bug#36052: 26.2.50; [PATCH] Improve auth-source-pass

[Damien Cassou <damien@cassou.me>]

[-- Attachment #1: Type: text/plain, Size: 1055 bytes --]

Eli Zaretskii <eliz@gnu.org> writes:
> These are all described in the patch for the manual, right?  If so,
> the entries should be marked with "+++", see the beginning of NEWS for
> instructions about that.


I'm not sure which patch you reviewed so I attach it again to this new
email. The first 2 items in NEWS (new user options) are covered by the
manual so I've added '+++' in front of each. The last 2 items (less
decryption and autoload) shouldn't be in the manual so I've added '---'
in front of each.


> Please make the text describing each @item start on a new line.  Also,
> it sounds like you want @table here, not @itemize.  And finally,
> quoting in @code is sub-optimal; would @samp (and losing the quotes)
> do the job?
>
> File names or their parts should have the @file markup, not @code.

I'm not sure I did it right, but you will find a new patch attached to
this email.

-- 
Damien Cassou
http://damiencassou.seasidehosting.st

"Success is the ability to go from one failure to another without
losing enthusiasm." --Winston Churchill

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0013-doc-misc-auth.texi-The-Unix-password-store-Complete-.patch --]
[-- Type: text/x-patch, Size: 3782 bytes --]

From 56e544db44c4a98e567e1407f0519483adc4eac7 Mon Sep 17 00:00:00 2001
From: Damien Cassou <damien@cassou.me>
Date: Thu, 13 Jun 2019 21:54:21 +0200
Subject: [PATCH 13/13] * doc/misc/auth.texi (The Unix password store):
 Complete rewrite

---
 doc/misc/auth.texi | 71 +++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 61 insertions(+), 10 deletions(-)

diff --git a/doc/misc/auth.texi b/doc/misc/auth.texi
index a46e3d73fc..bbb66ecab5 100644
--- a/doc/misc/auth.texi
+++ b/doc/misc/auth.texi
@@ -445,19 +445,60 @@ The Unix password store
 
 @uref{http://www.passwordstore.org,,The standard unix password
 manager} (or just @code{pass}) stores your passwords in
-@code{gpg}-protected files following the Unix philosophy.
+@code{gpg}-protected files following the Unix philosophy.  The store
+location (any directory) must be specified in the
+@code{auth-source-pass-filename} variable which defaults to
+@file{~/.password-store}.
 
-Emacs integration of @code{pass} follows the first approach suggested
-by the pass project itself for data organization to find data. This
-means that the filename of the file containing the password for a user
-on a particular host must contain the host name.  The file itself must
-contain the password on the first line, as well as a @code{username}
-field containing the username on a subsequent line. A @code{port}
-field can be used to differentiate the authentication data for several
-services with the same username on the same host.
+Emacs integration of @code{pass} follows the approach suggested by the
+pass project itself for data organization to find data.  In
+particular, to store a password for the user @code{rms} on the host
+@code{gnu.org} and port @code{22}, you should use one of the following
+filenames.
+
+@table @file
+@item gnu.org.gpg
+No username or port in the filename means that any username and port
+will match.
+
+@item gnu.org/rms.gpg
+The username to match can be expressed as filename inside a directory
+whose name matches the host.  This is useful if the store has
+passwords for several users on the same host.
+
+@item rms@@gnu.org.gpg
+The username can also be expressed as a prefix, separated from the
+host with an at-sign (@code{@@}).
+
+@item gnu.org:22.gpg
+The port (aka. service) to match can only be expressed after the host and separated with a colon (@code{:}).  The separator can be changed through the @code{auth-source-pass-port-separator} variable.
+
+@item gnu.org:22/rms.gpg
+
+@item rms@@gnu.org:22.gpg
+
+@item a/b/gnu.org.gpg
+Entries can be stored in arbitrary directories.
+
+@item a/b/gnu.org/rms.gpg
+
+@item a/b/rms@@gnu.org.gpg
+
+@item a/b/gnu.org:22.gpg
+
+@item a/b/gnu.org:22/rms.gpg
+
+@item a/b/rms@@gnu.org:22.gpg
+@end table
+
+If several entries match, the one matching the most items (where an
+``item'' is one of username, port or host) is preferred.  For example,
+while searching for an entry matching the @code{rms} user on host
+@code{gnu.org} and port @code{22}, then the entry
+@file{gnu.org:22/rms.gpg} is preferred over @file{gnu.org.gpg}.
 
 Users of @code{pass} may also be interested in functionality provided
-by other Emacs packages dealing with pass:
+by other Emacs packages:
 
 @itemize
 @item
@@ -468,6 +509,16 @@ The Unix password store
 @uref{https://github.com/jabranham/helm-pass,,helm-pass}: helm interface for pass.
 @end itemize
 
+@defvar auth-source-pass-filename
+Set this variable to a string locating the password store on the disk.
+Defaults to @file{~/.password-store}.
+@end defvar
+
+@defvar auth-source-pass-port-separator
+Set this variable to a string that should separate an host name from a
+port in an entry.  Defaults to @samp{:}.
+@end defvar
+
 @node Help for developers
 @chapter Help for developers
 
-- 
2.21.0


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #3: 0012-etc-NEWS-Describe-changes-to-auth-source-pass.patch --]
[-- Type: text/x-patch, Size: 1194 bytes --]

From 4d4b9408daac0d47b9b2e2d07e2aefae471376a6 Mon Sep 17 00:00:00 2001
From: Damien Cassou <damien@cassou.me>
Date: Sun, 2 Jun 2019 11:08:40 +0200
Subject: [PATCH 12/13] * etc/NEWS: Describe changes to auth-source-pass

---
 etc/NEWS | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/etc/NEWS b/etc/NEWS
index e3023216ac..67dc2e9164 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -1517,6 +1517,25 @@ the new variable 'buffer-auto-revert-by-notification' to a non-nil
 value.  Auto Revert mode can use this information to avoid polling the
 buffer periodically when 'auto-revert-avoid-polling' is non-nil.
 
+** auth-source-pass
+
++++
+*** New customizable variable 'auth-source-pass-filename'.
+Allows setting the path to the password-store, defaults to
+~/.password-store.
+
++++
+*** New customizable variable 'auth-source-pass-port-separator'.
+Specifies separator between host and port, defaults to colon ":".
+
+---
+*** Minimize the number of decryptions during password lookup.
+This makes the package usable with physical tokens requiring touching
+a sensor for every decryption.
+
+---
+*** 'auth-source-pass-get' is now autoloaded.
+
 ** Bookmarks
 
 ---
-- 
2.21.0