~sircmpwn/sr.ht-discuss

6 4

Re: SMTP pass configuration

Details
Message ID
<CADS3Lq79AoKx6+8a3gKV9-9c06CDg3DYJCRi-Y_SSPSfSF--5A@mail.gmail.com>
DKIM signature
missing
Download raw message
> There is an official credential helper for pass(1) on
> https://github.com/languitar/pass-git-helper.

This helper only knows about the git credential protocol and not the
smtp protocol [1].

[1]: https://github.com/languitar/pass-git-helper/discussions/322#discussioncomment-7646963

Re: SMTP pass configuration

Details
Message ID
<g4L0xwPTNWw94P8YilBFNe5-bFcKNKmjE4mUhozqYW_Oaf5iOuVeZ9ZqieZ1PGsTRiMdu1fkef6JSaH--rHWnttguoYun3v3HQPK4jLrVCM=@emersion.fr>
In-Reply-To
<CADS3Lq79AoKx6+8a3gKV9-9c06CDg3DYJCRi-Y_SSPSfSF--5A@mail.gmail.com> (view parent)
DKIM signature
missing
Download raw message
git-send-email can use gitcredentials though.

Re: SMTP pass configuration

Details
Message ID
<CADS3Lq6SsAb_xpfxePfow7GcVA0omCE2PyJ+zGydHNOHv=42Uw@mail.gmail.com>
In-Reply-To
<g4L0xwPTNWw94P8YilBFNe5-bFcKNKmjE4mUhozqYW_Oaf5iOuVeZ9ZqieZ1PGsTRiMdu1fkef6JSaH--rHWnttguoYun3v3HQPK4jLrVCM=@emersion.fr> (view parent)
DKIM signature
missing
Download raw message
On Thu, 23 Nov 2023 at 11:10, Simon Ser <contact@emersion.fr> wrote:
> git-send-email can use gitcredentials though.

Right, but I'm trying to retrieve those credentials from a
password-store file where my encryption key is on a removeable device.
The below based on suggestions earlier in this thread is not working for
me.  I think it is not working for me because my encryption key is on a
removeable device.  If I use the commented out helper instead it does
work and I've see posts [1] where the bare pass command works but not
for me.

[credential]
        protocol = smtp
    #helper = "!f() { test \"$1\" = get && echo password=$(cat
$HOME/.secret); }; f"
    helper = "!f() { test \"$1\" = get && echo password=$(pass
dev/send-email); }; f"
[sendemail]
    annotate = yes
    smtpEncryption = tls
    smtpServer = smtp.gmail.com
    smtpServerPort = 587
    smtpUser = <gmail email address>

[1] https://www.ryanlue.com/posts/2019-04-19-git-credential-with-pass

Re: SMTP pass configuration

Details
Message ID
<527fdab5-af75-44a3-8399-65d244e573b1@poldrack.dev>
In-Reply-To
<CADS3Lq6SsAb_xpfxePfow7GcVA0omCE2PyJ+zGydHNOHv=42Uw@mail.gmail.com> (view parent)
DKIM signature
missing
Download raw message
25 Nov 2023 18:47:49 Niall Dooley <dooleyn@gmail.com>:

> On Thu, 23 Nov 2023 at 11:10, Simon Ser <contact@emersion.fr> wrote:
>> git-send-email can use gitcredentials though.
>
> Right, but I'm trying to retrieve those credentials from a
> password-store file where my encryption key is on a removeable device.
> The below based on suggestions earlier in this thread is not working 
> for
> me.  I think it is not working for me because my encryption key is on a
> removeable device.  If I use the commented out helper instead it does
> work and I've see posts [1] where the bare pass command works but not
> for me.
>
> [credential]
>         protocol = smtp
>     #helper = "!f() { test \"$1\" = get && echo password=$(cat
> $HOME/.secret); }; f"
>     helper = "!f() { test \"$1\" = get && echo password=$(pass
> dev/send-email); }; f"
> [sendemail]
>     annotate = yes
>     smtpEncryption = tls
>     smtpServer = smtp.gmail.com
>     smtpServerPort = 587
>     smtpUser = <gmail email address>
>
> [1] https://www.ryanlue.com/posts/2019-04-19-git-credential-with-pass
May I suggest using the libsecret API? I am sure there's a compatibility 
layer if not native support.

[credential]
        helper          = store
        credentialStore = secretservice

-- 
Moritz Poldrack
https://moritz.sh

Re: SMTP pass configuration

Details
Message ID
<CADS3Lq7v-BukSVwbBnqM1gDb96XfX8uedpaPnxaw9j-VkS9aUw@mail.gmail.com>
In-Reply-To
<527fdab5-af75-44a3-8399-65d244e573b1@poldrack.dev> (view parent)
DKIM signature
missing
Download raw message
On Sat, 25 Nov 2023 at 19:10, Moritz Poldrack <moritz@poldrack.dev> wrote:
> May I suggest using the libsecret API? I am sure there's a compatibility
> layer if not native support.
>
> [credential]
>         helper          = store
>         credentialStore = secretservice

Thanks, but isn't libsecret for working with gnome-keyring?

Also, doesn't the store helper save your credentials in plaintext to
~/.git-credentials by default.

Re: SMTP pass configuration

Details
Message ID
<wq7yx5dlnmpzz3zqbzdhmdfp4gphnsbtown2lk3dcj54ggfetd@t7nthbitmne6>
In-Reply-To
<CADS3Lq7v-BukSVwbBnqM1gDb96XfX8uedpaPnxaw9j-VkS9aUw@mail.gmail.com> (view parent)
DKIM signature
missing
Download raw message
On 23/11/25 11:27PM, Niall Dooley wrote:
> Thanks, but isn't libsecret for working with gnome-keyring?
> 
> Also, doesn't the store helper save your credentials in plaintext to
> ~/.git-credentials by default.

I have no idea why you Cc'd me, but since you did, I don't use GNOME and 
similar bloated software. I use dwm started from ~/.xinitrc by startx on login 
through getty, and isync+msmtp managed by Luke Smith's mutt-wizard. I have 
this in my .gitconfig:

	[sendemail]
	        from = contact@strahinja.org
	        sendmailCmd = msmtp -a contact@strahinja.org

This automatically calls gpg-agent and the appropriate pinentry program (I use 
pinentry-dmenu) as necessary to enter the password to decrypt my secret key.

Most importantly, this setup Just Works™ for git send-email.

Re: SMTP pass configuration

Details
Message ID
<CADS3Lq5EG-2ryziMoyR8gyPBer2s386DnqW3nGU5UkOaNLSeCA@mail.gmail.com>
In-Reply-To
<CADS3Lq6SsAb_xpfxePfow7GcVA0omCE2PyJ+zGydHNOHv=42Uw@mail.gmail.com> (view parent)
DKIM signature
missing
Download raw message
On Sat, 25 Nov 2023 at 18:46, Niall Dooley <dooleyn@gmail.com> wrote:
> I've see posts [1] where the bare pass command works but not
> for me.

OK, reviewing [1] again the following is working for me now.

[credential "smtp://smtp.gmail.com:587"]
    helper = !pass dev/send-email
[sendemail]
    annotate = yes
    smtpEncryption = tls
    smtpServer = smtp.gmail.com
    smtpServerPort = 587
    smtpUser = <gmail email address>

The key is that the password-store file (dev/send-email) which stores
the app specific password must have a "password=" prefix before the
password per [2].  Not sure if it is necessary but I also removed the
spaces from the app specific password.

As [1] states the credential username attribute just uses the value of
smtpUser though I store it as username=<username> in the same
password-store file in any case.

Also, despite what [1] states I did not have to HTML-escape
the special characters in the address of the server I was authenticating
against nor include the username here either.

Hope this helps someone else in the future.

[1] https://www.ryanlue.com/posts/2019-04-19-git-credential-with-pass
[2] https://git-scm.com/docs/git-credential#IOFMT
Reply to thread Export thread (mbox)