn't make sense to bypass the file name handler machinery. Indeed - I have not implied otherwise. There are useful handlers. epa-file is not one of them for this use-case. > And all combinations of them ... I doubt all combinations work. But, while browsing epa-file.el just now, I've spotted: (defvar epa-inhibit nil "Non-nil means don't try to decrypt .gpg files when operating on them.") This could also be a reasonable tool. I hope this makes sense. Have a lovely day. =2D-=20 Arsen Arsenovi=C4=87 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iOUEARYKAI4WIQT+4rPRE/wAoxYtYGFSwpQwHqLEkwUCZz4Z818UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0RkVF MkIzRDExM0ZDMDBBMzE2MkQ2MDYxNTJDMjk0MzAxRUEyQzQ5MxAcYXJzZW5AYWFy c2VuLm1lAAoJEFLClDAeosST0YgA9jlDq9antmmM3FoguhWxrOL3NgTTjh8YjQ9W 6ZlYfmcBANkDUMVZiKg12u+csGJyG9x31qxE2H/H7KWFYgDWEh4M =25/c -----END PGP SIGNATURE----- --=-=-=--