Gnus and pgp
Richard Riley
I just wonder how many of you were using pgp and something like
gupg-agent?
I was having terrible connection problems for ages with a set up like
this:
,----
| (require 'auth-source)
| (require 'epa-file)
| (setq epa-file-cache-passphrase-for-symmetric-encryption t) ;;VERY Important
| (if (file-exists-p "~/.authinfo")
| (setq auth-sources '((:source "~/.authinfo" :host t :protocol t)))
| (setq auth-sources '((:source "~/.authinfo.gpg" :host t :protocol t))))
| (setq
| mml2015-encrypt-to-self t
| mml2015-cache-passphrase t
| mml2015-passphrase-cache-expiry 60000
| mml2015-verbose t)
`----
When using the .gpg, hard to pinpoint but constant refusals to connect
to a server (nntp) when doing a refresh or even starting Gnus for the first
time. Often quitting gnus and then restarting fixed it. I know the
default above is .authinfo as that is my set up now (I just recreated
the .authinfo from the .gpg file) and all connection issues vanished.
Is anyone else here using the epa stuff with more success? Can you share
your setup? I would love to use the (chmodded) .authinfo and replace
with a .gpg but it doesn't seem very stable with my set up above.
I know the agent was running fine.
Emacs 23 in Debian backports.
Ted Zlatanov
RR> I just wonder how many of you were using pgp and something like
RR> gupg-agent?
RR> I was having terrible connection problems for ages with a set up like
RR> this:
RR> ,----
RR> | (require 'auth-source)
RR> | (require 'epa-file)
RR> | (setq epa-file-cache-passphrase-for-symmetric-encryption t) ;;VERY Important
RR> | (if (file-exists-p "~/.authinfo")
RR> | (setq auth-sources '((:source "~/.authinfo" :host t :protocol t)))
RR> | (setq auth-sources '((:source "~/.authinfo.gpg" :host t :protocol t))))
RR> | (setq
RR> | mml2015-encrypt-to-self t
RR> | mml2015-cache-passphrase t
RR> | mml2015-passphrase-cache-expiry 60000
RR> | mml2015-verbose t)
RR> `----
RR> When using the .gpg, hard to pinpoint but constant refusals to connect
RR> to a server (nntp) when doing a refresh or even starting Gnus for the first
RR> time. Often quitting gnus and then restarting fixed it. I know the
RR> default above is .authinfo as that is my set up now (I just recreated
RR> the .authinfo from the .gpg file) and all connection issues vanished.
RR> Is anyone else here using the epa stuff with more success? Can you share
RR> your setup? I would love to use the (chmodded) .authinfo and replace
RR> with a .gpg but it doesn't seem very stable with my set up above.
RR> I know the agent was running fine.
I don't use the GnuPG agent, I just cache the passphrase locally. It
works perfectly for me with heavy daily usage. Can you try that (set
GPG_AGENT_INFO=none) and see if it works for you?
Ted
Richard Riley
I wasn't aware you could do that! Works reliably now indicating an issue
with emacs talking to the agent.
Richard Riley
Works fine now with your suggestion. But now I am confused as to how to
correctly set this up. Do I still need to to set (nntp-authinfo-file
"~/.authinfo.gpg") for each secondary select method call? And if so,
where doe the epa set up come in? If you could explain how it fits
together that would be great.
e.g I have now
(require 'auth-source)
(require 'epa-file)
(setq epa-file-cache-passphrase-for-symmetric-encryption t) ;;VERY Important
(if (file-exists-p "~/.authinfo.gpg")
(setq auth-sources '((:source "~/.authinfo.gpg" :host t :protocol t)))
(setq auth-sources '((:source "~/.authinfo" :host t :protocol t))))
(setq
mml2015-encrypt-to-self t
mml2015-cache-passphrase t
mml2015-passphrase-cache-expiry 60000
mml2015-verbose t)
(add-to-list 'gnus-secondary-select-methods
'(nntp "motzarella"
(nntp-address "news.eternal-september.org")
(nntp-authinfo-file "~/.authinfo.gpg")
(nntp-port-number 119)
)
)
so I am wondering where the auth-sources fits in now?
Ted Zlatanov
RR> I wasn't aware you could do that! Works reliably now indicating an issue
RR> with emacs talking to the agent.
Since EPA is part of Emacs proper, you should file a bug. I know it's
not easy to repeat the bug but it certainly seems annoying.
On Wed, 02 Dec 2009 20:20:44 +0100 Richard Riley <riley...@gmail.com> wrote:
RR> Works fine now with your suggestion. But now I am confused as to how to
RR> correctly set this up. Do I still need to to set (nntp-authinfo-file
RR> "~/.authinfo.gpg") for each secondary select method call? And if so,
RR> where doe the epa set up come in? If you could explain how it fits
RR> together that would be great.
I set the authinfo file globally, with just auth-sources. I don't set
it per select method. You can, but the effect will be different and I
don't know for sure it will work correctly.
When you load EPG/EPA (I forget the exact package demarkation) a handler
is set up for .gpg files *by default* (you can change that). When you
open or save such a file, it's automatically decoded or encoded by the
EPG/EPA handlers. All of this is outside Gnus. So specifying a .gpg
file for auth-sources is no different than a regular file.
Ted
Richard Riley
> On Wed, 02 Dec 2009 20:08:11 +0100 Richard Riley <riley...@gmail.com> wrote:
>
> RR> I wasn't aware you could do that! Works reliably now indicating an issue
> RR> with emacs talking to the agent.
>
> Since EPA is part of Emacs proper, you should file a bug. I know it's
> not easy to repeat the bug but it certainly seems annoying.
>
> On Wed, 02 Dec 2009 20:20:44 +0100 Richard Riley <riley...@gmail.com> wrote:
>
> RR> Works fine now with your suggestion. But now I am confused as to how to
> RR> correctly set this up. Do I still need to to set (nntp-authinfo-file
> RR> "~/.authinfo.gpg") for each secondary select method call? And if so,
> RR> where doe the epa set up come in? If you could explain how it fits
> RR> together that would be great.
>
> I set the authinfo file globally, with just auth-sources. I don't set
> it per select method. You can, but the effect will be different and I
> don't know for sure it will work correctly.
Without specifying (nntp-authinfo-file "~/.authinfo.gpg")
in my secondary methods it does not connect :-(
But just to confirm : with no such line gnus should use the
auth-sources?
>
> When you load EPG/EPA (I forget the exact package demarkation) a handler
> is set up for .gpg files *by default* (you can change that). When you
> open or save such a file, it's automatically decoded or encoded by the
> EPG/EPA handlers. All of this is outside Gnus. So specifying a .gpg
> file for auth-sources is no different than a regular file.
>
> Ted
--
Ted Zlatanov
RR> Ted Zlatanov <t...@lifelogs.com> writes:
>> On Wed, 02 Dec 2009 20:08:11 +0100 Richard Riley <riley...@gmail.com> wrote:
>>
RR> I wasn't aware you could do that! Works reliably now indicating an issue
RR> with emacs talking to the agent.
>>
>> Since EPA is part of Emacs proper, you should file a bug. I know it's
>> not easy to repeat the bug but it certainly seems annoying.
>>
>> On Wed, 02 Dec 2009 20:20:44 +0100 Richard Riley <riley...@gmail.com> wrote:
>>
RR> Works fine now with your suggestion. But now I am confused as to how to
RR> correctly set this up. Do I still need to to set (nntp-authinfo-file
RR> "~/.authinfo.gpg") for each secondary select method call? And if so,
RR> where doe the epa set up come in? If you could explain how it fits
RR> together that would be great.
>>
>> I set the authinfo file globally, with just auth-sources. I don't set
>> it per select method. You can, but the effect will be different and I
>> don't know for sure it will work correctly.
RR> Without specifying (nntp-authinfo-file "~/.authinfo.gpg")
RR> in my secondary methods it does not connect :-(
RR> But just to confirm : with no such line gnus should use the
RR> auth-sources?
Yes. It works for me with just setting auth-sources so you're either
using different libraries from me or your configuration is different.
Do you know ELisp well enough to debug the problem?
Ted
Richard Riley
I'm using the debian testing emacs 23.
I'll have a crack at debugging it some time next week.
Richard Riley
btw, just looked again
(setq gnus-select-method '(nnimap "mymail"
(nnimap-stream tls)
(nnimap-address "myserver.net")
(nnimap-expunge-on-close always)
(nnimap-authinfo-file "~/.authinfo.gpg")
(nnimap-nov-is-evil nil)
(nnir-search-engine imap)))
if I remove the nnimap-authinfo line it most definitely does not default
to auth-sources. it prompts me for a user and a password. my authsources
set up is
(require 'auth-source)
(require 'epa-file)
(setq epa-file-cache-passphrase-for-symmetric-encryption t) ;;VERY Important
(if (file-exists-p "~/.authinfo.gpg")
(setq auth-sources '((:source "~/.authinfo.gpg" :host t :protocol t)))
(setq auth-sources '((:source "~/.authinfo" :host t :protocol t))))
emacs 23 (with accompanying gnus).
Richard Riley
With the latest emacs build in debian testing, I came back to this. It
100% does not work for me unless I specifically set the authinfo file
for each select method. My set up includes this:
,----
| (require 'epa-file)
| (epa-file-enable)
| (setq epa-file-cache-passphrase-for-symmetric-encryption t) ;;VERY Important
| (if (file-exists-p "~/.authinfo.gpg")
| (setq auth-sources '((:source "~/.authinfo.gpg" :host t :protocol t)))
| (setq auth-sources '((:source "~/.authinfo" :host t :protocol t))))
| (setq
| mml2015-encrypt-to-self t
| mml2015-cache-passphrase t
| mml2015-passphrase-cache-expiry 60000
| mml2015-verbose t)
|
|
|
| (setq gnus-select-method '(nnimap "mymail"
| (nnimap-stream tls)
| (nnimap-address "richardriley.net")
| (nnimap-expunge-on-close always)
| ;; (nnimap-authinfo-file "~/.authinfo.gpg")
| (nnimap-nov-is-evil nil)
| (nnir-search-engine imap)))
|
| (add-to-list 'gnus-secondary-select-methods
| '(nntp "motzarella"
| (nntp-address "news.eternal-september.org")
| (nntp-port-number 119)
| ;; (nntp-authinfo-file "~/.authinfo.gpg")
| )
| )
`----
With the authinfo lines commented out as above I get prompted for user
id and password for the imap server.
What am I missing?
regards
r.
Ted Zlatanov
RR> ,----
RR> | (require 'epa-file)
RR> | (epa-file-enable)
RR> | (setq epa-file-cache-passphrase-for-symmetric-encryption t) ;;VERY Important
RR> | (if (file-exists-p "~/.authinfo.gpg")
RR> | (setq auth-sources '((:source "~/.authinfo.gpg" :host t :protocol t)))
RR> | (setq auth-sources '((:source "~/.authinfo" :host t :protocol t))))
RR> | (setq
RR> | mml2015-encrypt-to-self t
RR> | mml2015-cache-passphrase t
RR> | mml2015-passphrase-cache-expiry 60000
RR> | mml2015-verbose t)
RR> |
RR> |
RR> |
RR> | (setq gnus-select-method '(nnimap "mymail"
RR> | (nnimap-stream tls)
RR> | (nnimap-address "richardriley.net")
RR> | (nnimap-expunge-on-close always)
RR> | ;; (nnimap-authinfo-file "~/.authinfo.gpg")
RR> | (nnimap-nov-is-evil nil)
RR> | (nnir-search-engine imap)))
RR> |
RR> | (add-to-list 'gnus-secondary-select-methods
RR> | '(nntp "motzarella"
RR> | (nntp-address "news.eternal-september.org")
RR> | (nntp-port-number 119)
RR> | ;; (nntp-authinfo-file "~/.authinfo.gpg")
RR> | )
RR> | )
RR> `----
RR> With the authinfo lines commented out as above I get prompted for user
RR> id and password for the imap server.
Let's debug it. Run the following in a clean (emacs -q) instance:
(require 'epa-file)
(require 'auth-source)
(require 'cl)
(epa-file-enable)
(setq auth-source-debug t ; use `message' to log messages
epa-file-cache-passphrase-for-symmetric-encryption t
auth-sources '((:source "~/.authinfo.gpg" :host t :protocol t)))
(auth-source-user-or-password "login" "richardriley.net" "imap")
What does the last call return (should be your login name)? What's in
*Messages*?
Thanks
Ted
Richard Riley
> Let's debug it. Run the following in a clean (emacs -q) instance:
>
> (require 'epa-file)
> (require 'auth-source)
> (require 'cl)
> (epa-file-enable)
> (setq auth-source-debug t ; use `message' to log messages
> epa-file-cache-passphrase-for-symmetric-encryption t
> auth-sources '((:source "~/.authinfo.gpg" :host t :protocol t)))
> (auth-source-user-or-password "login" "richardriley.net" "imap")
>
> What does the last call return (should be your login name)? What's in
> *Messages*?
>
> Thanks
> Ted
It returns my login name ok.
*Messages* just has
auth-source-user-or-password: found (login)=(shamrock) for richardriley.net (imap)
"shamrock"
I also got prompted for a symmetric password to unlock the authinfo.gpg
Note that my login name for the remote host is, in this case, the same
as my local login id.
Ted Zlatanov
RR> Ted Zlatanov <t...@lifelogs.com> writes:
>> Let's debug it. Run the following in a clean (emacs -q) instance:
>>
>> (require 'epa-file)
>> (require 'auth-source)
>> (require 'cl)
>> (epa-file-enable)
>> (setq auth-source-debug t ; use `message' to log messages
>> epa-file-cache-passphrase-for-symmetric-encryption t
>> auth-sources '((:source "~/.authinfo.gpg" :host t :protocol t)))
>> (auth-source-user-or-password "login" "richardriley.net" "imap")
>>
>> What does the last call return (should be your login name)? What's in
>> *Messages*?
RR> It returns my login name ok.
RR> *Messages* just has
RR> auth-source-user-or-password: found (login)=(shamrock) for richardriley.net (imap)
RR> "shamrock"
RR> I also got prompted for a symmetric password to unlock the authinfo.gpg
RR> Note that my login name for the remote host is, in this case, the same
RR> as my local login id.
If this works, it should work for all other IMAP cases as well. Look at
nnimap.el, it has the same call in nnimap-open-connection. Can you try
the auth-source-user-or-password call inside your regular sessions
(instead of `emacs -q'), where auth-source.el doesn't work for you? Is
there something you see that might hint what the problem is?
Ted
Richard Riley
The issue was with nntp selects not other IMAPS as recall.
--
Google Talk : riley...@googlemail.com http://www.google.com/talk
Ted Zlatanov
RR> The issue was with nntp selects not other IMAPS as recall.
Can you try the call with "nntp" as the protocol and the right host name?
Ted
Richard Riley
Ted Zlatanov
OK, so your authinfo file doesn't match NNTP. Can you insert a line
without a port for that server and see if it returns the user name?
IOW,
machine richardriley.net login shamrock password XYZ
should specify that for richardriley.net, login "shamrock" is to be used
for all protocols. If that works, but
machine richardriley.net login shamrock password XYZ port nntp
does not work for the call
(auth-source-user-or-password "login" "richardriley.net" "nntp")
then we may have a bug I haven't seen before.
For all this testing, please make sure you're in emacs -q with only the
config above loaded.
Thanks
Ted