From a9e18afb8847ccf5e8d4d3bb79c4bd7243e55674 Mon Sep 17 00:00:00 2001 From: Craig Jennings Date: Tue, 2 Sep 2025 12:32:37 -0500 Subject: feat(auth): Improve GPG authentication with loopback pinentry mode Configure EPG to use minibuffer for password prompts rather than external agents, removing the complex retry mechanism previously needed to handle authentication failures. --- modules/ai-config.el | 3 --- modules/auth-config.el | 55 ++++++++------------------------------------------ 2 files changed, 8 insertions(+), 50 deletions(-) (limited to 'modules') diff --git a/modules/ai-config.el b/modules/ai-config.el index d1739377..18c1e8cb 100644 --- a/modules/ai-config.el +++ b/modules/ai-config.el @@ -45,9 +45,6 @@ (with-current-buffer buffer (goto-char (point-max)))))) -;; retry if authinfo.gpg authentication fails -(advice-add 'cj/toggle-gptel :before #'cj/ensure-auth-before) - ;; ------------------------- GPTel Config And AI-Keymap ------------------------ (defvar ai-keymap diff --git a/modules/auth-config.el b/modules/auth-config.el index 5dbce2ef..87b10e8b 100644 --- a/modules/auth-config.el +++ b/modules/auth-config.el @@ -21,62 +21,23 @@ ;; auth sources settings (use-package auth-source - :ensure nil ;; built in - :demand t ;; load this package immediately + :ensure nil ;; built in + :demand t ;; load this package immediately :config - (setq auth-sources `(,authinfo-file)) - (setenv "GPG_AGENT_INFO" nil) ;; emacs use internal prompt, not gpg agent - (setq auth-source-debug t)) ;; echo debug info to Messages + (setenv "GPG_AGENT_INFO" nil) ;; disassociate with external gpg agent + (setq auth-sources `(,authinfo-file)) ;; use authinfo.gpg (see user-constants.el) + (setq auth-source-debug t)) ;; echo debug info to Messages ;; ----------------------------- Easy PG Assistant ----------------------------- ;; Key management, cryptographic operations on regions and files, dired ;; integration, and automatic encryption/decryption of *.gpg files. (use-package epa - :ensure nil ;; built-in + :ensure nil ;; built-in :defer .5 :config - (setq epg-gpg-program "gpg2")) ;; force use gpg2 (not gpg v.1) - -;; ----------------------------- Ensure-Auth-Before ---------------------------- - -(defun cj/ensure-auth-before (&rest _args) - "Ensure .authinfo.gpg is unlocked before calling the real function." - (cj/ensure-auth)) - -(defun cj/ensure-auth () - "Make sure .authinfo.gpg is decrypted (loops on failure)." - (interactive) - (auth-source-search :max 1)) - -(with-eval-after-load 'auth-source - (defun cj/auth-source-search-retry (orig-fun &rest args) - "Advice around `auth-source-search' to loop until we get non-nil." - (let (res) - (while (not (setq res (apply orig-fun args))) - ;; user hit RET or wrong passphrase → kill agent & retry - (message "Auth failed or cancelled; killing gpg-agent and retrying…") - (start-process "gpgconf-kill-gpg-agent" nil - "gpgconf" "--kill" "gpg-agent") - (sleep-for 0.5)) - res)) - - (advice-add 'auth-source-search :around #'cj/auth-source-search-retry)) - -;; Example: run it before your GPT toggle -;;(advice-add 'cj/toggle-gptel :before #'cj/ensure-auth-before) - -;; Example: before mu4e actually sends a message -;;(advice-add 'smtpmail-send-it ; or `mu4e~proc-send` if you prefer -;; :before #'cj/ensure-auth-before) - -;; Example: before Tramp prompts for a password -;; (advice-add 'tramp-read-passwd ; wherever Tramp reads your passphrase -;; :before #'cj/ensure-auth-before) - -;; ;; Example: before Dirvish opens a remote directory -;; (advice-add 'dirvish-find-file ; or the exact entry-point you use -;; :before #'cj/ensure-auth-before) + (setq epg-gpg-program "gpg2")) ;; force use gpg2 (not gpg v.1) + (setq epg-pinentry-mode 'loopback) ;; emacs request passwords in minibuffer (provide 'auth-config) -- cgit v1.2.3