OK, I think I figured out what's going on. The closure used in
`auth-source-secrets-create` relies on lexical binding, which is present in
`auth-source.el` because of the `lexical-binding: t` at the top of the
file. It isn't present in my init file, which is where I had copied the new
version of `auth-source-secrets-create`. So, yes, it was user error and had
to do with how I patched things. I think everything works now, thanks again
for humoring me!
Ethan
On Fri, Jun 21, 2024 at 10:10 AM Michael Albinus <michael.albi...@gmx.de>
wrote:
> Ethan Glasser-Camp <ethan.glasser.c...@gmail.com> writes:
>
> > Hi Michael,
>
> Hi Ethan,
>
> > this patch makes more sense to me, thanks! I guess this
> > means that the entries with `root@black-diamond` are sort of
> > deprecated and I should be trying to move to `ethan@black-diamond`
> > entries instead.
>
> You could keep them or you could remove them. They should simply be
> ignored, because "root@..." does not match your use case.
>
> > I was able to use this patch successfully once, with a moved-aside .
> > emacs.d. I was asked for a password for `ethan@black-diamond` , then I
> > was asked for a label, and then I was asked whether I wanted to save
> > it to my keyring.
>
> And then? Was it added to your "Login" keyring?
>
> > However, at first, with my normal .emacs.d and without the
> > `ethan@black-diamond` entry being present, I was asked for a password
> > for `ethan@black-diamond`, and then I was asked for a label, and then
> > I was asked again for a password. It didn't seem to create an entry in
> > my "Login" keyring.
>
> Are you sure you gave the proper password? This scenario looks rather
> like there was a wrong password, and auth-source has asked, again. But
> in this case it doesn't save the password, IIRC.
>
> > I got kinda sucked in to trying to debug this (even removing the
> > `ethan@black-diamond` entry even though it did get created
> > successfully once). I deleted the `ethan@black-diamond` entry from my
> > keyring, and then tried again with the moved-aside .emacs.d, but.. I
> > couldn't get it to work properly again!
> >
> > It looks like tramp is trying to get the secret from auth-source, then
> > hitting an error condition, and then falling back to the
> > `password-read` function.
>
> Yes. This is the fallback.
>
> > By adding a bunch of debugging output, and removing the
> > `ignore-errors` call in `tramp-read-passwd`, I was able to retrieve
> > the error message `Symbol’s value as variable is void: data`. As best
> > as I can tell, it seems to be the closure around the secret in
> > `auth-source-secrets-create`:
> >
> > ```
> > (when data
> > (setq artificial (plist-put artificial
> > (auth-source--symbol-keyword r)
> > (if (eq r 'secret)
> > (let ((data data))
> > (lambda () data))
> > data))))
> > ```
> >
> > I'm not really clear why this wouldn't work. Maybe it's user error?
> > I'm not sure if I'm supposed to byte-compile the function or
> > something.
>
> I cannot reproduce this. However, I don't know how you did patch and
> recompile auth-source.el. Perhaps we should agree to test with the same
> codebase, see below.
>
> > (My current debugging setup is to `rm -rf .emacs.d', then `emacs`,
> > then open up a file called `tmp.el` that starts with:
> >
> > ```
> > (require 'secrets)
> > (require 'tramp)
> > (require 'auth-source)
> >
> > (setq auth-sources '("secrets:Login"))
> > (setq auth-source-debug t
> > auth-source-save-behavior 'ask
> > tramp-verbose 7
> > secrets-debug t)
> > ```
>
> This still keeps the contents of your .emacs active, which I don't
> know. What I do is
>
> - Move .emacs to .emacs.sv
>
> - Create a new .emacs with the same contents as you have, plus (at the end)
>
> (auth-source-forget-all-cached)
>
> - Start 'emacs /sudo::'
>
> 1st run: secrets:Login does not contain root@gandalf or
> albinus@gandalf. I'm asked for the label and whether to create the
> entry. The directory is opened, and the entry albinus@gandalf is
> contained in the "login" keyring. *Messages* contains
>
> --8<---------------cut here---------------start------------->8---
> Tramp: Opening connection nil for root@gandalf using sudo...
> auth-source-search: found 0 results (max 1) matching (:max 1 :user
> "albinus" :host "gandalf" :port "sudo" :require (:secret :user) :create t)
> auth-source-search: found 0 results (max 1) matching (:max 1 :host
> "gandalf" :user "albinus" :port "sudo")
> auth-source-search: CREATED 1 results (max 1) matching (:max 1 :user
> "albinus" :host "gandalf" :port "sudo" :require (:secret :user) :create t)
> Save auth info to secrets collection Login? [y/n/N/?] y
> secrets-create-item: wrote 1 new item to Login
> Saved new authentication information to Login
> Tramp: Opening connection nil for root@gandalf using sudo...done
> --8<---------------cut here---------------end--------------->8---
>
> Fine. Close Emacs.
>
> 2nd run: secrets:Login contains albinus@gandalf. The directory opens w/o
> asking for a password. *Messages* contains
>
> --8<---------------cut here---------------start------------->8---
> Tramp: Opening connection nil for root@gandalf using sudo...
> auth-source-search: found 1 results (max 1) matching (:max 1 :user
> "albinus" :host "gandalf" :port "sudo" :require (:secret :user) :create t)
> Tramp: Opening connection nil for root@gandalf using sudo...done
> --8<---------------cut here---------------end--------------->8---
>
> Everything as it should.
>
> 3rd run: Delete "albinus@gandalf" in keyring "Login", and add (manually)
> "root@password". The same dialogue about creation like in 1st run, and
> *Messages* contains
>
> --8<---------------cut here---------------start------------->8---
> Tramp: Opening connection nil for root@gandalf using sudo...
> auth-source-search: found 0 results (max 1) matching (:max 1 :user
> "albinus" :host "gandalf" :port "sudo" :require (:secret :user) :create t)
> auth-source-search: found 0 results (max 1) matching (:max 1 :host
> "gandalf" :user "albinus" :port "sudo")
> auth-source-search: CREATED 1 results (max 1) matching (:max 1 :user
> "albinus" :host "gandalf" :port "sudo" :require (:secret :user) :create t)
> Save auth info to secrets collection Login? [y/n/N/?] y
> secrets-create-item: wrote 1 new item to Login
> Saved new authentication information to Login
> Tramp: Opening connection nil for root@gandalf using sudo...done
> --8<---------------cut here---------------end--------------->8---
>
> Everything as expected. The "Login" keyring contains both
> "albinus@gandalf" and "root@gandalf".
>
> 4th run: Keep both entries in the "Login" keyring. Exactly the same
> behavior as in the 2nd run (no question about the password, the
> directory opens). *Messages* contains
>
> --8<---------------cut here---------------start------------->8---
> Tramp: Opening connection nil for root@gandalf using sudo...
> auth-source-search: found 1 results (max 1) matching (:max 1 :user
> "albinus" :host "gandalf" :port "sudo" :require (:secret :user) :create t)
> Tramp: Opening connection nil for root@gandalf using sudo...done
> --8<---------------cut here---------------end--------------->8---
>
> So all 4 scenarios behave like expected.
>
> > ... and then continues with versions of functions like
> > `auth-source-secrets-create`, `auth-source-search`,
> > `auth-source-secrets-search`, `auth-source-secrets-saver`,
> > `tramp-read-passwd`, some of which I have hacked up to add debugging
> > output. I M-x eval-buffer this file and then C-x C-f /sudo:: RET.)
> >
> > By the way, since I started this thread, I updated NixOS and now I'm
> > using emacs 29.3, although I don't think that much has changed in this
> > version.
>
> Well, perhaps you shouldn't patch Tramp or auth-source.el in your Emacs
> 29.3 directory. Please download auth-source.el from the Emacs git
> (branch emacs-29), replace it in your lisp/ directory, and byte-compile
> this new file. Then you have almost the same versions I have used for
> testing. No other patch is needed.
>
> The recent file is located at <
> https://git.savannah.gnu.org/cgit/emacs.git/plain/lisp/auth-source.el?h=emacs-29
> >.
>
> > Ethan
>
> Best regards, Michael.
>
