mirror of
git://git.sv.gnu.org/emacs.git
synced 2026-01-12 14:30:42 -08:00
0a580c187d
Prior to this commit, while searching for the most applicable entry password-store entries were decrypted and parsed to ensure they were valid. The entries were parsed in the order they were found on the filesystem and all applicable entries would be decrypted and parsed, which varied based on the contents of the password-store and the entry to be found. This is fine when the GPG key is cached and each entry can be decrypted without user interaction. However, for security some people have their GPG on a hardware token like a Yubikey setup so that they have to touch a sensor on the toke for every cryptographic operation, in which case it becomes inconvenient as each attempt to find an entry requires a variable number of touches of the hardware token. The implementation already assumes that names which contain more of the information in the search key should be preferred so there is an ordering of preference of applicable entries. If the decrypt and parsing is removed from the initial identification of applicable entries in the store then in most cases a single decrypt and parse of the most preferred entry will suffice, improving the experience for hardware token users that require interaction with the token. This commit implements that strategy. It is in spirit a refactor of the existing code. * lisp/auth-source-pass.el (auth-source-pass--matching-entries): New function, generate an ordered list of regular expression matchers for all possible names that could be in the password-store for the entry to be found and then makes a pass over the password-store entry names accumulating the matching entries in a list after the regexp that matched. This implementation ensures the password-store entry list still only has to be scanned once. (auth-source-pass--find-match-unambiguous): Use it to obtain candidate entries and then parse them one by one until an entry containing the desired information is located. When complete, return the parsed data of the entry instead of the entry name so that the information can be used directly to construct the auth-source response. (auth-source-pass--build-result): Update accordingly. (auth-source-pass--find-match): Update docstring accordingly. (auth-source-pass--select-one-entry) (auth-source-pass--entry-valid-p) (auth-source-pass--find-all-by-entry-name) (auth-source-pass--find-one-by-entry-name): Remove. (auth-source-pass--select-from-entries) (auth-source-pass--accumulate-matches) (auth-source-pass--entry-reducer) (auth-source-pass--generate-entry-suffixes) (auth-source-pass--domains) (auth-source-pass--name-port-user-suffixes): New functions. * test/lisp/auth-source-pass-tests.el: One test case was added to the test suite to verify that only the minimal number of entries are parsed in common cases. The auth-source-pass-only-return-entries-that-can-be-open test case had to be re-implemented because the function it was used eliminated as the functionality is provided elsewhere. All the other fairly substantial changes to the test suite are the result of mechanical changes that were required to adapt to auth-source-pass--find-match returning the data from a parsed password-store entry instead of the entry name. |
||
|---|---|---|
| .. | ||
| data | ||
| lib-src | ||
| lisp | ||
| manual | ||
| src | ||
| ChangeLog.1 | ||
| file-organization.org | ||
| Makefile.in | ||
| README | ||
Copyright (C) 2008-2019 Free Software Foundation, Inc.
See the end of the file for license conditions.
This directory contains files intended to test various aspects of
Emacs's functionality. Please help add tests!
See the file file-organization.org for the details of the directory
structure and file-naming conventions.
Emacs uses ERT, Emacs Lisp Regression Testing, for testing. See (info
"(ert)") or https://www.gnu.org/software/emacs/manual/html_node/ert/
for more information on writing and running tests.
Tests could be tagged by the developer. In this test directory, the
following tags are recognized:
* :expensive-test
The test needs a serious amount of time to run. It is not intended
to run on a regular basis by users. Instead, it runs on demand
only, or during regression tests.
* :unstable
The test is under development. It shall run on demand only.
The Makefile in this directory supports the following targets:
* make check
Run all tests as defined in the directory. Expensive and unstable
tests are suppressed. The result of the tests for <filename>.el is
stored in <filename>.log.
* make check-maybe
Like "make check", but run only the tests for files which have
unresolved prerequisites.
* make check-expensive
Like "make check", but run also the tests marked as expensive.
* make check-all
Like "make check", but run all tests.
* make <filename> or make <filename>.log
Run all tests declared in <filename>.el. This includes expensive
tests. In the former case the output is shown on the terminal, in
the latter case the output is written to <filename>.log.
ERT offers selectors, which make it possible to filter out which test
cases shall run. The make variable $(SELECTOR) gives you a simple
mean to use your own selectors. The ERT manual describes how
selectors are constructed, see (info "(ert)Test Selectors") or
https://www.gnu.org/software/emacs/manual/html_node/ert/Test-Selectors.html
You could use predefined selectors of the Makefile. "make <filename>
SELECTOR='$(SELECTOR_DEFAULT)'" runs all tests for <filename>.el
except the tests tagged as expensive or unstable.
If your test file contains the tests "test-foo", "test2-foo" and
"test-foo-remote", and you want to run only the former two tests, you
could use a selector regexp (note that the "$" needs to be doubled to
protect against "make" variable expansion):
make <filename> SELECTOR='"foo$$"'
Note that although the test files are always compiled (unless they set
no-byte-compile), the source files will be run when expensive or
unstable tests are involved, to give nicer backtraces. To run the
compiled version of a test use
make TEST_LOAD_EL=no ...
Some tests might take long time to run. In order to summarize the
<nn> tests with the longest duration, call
make SUMMARIZE_TESTS=<nn> ...
The tests are run in batch mode by default; sometimes it's useful to
get precisely the same environment but run in interactive mode for
debugging. To do that, use
make TEST_INTERACTIVE=yes ...
Some of the tests require a remote temporary directory
(filenotify-tests.el, shadowfile-tests.el and tramp-tests.el). Per
default, a mock-up connection method is used (this might not be
possible when running on MS Windows). If you want to test a real
remote connection, set $REMOTE_TEMPORARY_FILE_DIRECTORY to a suitable
value in order to overwrite the default value:
env REMOTE_TEMPORARY_FILE_DIRECTORY=/ssh:host:/tmp make ...
There are also continuous integration tests on
<https://hydra.nixos.org/jobset/gnu/emacs-trunk> (see
admin/notes/hydra) and <https://emba.gnu.org/emacs/emacs>. Both
environments provide an environment variable, which could be used to
determine, whether the tests run in one of these test environments.
$EMACS_HYDRA_CI indicates the hydra environment, and $EMACS_EMBA_CI
indicates the emba environment, respectively.
(Also, see etc/compilation.txt for compilation mode font lock tests.)
This file is part of GNU Emacs.
GNU Emacs is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GNU Emacs is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>.