From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: "J.P." <jp@neverwas.me>
Newsgroups: gmane.emacs.bugs
Subject: bug#67937: 30.0.50; auth-source-pass relies on epa-file being enabled
Date: Thu, 21 Dec 2023 06:33:26 -0800
Message-ID: <871qbf4ocp.fsf@neverwas.me>
References: <8734vwq06i.fsf@aarsen.me> <83frzwhgre.fsf@gnu.org>
 <87jzp8of97.fsf@aarsen.me> <83bkakhe8s.fsf@gnu.org>
 <87msu4myau.fsf@aarsen.me> <83y1dnga7u.fsf@gnu.org>
 <87sf3vlqj1.fsf@aarsen.me>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="14176"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13)
Cc: Damien Cassou <damien@cassou.me>, Eli Zaretskii <eliz@gnu.org>,
 67937@debbugs.gnu.org
To: Arsen =?UTF-8?Q?Arsenovi=C4=87?= <arsen@aarsen.me>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Thu Dec 21 15:34:17 2023
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1rGK7s-0003N8-K9
	for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 21 Dec 2023 15:34:17 +0100
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces@gnu.org>)
	id 1rGK7b-0007Lq-US; Thu, 21 Dec 2023 09:34:00 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1rGK7a-0007LS-H6
 for bug-gnu-emacs@gnu.org; Thu, 21 Dec 2023 09:33:58 -0500
Original-Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1rGK7a-0007mo-93
 for bug-gnu-emacs@gnu.org; Thu, 21 Dec 2023 09:33:58 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1rGK7d-0006wS-UI
 for bug-gnu-emacs@gnu.org; Thu, 21 Dec 2023 09:34:01 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: "J.P." <jp@neverwas.me>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Thu, 21 Dec 2023 14:34:01 +0000
Resent-Message-ID: <handler.67937.B67937.170316922026654@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 67937
X-GNU-PR-Package: emacs
Original-Received: via spool by 67937-submit@debbugs.gnu.org id=B67937.170316922026654
 (code B ref 67937); Thu, 21 Dec 2023 14:34:01 +0000
Original-Received: (at 67937) by debbugs.gnu.org; 21 Dec 2023 14:33:40 +0000
Original-Received: from localhost ([127.0.0.1]:42717 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1rGK7H-0006vp-LE
 for submit@debbugs.gnu.org; Thu, 21 Dec 2023 09:33:40 -0500
Original-Received: from mail-108-mta38.mxroute.com ([136.175.108.38]:40977)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <jp@neverwas.me>) id 1rGK7E-0006vg-R8
 for 67937@debbugs.gnu.org; Thu, 21 Dec 2023 09:33:37 -0500
Original-Received: from filter006.mxroute.com ([136.175.111.2] filter006.mxroute.com)
 (Authenticated sender: mN4UYu2MZsgR)
 by mail-108-mta38.mxroute.com (ZoneMTA) with ESMTPSA id 18c8ccbbb1600065b4.003
 for <67937@debbugs.gnu.org>
 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384);
 Thu, 21 Dec 2023 14:33:31 +0000
X-Zone-Loop: f446f2a0044d0c6f7c7343bcc25a083dc3df89551ab1
X-Originating-IP: [136.175.111.2]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me
 ; s=x;
 h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To:
 Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=TQO5uryCmJORgt+e/DQfqCPTQ8SW+9mRsOwN7SVQlUk=; b=TTWyS7gbWGU1diDE6MIZPjU8vE
 p2IJu4N4qJd1DqUiLGzn2HH4O4fXhz3mSyn6UnfBnlNels+cnjBt1Mq1FrlO/DKkIxvOuJV2aQ/zy
 10SeW7vBWOrcY0nPJseTiStDp86CqGKUniAx0IcWyBGffBfSgTgvFSIn82vuGGlvvcpxKUwWps4kO
 2jC7YeA38eqnDlS2fzw7syLxVyLWK4VnMN7UXCItdcZnHiCutiqCjMEAbSZbjSnYDEJ61bErGD1Z8
 8pMUkE+Mxzq0y4MR7+hrNuY2aNm4Vh+hpoeO2vmys5/y90o38wYKfqNsVZ4IvwdxT68GZIDAKsBmm
 I4EgdOOg==;
In-Reply-To: <87sf3vlqj1.fsf@aarsen.me> ("Arsen =?UTF-8?Q?Arsenovi=C4=87?="'s
 message of "Thu, 21 Dec 2023 11:18:59 +0100")
X-Authenticated-Id: masked@neverwas.me
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.bugs:276633
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/276633>

Hi Arsen,

I too don't use the password store or auth-source-pass, but a couple
dumb questions anyway (feel free to ignore):

1. Would it be possible to leverage the existing interface from
   `epa-hook' for decrypting these files? As a dirty example:

   (defun my-ensure-epa-file-name-handler (orig &rest args)
     (require 'epa-hook)
     (defvar epa-file-handler)
     (let ((file-name-handler-alist
            (cons epa-file-handler file-name-handler-alist)))
       (apply orig args)))

   (advice-add 'auth-source-pass--read-entry
               :around #'my-ensure-epa-file-name-handler)

   And if doing something like that (without the advice, obviously),
   could we somehow "weaken" the regexp of our fallback member's key so
   that `find-file-name-handlers' favors an existing, user-defined
   override? Alternatively, would it be too wasteful to first attempt to
   match the target file name against the option's current members
   before falling back on binding a modified value (or using your
   proposed hard-coded solution)? Or, wasteful or not, what about
   instead offering a new auth-source-pass option whose value is an
   alist of the same type as `file-name-handler-alist' that we use in
   place of or concatenate with the existing value at runtime?

2. How likely is it that someone actually depends on the perceived
   undesirable behavior currently on HEAD? Like, for example, could
   someone out there conceivably have a cron-like script that runs
   `epa-file-disable' before copying the encrypted secrets from the
   result of an `auth-source-search' to Nextcloud or something? If these
   weren't passwords, perhaps we could just shrug off such
   hypotheticals, but... (just saying).

Thanks,
J.P.