From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Arsen =?UTF-8?Q?Arsenovi=C4=87?= via "Bug reports for GNU Emacs, the Swiss army knife of text editors" Newsgroups: gmane.emacs.bugs Subject: bug#67937: 30.0.50; auth-source-pass relies on epa-file being enabled Date: Thu, 21 Dec 2023 16:29:25 +0100 Message-ID: <871qbflg53.fsf@aarsen.me> References: <8734vwq06i.fsf@aarsen.me> <83frzwhgre.fsf@gnu.org> <87jzp8of97.fsf@aarsen.me> <83bkakhe8s.fsf@gnu.org> <87msu4myau.fsf@aarsen.me> <83y1dnga7u.fsf@gnu.org> <87sf3vlqj1.fsf@aarsen.me> <871qbf4ocp.fsf@neverwas.me> Reply-To: Arsen =?UTF-8?Q?Arsenovi=C4=87?= Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="6871"; mail-complaints-to="usenet@ciao.gmane.io" Cc: Damien Cassou , Eli Zaretskii , 67937@debbugs.gnu.org To: "J.P." Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Thu Dec 21 16:40:34 2023 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rGLA2-0001WJ-Kk for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 21 Dec 2023 16:40:34 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rGL9Z-0002Yz-HV; Thu, 21 Dec 2023 10:40:07 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rGL9S-0002Xv-Bk for bug-gnu-emacs@gnu.org; Thu, 21 Dec 2023 10:39:58 -0500 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rGL9S-0006Rk-3V for bug-gnu-emacs@gnu.org; Thu, 21 Dec 2023 10:39:58 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rGL9V-0002sV-Mb for bug-gnu-emacs@gnu.org; Thu, 21 Dec 2023 10:40:01 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Arsen =?UTF-8?Q?Arsenovi=C4=87?= Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 21 Dec 2023 15:40:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67937 X-GNU-PR-Package: emacs Original-Received: via spool by 67937-submit@debbugs.gnu.org id=B67937.170317314610990 (code B ref 67937); Thu, 21 Dec 2023 15:40:01 +0000 Original-Received: (at 67937) by debbugs.gnu.org; 21 Dec 2023 15:39:06 +0000 Original-Received: from localhost ([127.0.0.1]:45288 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rGL8b-0002rC-OX for submit@debbugs.gnu.org; Thu, 21 Dec 2023 10:39:06 -0500 Original-Received: from mout-p-202.mailbox.org ([2001:67c:2050:0:465::202]:60734) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rGL8a-0002qf-A4 for 67937@debbugs.gnu.org; Thu, 21 Dec 2023 10:39:04 -0500 Original-Received: from smtp102.mailbox.org (smtp102.mailbox.org [IPv6:2001:67c:2050:b231:465::102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4SwvjR14GFz9sZY; Thu, 21 Dec 2023 16:38:51 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aarsen.me; s=MBO0001; t=1703173131; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=pIlNw+mb1AaDcrt1lca7dAsYhjuduGeDNt0JHLU+SPY=; b=rtN6AwXLD7pPUZ1nejJGKSyVG5DoLpe0nUvpl2dcup6kKJ+MMe8wIE1NdGLfRDnygk3xx1 4lpRj/JKI10UPKv7YeWs9yTc8csjS69DEgRorK4bpSA7arcFSrQCnk/o8S9gfg+jyGCWe7 3EUAgQ0D/9+cyQwSrza3SBknb2C0+uZf3Yy6fSG+ppBaxUJLI+9AaBNHjy+g2xixr/vG5T OSE+3aZVEFoO1vXpOdTMGxtACTRJvPH+ymZF0NSLm24r9rm+Q22u5bCONYqvvjuNSIi1Uj a1MFo/sCm4CIJ76tbHVTulFl+2kg+1g3/Vw8/k3RxG8tMrbva9DHw1/N/vbIHw== In-reply-to: <871qbf4ocp.fsf@neverwas.me> X-Rspamd-Queue-Id: 4SwvjR14GFz9sZY X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:276636 Archived-At: --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi J.P, "J.P." writes: > Hi Arsen, > > I too don't use the password store or auth-source-pass, but a couple > dumb questions anyway (feel free to ignore): > > 1. Would it be possible to leverage the existing interface from > `epa-hook' for decrypting these files? As a dirty example: > > (defun my-ensure-epa-file-name-handler (orig &rest args) > (require 'epa-hook) > (defvar epa-file-handler) > (let ((file-name-handler-alist > (cons epa-file-handler file-name-handler-alist))) > (apply orig args))) > > (advice-add 'auth-source-pass--read-entry > :around #'my-ensure-epa-file-name-handler) > > And if doing something like that (without the advice, obviously), > could we somehow "weaken" the regexp of our fallback member's key so > that `find-file-name-handlers' favors an existing, user-defined > override? Alternatively, would it be too wasteful to first attempt to > match the target file name against the option's current members > before falling back on binding a modified value (or using your > proposed hard-coded solution)? Or, wasteful or not, what about > instead offering a new auth-source-pass option whose value is an > alist of the same type as `file-name-handler-alist' that we use in > place of or concatenate with the existing value at runtime? I don't think ensuring the epa-hook is added here is preferable when a solution that doesn't rely on hooks (one using epg, like in the patch I posted) is quite short. Unless EPA does more than EPG for this (but it does not seem to, to my novice eyes). I'm not sure what you mean by 'hard-coding' here. These files are always gpg files (that's how pass works), and they are always OpenPGP encrypted. The usage of epg-decrypt-file is proposed by the help of epa-decrypt-region IIRC. > 2. How likely is it that someone actually depends on the perceived > undesirable behavior currently on HEAD? Like, for example, could > someone out there conceivably have a cron-like script that runs > `epa-file-disable' before copying the encrypted secrets from the > result of an `auth-source-search' to Nextcloud or something? If these > weren't passwords, perhaps we could just shrug off such > hypotheticals, but... (just saying). I do not know, but this dependency is wrong either way, and can confuse users and the auth-source cache. The only reason I noticed this is because *something* (and I have no idea what as of yet) somehow unhooks epa-file. When I noticed that, I figured I could use epa-file-disable to provide a simpler reproducer. I didn't actually notice the bug by using epa-file-disable (and I have never intentionally ran epa-file-disable). I'll be tracking that down next, but fixing this first seemed easier. > Thanks, > J.P. Have a lovely day! =2D- Arsen Arsenovi=C4=87 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIYEARYKAC4WIQT+4rPRE/wAoxYtYGFSwpQwHqLEkwUCZYRcCBAcYXJzZW5AYWFy c2VuLm1lAAoJEFLClDAeosST98UA/jAnIwnDvFjSnLU6POIseW1bBNs5snd1Jy24 STXq9yISAQDaysXIC2M/3O4jfa6/A4Te/NDqeTwtpji+Qk0qemGgCA== =J1I4 -----END PGP SIGNATURE----- --=-=-=--