From unknown Mon Jun 23 07:52:02 2025 X-Loop: help-debbugs@gnu.org Subject: bug#62952: 28.2.50; secrets.el unlocking items Resent-From: "Philipp Uhl" Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 19 Apr 2023 19:59:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 62952 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 62952@debbugs.gnu.org X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.168193433227292 (code B ref -1); Wed, 19 Apr 2023 19:59:02 +0000 Received: (at submit) by debbugs.gnu.org; 19 Apr 2023 19:58:52 +0000 Received: from localhost ([127.0.0.1]:35921 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ppDx4-000766-Pe for submit@debbugs.gnu.org; Wed, 19 Apr 2023 15:58:51 -0400 Received: from lists.gnu.org ([209.51.188.17]:40924) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pp6qj-0005PJ-62 for submit@debbugs.gnu.org; Wed, 19 Apr 2023 08:23:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pp6qi-00051L-Q8 for bug-gnu-emacs@gnu.org; Wed, 19 Apr 2023 08:23:48 -0400 Received: from wout2-smtp.messagingengine.com ([64.147.123.25]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pp6qd-0006eZ-88 for bug-gnu-emacs@gnu.org; Wed, 19 Apr 2023 08:23:48 -0400 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 11B19320005D for ; Wed, 19 Apr 2023 08:23:40 -0400 (EDT) Received: from imap48 ([10.202.2.98]) by compute3.internal (MEProxy); Wed, 19 Apr 2023 08:23:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ph-uhl.com; h=cc :content-type:content-type:date:date:from:from:in-reply-to :message-id:mime-version:reply-to:sender:subject:subject:to:to; s=fm2; t=1681907019; x=1681993419; bh=iGUlHWpeu3LEnRyVZdcR2gCKa /cF+HprCTyFkkkKsHw=; b=SgKhlK1gCwlqp5xNfOkiTFbWh7hDKPv0jANvT7G7A ZQDID+hMnGpW2twIVdDASUs8urwqvAUURAvBMavOc0fK46AMXhIm0zEYd0cr4M6s D532fvt5Hkl1MouR7wfrVJHkmCyIHNEDvtkl/XREmoglU+vZKWVO+gEX/Tmn+WC9 m+utpyCn5SjOcH4cRG6K81WnbEKhGzmJ6QFiZrmBMdf46BLEz6kRKjg0C/2KXrGn WmDpvVceWNf+Wzmxs1MsG8CvJhM8f6olYMe8f2FY15HV2Gj2j8CgSypKZ/U5v5xs uWzSJt8ORznf91tNiYjqx6OlZoXWbFOPA16kw32d4DsEA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:message-id :mime-version:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t= 1681907019; x=1681993419; bh=iGUlHWpeu3LEnRyVZdcR2gCKa/cF+HprCTy FkkkKsHw=; b=S8fc+JbyIw+g0BY4e6mtM8jh34HGqW7D43PJYjtoFGybM9DmaBT bxZnO1X6Eh9mir4yU5WYXhNczAZV9YoOahFFKSZdSfgzxMITOwmWypuiwWSDF5e7 +MnNI6zO02l3DSHxVdUpaCkfBEzg6ZScLfKfI79aUartPuIEsnC58F4qbrBd/wAg 3RCLhGpBacJLV3htcRmeQPAZEXXTjqUE52PX8o9DTst0vxVzfkHG3MmZoLrP455J RF9sqLeR+sxt9+l+2PbU32wPzOxH/YDrcDOJsGooN12zyJPEslnWTkbT/NgErrD8 FeqIfnCk9M86u4B8Jq/dLXztKyGf3IcvwJA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfedttddghedvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfffhffvufgtsehttdertd erredtnecuhfhrohhmpedfrfhhihhlihhpphcufghhlhdfuceoghhithesphhhqdhuhhhl rdgtohhmqeenucggtffrrghtthgvrhhnpeevtdduvdetuefgheeuueeuffeigfeuieffvd ejleekveelffduhfdtkeeuteevfeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgr mhepmhgrihhlfhhrohhmpehgihhtsehphhdquhhhlhdrtghomh X-ME-Proxy: Feedback-ID: i17694467:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 5F21A31A0063; Wed, 19 Apr 2023 08:23:39 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.9.0-alpha0-372-g43825cb665-fm-20230411.003-g43825cb6 Mime-Version: 1.0 Message-Id: Date: Wed, 19 Apr 2023 14:23:17 +0200 From: "Philipp Uhl" Content-Type: text/plain Received-SPF: pass client-ip=64.147.123.25; envelope-from=git@ph-uhl.com; helo=wout2-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.6 (-) X-Mailman-Approved-At: Wed, 19 Apr 2023 15:58:49 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.6 (--) The secrets.el implementation lacks support for unlocking specific items. It only unlocks collections. This does not work well with certain password managers (e.g. in my case KeepassXC, accessed through secret service). When receiving a secret through (secrets-get-secret "MyPws" "MyEntry") with the setting "Confirm when passwords are retrieved by clients" turned on in KeepassXC, secrets-get-secret will just say IsLocked. Instead, secrets-get-secret should try to unlock the entry itself before retrieving. Here is a proof of concept: + ;; New function, analogously to secrets-unlock-collection, that + ;; specifically unlocks the item + (defun secrets-unlock-item (collection item) + "Unlock item labeled ITEM from collection labeled COLLECTION. + If successful, return the object path of the item." + (let ((item-path (secrets-item-path collection item))) + (unless (secrets-empty-path item-path) + (secrets-prompt + (cadr + (dbus-call-method + :session secrets-service secrets-path secrets-interface-service + "Unlock" `(:array :object-path ,item-path))))) + item-path)) (defun secrets-get-secret (collection item) "Return the secret of item labeled ITEM in COLLECTION. If there are several items labeled ITEM, it is undefined which one is returned. If there is no such item, return nil. ITEM can also be an object path, which is used if contained in COLLECTION." - (let ((item-path (secrets-item-path collection item))) + (let ((item-path (secrets-unlock-item collection item))) (unless (secrets-empty-path item-path) (dbus-byte-array-to-string (nth 2 (dbus-call-method :session secrets-service item-path secrets-interface-item "GetSecret" :object-path secrets-session-path)))))) To make this function a bit more similar to how it was before, one could concider to explicitly wait for the IsLocked event before unlocking the item. That way, if the password manager does not support unlocking of items, this would not be braking. Cheers, ----------------------------- Philipp Uhl git@ph-uhl.com From unknown Mon Jun 23 07:52:02 2025 X-Loop: help-debbugs@gnu.org Subject: bug#62952: 28.2.50; secrets.el unlocking items Resent-From: Michael Albinus Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 20 Apr 2023 11:24:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 62952 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: "Philipp Uhl" Cc: 62952@debbugs.gnu.org Received: via spool by 62952-submit@debbugs.gnu.org id=B62952.168198982628501 (code B ref 62952); Thu, 20 Apr 2023 11:24:02 +0000 Received: (at 62952) by debbugs.gnu.org; 20 Apr 2023 11:23:46 +0000 Received: from localhost ([127.0.0.1]:36718 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ppSO9-0007Pd-UB for submit@debbugs.gnu.org; Thu, 20 Apr 2023 07:23:46 -0400 Received: from mout.gmx.net ([212.227.17.21]:51871) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ppSO8-0007PP-42 for 62952@debbugs.gnu.org; Thu, 20 Apr 2023 07:23:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417; t=1681989815; i=michael.albinus@gmx.de; bh=SqZb8IybsPx8j0+p8iFAUCEOKTg1frSyiAfK2uf9Kh8=; h=X-UI-Sender-Class:From:To:Cc:Subject:In-Reply-To:References:Date; b=kxcAXmzLbx1I3bAVwMLaxfqbrbPYZ6tOrT4vJdZotf355wEkmPshWXOUSL6Xg36F8 KEGgRiLSlQ7K4MA12LxdrvwCcM08nLduQ5x/heTiEhiPOgEtHHqYdHD6iTKz+s4WsL aDA6yodBocGZLIyexcdBntfTDYdBxDNEioomyoJp58buTu1EDBey3sfnoMmY9FJxpp ruVm3Z6wm+pqifoVZas3Rbr8VxSUjIHFFQjQKsRLwXuzTH/cAVVOt3t19mXmQ8LVT3 2/njk3BkS5uM4A1k/mb4sPQnyQXKwBZT1dykHJw17NBoAkRg/BuFDyTDgizmwC/iHE dQiTNzZq6kF5g== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from gandalf.gmx.de ([185.89.39.0]) by mail.gmx.net (mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MJE27-1paPi13Zmt-00Kh43; Thu, 20 Apr 2023 13:23:35 +0200 From: Michael Albinus In-Reply-To: (Philipp Uhl's message of "Wed, 19 Apr 2023 14:23:17 +0200") References: Date: Thu, 20 Apr 2023 13:23:34 +0200 Message-ID: <87fs8u6bm1.fsf@gmx.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Provags-ID: V03:K1:gJdJKaeQar+pPXkTdkXn/XX0zk2W4Z2hyrQ03yCNMz1gWcuC6bU LiZtRKijHZk8HuS7zhwvXhFoRD54CAQPEVORqtKnwlbLBGk5/6ZlYoCrfxibOvgDFkxdwBp jysUYrmB25lPblkiC2OsX/mNGXuaNQDIb7OZKBmosZszLAbsbvzioVx9+rzwdt/ZTkfTEah NpxUA03tJ/KqwIKuWJ+YQ== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:50SXu+pAa/A=;d7kCovSnx1794R7ObO999XXn+gl JYffY6+YBdUJQ+kzmKOQmMZ2LW/5l9WI085++zO5kfu3CB4kANuGTAopv2hIbEP/BcNk/lK4e DS8Q/RUxc8OeDBDbMRB20XiKYqF17KiEcIxk3s3Xo+pKblu+q11MCAfEc5s23U4gMyvJAdXnK 3HaKD7zk9n9WeBFMqPc3pghjW+413vAxf8RGsYaUaXXAZ9Utb5r0ToLx8ZRNFruvK3Cc3tgR0 Er25dayeurrTCbUTPauQo2/+s3yfYKbY29/LNYsG+1ug6pBeSXZQOubaigI626NMB4iqifZql YHruJkxMBVNGxLiBgKqGUWQWtPkx2neblbiKSIVx/KmE/JiZ0Ot+hkLsUjj62t0hqps3lxeJ9 31Mpv6Gx8hUf53Zuxs1TWQSVBFo5ues8dtkeGUkWyUL82yOHENRAF4FpuDBVdGq9u4JxmrsLF FyeNo8VUQPctLl/Zvmz1BjrkoCCVLvbZaRIqhqJHEoyKBooek7MnLkLtPauXegWw5wgRwhNX/ az8b2qMWhx7EWHxp0zc6yr8WAH2JJyedxYOyno6WcMgGYDLxY3SAlKaLG/ibB9YZIV9zxJ2Bd dHdgyFh1/7eu9RBueNv/80S4dltDicNvhGSXG3PgAnw/E8DxfciiILDU2JnwrNt0ohZhk/kv0 vlnAte2kISrdIPHlH45Y8xDpHA8A95jU4nFAC9Jg13lGHCp32TTRfYGVGu70uYIeei8nvwgvB 0qagdRFwVXegvNpubVSTR7hZFFNUgy3QwLJnHJ6p/t1ujhGixMBazrtYS9r70Ht8IYQqs3+sH lUsugaP/j9s0QqTQRmScz+QNQ5LqMed7QmGsR5fY08JjxjBy7CFPB2wQQWveX3iIwVKFWoQ5D gXBCd9YDhZnQIgrWZ1sBn1cWj8dDSbzjwsf9kENEQ7vOc29SzIR6BsIezAvUmxkjnCJttcHM3 fKhN4VFetPIshp/qNghWECx+dF4= X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) "Philipp Uhl" writes: Hi Philipp, > The secrets.el implementation lacks support for unlocking specific > items. It only unlocks collections. This does not work well with certain > password managers (e.g. in my case KeepassXC, accessed through secret > service). When receiving a secret through > > (secrets-get-secret "MyPws" "MyEntry") > > with the setting "Confirm when passwords are retrieved by clients" > turned on in KeepassXC, secrets-get-secret will just say IsLocked. Thanks for the report. > Instead, secrets-get-secret should try to unlock the entry itself before > retrieving. > > Here is a proof of concept: > > + ;; New function, analogously to secrets-unlock-collection, that > + ;; specifically unlocks the item > + (defun secrets-unlock-item (collection item) > + "Unlock item labeled ITEM from collection labeled COLLECTION. > + If successful, return the object path of the item." > + (let ((item-path (secrets-item-path collection item))) > + (unless (secrets-empty-path item-path) > + (secrets-prompt > + (cadr > + (dbus-call-method > + :session secrets-service secrets-path secrets-interface-service > + "Unlock" `(:array :object-path ,item-path))))) > + item-path)) > > (defun secrets-get-secret (collection item) > "Return the secret of item labeled ITEM in COLLECTION. > If there are several items labeled ITEM, it is undefined which > one is returned. If there is no such item, return nil. > > ITEM can also be an object path, which is used if contained in COLLECTION." > - (let ((item-path (secrets-item-path collection item))) > + (let ((item-path (secrets-unlock-item collection item))) > (unless (secrets-empty-path item-path) > (dbus-byte-array-to-string > (nth 2 > (dbus-call-method > :session secrets-service item-path secrets-interface-item > "GetSecret" :object-path secrets-session-path)))))) > > To make this function a bit more similar to how it was before, one could > concider to explicitly wait for the IsLocked event before unlocking the > item. That way, if the password manager does not support unlocking of > items, this would not be braking. LGTM. Well, I don't know how relevant it is to wait for the IsLocked event. If you have use cases where it is needed, we shall do. When we add secrets-unlock-item, we should also add secrets-lock-item as counterpart. Like we have done it with secrets-(un)?lock-collection. Would you like to add this function? Bonus points for respective tests in secrets-tests.el. All these changes exceed the limit for tiny changes in Emacs, which could be submitted w/o legal work. Would you like to sign FSF copyright papers in order to contribute to Emacs? See which explains the reasons. > Cheers, > Philipp Uhl Best regards, Michael. From unknown Mon Jun 23 07:52:02 2025 X-Loop: help-debbugs@gnu.org Subject: bug#62952: 28.2.50; secrets.el unlocking items Resent-From: "Philipp Uhl" Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 02 May 2023 10:06:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 62952 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: "Michael Albinus" Cc: 62952@debbugs.gnu.org Received: via spool by 62952-submit@debbugs.gnu.org id=B62952.168302193713823 (code B ref 62952); Tue, 02 May 2023 10:06:01 +0000 Received: (at 62952) by debbugs.gnu.org; 2 May 2023 10:05:37 +0000 Received: from localhost ([127.0.0.1]:41784 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ptmt6-0003as-Qu for submit@debbugs.gnu.org; Tue, 02 May 2023 06:05:37 -0400 Received: from wout5-smtp.messagingengine.com ([64.147.123.21]:37431) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ptmt1-0003aX-91 for 62952@debbugs.gnu.org; Tue, 02 May 2023 06:05:35 -0400 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 7028632009E6; Tue, 2 May 2023 06:05:25 -0400 (EDT) Received: from imap48 ([10.202.2.98]) by compute3.internal (MEProxy); Tue, 02 May 2023 06:05:25 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ph-uhl.com; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm2; t=1683021925; x=1683108325; bh=NI u7BqfTJGWjEFNzxOvKFCGDQH2RKo7VFuGmbewpscg=; b=iRKvUuo7QZ6MwzwG88 yUpwddkSTHHgHr8EzQvSXciAjv5iP6474heV8aTCtIvlr4wg+7AirQkFZYlypaSZ l7X2MJnSLX0ZByQ4fNxdfQifZkc5Nz8MlFF4pYuVGHLKrJuzvvqciHO0oRHsoOO2 oWZyMx2Gh5+9JEoIlxxAduD8OVk8dwhG6nfMGWbgAYntCbDYCK82YILEfG47d4mF LiQTnDggns10CZH1cpe0UwOTCBwI+ZF7SxOTPVcBfpYJ/OpZLFu8Wg69iiK44BpK YEgAI8AsA6JAFlbS+aiTk6pOaM3En93+q1uBPWpcKflFm0l4vkIsdJtimk84IdJb dl9Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; t=1683021925; x=1683108325; bh=NIu7BqfTJGWjE FNzxOvKFCGDQH2RKo7VFuGmbewpscg=; b=Ntc/9hNjU139cPnRZOU0Oo/tf5zk3 OoeCNkI9goga8FuiBUH7rPboHz1lKTR5oDgcHuSmp95T6Pxf5nlYYDge1DN0PHfH 0eACweLogYoJ3TlKKemwaUJS+pd7OU+9XJrwJR2QpN7sSCEs0yeD0GjeJ9tAb14j kNeDq3GDBlxdoORGCfrBj9j+8/vskipRycR0IXSJbCer9M1N6zjsxl2toWScr4mo kzBn3HYse5/nEIv8akd1EZIyRIETiiZduo0lQ0QR1k8IzZrtjL6/C9wMRBHAh+R9 9vh2UdQG+eN3MOklpDrizfp9rtbyQys/8bCVResG6j2f/rZLyjXhFiuvA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfedviedgvddvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvfevufgtsegrtderreerredtnecuhfhrohhmpedfrfhh ihhlihhpphcufghhlhdfuceoghhithesphhhqdhuhhhlrdgtohhmqeenucggtffrrghtth gvrhhnpedvvddtteekvdejleekvdeutdduteehfffgleetffdvgeelfeejtdduvdettdev tdenucffohhmrghinhepghhnuhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurf grrhgrmhepmhgrihhlfhhrohhmpehgihhtsehphhdquhhhlhdrtghomh X-ME-Proxy: Feedback-ID: i17694467:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 6DFD731A0064; Tue, 2 May 2023 06:05:24 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.9.0-alpha0-374-g72c94f7a42-fm-20230417.001-g72c94f7a Mime-Version: 1.0 Message-Id: <0a74e18e-d972-43b6-b661-cee36b08ddb4@app.fastmail.com> In-Reply-To: <87fs8u6bm1.fsf@gmx.de> References: <87fs8u6bm1.fsf@gmx.de> Date: Tue, 02 May 2023 12:05:03 +0200 From: "Philipp Uhl" Content-Type: multipart/alternative; boundary=93c579becba24d34b286ed6a1eb3d3d6 X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --93c579becba24d34b286ed6a1eb3d3d6 Content-Type: text/plain Hi Michael, thanks for your response. Here is the secrets-lock-item function: (defun secrets-lock-item (collection item) "Lock collection item labeled ITEM in COLLECTION. If successful, return the object path of the item. Does not lock the collection." (let ((item-path (secrets-item-path collection item))) (unless (secrets-empty-path item-path) (secrets-prompt (cadr (dbus-call-method :session secrets-service secrets-path secrets-interface-service "Lock" `(:array :object-path ,item-path))))) item-path)) > Bonus points for respective tests > in secrets-tests.el. I didn't find any secrets-tests.el in the Emacs repository. Also I am not really familiar with writing test code in Elisp. But I did manually test the code and it works. > Well, I don't know how relevant it is to wait for the IsLocked > event. If you have use cases where it is needed, we shall do. I don't. For my purposes the code as shown before suffices. > All these changes exceed the limit for tiny changes in Emacs, which > could be submitted w/o legal work. Would you like to sign FSF copyright > papers in order to contribute to Emacs? See > > which explains the reasons. Yes. Would digitally suffice? What exactly do I have to sign? Cheers, Philipp ----------------------------- Philipp Uhl git@ph-uhl.com Am Do, 20. Apr 2023, um 13:23, schrieb Michael Albinus: > "Philipp Uhl" writes: > > Hi Philipp, > >> The secrets.el implementation lacks support for unlocking specific >> items. It only unlocks collections. This does not work well with certain >> password managers (e.g. in my case KeepassXC, accessed through secret >> service). When receiving a secret through >> >> (secrets-get-secret "MyPws" "MyEntry") >> >> with the setting "Confirm when passwords are retrieved by clients" >> turned on in KeepassXC, secrets-get-secret will just say IsLocked. > > Thanks for the report. > >> Instead, secrets-get-secret should try to unlock the entry itself before >> retrieving. >> >> Here is a proof of concept: >> >> + ;; New function, analogously to secrets-unlock-collection, that >> + ;; specifically unlocks the item >> + (defun secrets-unlock-item (collection item) >> + "Unlock item labeled ITEM from collection labeled COLLECTION. >> + If successful, return the object path of the item." >> + (let ((item-path (secrets-item-path collection item))) >> + (unless (secrets-empty-path item-path) >> + (secrets-prompt >> + (cadr >> + (dbus-call-method >> + :session secrets-service secrets-path secrets-interface-service >> + "Unlock" `(:array :object-path ,item-path))))) >> + item-path)) >> >> (defun secrets-get-secret (collection item) >> "Return the secret of item labeled ITEM in COLLECTION. >> If there are several items labeled ITEM, it is undefined which >> one is returned. If there is no such item, return nil. >> >> ITEM can also be an object path, which is used if contained in COLLECTION." >> - (let ((item-path (secrets-item-path collection item))) >> + (let ((item-path (secrets-unlock-item collection item))) >> (unless (secrets-empty-path item-path) >> (dbus-byte-array-to-string >> (nth 2 >> (dbus-call-method >> :session secrets-service item-path secrets-interface-item >> "GetSecret" :object-path secrets-session-path)))))) >> >> To make this function a bit more similar to how it was before, one could >> concider to explicitly wait for the IsLocked event before unlocking the >> item. That way, if the password manager does not support unlocking of >> items, this would not be braking. > > LGTM. Well, I don't know how relevant it is to wait for the IsLocked > event. If you have use cases where it is needed, we shall do. > > When we add secrets-unlock-item, we should also add secrets-lock-item as > counterpart. Like we have done it with secrets-(un)?lock-collection. > Would you like to add this function? Bonus points for respective tests > in secrets-tests.el. > > All these changes exceed the limit for tiny changes in Emacs, which > could be submitted w/o legal work. Would you like to sign FSF copyright > papers in order to contribute to Emacs? See > > which explains the reasons. > >> Cheers, >> Philipp Uhl > > Best regards, Michael. --93c579becba24d34b286ed6a1eb3d3d6 Content-Type: text/html Content-Transfer-Encoding: quoted-printable
Hi Michael= ,

thanks for your response. Here is the sec= rets-lock-item function:

(defun = secrets-lock-item (collection item)
    "Lock collection item labeled ITEM in C= OLLECTION.
If successf= ul, return the object path of the item. Does not lock
the collection."
    (let ((item-path (secrets-it= em-path collection item)))
      (unless (secrets-empty-path item-pat= h)
   &= nbsp;    (secrets-prompt
         (cadr=
   &nb= sp;      (dbus-call-method
       =     :session secrets-service secrets-path secrets-interfa= ce-service
  = ;         "Lock" `(:array :objec= t-path ,item-path)))))
      item-path))

> Bonus points for respective tests
> in sec= rets-tests.el.

I didn't find any secrets-te= sts.el in the Emacs repository. Also I am not really familiar with writi= ng test code in Elisp. But I did manually test the code and it works.

> Well, I don't know how relevant it is to= wait for the IsLocked
> event. If you have use cases w= here it is needed, we shall do.

I don't. Fo= r my purposes the code as shown before suffices.

> All these changes exceed the limit for tiny changes in Emacs,= which
> could be submitted w/o legal work. Would you l= ike to sign FSF copyright
> papers in order to contribu= te to Emacs? See
  Philipp Uhl

Am Do, 20. Apr 2023, um 13:23, schrieb Mich= ael Albinus:
> "Philipp Uhl" <git@ph-uhl.com> writes:
>
<= div>> Hi Philipp,
>
>> The secre= ts.el implementation lacks support for unlocking specific
= >> items. It only unlocks collections. This does not work well wit= h certain
>> password managers (e.g. in my case Keep= assXC, accessed through secret
>> service). When rec= eiving a secret through
>>
>> (s= ecrets-get-secret  "MyPws" "MyEntry")
>>
>> with the setting "Confirm when passwords are retrieved = by clients"
>> turned on in KeepassXC, secrets-get-s= ecret will just say IsLocked.
>
> Than= ks for the report.
>
>> Instead, se= crets-get-secret should try to unlock the entry itself before
<= div>>> retrieving.
>>
>> H= ere is a proof of concept:
>>
>>= +  ;; New function, analogously to secrets-unlock-collection, that=
>> +  ;; specifically unlocks the item
>> +  (defun secrets-unlock-item (collection item)
=
>> +    "Unlock item labeled ITEM from c= ollection labeled COLLECTION.
>> +  If successf= ul, return the object path of the item."
>> + &= nbsp;  (let ((item-path (secrets-item-path collection item)))
>> +      (unless (secrets-empty= -path item-path)
>> +     &= nbsp;  (secrets-prompt
>> +   &n= bsp;     (cadr
>> +  &= nbsp;       (dbus-call-method
>> +          = :session secrets-service secrets-path secrets-interface-service
>> +         &= nbsp; "Unlock" `(:array :object-path ,item-path)))))
>&= gt; +      item-path))
>>
>>   (defun secrets-get-secret (collection = item)
>>     "Return the secret = of item labeled ITEM in COLLECTION.
>>   I= f there are several items labeled ITEM, it is undefined which
<= div>>>   one is returned.  If there is no such item= , return nil.
>>
>>   = ITEM can also be an object path, which is used if contained in COLLECTIO= N."
>> -    (let ((item-path (secrets= -item-path collection item)))
>> +   = (let ((item-path (secrets-unlock-item collection item)))
= >>       (unless (secrets-empty-path= item-path)
>>      &n= bsp;  (dbus-byte-array-to-string
>>  =         (nth 2
>>=             =    (dbus-call-method
>>   &= nbsp;            = :session secrets-service item-path secrets-interface-item
= >>          &nbs= p;     "GetSecret" :object-path secrets-session-path= ))))))
>>
>> To make this functi= on a bit more similar to how it was before, one could
>= > concider to explicitly wait for the IsLocked event before unlocking= the
>> item. That way, if the password manager does= not support unlocking of
>> items, this would not b= e braking.
>
> LGTM. Well, I don't kno= w how relevant it is to wait for the IsLocked
> event. = If you have use cases where it is needed, we shall do.
>= ;
> When we add secrets-unlock-item, we should also add= secrets-lock-item as
> counterpart. Like we have done = it with secrets-(un)?lock-collection.
> Would you like = to add this function? Bonus points for respective tests
&g= t; in secrets-tests.el.
>
> All these = changes exceed the limit for tiny changes in Emacs, which
= > could be submitted w/o legal work. Would you like to sign FSF copyr= ight
> papers in order to contribute to Emacs? See
<= /div>
&= gt; which explains the reasons.
>
>>= ; Cheers,
>>   Philipp Uhl
&= gt;
> Best regards, Michael.
--93c579becba24d34b286ed6a1eb3d3d6-- From unknown Mon Jun 23 07:52:02 2025 X-Loop: help-debbugs@gnu.org Subject: bug#62952: 28.2.50; secrets.el unlocking items Resent-From: Michael Albinus Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 02 May 2023 11:46:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 62952 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: "Philipp Uhl" Cc: 62952@debbugs.gnu.org Received: via spool by 62952-submit@debbugs.gnu.org id=B62952.16830279021592 (code B ref 62952); Tue, 02 May 2023 11:46:01 +0000 Received: (at 62952) by debbugs.gnu.org; 2 May 2023 11:45:02 +0000 Received: from localhost ([127.0.0.1]:41842 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ptoRK-0000Pc-AG for submit@debbugs.gnu.org; Tue, 02 May 2023 07:45:02 -0400 Received: from mout.gmx.net ([212.227.15.19]:59571) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ptoRF-0000Om-2y for 62952@debbugs.gnu.org; Tue, 02 May 2023 07:45:01 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417; t=1683027888; i=michael.albinus@gmx.de; bh=sMaGcEOptjplaqMGWwNpt7vgCUCnycA6Zrgq8ZyMNn4=; h=X-UI-Sender-Class:From:To:Cc:Subject:In-Reply-To:References:Date; b=RTaUuK106bjlOR0UNxmb9WC3g7mk+TaAZfmkdO1ykuD3ndgJW6rgAp2P3gbqGFq4u pWHI7bKAPO5HwHVjhCzWrtjUp2dlpduhz4x1XCA2GUIHUbIWD7AYEMBjyVFZeXawxL jyaIWRs2gcjMtfw2HxLWTHrSLovx9jzi2ozDTj3ev5AuLkQ1MqTrGeWOAs1S2Jsfl/ ViW8IfjvDV4+KHEDtNj4xCslwtupGAFklo3m78BJyX/eNZUNkhslHdDnba8qzlbDK8 z2aH3AWqSt5IegG6rDy4Br6Vm4wxrJkKsOx2XsXw6ZEU8qQIG5B2phaxBI9Nnx8tVc aHDmteWajYz4A== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from gandalf.gmx.de ([185.89.39.0]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MVvPD-1pmHOn0P8H-00Ro4U; Tue, 02 May 2023 13:44:48 +0200 From: Michael Albinus In-Reply-To: <0a74e18e-d972-43b6-b661-cee36b08ddb4@app.fastmail.com> (Philipp Uhl's message of "Tue, 02 May 2023 12:05:03 +0200") References: <87fs8u6bm1.fsf@gmx.de> <0a74e18e-d972-43b6-b661-cee36b08ddb4@app.fastmail.com> Date: Tue, 02 May 2023 13:44:47 +0200 Message-ID: <871qjzgdow.fsf@gmx.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Provags-ID: V03:K1:uMYdwrG70GZDu7VOFmPZWfXcCw+EkpFzGzKUpr9obWBXgS4RKhA +T7VFcgRsM4JGoN7PCRR8tT2u5H1tvSbA6qPzxbexfZQHPiA3Gl2thYp3yLcWjGYRXmsyQN +o7RqC8cVjedoHDrJyUc2wDKzY0banWw920/ppYsS/ZEFvIn1F1pdOpo/RjMr3gKB+n+/+n olDlppXj7aacBjFXReB7g== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:mTOF/Boqzqo=;gzNkBtJALW9ZHKdKS+OC1s8UJr6 7kuxG1gV3eaaUEHEfmbFwAvoo+m3gyXX5lCTfZSRgZzEc7k7ndaii+B7O4ojnurVG9gDmWjQQ aLI0yt0NL8EJLQcDZu0zgc6sVRMd9JsJ7MXuUHjwZA0fp3aVShbNjLcgZsjn5XJFsC14ExbYb +tZgytTk4cI1hGZoH4IjCUsX5OUu3K1luzYEjHpgGaR5xej53DNoNnUcnC8Yxm8JFDmEBlMcY MbjSPEv/LuwQ8se1LjTHIFM+x2oU3HixXwo8lqv2afFiLexEu3/Vi+3KMTlQGbWpN2U2nTbN6 bOvGNgdYQHjdvyCWYlb6Lg22/BBMJLCfAaheejsDTG0l98Xrps9BnIceugnb8hgmlTiff4176 AoUnofGoR1cQ8YKdDrKB5flWTS7+gYGiqjmFV9kYXJX6Xeci+oNbY7Zhld+yl439W9phjLu9p K8Gr5zpMbtHD1m/0n5PMNVpVro+Cpfy13ResPVvZPwuS0RAIGCRjmG/0iVOXHeIBv45R8iN16 VJh3QYmcvtK3E8AzDrw7/8Ruc5UZ/Y/w9iCe8uuUNCj2zorb3VCkQAeBOCxXbPMuskLJAkT0o qnhZu2I76CwdGHEfjLy1awBEunvhpj3leAMekTxyTPLgx9OqqhbpzHM1lCX9PajLYdYRZ2Jqi 9K9C5RPpqHRovreNoNsYfJNx37Xw5BCC4djm8152/cxxMhCv0w/sWj7OmO1zE5b0/NrMW/j9i 2ohS2+HIIZ6U1PSz+4/lSurZypYjc5gb5ep6HDyoYp53FTLS3GvUZT2YR9m8lWFgkSTmlVAqs Vmd0yR5oT8FfsH4Uc0o+reagDcYqZqpr5IKgbOMeqkRGBhBIPw3KWs7u4L8lgojZyuWaC0cAL Zw51DQ/m8L84dlQN5odDwzYEC4C+AZj9E9GYbfkcHOQq0uPpiWuE1W8Tmpgm8urv70HnQqjvN zLmUHg== X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) "Philipp Uhl" writes: > Hi Michael, Hi Philipp, > thanks for your response. Here is the secrets-lock-item function: Thanks. I'll check it next days. >> Bonus points for respective tests >> in secrets-tests.el. > > I didn't find any secrets-tests.el in the Emacs repository. Also I am > not really familiar with writing test code in Elisp. But I did > manually test the code and it works. See test/lisp/net/secrets-tests.el in the git repository. Tests are performed using ERT, see (info "(ert) Top") for the manual. >> Well, I don't know how relevant it is to wait for the IsLocked >> event. If you have use cases where it is needed, we shall do. > > I don't. For my purposes the code as shown before suffices. Good. So we can leave it out, until somebody hollers. >> Would you like to sign FSF copyright papers in order to contribute to >> Emacs? > > Yes. Would digitally suffice? What exactly do I have to sign? Template sent off-list. > Cheers, Philipp Best regards, Michael. From unknown Mon Jun 23 07:52:02 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: "Philipp Uhl" Subject: bug#62952: closed (Re: bug#62952: 28.2.50; secrets.el unlocking items) Message-ID: References: <87a5yfaw23.fsf@gmx.de> X-Gnu-PR-Message: they-closed 62952 X-Gnu-PR-Package: emacs Reply-To: 62952@debbugs.gnu.org Date: Mon, 08 May 2023 11:43:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1683546182-6762-1" This is a multi-part message in MIME format... ------------=_1683546182-6762-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #62952: 28.2.50; secrets.el unlocking items which was filed against the emacs package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 62952@debbugs.gnu.org. --=20 62952: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D62952 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1683546182-6762-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 62952-done) by debbugs.gnu.org; 8 May 2023 11:42:57 +0000 Received: from localhost ([127.0.0.1]:39469 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pvzGb-0001km-A4 for submit@debbugs.gnu.org; Mon, 08 May 2023 07:42:57 -0400 Received: from mout.gmx.net ([212.227.17.21]:44513) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pvzGY-0001kT-7H for 62952-done@debbugs.gnu.org; Mon, 08 May 2023 07:42:55 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417; t=1683546164; i=michael.albinus@gmx.de; bh=oMpKf8JuyazveMetKqCV3JS7rREJpStbWMaUmrNKNSo=; h=X-UI-Sender-Class:From:To:Cc:Subject:In-Reply-To:References:Date; b=RknNs+sdDukH1Mq9lhNBp8UQIN+nGfP6F7x5dEH1x1EbKTKeOU2WDxB0oY5Ztzl9J nW65F8EuOHSuioDvhU8/fEXRA6Ig+62xQGJd6r5AsCZ14EWHIJLQ3+CD7D/9t0Wr4Y 8w267BLs/p12mbA5BpfUYEQ6rpzoe1Kloy18/IzkMsWtNiXx6sqtyr7QCM1vQr/tv6 NmpyABYwOJ8oF6y35SIxjsxheXtSyoZB9i8GJB1v3PLtwMQe3vAeg/x06c8+2rPIQ0 N0Eplfq7PTpNtLoMgcFs4ZNQi5zlneOQ+4H0owUj8gr+IOCIZSgDPuCQ+f0YQQheUT CO2ok7yS3myFw== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from gandalf.gmx.de ([185.89.39.0]) by mail.gmx.net (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MeU0q-1qW9Ue3OoW-00aRtY; Mon, 08 May 2023 13:42:44 +0200 From: Michael Albinus To: "Philipp Uhl" Subject: Re: bug#62952: 28.2.50; secrets.el unlocking items In-Reply-To: <871qjzgdow.fsf@gmx.de> (Michael Albinus's message of "Tue, 02 May 2023 13:44:47 +0200") References: <87fs8u6bm1.fsf@gmx.de> <0a74e18e-d972-43b6-b661-cee36b08ddb4@app.fastmail.com> <871qjzgdow.fsf@gmx.de> Date: Mon, 08 May 2023 13:42:44 +0200 Message-ID: <87a5yfaw23.fsf@gmx.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Provags-ID: V03:K1:V0pZH3a2wW6LV4tJbuvYdnzkE1lSKRpWypcb9AUYyaFzasUHSC/ NSpTKaYRxNtNiaVEbT9fArzhpcYiBeHZ/gV72/BMcAzG7QYJMphVDACoinLV6FQIzYHIGTg CNGNA4eFC+dg26dhpzr1GqYWbL1irMBDbzstV8Mm+oR9FfBa3y657FzxLJIuqoGEOiVrLzZ 8/2PPK2dCtw7BPhiP8+UQ== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:N3Fdmc/w9XU=;1xHXTWWY6z6WEzdJcDNhKz/4Dxq YhernIByVuvZ7j0Yd71F5SZekaScNOzMZZagIBiDaF6c1qfuQ74HOCsMBWIWG5xVniClfKxWj aJT432oZKZznjWgg4tdlJB8JvGSP3ss68t93qyEzWNCoNVoEsR1bzYN/RlaU9pMRcGHA1zdk7 dMbSPl2JmCimVKP98EyhKCM/CFmJ97poBQAh6/k7K4FI+D4wsA09rsaudenVa1LZG+oOmvwZj wjPQ0OeMz3kD6qSLfuOKXF7jANd28RycGpW83yQBRefbS3iyC3psptdIqbvUg5BKufYNB3QTN 28cZBwQB2BfhqrSRT/oQjjFrBQ+EsjOhA/GyMpRge3Qrz/nOYBkk82chvoQhvDDvTVQ35h9XX tdsEuK3MmhTZNdDiaPeGcZp9fvuiPsv6DOxB23I+dbtyqVsZOaA2yAF8qWlD8H9eFrVhCdOgf 9AM4OsSn+Kw52XtamEtzWMJle3q+rwB1qw41xbWT8EQYYxIv79NS4DbcasrUYUiVtdtevKg8Q bXzoIlDw35Xo0ZSPWv2D7R6mkxIIeqfoVmN5zmQVR6pgfOsZDM9Toph8xsMSiFAf7ke73hgMY xE5L+JtsjU6iI21uFDLpJkZ71f5ICBpZ5IIx9oKgsHh+ukav+mGPdkujBTPEN4Ezvht6zsIPS SgbEZOKZY+kr1i8aIAWOizVhqd/2TR8k+lQxPcAqB77WgRshwx5F+NSbFrqcQ6JMKeQxaulS0 P/H+GirKM5QnJbvze+R/TDal4QoMhAwoPHq156B1fSFMex5rLG424yyfdgz5N5eS3aBU/b7c2 cOyd9NvznPp05wYc+7vcGIWP7k5Wa4bshFLQtXobLZaN5Y6pb2cgoa0FlsvkoapZwNglnwQTp JfV1fD2EqYLry05z27d7kRC5z+tggk3tzW0KG+K2Z/ssvR/dnq43RJlYabm9M/1JyWLyjoW4A 9xPb/g== X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 62952-done Cc: 62952-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Version: 30.1 Michael Albinus writes: Hi Philipp, >> thanks for your response. Here is the secrets-lock-item function: > > Thanks. I'll check it next days. I've played this morning with your changes. Everything looks fine (in my environment), so I have pushed them to the Emacs master branch. >>> Bonus points for respective tests in secrets-tests.el. >> >> I didn't find any secrets-tests.el in the Emacs repository. Also I am >> not really familiar with writing test code in Elisp. But I did >> manually test the code and it works. > > See test/lisp/net/secrets-tests.el in the git repository. Tests are > performed using ERT, see (info "(ert) Top") for the manual. I've tried to see how it works with this, but it looks like the temporary "session" session of Gnome keyring, which I use, doesn't care about locking/unlocking of single items. So likely it isn't worth to extend secrets-tests.el. I'm closing the bug. >> Cheers, Philipp Best regards, Michael. ------------=_1683546182-6762-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 19 Apr 2023 19:58:52 +0000 Received: from localhost ([127.0.0.1]:35921 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ppDx4-000766-Pe for submit@debbugs.gnu.org; Wed, 19 Apr 2023 15:58:51 -0400 Received: from lists.gnu.org ([209.51.188.17]:40924) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pp6qj-0005PJ-62 for submit@debbugs.gnu.org; Wed, 19 Apr 2023 08:23:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pp6qi-00051L-Q8 for bug-gnu-emacs@gnu.org; Wed, 19 Apr 2023 08:23:48 -0400 Received: from wout2-smtp.messagingengine.com ([64.147.123.25]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pp6qd-0006eZ-88 for bug-gnu-emacs@gnu.org; Wed, 19 Apr 2023 08:23:48 -0400 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 11B19320005D for ; Wed, 19 Apr 2023 08:23:40 -0400 (EDT) Received: from imap48 ([10.202.2.98]) by compute3.internal (MEProxy); Wed, 19 Apr 2023 08:23:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ph-uhl.com; h=cc :content-type:content-type:date:date:from:from:in-reply-to :message-id:mime-version:reply-to:sender:subject:subject:to:to; s=fm2; t=1681907019; x=1681993419; bh=iGUlHWpeu3LEnRyVZdcR2gCKa /cF+HprCTyFkkkKsHw=; b=SgKhlK1gCwlqp5xNfOkiTFbWh7hDKPv0jANvT7G7A ZQDID+hMnGpW2twIVdDASUs8urwqvAUURAvBMavOc0fK46AMXhIm0zEYd0cr4M6s D532fvt5Hkl1MouR7wfrVJHkmCyIHNEDvtkl/XREmoglU+vZKWVO+gEX/Tmn+WC9 m+utpyCn5SjOcH4cRG6K81WnbEKhGzmJ6QFiZrmBMdf46BLEz6kRKjg0C/2KXrGn WmDpvVceWNf+Wzmxs1MsG8CvJhM8f6olYMe8f2FY15HV2Gj2j8CgSypKZ/U5v5xs uWzSJt8ORznf91tNiYjqx6OlZoXWbFOPA16kw32d4DsEA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:message-id :mime-version:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t= 1681907019; x=1681993419; bh=iGUlHWpeu3LEnRyVZdcR2gCKa/cF+HprCTy FkkkKsHw=; b=S8fc+JbyIw+g0BY4e6mtM8jh34HGqW7D43PJYjtoFGybM9DmaBT bxZnO1X6Eh9mir4yU5WYXhNczAZV9YoOahFFKSZdSfgzxMITOwmWypuiwWSDF5e7 +MnNI6zO02l3DSHxVdUpaCkfBEzg6ZScLfKfI79aUartPuIEsnC58F4qbrBd/wAg 3RCLhGpBacJLV3htcRmeQPAZEXXTjqUE52PX8o9DTst0vxVzfkHG3MmZoLrP455J RF9sqLeR+sxt9+l+2PbU32wPzOxH/YDrcDOJsGooN12zyJPEslnWTkbT/NgErrD8 FeqIfnCk9M86u4B8Jq/dLXztKyGf3IcvwJA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfedttddghedvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfffhffvufgtsehttdertd erredtnecuhfhrohhmpedfrfhhihhlihhpphcufghhlhdfuceoghhithesphhhqdhuhhhl rdgtohhmqeenucggtffrrghtthgvrhhnpeevtdduvdetuefgheeuueeuffeigfeuieffvd ejleekveelffduhfdtkeeuteevfeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgr mhepmhgrihhlfhhrohhmpehgihhtsehphhdquhhhlhdrtghomh X-ME-Proxy: Feedback-ID: i17694467:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 5F21A31A0063; Wed, 19 Apr 2023 08:23:39 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.9.0-alpha0-372-g43825cb665-fm-20230411.003-g43825cb6 Mime-Version: 1.0 Message-Id: Date: Wed, 19 Apr 2023 14:23:17 +0200 From: "Philipp Uhl" To: bug-gnu-emacs@gnu.org Subject: 28.2.50; secrets.el unlocking items Content-Type: text/plain Received-SPF: pass client-ip=64.147.123.25; envelope-from=git@ph-uhl.com; helo=wout2-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.6 (-) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Wed, 19 Apr 2023 15:58:49 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.6 (--) The secrets.el implementation lacks support for unlocking specific items. It only unlocks collections. This does not work well with certain password managers (e.g. in my case KeepassXC, accessed through secret service). When receiving a secret through (secrets-get-secret "MyPws" "MyEntry") with the setting "Confirm when passwords are retrieved by clients" turned on in KeepassXC, secrets-get-secret will just say IsLocked. Instead, secrets-get-secret should try to unlock the entry itself before retrieving. Here is a proof of concept: + ;; New function, analogously to secrets-unlock-collection, that + ;; specifically unlocks the item + (defun secrets-unlock-item (collection item) + "Unlock item labeled ITEM from collection labeled COLLECTION. + If successful, return the object path of the item." + (let ((item-path (secrets-item-path collection item))) + (unless (secrets-empty-path item-path) + (secrets-prompt + (cadr + (dbus-call-method + :session secrets-service secrets-path secrets-interface-service + "Unlock" `(:array :object-path ,item-path))))) + item-path)) (defun secrets-get-secret (collection item) "Return the secret of item labeled ITEM in COLLECTION. If there are several items labeled ITEM, it is undefined which one is returned. If there is no such item, return nil. ITEM can also be an object path, which is used if contained in COLLECTION." - (let ((item-path (secrets-item-path collection item))) + (let ((item-path (secrets-unlock-item collection item))) (unless (secrets-empty-path item-path) (dbus-byte-array-to-string (nth 2 (dbus-call-method :session secrets-service item-path secrets-interface-item "GetSecret" :object-path secrets-session-path)))))) To make this function a bit more similar to how it was before, one could concider to explicitly wait for the IsLocked event before unlocking the item. That way, if the password manager does not support unlocking of items, this would not be braking. Cheers, ----------------------------- Philipp Uhl git@ph-uhl.com ------------=_1683546182-6762-1-- From unknown Mon Jun 23 07:52:02 2025 X-Loop: help-debbugs@gnu.org Subject: bug#62952: 28.2.50; secrets.el unlocking items Resent-From: "Philipp Uhl" Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 09 May 2023 08:16:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 62952 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: "Michael Albinus" Cc: 62952-done@debbugs.gnu.org Received: via spool by 62952-done@debbugs.gnu.org id=D62952.168362014011967 (code D ref 62952); Tue, 09 May 2023 08:16:02 +0000 Received: (at 62952-done) by debbugs.gnu.org; 9 May 2023 08:15:40 +0000 Received: from localhost ([127.0.0.1]:42355 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pwIVX-00036x-UN for submit@debbugs.gnu.org; Tue, 09 May 2023 04:15:40 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:58623) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pwIVV-00036f-El for 62952-done@debbugs.gnu.org; Tue, 09 May 2023 04:15:38 -0400 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 4B6AE5C00C1; Tue, 9 May 2023 04:15:30 -0400 (EDT) Received: from imap48 ([10.202.2.98]) by compute3.internal (MEProxy); Tue, 09 May 2023 04:15:30 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ph-uhl.com; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm2; t=1683620130; x=1683706530; bh=Xg TCAtAKJWlgY9B7D8ThGpghwd+dafDj28Gc6x4IuZ8=; b=ENgjMEMnkrOlrpPvYE zZE9ZRaWnVco9/Ak5uIE0955yJyYIk2wxnvnkSmuGZWh4SvW33KXmsVsQ6CtwEcd uaofMnX5bAFcd82FhK/Gx9ko+a2BgnZdTGOJ24fJVQetNhxXPGOy87YsPm1zB5xr 0yc8o/A8otqoTyEc+Q+Mbnt3W1f5Lkq260e3p923MF2Tv0QKXoDR7qVL3pvT+442 OtonsZyWCDwmgB7JHMnU7H+Om4cQoPSaSSSlyz+haTgnBTOIjoUH0jNHHi+G0I/V thSgSp1dZ4jfe+zI49gRvR8VzF1WyDAemqq8XahrR0KEvBt31jCAeRt8IJKmYn/V 7avg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; t=1683620130; x=1683706530; bh=XgTCAtAKJWlgY 9B7D8ThGpghwd+dafDj28Gc6x4IuZ8=; b=ZTYxwOxYSFDvvtrldYSXKc6aUC0QS dLnu7s7T2GY/A2wQ8h+x2Wp8ei3Q7YyXmbOXIzPi9aP0rhWuAvhZZfVjx4wmN/vt qQHmkksFfBhTrg2FbgsDboBPKp6R2kSE1kMF/mkCvCb8UyBqBHrt1HDBfPQjmhex pAfh/cWpNJIHM5uV1AM0HZY5efiuSm8TIv8moDYJI6vyusBlu4PQZN8RUNcDo5JK nnDovGZlVykXYt2IKPAJurRkXGO+tzFnbNwzPGwxPnkDR6+AufO1sQ75YNwrZLYG bZV7FqNRiKCtQRCa4ncg6XvjjhgPc84taNSl+T+uut0AD5A24lSdPKacw== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeegtdcutefuodetggdotefrodftvfcurf hrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecuuegr ihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjug hrpefofgggkfgjfhffhffvvefutgesthdtredtreertdenucfhrhhomhepfdfrhhhilhhi phhpucgfhhhlfdcuoehgihhtsehphhdquhhhlhdrtghomheqnecuggftrfgrthhtvghrnh epgfekffegueehgfefledthefhfeekgffhtdevleefheefgfefleejtddtvdelueejnecu ffhomhgrihhnpegvlhdrihhmnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpe hmrghilhhfrhhomhepghhithesphhhqdhuhhhlrdgtohhm X-ME-Proxy: Feedback-ID: i17694467:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id E154331A0063; Tue, 9 May 2023 04:15:29 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.9.0-alpha0-415-gf2b17fe6c3-fm-20230503.001-gf2b17fe6 Mime-Version: 1.0 Message-Id: <0c22791a-2c75-4e54-87b6-a2e90fd70054@app.fastmail.com> In-Reply-To: <87a5yfaw23.fsf@gmx.de> References: <87fs8u6bm1.fsf@gmx.de> <0a74e18e-d972-43b6-b661-cee36b08ddb4@app.fastmail.com> <871qjzgdow.fsf@gmx.de> <87a5yfaw23.fsf@gmx.de> Date: Tue, 09 May 2023 10:15:09 +0200 From: "Philipp Uhl" Content-Type: text/plain X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hi Michael, thank you. Sounds great. Best, Philipp ----------------------------- Philipp Uhl git@ph-uhl.com Am Mo, 8. Mai 2023, um 13:42, schrieb Michael Albinus: > Version: 30.1 > > Michael Albinus writes: > > Hi Philipp, > >>> thanks for your response. Here is the secrets-lock-item function: >> >> Thanks. I'll check it next days. > > I've played this morning with your changes. Everything looks fine (in my > environment), so I have pushed them to the Emacs master branch. > >>>> Bonus points for respective tests in secrets-tests.el. >>> >>> I didn't find any secrets-tests.el in the Emacs repository. Also I am >>> not really familiar with writing test code in Elisp. But I did >>> manually test the code and it works. >> >> See test/lisp/net/secrets-tests.el in the git repository. Tests are >> performed using ERT, see (info "(ert) Top") for the manual. > > I've tried to see how it works with this, but it looks like the > temporary "session" session of Gnome keyring, which I use, doesn't care > about locking/unlocking of single items. So likely it isn't worth to > extend secrets-tests.el. > > I'm closing the bug. > >>> Cheers, Philipp > > Best regards, Michael.