From 4cb53c0528aad73ac001a5d0b4ae336b8ec65408 Mon Sep 17 00:00:00 2001
From: Michael Albinus <michael.albinus@gmx.de>
Date: Thu, 22 Sep 2022 13:14:46 +0200
Subject: Improve don't save bookmark context from encrypted files

* etc/NEWS: Mention 'bookmark-inhibit-context-functions'.
Fix typos.

* lisp/bookmark.el (bookmark-inhibit-context-functions): New defcustom.
(bookmark-make-record): Use it.

* lisp/auth-source-pass.el (auth-source-pass-file-name-p):
* lisp/auth-source.el (auth-source-file-name-p): New defuns.  Add
them to `bookmark-inhibit-context-functions'.

* lisp/epa-hook.el (epa-file-name-p):
* lisp/net/tramp-crypt.el (tramp-crypt-file-name-p): Add them to
`bookmark-inhibit-context-functions'.
---
 lisp/auth-source-pass.el | 10 ++++++++++
 lisp/auth-source.el      | 15 +++++++++++++++
 lisp/bookmark.el         | 14 ++++++++++----
 lisp/epa-hook.el         |  4 ++++
 lisp/net/tramp-crypt.el  |  8 ++++++++
 5 files changed, 47 insertions(+), 4 deletions(-)

(limited to 'lisp')

diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el
index 86e0b48a79d..0955e2ed07e 100644
--- a/lisp/auth-source-pass.el
+++ b/lisp/auth-source-pass.el
@@ -319,6 +319,16 @@ then NAME & USER, then NAME & PORT, then just NAME."
     (list
      (format "%s" name)))))
 
+(defun auth-source-pass-file-name-p (file)
+  "Say whether FILE is used by `auth-source-pass'."
+  (and (stringp file) (stringp auth-source-pass-filename)
+       (string-equal
+        (expand-file-name file) (expand-file-name auth-source-pass-filename))))
+
+(with-eval-after-load 'bookmark
+  (add-hook 'bookmark-inhibit-context-functions
+	    #'auth-source-pass-file-name-p))
+
 (provide 'auth-source-pass)
 ;;; auth-source-pass.el ends here
 
diff --git a/lisp/auth-source.el b/lisp/auth-source.el
index c79e5b81f76..feefd391a87 100644
--- a/lisp/auth-source.el
+++ b/lisp/auth-source.el
@@ -522,6 +522,21 @@ parameters."
 
 ;; (mapcar #'auth-source-backend-parse auth-sources)
 
+(defun auth-source-file-name-p (file)
+  "Say whether FILE is used by `auth-sources'."
+  (let* ((backends (mapcar #'auth-source-backend-parse auth-sources))
+         (files
+          (mapcar (lambda (x)
+                    (when (member (slot-value x 'type) '(json netrc plstore))
+                      (slot-value x 'source)))
+                  backends)))
+    (member (expand-file-name file)
+            (mapcar #'expand-file-name (remq nil files)))))
+
+(with-eval-after-load 'bookmark
+  (add-hook 'bookmark-inhibit-context-functions
+	    #'auth-source-file-name-p))
+
 (cl-defun auth-source-search (&rest spec
                               &key max require create delete
                               &allow-other-keys)
diff --git a/lisp/bookmark.el b/lisp/bookmark.el
index f150a24bbfb..0384812d3fd 100644
--- a/lisp/bookmark.el
+++ b/lisp/bookmark.el
@@ -592,6 +592,14 @@ NAME is a suggested name for the constructed bookmark.  It can be nil
 in which case a default heuristic will be used.  The function can also
 equivalently just return ALIST without NAME.")
 
+(defcustom bookmark-inhibit-context-functions nil
+  "List of functions to call before making a bookmark record.
+The functions take `buffer-file-name' as argument.  If any of
+these functions returns non-nil, the bookmark does not record
+context strings from the current buffer."
+  :type 'hook
+  :version "29.1")
+
 (defun bookmark-make-record ()
   "Return a new bookmark record (NAME . ALIST) for the current location."
   (let* ((bookmark-search-size
@@ -599,10 +607,8 @@ equivalently just return ALIST without NAME.")
           ;; don't include any context in the bookmark file, because
           ;; that would leak (possibly secret) data.
           (if (and buffer-file-name
-                   (or (and (fboundp 'epa-file-name-p)
-                            (epa-file-name-p buffer-file-name))
-                       (and (fboundp 'tramp-crypt-file-name-p)
-                            (tramp-crypt-file-name-p buffer-file-name))))
+                   (not (run-hook-with-args-until-success
+                         'bookmark-inhibit-context-functions buffer-file-name)))
               0
             bookmark-search-size))
          (record (funcall bookmark-make-record-function)))
diff --git a/lisp/epa-hook.el b/lisp/epa-hook.el
index 70c30308819..386bd739640 100644
--- a/lisp/epa-hook.el
+++ b/lisp/epa-hook.el
@@ -92,6 +92,10 @@ interface, update `file-name-handler-alist'."
   "Say whether FILE is handled by `epa-file'."
   (and auto-encryption-mode (string-match-p epa-file-name-regexp file)))
 
+(with-eval-after-load 'bookmark
+  (add-hook 'bookmark-inhibit-context-functions
+	    #'epa-file-name-p))
+
 (define-minor-mode auto-encryption-mode
   "Toggle automatic file encryption/decryption (Auto Encryption mode)."
   :global t :init-value t :group 'epa-file :version "23.1"
diff --git a/lisp/net/tramp-crypt.el b/lisp/net/tramp-crypt.el
index d556c876066..16c4049a687 100644
--- a/lisp/net/tramp-crypt.el
+++ b/lisp/net/tramp-crypt.el
@@ -852,6 +852,14 @@ WILDCARD is not supported."
     (tramp-compat-funcall
      'unlock-file (tramp-crypt-encrypt-file-name filename))))
 
+(with-eval-after-load 'bookmark
+  (add-hook 'bookmark-inhibit-context-functions
+	    #'tramp-crypt-file-name-p)
+  (add-hook 'tramp-crypt-unload-hook
+	    (lambda ()
+	      (remove-hook 'bookmark-inhibit-context-functions
+			   #'tramp-crypt-file-name-p))))
+
 (add-hook 'tramp-unload-hook
 	  (lambda ()
 	    (unload-feature 'tramp-crypt 'force)))
-- 
cgit v1.2.1