GNU bug report logs - #58985
29.0.50; Have auth-source-pass behave more like other back ends

Previous Next

Full log

View this message in rfc822 format

From: "J.P." <jp <at> neverwas.me>
To: João Távora <joaotavora <at> gmail.com>
Cc: Kai Tetzlaff <emacs+bug <at> tetzco.de>, 58985 <at> debbugs.gnu.org
Subject: bug#58985: 29.0.50; Gnus setup broken by commit 2cf9e699ef0fc43a4eadaf00a1ed2f876765c64d
Date: Fri, 25 Nov 2022 06:23:47 -0800

[Message part 1 (text/plain, inline)]

João Távora <joaotavora <at> gmail.com> writes:

> The affected item is, I believe, ~/.password-store/local-gmail:imap.gpg
> and likely also ~/.password-store/smtp.gmail.com:465.gpg.  When I set
> auth-source-debug to t, these lines appeared in *Messages*
>
> auth-source-pass: final result: nil
> auth-source-search: found 0 results (max 1) matching (:max 1 :host
> ("local-gmail" "localhost") :port ("imap" "imap" "143") :user
> "joaotavora <at> gmail.com" :require (:user :secret) :create t)
> auth-source-pass: final result: nil
> auth-source-search: CREATED 0 results (max 1) matching (:max 1 :host
> ("local-gmail" "localhost") :port ("imap" "imap" "143") :user
> "joaotavora <at> gmail.com" :require (:user :secret) :create t)
> Opening nnimap server on local-gmail...failed: 

This was helpful, thanks. It seems

  :require (:user ...)

is clashing with the absence of a "user" component in the affected file
names.

Among other things, the commit in question tries to provide a way of
honoring the `:require' keyword in a manner befitting the doc string of
`auth-source-search':

  :require (A B C) means that only results that contain those
  tokens will be returned.  Thus for instance requiring :secret
  will ensure that any results will actually have a :secret
  property.

The other back ends more or less do the same. (Take a peek at the
attached examples if you're bored.) So, I guess the takeaway here, at
least as things stand, is basically this: if for some reason you really
wanted to enable the option, you'd need to rename the affected files.
Either

  ~/.password-store/joaotavora <at> gmail.com <at> local-gmail:imap.gpg

or

  ~/.password-store/local-gmail:imap/joaotavora <at> gmail.com.gpg

should do it. Alternatively, if the gnus function that calls
`auth-source-search' were somehow configurable (guessing no), you could
omit the `:require's altogether, increase the `:max' value, and
prioritize the results, which is what ERC does (or tries to do).

>> However, I think it's probably best to forgo all that and do what I was
>> leaning toward from the outset, and that's keeping the new behavior off
>> by default in Emacs 29. It's looking liable to cause too much churn for
>> too many folks [1]. Thus, unless anyone objects or has anything else to
>> add, I will do this in the next 24 hours or so. Apologies again for the
>> disruption and the time spent bisecting.
>
> No problem, and thanks for understanding.

Thank YOU for understanding. (All I did was break your email.)

> I think it is indeed better if you make this opt-in. I can then opt
> into it and help you debug the root cause. But in the meantime, my
> email won't be broken :-)

I've pushed the change, but you may need to clear your auth-source cache
or restart your session to see any effect. Please let me know if that
doesn't do it. And thanks for all your work on Emacs!

J.P.

[0001-POC-Compare-require-among-auth-source-backends.patch (text/x-patch, attachment)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.