From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Arsen =?UTF-8?Q?Arsenovi=C4=87?= via "Bug reports for GNU Emacs, the Swiss army knife of text editors" Newsgroups: gmane.emacs.bugs Subject: bug#67937: 30.0.50; auth-source-pass relies on epa-file being enabled Date: Thu, 21 Dec 2023 11:18:59 +0100 Message-ID: <87sf3vlqj1.fsf@aarsen.me> References: <8734vwq06i.fsf@aarsen.me> <83frzwhgre.fsf@gnu.org> <87jzp8of97.fsf@aarsen.me> <83bkakhe8s.fsf@gnu.org> <87msu4myau.fsf@aarsen.me> <83y1dnga7u.fsf@gnu.org> Reply-To: Arsen =?UTF-8?Q?Arsenovi=C4=87?= Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="31720"; mail-complaints-to="usenet@ciao.gmane.io" Cc: Damien Cassou , 67937@debbugs.gnu.org, "F. Jason Park" To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Thu Dec 21 12:55:26 2023 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rGHe9-000836-Ur for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 21 Dec 2023 12:55:26 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rGHdk-000340-5C; Thu, 21 Dec 2023 06:55:00 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rGHdi-00031l-Km for bug-gnu-emacs@gnu.org; Thu, 21 Dec 2023 06:54:58 -0500 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rGHdi-0008Dd-Bo for bug-gnu-emacs@gnu.org; Thu, 21 Dec 2023 06:54:58 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rGHdm-0007tg-5l for bug-gnu-emacs@gnu.org; Thu, 21 Dec 2023 06:55:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Arsen =?UTF-8?Q?Arsenovi=C4=87?= Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 21 Dec 2023 11:55:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67937 X-GNU-PR-Package: emacs Original-Received: via spool by 67937-submit@debbugs.gnu.org id=B67937.170315969330337 (code B ref 67937); Thu, 21 Dec 2023 11:55:02 +0000 Original-Received: (at 67937) by debbugs.gnu.org; 21 Dec 2023 11:54:53 +0000 Original-Received: from localhost ([127.0.0.1]:42571 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rGHdc-0007tE-IN for submit@debbugs.gnu.org; Thu, 21 Dec 2023 06:54:52 -0500 Original-Received: from mout-p-102.mailbox.org ([80.241.56.152]:39330) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rGHdZ-0007sz-VJ for 67937@debbugs.gnu.org; Thu, 21 Dec 2023 06:54:50 -0500 Original-Received: from smtp2.mailbox.org (smtp2.mailbox.org [10.196.197.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-102.mailbox.org (Postfix) with ESMTPS id 4Swpkk63S9z9tRf; Thu, 21 Dec 2023 12:54:38 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aarsen.me; s=MBO0001; t=1703159678; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=F4UTdIeJyv11SwlSfL08krxIaD4JUY3VcbBlGu1a/sk=; b=bHL0urrC3Yl5v20sUTNBSxCERpwon7rv1DKvJGe8C3T9y65UcMMTobkjoM/8fyHw+QFBq2 /7mYFEmWBlOioZrM8Nb8MFSXqZDZ0PxB1V8bPjUw+MqQZhpE2uwUgIRgO/gvsIL73Mzruq xnj/JYOhJZWoPPZISLgGHa8pMq4X0gZP+uRyDeUuKvj8Xs35yuFHeEYZTXmh4tSFGTIOLq klzsYvfcUHHipT5NnWwWf/+GsWMv9gUMMV+ZEB4u8hQ7efk2r75nW2HQiYgc51Zoto/Bh2 SiN0J2OBUMtlM+3ruSq6Wi/AlJmWglfOixKc3At7F6VCxk9zNUnThZDk0vVByA== In-reply-to: <83y1dnga7u.fsf@gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:276623 Archived-At: --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Eli Zaretskii writes: > Thanks. So it sounds like you are asking for a feature that currently > doesn't exist, AFAIU. I'm not sure I'd classify it as a new feature. An existing interface is broken under some conditions. > I added a couple of people to this discussion who were involved with > auth-source-pass, in the hope that they will have suggestions and > comments. Thank you. Now, onto why I don't think this is a new feature: Here's an example auth-source-search invocation that can demonstrate the problem (assuming that the user has these a dev.gentoo.org secret on port imaps with user arsen): (auth-info-password (car (auth-source-search :host "dev.gentoo.org" :port "imaps" :user "arsen"))) Following M-x epa-file-disable RET M-x auth-source-forget-all-cached RET the above returns an encrypted string rather than its actual password. This means that a current feature (auth-source-search) breaks under some conditions. I've worked out a fix, tested with the following: (require 'auth-source-pass) (setq auth-sources '(password-store)) (auth-info-password (car (auth-source-search :host "dev.gentoo.org" :port "imaps" :user "arsen"))) I've attached the patch, though it lacks a regression test. The reason for this is that I want to spare the auth-source-pass developers some triage, and that there's currently no regression tests for --read-entry. --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0001-auth-source-pass-don-t-rely-on-epa-file-bug-67937.patch Content-Transfer-Encoding: quoted-printable Content-Description: Remove epa-file reliance in auth-source-pass--read-entry From=2043e98821aa1f02abbfeea8b0b08ec6f4e31d8e9f Mon Sep 17 00:00:00 2001 From: =3D?UTF-8?q?Arsen=3D20Arsenovi=3DC4=3D87?=3D Date: Thu, 21 Dec 2023 12:29:55 +0100 Subject: [PATCH] auth-source-pass: don't rely on epa-file (bug#67937) * lisp/auth-source-pass.el (epg): Require epg. (auth-source-pass--read-entry): Use epg-decrypt-file instead of relying on epa-file decrypting files read via insert-file-contents. =2D-- lisp/auth-source-pass.el | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index 0f51755a250..0322de9f313 100644 =2D-- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -34,6 +34,7 @@ (require 'cl-lib) (require 'auth-source) (require 'url-parse) +(require 'epg) ;; Use `eval-when-compile' after the other `require's to avoid spurious ;; "might not be defined at runtime" warnings. (eval-when-compile (require 'subr-x)) @@ -194,11 +195,11 @@ auth-source-pass--get-attr =20 (defun auth-source-pass--read-entry (entry) "Return a string with the file content of ENTRY." =2D (with-temp-buffer =2D (insert-file-contents (expand-file-name =2D (format "%s.gpg" entry) =2D auth-source-pass-filename)) =2D (buffer-substring-no-properties (point-min) (point-max)))) + (let ((context (epg-make-context 'OpenPGP)) + (file (expand-file-name + (format "%s.gpg" entry) + auth-source-pass-filename))) + (epg-decrypt-file context file nil))) =20 (defun auth-source-pass-parse-entry (entry) "Return an alist of the data associated with ENTRY. =2D-=20 2.43.0 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Have a lovely day! =2D- Arsen Arsenovi=C4=87 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIYEARYKAC4WIQT+4rPRE/wAoxYtYGFSwpQwHqLEkwUCZYQnchAcYXJzZW5AYWFy c2VuLm1lAAoJEFLClDAeosSTk48BAOcEahHu6B4pVsRJljwLJ+JPeEUAd0dNX3EY 6Ug1nZHGAQDUNpmaxBrQ3Q3jop7RS9HF9R45okFfcnskeG/IBHqeBw== =fZ6o -----END PGP SIGNATURE----- --==-=-=--