GNU bug report logs - #30246
25.2.50; auth-source does not support creation or deletion with secrets provider

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 30246 in the body.
You can then email your comments to 30246 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Allen Li <vianchielfaura <at> gmail.com>
To: bug-gnu-emacs <at> gnu.org
Subject: 25.2.50; auth-source does not support creation or deletion with
 secrets provider
Date: Wed, 24 Jan 2018 16:56:26 -0800

auth-source does not support saving secrets with the Secrets API
backend.  This reduces the usefulness of auth-source significantly
since keychains that provide secure secret storage using the API are
standard on many GNU/Linux distributions (e.g., gnome-keyring on
Ubuntu).

(auth-source-search :type 'secrets :max 1
                    :host "localhost"
                    :user "user"
                    :create '(secret user host))

Debugger entered--Lisp error: (cl-assertion-failed ((not create) "The
Secrets API auth-source backend doesn't support creation yet"))
  cl--assertion-failed((not create) "The Secrets API auth-source
backend doesn't support creation yet" nil nil)
  auth-source-secrets-search(:backend
[eieio-class-tag--auth-source-backend secrets "Login" t t t nil
auth-source-secrets-create auth-source-secrets-search] :type secrets
:max 1 :require nil :create (secret user host) :delete nil :type
secrets :max 1 :host "localhost" :user "user" :create (secret user
host))
  apply(auth-source-secrets-search :backend
[eieio-class-tag--auth-source-backend secrets "Login" t t t nil
auth-source-secrets-create auth-source-secrets-search] :type secrets
:max 1 :require nil :create (secret user host) :delete nil (:type
secrets :max 1 :host "localhost" :user "user" :create (secret user
host)))
  auth-source-search-backends(([eieio-class-tag--auth-source-backend
secrets "Login" t t t nil auth-source-secrets-create
auth-source-secrets-search]) (:type secrets :max 1 :host "localhost"
:user "user" :create (secret user host)) 1 (secret user host) nil nil)
  auth-source-search(:type secrets :max 1 :host "localhost" :user
"user" :create (secret user host))
  eval((auth-source-search :type (quote secrets) :max 1 :host
"localhost" :user "user" :create (quote (secret user host))) nil)
  elisp--eval-last-sexp(nil)
  eval-last-sexp(nil)
  funcall-interactively(eval-last-sexp nil)
  #<subr call-interactively>(eval-last-sexp nil nil)
  apply(#<subr call-interactively> eval-last-sexp (nil nil))
  call-interactively <at> ido-cr+-record-current-command(#<subr
call-interactively> eval-last-sexp nil nil)
  apply(call-interactively <at> ido-cr+-record-current-command #<subr
call-interactively> (eval-last-sexp nil nil))
  call-interactively(eval-last-sexp nil nil)
  command-execute(eval-last-sexp)

Message #8 received at 30246 <at> debbugs.gnu.org (full text, mbox):

From: Michael Albinus <michael.albinus <at> gmx.de>
To: Allen Li <vianchielfaura <at> gmail.com>
Cc: 30246 <at> debbugs.gnu.org
Subject: Re: bug#30246: 25.2.50;
 auth-source does not support creation or deletion with secrets
 provider
Date: Thu, 25 Jan 2018 11:11:20 +0100

Allen Li <vianchielfaura <at> gmail.com> writes:

Hi Allen,

> auth-source does not support saving secrets with the Secrets API
> backend.  This reduces the usefulness of auth-source significantly
> since keychains that provide secure secret storage using the API are
> standard on many GNU/Linux distributions (e.g., gnome-keyring on
> Ubuntu).

This was reported already some years ago on the emacs-help ML, see
<http://lists.gnu.org/archive/html/help-gnu-emacs/2013-06/msg00361.html>. IIRC,
it wasn't trivial to implement, that's why it has lingered around on my
TODO since then.

See also `auth-source-secrets-create' in auth-source.el, which misses
its implementation. And you've got the error message "The Secrets API
auth-source backend doesn't support creation yet".

Since I am working on secrets.el these days anyway due to your other
report bug#29575, chances are good that I'll fix this, finally.

Best regards, Michael.

Message #11 received at 30246 <at> debbugs.gnu.org (full text, mbox):

From: Michael Albinus <michael.albinus <at> gmx.de>
To: Allen Li <vianchielfaura <at> gmail.com>
Cc: 30246 <at> debbugs.gnu.org
Subject: Re: bug#30246: 25.2.50;
 auth-source does not support creation or deletion with secrets
 provider
Date: Fri, 13 Apr 2018 15:41:10 +0200

Michael Albinus <michael.albinus <at> gmx.de> writes:

> Hi Allen,
>
>> auth-source does not support saving secrets with the Secrets API
>> backend.  This reduces the usefulness of auth-source significantly
>> since keychains that provide secure secret storage using the API are
>> standard on many GNU/Linux distributions (e.g., gnome-keyring on
>> Ubuntu).
>
> Since I am working on secrets.el these days anyway due to your other
> report bug#29575, chances are good that I'll fix this, finally.

I've implemented creation of secrets via the Secret Service API in
auth-source.el. Could you, pls, check?

I will add support for this into Tramp. It doesn't create yet items, for
any backend.

Deletion isn't implemented for any auth-source backend yet. So I haven't
done it for the Secret Service API either, and I don't plan it for next time.

Best regards, Michael.

Message #14 received at 30246 <at> debbugs.gnu.org (full text, mbox):

From: Allen Li <darkfeline <at> felesatra.moe>
To: Michael Albinus <michael.albinus <at> gmx.de>
Cc: Allen Li <vianchielfaura <at> gmail.com>, 30246 <at> debbugs.gnu.org
Subject: Re: bug#30246: 25.2.50; auth-source does not support creation or
 deletion with secrets provider
Date: Sun, 15 Apr 2018 18:51:17 -0700

Thanks.  Currently I'm using Emacs 26 due to bugs in 27, so due to
various reasons it may take a few weeks for me to get around to trying
it.

On Fri, Apr 13, 2018 at 6:41 AM, Michael Albinus <michael.albinus <at> gmx.de> wrote:
> Michael Albinus <michael.albinus <at> gmx.de> writes:
>
>> Hi Allen,
>>
>>> auth-source does not support saving secrets with the Secrets API
>>> backend.  This reduces the usefulness of auth-source significantly
>>> since keychains that provide secure secret storage using the API are
>>> standard on many GNU/Linux distributions (e.g., gnome-keyring on
>>> Ubuntu).
>>
>> Since I am working on secrets.el these days anyway due to your other
>> report bug#29575, chances are good that I'll fix this, finally.
>
> I've implemented creation of secrets via the Secret Service API in
> auth-source.el. Could you, pls, check?
>
> I will add support for this into Tramp. It doesn't create yet items, for
> any backend.
>
> Deletion isn't implemented for any auth-source backend yet. So I haven't
> done it for the Secret Service API either, and I don't plan it for next time.
>
> Best regards, Michael.

Message #17 received at 30246 <at> debbugs.gnu.org (full text, mbox):

From: Michael Albinus <michael.albinus <at> gmx.de>
To: Allen Li <darkfeline <at> felesatra.moe>
Cc: Allen Li <vianchielfaura <at> gmail.com>, 30246 <at> debbugs.gnu.org
Subject: Re: bug#30246: 25.2.50;
 auth-source does not support creation or deletion with secrets
 provider
Date: Mon, 16 Apr 2018 08:44:29 +0200

Allen Li <darkfeline <at> felesatra.moe> writes:

Hi Allen,

> Thanks.  Currently I'm using Emacs 26 due to bugs in 27, so due to
> various reasons it may take a few weeks for me to get around to trying
> it.

No problem, take your time.

Best regards, Michael.

Message #20 received at 30246 <at> debbugs.gnu.org (full text, mbox):

From: Michael Albinus <michael.albinus <at> gmx.de>
To: Allen Li <vianchielfaura <at> gmail.com>
Cc: 30246 <at> debbugs.gnu.org
Subject: Re: bug#30246: 25.2.50;
 auth-source does not support creation or deletion with secrets
 provider
Date: Mon, 23 Apr 2018 10:43:38 +0200

Michael Albinus <michael.albinus <at> gmx.de> writes:

Hi Allen,

> I've implemented creation of secrets via the Secret Service API in
> auth-source.el. Could you, pls, check?
>
> I will add support for this into Tramp. It doesn't create yet items, for
> any backend.

That's done now.

Best regards, Michael.

Message #25 received at 30246 <at> debbugs.gnu.org (full text, mbox):

From: Michael Albinus <michael.albinus <at> gmx.de>
To: Allen Li <darkfeline <at> felesatra.moe>
Cc: Allen Li <vianchielfaura <at> gmail.com>, 30246 <at> debbugs.gnu.org
Subject: Re: bug#30246: 25.2.50;
 auth-source does not support creation or deletion with secrets
 provider
Date: Wed, 05 Sep 2018 10:57:42 +0200

Allen Li <darkfeline <at> felesatra.moe> writes:

Hi Allen,

> Thanks.  Currently I'm using Emacs 26 due to bugs in 27, so due to
> various reasons it may take a few weeks for me to get around to trying
> it.

Could you test it by any chance in Emacs 27? If not, I'll close the
bug. You could still report later if it doesn't work as expected.

Best regards, Michael.

Message #28 received at 30246 <at> debbugs.gnu.org (full text, mbox):

From: Allen Li <darkfeline <at> felesatra.moe>
To: Michael Albinus <michael.albinus <at> gmx.de>
Cc: Allen Li <vianchielfaura <at> gmail.com>, 30246 <at> debbugs.gnu.org
Subject: Re: bug#30246: 25.2.50; auth-source does not support creation or
 deletion with secrets provider
Date: Sat, 8 Sep 2018 16:51:19 -0700

On Wed, Sep 5, 2018 at 1:57 AM Michael Albinus <michael.albinus <at> gmx.de> wrote:
>
> Could you test it by any chance in Emacs 27? If not, I'll close the
> bug. You could still report later if it doesn't work as expected.

It looks like secret creation works now, however I can't seem to
retrieve the secret.  I can file a separate bug for that if you want.

(auth-source-search :host "example.com" :user "bob" :secret "password"
:create t)

After calling the returned save function, I can confirm that the
secret is created:

$ secret-tool search --all --unlock host example.com user bob
[/org/freedesktop/secrets/collection/login/484]
label = bob <at> example.com
secret = password
created = 2018-09-08 23:35:47
modified = 2018-09-08 23:35:47
schema = org.freedesktop.Secret.Generic
attribute.host = example.com
attribute.user = bob

However I cannot seem to retrieve it using auth-source:

(auth-source-search :host "example.com" :user "bob")
nil

Also, deletion still isn't supported:

(auth-source-delete :host "example.com" :user "bob")
(cl-assertion-failed ((not delete) "The Secrets API auth-source
backend doesn't suppor..."))

>
> Best regards, Michael.

Message #31 received at 30246 <at> debbugs.gnu.org (full text, mbox):

From: Michael Albinus <michael.albinus <at> gmx.de>
To: Allen Li <darkfeline <at> felesatra.moe>
Cc: Allen Li <vianchielfaura <at> gmail.com>, 30246 <at> debbugs.gnu.org
Subject: Re: bug#30246: 25.2.50;
 auth-source does not support creation or deletion with secrets
 provider
Date: Tue, 11 Sep 2018 12:26:01 +0200

Allen Li <darkfeline <at> felesatra.moe> writes:

Hi Allen,

>> Could you test it by any chance in Emacs 27? If not, I'll close the
>> bug. You could still report later if it doesn't work as expected.
>
> It looks like secret creation works now, however I can't seem to
> retrieve the secret.  I can file a separate bug for that if you want.

Yes, please do. Because:

> (auth-source-search :host "example.com" :user "bob" :secret "password"
> :create t)
>
> After calling the returned save function, I can confirm that the
> secret is created:
>
> $ secret-tool search --all --unlock host example.com user bob
> [/org/freedesktop/secrets/collection/login/484]
> label = bob <at> example.com
> secret = password
> created = 2018-09-08 23:35:47
> modified = 2018-09-08 23:35:47
> schema = org.freedesktop.Secret.Generic
> attribute.host = example.com
> attribute.user = bob
>
> However I cannot seem to retrieve it using auth-source:
>
> (auth-source-search :host "example.com" :user "bob")
> nil

I could reproduce it locally. And I could reproduce it also with another
backend, "~/.authinfo". However, if I start a new Emacs session,

(auth-source-search :host "example.com" :user "bob")

returns a valid result. Don't know whether this is a bug or a feature; I
let it to you to decide how to handle. The original bug in this report
("auth-source does not support creation with secrets provider") seems to
be solved, so I'd like to close this.

> Also, deletion still isn't supported:
>
> (auth-source-delete :host "example.com" :user "bob")
> (cl-assertion-failed ((not delete) "The Secrets API auth-source
> backend doesn't suppor..."))

Yes. But deletion is not supported by any auth-source backend. So I
would prefer if we handle this in another bug report, if the
functionality is missing for you.

To be honest, I'm undecided whether deletion makes sense in auth-source.

Best regards, Michael.

Message #36 received at 30246-done <at> debbugs.gnu.org (full text, mbox):

From: Michael Albinus <michael.albinus <at> gmx.de>
To: Allen Li <darkfeline <at> felesatra.moe>
Cc: Allen Li <vianchielfaura <at> gmail.com>, 30246-done <at> debbugs.gnu.org
Subject: Re: bug#30246: 25.2.50;
 auth-source does not support creation or deletion with secrets
 provider
Date: Thu, 13 Sep 2018 16:09:54 +0200

Version: 27.1

Michael Albinus <michael.albinus <at> gmx.de> writes:

Hi Allen,

>>> Could you test it by any chance in Emacs 27? If not, I'll close the
>>> bug. You could still report later if it doesn't work as expected.
>>
>> It looks like secret creation works now, however I can't seem to
>> retrieve the secret.  I can file a separate bug for that if you want.
>
> Yes, please do.

There's now bug#32725 for that problem. I'm closing this bug, therefore.

Best regards, Michael.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.