GNU bug report logs -
#67937
30.0.50; auth-source-pass relies on epa-file being enabled
Previous Next
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Eli Zaretskii <eliz <at> gnu.org> writes:
> Thanks. So it sounds like you are asking for a feature that currently
> doesn't exist, AFAIU.
I'm not sure I'd classify it as a new feature. An existing interface is
broken under some conditions.
> I added a couple of people to this discussion who were involved with
> auth-source-pass, in the hope that they will have suggestions and
> comments.
Thank you.
Now, onto why I don't think this is a new feature:
Here's an example auth-source-search invocation that can demonstrate the
problem (assuming that the user has these a dev.gentoo.org secret on
port imaps with user arsen):
(auth-info-password (car (auth-source-search :host "dev.gentoo.org"
:port "imaps"
:user "arsen")))
Following M-x epa-file-disable RET M-x auth-source-forget-all-cached RET
the above returns an encrypted string rather than its actual password.
This means that a current feature (auth-source-search) breaks under some
conditions.
I've worked out a fix, tested with the following:
(require 'auth-source-pass)
(setq auth-sources '(password-store))
(auth-info-password (car (auth-source-search :host "dev.gentoo.org"
:port "imaps"
:user "arsen")))
I've attached the patch, though it lacks a regression test. The reason
for this is that I want to spare the auth-source-pass developers some
triage, and that there's currently no regression tests for --read-entry.
[0001-auth-source-pass-don-t-rely-on-epa-file-bug-67937.patch (text/x-patch, inline)]
From 43e98821aa1f02abbfeea8b0b08ec6f4e31d8e9f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arsen=20Arsenovi=C4=87?= <arsen <at> aarsen.me>
Date: Thu, 21 Dec 2023 12:29:55 +0100
Subject: [PATCH] auth-source-pass: don't rely on epa-file (bug#67937)
* lisp/auth-source-pass.el (epg): Require epg.
(auth-source-pass--read-entry): Use epg-decrypt-file instead of relying
on epa-file decrypting files read via insert-file-contents.
---
lisp/auth-source-pass.el | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el
index 0f51755a250..0322de9f313 100644
--- a/lisp/auth-source-pass.el
+++ b/lisp/auth-source-pass.el
@@ -34,6 +34,7 @@
(require 'cl-lib)
(require 'auth-source)
(require 'url-parse)
+(require 'epg)
;; Use `eval-when-compile' after the other `require's to avoid spurious
;; "might not be defined at runtime" warnings.
(eval-when-compile (require 'subr-x))
@@ -194,11 +195,11 @@ auth-source-pass--get-attr
(defun auth-source-pass--read-entry (entry)
"Return a string with the file content of ENTRY."
- (with-temp-buffer
- (insert-file-contents (expand-file-name
- (format "%s.gpg" entry)
- auth-source-pass-filename))
- (buffer-substring-no-properties (point-min) (point-max))))
+ (let ((context (epg-make-context 'OpenPGP))
+ (file (expand-file-name
+ (format "%s.gpg" entry)
+ auth-source-pass-filename)))
+ (epg-decrypt-file context file nil)))
(defun auth-source-pass-parse-entry (entry)
"Return an alist of the data associated with ENTRY.
--
2.43.0
[Message part 3 (text/plain, inline)]
Have a lovely day!
--
Arsen Arsenović
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 205 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.