[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#67937: 30.0.50; auth-source-pass relies on epa-file being enabled
|
From: |
Arsen Arsenović |
|
Subject: |
bug#67937: 30.0.50; auth-source-pass relies on epa-file being enabled |
|
Date: |
Wed, 20 Dec 2023 20:58:08 +0100 |
Eli Zaretskii <eliz@gnu.org> writes:
>> From: Arsen Arsenović <arsen@aarsen.me>
>> Cc: 67937@debbugs.gnu.org
>> Date: Wed, 20 Dec 2023 20:11:20 +0100
>>
>> >> - emacs -Q
>> >> - M-x epa-file-disable
>> >> - M-: (auth-source-pass-get 'secret "something")
>> >>
>> >> You will see a GPG-encrypted data string.
>> >>
>> >> epa-file-disable should not break the auth-source.
>> >
>> > Please tell more about what you mean by "break".
>>
>> What I mean by that is 'You will see a GPG-encrypted data string'. The
>> source returns an encrypted string rather than its contents.
>
> How can it decrypt the string when you disable decryption? What is
> the replacement of epa-file that would decrypt the data string?
Even with epa-disable, it could use epa-decrypt-region to decrypt the
password from the file.
For some context, I'll briefly summarize how password-store (pass)
works: pass stores credentials as one line representing the secret and
the rest being aux data (usually usernames and similar) in each file.
One file represents one set of credentials, encrypted via PGP (an
example filename is
~/.password-store/gentoo/gentoo.org/arsen@gentoo.org.gpg).
To get a given password from a given password store entry,
auth-source-pass needs to decrypt this file and get the first line of
the decrypted contents.
Currently, auth-source-pass relies on epa-file facilities to decrypt the
password entries, but those do nothing after epa-file-disable. Instead,
it should use something like epa-decrypt-region or such (sorry, not too
familiar with EasyPG).
AIUI, epa-file-disable disables *automatic* decryption, not all forms of
decryption.
To provide some more context, I noticed auth-source-pass preventing
sending emails seemingly at random (by returning encrypted passwords
rather than the actual passwords), then noticed that it seems to start
working again following M-x epa-file-enable RET M-x
auth-source-forget-all-cached RET, and then I managed to reproduce in a
clean Emacs, then I filed this report.
I'm still unsure why epa-file gets disabled on occasion, but whether it
does or does not, auth-source-pass should either ensure its enabled or
not rely on such a facility for reading passwords.
Thanks again, have a lovely night.
--
Arsen Arsenović
signature.asc
Description: PGP signature
- bug#67937: 30.0.50; auth-source-pass relies on epa-file being enabled, Arsen Arsenović, 2023/12/20
- bug#67937: 30.0.50; auth-source-pass relies on epa-file being enabled, Eli Zaretskii, 2023/12/20
- bug#67937: 30.0.50; auth-source-pass relies on epa-file being enabled, Arsen Arsenović, 2023/12/20
- bug#67937: 30.0.50; auth-source-pass relies on epa-file being enabled, Eli Zaretskii, 2023/12/20
- bug#67937: 30.0.50; auth-source-pass relies on epa-file being enabled,
Arsen Arsenović <=
- bug#67937: 30.0.50; auth-source-pass relies on epa-file being enabled, Eli Zaretskii, 2023/12/21
- bug#67937: 30.0.50; auth-source-pass relies on epa-file being enabled, Arsen Arsenović, 2023/12/21
- bug#67937: 30.0.50; auth-source-pass relies on epa-file being enabled, J.P., 2023/12/21
- bug#67937: 30.0.50; auth-source-pass relies on epa-file being enabled, Arsen Arsenović, 2023/12/21
- bug#67937: 30.0.50; auth-source-pass relies on epa-file being enabled, J.P., 2023/12/21
- bug#67937: 30.0.50; auth-source-pass relies on epa-file being enabled, Arsen Arsenović, 2023/12/22
- bug#67937: 30.0.50; auth-source-pass relies on epa-file being enabled, J.P., 2023/12/22
- bug#67937: 30.0.50; auth-source-pass relies on epa-file being enabled, Arsen Arsenović, 2023/12/22
- bug#67937: 30.0.50; auth-source-pass relies on epa-file being enabled, Michael Albinus, 2023/12/22
- bug#67937: 30.0.50; auth-source-pass relies on epa-file being enabled, J.P., 2023/12/22