bug#67978: 29.1; ERC 5.5.0.29.1: Unnecessary .authinfo.gpg decryption causes connection failure to irc.libera.chat

["J.P." <jp@neverwas.me>]

Hi Jake,

Jake <jforst.mailman@gmail.com> writes:

> Hi J.P.
>
> Thanks for taking the time.

You're very welcome.

>> It just decrypts the file straight away if it has access to the key
>> it was encrypted with and fails otherwise.
> It sounds like you've successfully reproduced it, because it's
> attempted to decrypt the auth-source file.

Hard to say, but hopefully it's close enough to what you're
experiencing.

> Now I feel like I'm definitely missing something. Why does it do this?
> I assume nothing in this file is required to connect to
> irc.libera.chat, since the connection succeeds if the file is not
> present.

Right, nothing in the file is needed unless you've arranged for it to
be. By default, ERC usually checks for server and other passwords when
the protocol presents an opportunity. In most cases, there's a specific
function-valued option, like `erc-auth-source-server-function', that
corresponds to a given opportunity. Setting any of these options to nil
typically inhibits `auth-source' queries for that particular context. So
you can always resort to that as a workaround.

>> So, I was wondering if this prompt is coming from somewhere external,
>> such as a secrets manager or a TTY pinentry program
> I've had the prompt from gnome keyring on Ubuntu (I assume that's what
> it is) and gtk-pinentry on another machine. But my issue is that the
> prompt occurs at all.
>
>> Also, is the "irc.libera.chat:6697" buffer completely blank
>> after the failure? 
> yes it is blank.
>
>> And is there anything relevant recorded in the
>> "*Messages*" buffer?
> Decrypting /home/jake/.authinfo.gpg...done
> epa-file-insert-file-contents: Opening input file: Decryption failed,
> , No secret key

That's helpful, thanks. I believe what's happening in your case is that
your Gnome Keyring's GPG integration needs attention, hopefully only in
the configuration department. If libsecret has been authorized to store
the key you're being prompted to provide a passphrase for, it should
show up when you query the service over DBus. But before messing with
that, make sure to tick the appropriate "remember this" box the next
time you provide your passphrase in a popup dialog. From then on, you
shouldn't be prompted, though you may have to log out and back in for it
to stick [1].

In any case, I think ERC users should be allowed to ignore errors
signaled by its default `auth-source' queries, so I've added a prompt
that asks whether to proceed anyway when one occurs. It's preceded by an
annoying warning, which you can customize away in the usual fashion, in
this case by setting the option `warning-suppress-types' or
`warning-suppress-log-types' to include the list (erc auth-source).

Feel free to try out the changes on HEAD [2] and report back. If that's
too much trouble, you can wait for ERC 5.6, which should be released in
the coming weeks.

Thanks,
J.P.

[1] https://emacs-erc.gitlab.io/bugs/archive/doc/erc.html#Troubleshooting-1
[2] https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=5fb9d6c5