* Re: [PATCH] uri_imap: handle '/' as an IMAP hierarchy separator
@ 2021-09-14 20:12 5% ` Eric Wong
0 siblings, 0 replies; 3+ results
From: Eric Wong @ 2021-09-14 20:12 UTC (permalink / raw)
To: Konstantin Ryabitsev; +Cc: meta
Konstantin Ryabitsev <konstantin@linuxfoundation.org> wrote:
> On Tue, Sep 14, 2021 at 07:35:28PM +0000, Eric Wong wrote:
> > Oops, I think the patch below should fix it.
>
> Yep, that worked. Thanks!
Cool.
> Good to know, thanks. Quick follow-up -- documentation says that .netrc should
> work, but I've found that even though I have the following entries in
> ~/.netrc, I still get prompted for credentials:
>
> machine imap.migadu.com
> login konstantin.ryabitsev@linux.dev
> password [...]
>
> The credential helper works after the initial "lei up" but I'm curious why
> .netrc isn't happy. Not a huge deal, seeing as that requires storing passwords
> in plaintext.
Ah, I forgot to update the docs again :x
My main concern with .netrc was actually inadvertantly sending
FTP auth info to an IMAP server just because they share the same
host.
Not sure if plaintext is a real problem on encrypted block
devices/filesystems. Ordinary users can't mlock(2) to prevent
in-memory passwords from hitting swap (thus I always use
encrypted swap).
-----------8<---------
Subject: [PATCH] doc: update authentication notes for lei
~/.netrc isn't used by default any more, and I'm not sure it's
worthwhile to document the --netrc switch since it's rare for
non-FTP clients to support.
Followup-to: 9d11ed460ce113dd ("lei: do not read ~/.netrc by default")
Reported-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
---
Documentation/lei-convert.pod | 2 +-
Documentation/lei-import.pod | 2 +-
Documentation/lei-q.pod | 2 +-
Documentation/public-inbox-watch.pod | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/Documentation/lei-convert.pod b/Documentation/lei-convert.pod
index 7f372327..750ba54f 100644
--- a/Documentation/lei-convert.pod
+++ b/Documentation/lei-convert.pod
@@ -13,7 +13,7 @@ lei convert [OPTIONS] (--stdin|-)
Convert messages to another format. C<LOCATION> is a source of
messages: a directory (Maildir), a file, or a URL (C<imap://>,
C<imaps://>, C<nntp://>, or C<nntps://>). URLs requiring
-authentication must use L<netrc(5)> and/or L<git-credential(1)> to
+authentication use L<git-credential(1)> to
fill in the username and password.
For a regular file, the location must have a C<E<lt>formatE<gt>:>
diff --git a/Documentation/lei-import.pod b/Documentation/lei-import.pod
index c29a085b..9322dfa8 100644
--- a/Documentation/lei-import.pod
+++ b/Documentation/lei-import.pod
@@ -13,7 +13,7 @@ lei import [OPTIONS] (--stdin|-)
Import messages into the local storage of L<lei(1)>. C<LOCATION> is a
source of messages: a directory (Maildir), a file, or a URL
(C<imap://>, C<imaps://>, C<nntp://>, or C<nntps://>). URLs requiring
-authentication must use L<netrc(5)> and/or L<git-credential(1)> to
+authentication use L<git-credential(1)> to
fill in the username and password.
For a regular file, the location must have a C<E<lt>formatE<gt>:>
diff --git a/Documentation/lei-q.pod b/Documentation/lei-q.pod
index 1d9e66cd..2823ced8 100644
--- a/Documentation/lei-q.pod
+++ b/Documentation/lei-q.pod
@@ -43,7 +43,7 @@ Destination for results (e.g., C</tmp/results-Maildir>,
C<imaps://user@mail.example.com/INBOX.test>, or
C<mboxcl2:/tmp/results-mboxcl2>). The prefix may be a supported protocol:
C<imap://> or C<imaps://>. URLs requiring
-authentication must use L<netrc(5)> and/or L<git-credential(1)> to
+authentication use L<git-credential(1)> to
fill in the username and password.
A prefix can specify the format of the output: C<maildir>,
diff --git a/Documentation/public-inbox-watch.pod b/Documentation/public-inbox-watch.pod
index 5fa966be..e8f97c80 100644
--- a/Documentation/public-inbox-watch.pod
+++ b/Documentation/public-inbox-watch.pod
@@ -82,7 +82,7 @@ C<imap://> and C<imaps://> URLs:
This may be specified multiple times to combine several mailboxes
into a single public-inbox. URLs requiring authentication
-will require L<netrc(5)> and/or L<git-credential(1)> to fill
+will require L<netrc(5)> and/or L<git-credential(1)> (preferred) to fill
in the username and password.
Default: none
^ permalink raw reply related [relevance 5%]
* [PATCH 3/4] lei: do not read ~/.netrc by default
2021-09-10 9:08 6% [PATCH 0/4] lei: some net-related things Eric Wong
@ 2021-09-10 9:08 7% ` Eric Wong
0 siblings, 0 replies; 3+ results
From: Eric Wong @ 2021-09-10 9:08 UTC (permalink / raw)
To: meta
Since ~/.netrc isn't widely used by most (if any) NNTP and IMAP
clients, we won't read it by default for lei. AFAIK, ~/.netrc
is mainly by FTP clients (e.g. ftp(1) and lftp(1)). wget uses
it by default for HTTP(S) (and FTP), but curl does not.
To avoid breaking stable release use cases, public-inbox-watch
continues to read ~/.netrc by default.
The --netrc switch is supported by all existing lei commands
which may use curl.
---
lib/PublicInbox/GitCredential.pm | 8 ++++++--
lib/PublicInbox/NetReader.pm | 4 ++--
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/lib/PublicInbox/GitCredential.pm b/lib/PublicInbox/GitCredential.pm
index c83fed43..b18bba1e 100644
--- a/lib/PublicInbox/GitCredential.pm
+++ b/lib/PublicInbox/GitCredential.pm
@@ -31,8 +31,12 @@ sub run ($$;$) {
close $out_r or die "`git credential $op' failed: \$!=$! \$?=$?\n";
}
-sub check_netrc ($) {
- my ($self) = @_;
+sub check_netrc {
+ my ($self, $lei) = @_;
+
+ # n.b. lei doesn't load ~/.netrc by default, public-inbox-watch does,
+ # which may've been a mistake, but we have to live with it.
+ return if ($lei && !$lei->{opt}->{netrc});
# part of the standard library, but distributions may split it out
eval { require Net::Netrc };
diff --git a/lib/PublicInbox/NetReader.pm b/lib/PublicInbox/NetReader.pm
index a0e52fc5..f0f56431 100644
--- a/lib/PublicInbox/NetReader.pm
+++ b/lib/PublicInbox/NetReader.pm
@@ -96,7 +96,7 @@ sub mic_for ($$$$) { # mic = Mail::IMAPClient
$cred = undef;
}
if ($cred) {
- my $p = $cred->{password} // $cred->check_netrc;
+ my $p = $cred->{password} // $cred->check_netrc($lei);
$cred->fill($lei) unless defined($p); # may prompt user here
$mic->User($mic_arg->{User} = $cred->{username});
$mic->Password($mic_arg->{Password} = $cred->{password});
@@ -191,7 +191,7 @@ sub nn_for ($$$$) { # nn = Net::NNTP
}, 'PublicInbox::GitCredential';
($u, $p) = split(/:/, $ui, 2);
($cred->{username}, $cred->{password}) = ($u, $p);
- $p //= $cred->check_netrc;
+ $p //= $cred->check_netrc($lei);
}
my $common = $nn_common->{$sec} // {};
my $nn_arg = {
^ permalink raw reply related [relevance 7%]
* [PATCH 0/4] lei: some net-related things
@ 2021-09-10 9:08 6% Eric Wong
2021-09-10 9:08 7% ` [PATCH 3/4] lei: do not read ~/.netrc by default Eric Wong
0 siblings, 1 reply; 3+ results
From: Eric Wong @ 2021-09-10 9:08 UTC (permalink / raw)
To: meta
After some consideration, ~/.netrc will no longer be read by
default to match the behavior of existing IMAP/NNTP clients.
And lei-index is pretty limited, but still useful for Maildir
users, so it's documented (mainly for its limitations).
Eric Wong (4):
lei_query: fix comment about %lei2curl commands
lei: split out @net_opt for curl/torsocks use
lei: do not read ~/.netrc by default
doc: lei-index manpage
Documentation/lei-index.pod | 69 ++++++++++++++++++++++++++++++++
MANIFEST | 1 +
Makefile.PL | 2 +-
lib/PublicInbox/GitCredential.pm | 8 +++-
lib/PublicInbox/LEI.pm | 34 ++++++++--------
lib/PublicInbox/LeiQuery.pm | 2 +-
lib/PublicInbox/NetReader.pm | 4 +-
7 files changed, 96 insertions(+), 24 deletions(-)
create mode 100644 Documentation/lei-index.pod
^ permalink raw reply [relevance 6%]
Results 1-3 of 3 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2021-09-10 9:08 6% [PATCH 0/4] lei: some net-related things Eric Wong
2021-09-10 9:08 7% ` [PATCH 3/4] lei: do not read ~/.netrc by default Eric Wong
2021-09-14 17:50 Wrong folder when using imaps:// Konstantin Ryabitsev
2021-09-14 19:35 ` [PATCH] uri_imap: handle '/' as an IMAP hierarchy separator Eric Wong
2021-09-14 19:55 ` Konstantin Ryabitsev
2021-09-14 20:12 5% ` Eric Wong
Code repositories for project(s) associated with this public inbox
https://80x24.org/public-inbox.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).