feat(auth): Improve GPG authentication with loopback pinentry mode

Configure EPG to use minibuffer for password prompts rather than
external agents, removing the complex retry mechanism previously
needed to handle authentication failures.

2 files changed, 8 insertions, 50 deletions

diff --git a/modules/ai-config.el b/modules/ai-config.el
index d1739377..18c1e8cb 100644
--- a/modules/ai-config.el
+++ b/modules/ai-config.el
@@ -45,9 +45,6 @@
       (with-current-buffer buffer
         (goto-char (point-max))))))
 
-;; retry if authinfo.gpg authentication fails
-(advice-add 'cj/toggle-gptel :before #'cj/ensure-auth-before)
-
 ;; ------------------------- GPTel Config And AI-Keymap ------------------------
 
 (defvar ai-keymap
diff --git a/modules/auth-config.el b/modules/auth-config.el
index 5dbce2ef..87b10e8b 100644
--- a/modules/auth-config.el
+++ b/modules/auth-config.el
@@ -21,62 +21,23 @@
 ;; auth sources settings
 
 (use-package auth-source
-  :ensure nil                   ;; built in
-  :demand t                     ;; load this package immediately
+  :ensure nil                           ;; built in
+  :demand t                             ;; load this package immediately
   :config
-  (setq auth-sources `(,authinfo-file))
-  (setenv "GPG_AGENT_INFO" nil) ;; emacs use internal prompt, not gpg agent
-  (setq auth-source-debug t))   ;; echo debug info to Messages
+  (setenv "GPG_AGENT_INFO" nil)         ;; disassociate with external gpg agent
+  (setq auth-sources `(,authinfo-file)) ;; use authinfo.gpg (see user-constants.el)
+  (setq auth-source-debug t))           ;; echo debug info to Messages
 
 ;; ----------------------------- Easy PG Assistant -----------------------------
 ;; Key management, cryptographic operations on regions and files, dired
 ;; integration, and automatic encryption/decryption of *.gpg files.
 
 (use-package epa
-  :ensure nil                    ;; built-in
+  :ensure nil                        ;; built-in
   :defer .5
   :config
-  (setq epg-gpg-program "gpg2")) ;; force use gpg2 (not gpg v.1)
-
-;; ----------------------------- Ensure-Auth-Before ----------------------------
-
-(defun cj/ensure-auth-before (&rest _args)
-  "Ensure .authinfo.gpg is unlocked before calling the real function."
-  (cj/ensure-auth))
-
-(defun cj/ensure-auth ()
-  "Make sure .authinfo.gpg is decrypted (loops on failure)."
-  (interactive)
-  (auth-source-search :max 1))
-
-(with-eval-after-load 'auth-source
-  (defun cj/auth-source-search-retry (orig-fun &rest args)
-    "Advice around `auth-source-search' to loop until we get non-nil."
-    (let (res)
-      (while (not (setq res (apply orig-fun args)))
-        ;; user hit RET or wrong passphrase → kill agent & retry
-        (message "Auth failed or cancelled; killing gpg-agent and retrying…")
-        (start-process "gpgconf-kill-gpg-agent" nil
-                       "gpgconf" "--kill" "gpg-agent")
-        (sleep-for 0.5))
-      res))
-
-  (advice-add 'auth-source-search :around #'cj/auth-source-search-retry))
-
-;; Example: run it before your GPT toggle
-;;(advice-add 'cj/toggle-gptel :before #'cj/ensure-auth-before)
-
-;; Example: before mu4e actually sends a message
-;;(advice-add 'smtpmail-send-it    ; or `mu4e~proc-send` if you prefer
-;;            :before #'cj/ensure-auth-before)
-
-;; Example: before Tramp prompts for a password
-;; (advice-add 'tramp-read-passwd   ; wherever Tramp reads your passphrase
-;;             :before #'cj/ensure-auth-before)
-
-;; ;; Example: before Dirvish opens a remote directory
-;; (advice-add 'dirvish-find-file    ; or the exact entry-point you use
-;;             :before #'cj/ensure-auth-before)
+  (setq epg-gpg-program "gpg2"))     ;; force use gpg2 (not gpg v.1)
+  (setq epg-pinentry-mode 'loopback) ;; emacs request passwords in minibuffer
 
 
 (provide 'auth-config)