Ethan Glasser-Camp <ethan.glasser.c...@gmail.com> writes:
> Hi Michael,
Hi Ethan,
> this patch makes more sense to me, thanks! I guess this
> means that the entries with `root@black-diamond` are sort of
> deprecated and I should be trying to move to `ethan@black-diamond`
> entries instead.
You could keep them or you could remove them. They should simply be
ignored, because "root@..." does not match your use case.
> I was able to use this patch successfully once, with a moved-aside .
> emacs.d. I was asked for a password for `ethan@black-diamond` , then I
> was asked for a label, and then I was asked whether I wanted to save
> it to my keyring.
And then? Was it added to your "Login" keyring?
> However, at first, with my normal .emacs.d and without the
> `ethan@black-diamond` entry being present, I was asked for a password
> for `ethan@black-diamond`, and then I was asked for a label, and then
> I was asked again for a password. It didn't seem to create an entry in
> my "Login" keyring.
Are you sure you gave the proper password? This scenario looks rather
like there was a wrong password, and auth-source has asked, again. But
in this case it doesn't save the password, IIRC.
> I got kinda sucked in to trying to debug this (even removing the
> `ethan@black-diamond` entry even though it did get created
> successfully once). I deleted the `ethan@black-diamond` entry from my
> keyring, and then tried again with the moved-aside .emacs.d, but.. I
> couldn't get it to work properly again!
>
> It looks like tramp is trying to get the secret from auth-source, then
> hitting an error condition, and then falling back to the
> `password-read` function.
Yes. This is the fallback.
> By adding a bunch of debugging output, and removing the
> `ignore-errors` call in `tramp-read-passwd`, I was able to retrieve
> the error message `Symbol’s value as variable is void: data`. As best
> as I can tell, it seems to be the closure around the secret in
> `auth-source-secrets-create`:
>
> ```
> (when data
> (setq artificial (plist-put artificial
> (auth-source--symbol-keyword r)
> (if (eq r 'secret)
> (let ((data data))
> (lambda () data))
> data))))
> ```
>
> I'm not really clear why this wouldn't work. Maybe it's user error?
> I'm not sure if I'm supposed to byte-compile the function or
> something.
I cannot reproduce this. However, I don't know how you did patch and
recompile auth-source.el. Perhaps we should agree to test with the same
codebase, see below.
> (My current debugging setup is to `rm -rf .emacs.d', then `emacs`,
> then open up a file called `tmp.el` that starts with:
>
> ```
> (require 'secrets)
> (require 'tramp)
> (require 'auth-source)
>
> (setq auth-sources '("secrets:Login"))
> (setq auth-source-debug t
> auth-source-save-behavior 'ask
> tramp-verbose 7
> secrets-debug t)
> ```
This still keeps the contents of your .emacs active, which I don't
know. What I do is
- Move .emacs to .emacs.sv
- Create a new .emacs with the same contents as you have, plus (at the end)
(auth-source-forget-all-cached)
- Start 'emacs /sudo::'
1st run: secrets:Login does not contain root@gandalf or
albinus@gandalf. I'm asked for the label and whether to create the
entry. The directory is opened, and the entry albinus@gandalf is
contained in the "login" keyring. *Messages* contains
--8<---------------cut here---------------start------------->8---
Tramp: Opening connection nil for root@gandalf using sudo...
auth-source-search: found 0 results (max 1) matching (:max 1 :user "albinus"
:host "gandalf" :port "sudo" :require (:secret :user) :create t)
auth-source-search: found 0 results (max 1) matching (:max 1 :host "gandalf"
:user "albinus" :port "sudo")
auth-source-search: CREATED 1 results (max 1) matching (:max 1 :user "albinus"
:host "gandalf" :port "sudo" :require (:secret :user) :create t)
Save auth info to secrets collection Login? [y/n/N/?] y
secrets-create-item: wrote 1 new item to Login
Saved new authentication information to Login
Tramp: Opening connection nil for root@gandalf using sudo...done
--8<---------------cut here---------------end--------------->8---
Fine. Close Emacs.
2nd run: secrets:Login contains albinus@gandalf. The directory opens w/o
asking for a password. *Messages* contains
--8<---------------cut here---------------start------------->8---
Tramp: Opening connection nil for root@gandalf using sudo...
auth-source-search: found 1 results (max 1) matching (:max 1 :user "albinus"
:host "gandalf" :port "sudo" :require (:secret :user) :create t)
Tramp: Opening connection nil for root@gandalf using sudo...done
--8<---------------cut here---------------end--------------->8---
Everything as it should.
3rd run: Delete "albinus@gandalf" in keyring "Login", and add (manually)
"root@password". The same dialogue about creation like in 1st run, and
*Messages* contains
--8<---------------cut here---------------start------------->8---
Tramp: Opening connection nil for root@gandalf using sudo...
auth-source-search: found 0 results (max 1) matching (:max 1 :user "albinus"
:host "gandalf" :port "sudo" :require (:secret :user) :create t)
auth-source-search: found 0 results (max 1) matching (:max 1 :host "gandalf"
:user "albinus" :port "sudo")
auth-source-search: CREATED 1 results (max 1) matching (:max 1 :user "albinus"
:host "gandalf" :port "sudo" :require (:secret :user) :create t)
Save auth info to secrets collection Login? [y/n/N/?] y
secrets-create-item: wrote 1 new item to Login
Saved new authentication information to Login
Tramp: Opening connection nil for root@gandalf using sudo...done
--8<---------------cut here---------------end--------------->8---
Everything as expected. The "Login" keyring contains both
"albinus@gandalf" and "root@gandalf".
4th run: Keep both entries in the "Login" keyring. Exactly the same
behavior as in the 2nd run (no question about the password, the
directory opens). *Messages* contains
--8<---------------cut here---------------start------------->8---
Tramp: Opening connection nil for root@gandalf using sudo...
auth-source-search: found 1 results (max 1) matching (:max 1 :user "albinus"
:host "gandalf" :port "sudo" :require (:secret :user) :create t)
Tramp: Opening connection nil for root@gandalf using sudo...done
--8<---------------cut here---------------end--------------->8---
So all 4 scenarios behave like expected.
> ... and then continues with versions of functions like
> `auth-source-secrets-create`, `auth-source-search`,
> `auth-source-secrets-search`, `auth-source-secrets-saver`,
> `tramp-read-passwd`, some of which I have hacked up to add debugging
> output. I M-x eval-buffer this file and then C-x C-f /sudo:: RET.)
>
> By the way, since I started this thread, I updated NixOS and now I'm
> using emacs 29.3, although I don't think that much has changed in this
> version.
Well, perhaps you shouldn't patch Tramp or auth-source.el in your Emacs
29.3 directory. Please download auth-source.el from the Emacs git
(branch emacs-29), replace it in your lisp/ directory, and byte-compile
this new file. Then you have almost the same versions I have used for
testing. No other patch is needed.
The recent file is located at
<https://git.savannah.gnu.org/cgit/emacs.git/plain/lisp/auth-source.el?h=emacs-29>.
> Ethan
Best regards, Michael.
