bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

Allen Li
auth-source does not support saving secrets with the Secrets API
backend.  This reduces the usefulness of auth-source significantly
since keychains that provide secure secret storage using the API are
standard on many GNU/Linux distributions (e.g., gnome-keyring on
Ubuntu).

(auth-source-search :type 'secrets :max 1
                    :host "localhost"
                    :user "user"
                    :create '(secret user host))

Debugger entered--Lisp error: (cl-assertion-failed ((not create) "The
Secrets API auth-source backend doesn't support creation yet"))
  cl--assertion-failed((not create) "The Secrets API auth-source
backend doesn't support creation yet" nil nil)
  auth-source-secrets-search(:backend
[eieio-class-tag--auth-source-backend secrets "Login" t t t nil
auth-source-secrets-create auth-source-secrets-search] :type secrets
:max 1 :require nil :create (secret user host) :delete nil :type
secrets :max 1 :host "localhost" :user "user" :create (secret user
host))
  apply(auth-source-secrets-search :backend
[eieio-class-tag--auth-source-backend secrets "Login" t t t nil
auth-source-secrets-create auth-source-secrets-search] :type secrets
:max 1 :require nil :create (secret user host) :delete nil (:type
secrets :max 1 :host "localhost" :user "user" :create (secret user
host)))
  auth-source-search-backends(([eieio-class-tag--auth-source-backend
secrets "Login" t t t nil auth-source-secrets-create
auth-source-secrets-search]) (:type secrets :max 1 :host "localhost"
:user "user" :create (secret user host)) 1 (secret user host) nil nil)
  auth-source-search(:type secrets :max 1 :host "localhost" :user
"user" :create (secret user host))
  eval((auth-source-search :type (quote secrets) :max 1 :host
"localhost" :user "user" :create (quote (secret user host))) nil)
  elisp--eval-last-sexp(nil)
  eval-last-sexp(nil)
  funcall-interactively(eval-last-sexp nil)
  #<subr call-interactively>(eval-last-sexp nil nil)
  apply(#<subr call-interactively> eval-last-sexp (nil nil))
  call-interactively@ido-cr+-record-current-command(#<subr
call-interactively> eval-last-sexp nil nil)
  apply(call-interactively@ido-cr+-record-current-command #<subr
call-interactively> (eval-last-sexp nil nil))
  call-interactively(eval-last-sexp nil nil)
  command-execute(eval-last-sexp)



Reply | Threaded
Open this post in threaded view
|

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

Michael Albinus
Allen Li <[hidden email]> writes:

Hi Allen,

> auth-source does not support saving secrets with the Secrets API
> backend.  This reduces the usefulness of auth-source significantly
> since keychains that provide secure secret storage using the API are
> standard on many GNU/Linux distributions (e.g., gnome-keyring on
> Ubuntu).

This was reported already some years ago on the emacs-help ML, see
<http://lists.gnu.org/archive/html/help-gnu-emacs/2013-06/msg00361.html>. IIRC,
it wasn't trivial to implement, that's why it has lingered around on my
TODO since then.

See also `auth-source-secrets-create' in auth-source.el, which misses
its implementation. And you've got the error message "The Secrets API
auth-source backend doesn't support creation yet".

Since I am working on secrets.el these days anyway due to your other
report bug#29575, chances are good that I'll fix this, finally.

Best regards, Michael.



Reply | Threaded
Open this post in threaded view
|

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

Michael Albinus
Michael Albinus <[hidden email]> writes:

> Hi Allen,
>
>> auth-source does not support saving secrets with the Secrets API
>> backend.  This reduces the usefulness of auth-source significantly
>> since keychains that provide secure secret storage using the API are
>> standard on many GNU/Linux distributions (e.g., gnome-keyring on
>> Ubuntu).
>
> Since I am working on secrets.el these days anyway due to your other
> report bug#29575, chances are good that I'll fix this, finally.

I've implemented creation of secrets via the Secret Service API in
auth-source.el. Could you, pls, check?

I will add support for this into Tramp. It doesn't create yet items, for
any backend.

Deletion isn't implemented for any auth-source backend yet. So I haven't
done it for the Secret Service API either, and I don't plan it for next time.

Best regards, Michael.



Reply | Threaded
Open this post in threaded view
|

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

Allen Li-2
Thanks.  Currently I'm using Emacs 26 due to bugs in 27, so due to
various reasons it may take a few weeks for me to get around to trying
it.

On Fri, Apr 13, 2018 at 6:41 AM, Michael Albinus <[hidden email]> wrote:

> Michael Albinus <[hidden email]> writes:
>
>> Hi Allen,
>>
>>> auth-source does not support saving secrets with the Secrets API
>>> backend.  This reduces the usefulness of auth-source significantly
>>> since keychains that provide secure secret storage using the API are
>>> standard on many GNU/Linux distributions (e.g., gnome-keyring on
>>> Ubuntu).
>>
>> Since I am working on secrets.el these days anyway due to your other
>> report bug#29575, chances are good that I'll fix this, finally.
>
> I've implemented creation of secrets via the Secret Service API in
> auth-source.el. Could you, pls, check?
>
> I will add support for this into Tramp. It doesn't create yet items, for
> any backend.
>
> Deletion isn't implemented for any auth-source backend yet. So I haven't
> done it for the Secret Service API either, and I don't plan it for next time.
>
> Best regards, Michael.



Reply | Threaded
Open this post in threaded view
|

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

Michael Albinus
Allen Li <[hidden email]> writes:

Hi Allen,

> Thanks.  Currently I'm using Emacs 26 due to bugs in 27, so due to
> various reasons it may take a few weeks for me to get around to trying
> it.

No problem, take your time.

Best regards, Michael.