derivepassphrase.git

@@ -1,6 +1,15 @@

 ### Changed

-  - The [export handler for storeroom][derivepassphrase.exporter.storeroom.export_storeroom_data] and for [vault-native][derivepassphrase.exporter.vault_native.export_vault_native_data] configuration data now [both support a unified interface][derivepassphrase.exporter.ExportVaultConfigDataFunction].

-    A new dispatch function [`export_vault_config_data`][derivepassphrase.exporter.export_vault_config_data] automatically calls the correct backend, based on the requested format.

+  - The export handlers for "storeroom" and "vault-native" configuration

+    data,

+    [`export_storeroom_data`][derivepassphrase.exporter.storeroom.export_storeroom_data]

+    and

+    [`export_vault_native_data`][derivepassphrase.exporter.vault_native.export_vault_native_data]

+    configuration data now both support a unified interface:

+    [`ExportVaultConfigDataFunction`][derivepassphrase.exporter.ExportVaultConfigDataFunction].

+    A new dispatch function

+    [`export_vault_config_data`][derivepassphrase.exporter.export_vault_config_data]

+    automatically calls the correct backend, based on the requested format.

-    This is a **breaking API change** due to the change in function parameter names and return types.

+    This is a **breaking API change** due to the change in function

+    parameter names and return types.

@@ -1,7 +1,8 @@

 ### Fixed

   - Shell completion for `zsh` was misbehaving in the presence of colons in

-    the completion item.  This was due to an overzealous workaround for

+    the completion item.

+    This was due to an overzealous workaround for

     [`pallets/click#2703`][CLICK_2703].

 [CLICK_2703]: https://github.com/pallets/click/issues/2703

@@ -41,9 +41,11 @@ effectively constitute a new <q>major</q> release.)

     systems.

   - `derivepassphrase` now uses a central configuration file, and additional

-    data files, some of which are service-specific.  (The `vault.json`

-    configuration file is now rebranded as a data file.)  The configuration

-    files are user-editable, the data files are `derivepassphrase`-editable.

+    data files, some of which are service-specific.

+    (The `vault.json`

+    configuration file is now rebranded as a data file.)

+    The configuration files are user-editable, the data files are

+    `derivepassphrase`-editable.

     The configuration files are in TOML format, so installing

     `derivepassphrase` on Python 3.10 and older requires the

@@ -59,8 +61,8 @@ effectively constitute a new <q>major</q> release.)

   - `derivepassphrase` now includes basic support for localization: if the

     necessary translations are installed, then the diagnostics and help

-    texts can be emitted in different languages.  Internally, this uses

-    Python's standard [`gettext`][] system.

+    texts can be emitted in different languages.

+    Internally, this uses Python's standard [`gettext`][] system.

     (As of this version, no translations have actually been prepared yet.)

@@ -82,20 +84,19 @@ effectively constitute a new <q>major</q> release.)

 ### Changed

-  - Calling [`derivepassphrase_export`]

-    [derivepassphrase.cli.derivepassphrase_export],

-    [`derivepassphrase_export_vault`]

-    [derivepassphrase.cli.derivepassphrase_export_vault] or

-    [`derivepassphrase_vault`]

-    [derivepassphrase.cli.derivepassphrase_vault], or calling

-    [`derivepassphrase`] [derivepassphrase.cli.derivepassphrase] via its

-    [`.main`][click.BaseCommand.main] method, causes those functions to use

-    the standard Python [logging][] and [warnings][] facilities to issue

-    diagnostic messages, without output to standard error.  (This includes

-    using [`click.testing.CliRunner`][], which uses `.main` calls under the

-    hood.)  Calling [`derivepassphrase`]

-    [derivepassphrase.cli.derivepassphrase] directly as a function diverts

-    diagnostic messages to standard error.

+  - Calling

+    [`derivepassphrase_export`][derivepassphrase.cli.derivepassphrase_export],

+    [`derivepassphrase_export_vault`][derivepassphrase.cli.derivepassphrase_export_vault]

+    or

+    [`derivepassphrase_vault`][derivepassphrase.cli.derivepassphrase_vault],

+    or calling [`derivepassphrase`][derivepassphrase.cli.derivepassphrase]

+    via its [`.main`][click.BaseCommand.main] method, causes those functions

+    to use the standard Python [logging][] and [warnings][] facilities to

+    issue diagnostic messages, without output to standard error.

+    (This includes using [`click.testing.CliRunner`][], which uses `.main`

+    calls under the hood.)

+    Calling [`derivepassphrase`][derivepassphrase.cli.derivepassphrase]

+    directly as a function diverts diagnostic messages to standard error.

   - Unicode normalization settings for `vault` service names and stored

     passphrases are now stored in the central configuration file, instead of

@@ -115,11 +116,12 @@ effectively constitute a new <q>major</q> release.)

 ### Added

   - Checking whether an SSH key is suitable now also depends on the SSH

-    agent in use.  API functions now optionally take an additional

+    agent in use.

+    API functions now optionally take an additional

     [`SSHAgentClient`][derivepassphrase.ssh_agent.SSHAgentClient] object to

-    test agent-specific key suitability.  If not given, then the old

-    behavior is retained: SSH keys are suitable if they are suitable under

-    any (conforming) SSH agent.

+    test agent-specific key suitability.

+    If not given, then the old behavior is retained: SSH keys are suitable

+    if they are suitable under any (conforming) SSH agent.

 ### Fixed

@@ -132,10 +134,10 @@ effectively constitute a new <q>major</q> release.)

 ### Fixed

-  - _*Actually* actually_ remove the `derivepassphrase_export` program, which was

-    turned into a subcommand in v0.2.0 and supposed to have been removed in

-    v0.3.1 already.  Removed on disk is not the same as removed in

-    version control.

+  - _*Actually* actually_ remove the `derivepassphrase_export` program,

+    which was turned into a subcommand in v0.2.0 and supposed to have been

+    removed in v0.3.1 already.

+    Removed on disk is not the same as removed in version control.

 ## 0.3.1 (2024-10-21)

@@ -150,21 +152,22 @@ effectively constitute a new <q>major</q> release.)

 ### Added

   - Convert changelog management from towncrier to [scriv][].

-  - Add SSH agent spawning support to the test suite.  Use this support to

-    test the agent functionality on all known major SSH agent

-    implementations automatically. ([#12])

+  - Add SSH agent spawning support to the test suite.

+    Use this support to test the agent functionality on all known major SSH

+    agent implementations automatically.

+    ([#12])

   - Add [hypothesis][]-based tests to the test suite.

   - Update README to add explanations for virtual environments and package

     extras.

   - Update README to demonstrate configuration storing and SSH agent use.

     Include comments on Windows support for SSH agents.

   - Use cross-references in the documentation of function signatures.

-  - Add proper support for Buffer types in the SSH agent client.  Any

-    Python object supporting the buffer protocol can be used as input to

-    a function of the client, and any output from the client is returned

-    as bytes objects.  Because of the zero-copy semantics of the

-    underlying data/memory block, this should stay relatively time- and

-    space-efficient.

+  - Add proper support for Buffer types in the SSH agent client.

+    Any Python object supporting the buffer protocol can be used as input to

+    a function of the client, and any output from the client is returned as

+    bytes objects.

+    Because of the zero-copy semantics of the underlying data/memory block,

+    this should stay relatively time- and space-efficient.

   - Add [hypothesis][]-based tests for serialization to and

     deserialization from the SSH agent wire format.

   - Support Python 3.9 and 3.13.

@@ -175,8 +178,8 @@ effectively constitute a new <q>major</q> release.)

 ### Changed

-  - Change links to point to public project repositories, if possible.  For

-    legal reasons.

+  - Change links to point to public project repositories, if possible.

+    For legal reasons.

   - Use the same filename/URL convention for API reference as the Python

     standard library does.

@@ -195,7 +198,8 @@ effectively constitute a new <q>major</q> release.)

   - Fail earlier, and more gracefully/specifically, when we cannot talk to

     the SSH agent because Python does not support UNIX domain sockets on

-    this system.  In particular, this is the current situation on Windows.

+    this system.

+    In particular, this is the current situation on Windows.

     This adds another failure case to the `SSHAgentClient` constructor, and

     therefore constitutes a **breaking API change**.

@@ -207,14 +211,17 @@ effectively constitute a new <q>major</q> release.)

     This is a command-line only change.

   - In `derivepassphrase vault`, when importing settings, accept falsy values

-    everywhere `vault` does, with a warning.  Depending on the setting, they

-    are equivalent to zero, the empty string, or "not set".  ([#17])

-

-    This is a command-line only change, and only affects importing.  The API

-    provides a new function to normalize falsy settings, but still otherwise

-    requires settings to be of the correct type.  Storing a malformed

-    configuration with such falsy values will still generate errors when

-    `derivepassphrase vault` loads the settings from disk.

+    everywhere `vault` does, with a warning.

+    Depending on the setting, they are equivalent to zero, the empty string,

+    or "not set".

+    ([#17])

+

+    This is a command-line only change, and only affects importing.

+    The API provides a new function to normalize falsy settings, but still

+    otherwise requires settings to be of the correct type.

+    Storing a malformed configuration with such falsy values will still

+    generate errors when `derivepassphrase vault` loads the settings from

+    disk.

   - In `derivepassphrase vault`, when importing configurations,

     correctly merge them with the existing one, same as vault(1): keep

@@ -222,7 +229,8 @@ effectively constitute a new <q>major</q> release.)

     applicable) that are not mentioned in the imported configuration.

     The import procedure is thus more akin to a section-wise import of

     the configurations, instead of a "full" import, and the resulting

-    configuration generally is a merge of both inputs.  ([#16])

+    configuration generally is a merge of both inputs.

+    ([#16])

   - The following operations or configuration settings now raise

     warnings:

@@ -252,42 +260,49 @@ effectively constitute a new <q>major</q> release.)

     storeroom formats.

     This feature requires the `cryptography` Python module, but is available

-    even if `vault` is not installed. ([#1])

+    even if `vault` is not installed.

+    ([#1])

 [#1]: https://github.com/the-13th-letter/derivepassphrase/1

 ### Fixed

-  - Deploy versioned documentation with [mike][].  Set up a "latest" tag and

-    the "0.<var>x</var>" version of the documentation with the contents so

-    far.

+  - Deploy versioned documentation with [mike][].

+    Set up a "latest" tag and the "0.<var>x</var>" version of the

+    documentation with the contents so far.

 [mike]: https://pypi.org/project/mike

 ### Changed

   - Changed `sequin` and `ssh_agent_client` to be submodules of

-    `derivepassphrase`.  Further moved `derivepassphrase.Vault` and

+    `derivepassphrase`.

+    Further moved `derivepassphrase.Vault` and

     `derivepassphrase.AmbiguousByteRepresentation` into a new submodule

-    `vault`, and renamed submodule `ssh_agent_client` to `ssh_agent`. ([#3])

+    `vault`, and renamed submodule `ssh_agent_client` to `ssh_agent`.

+    ([#3])

   - Changed internal error handling and error messages, to better work in

-    the context of a command-line tool. ([#4])

+    the context of a command-line tool.

+    ([#4])

   - Combine and consolidate `derivepassphrase.types` and

     `derivepassphrase.ssh_agent.types` into a new submodule

-    `derivepassphrase._types`.  Despite the name, the module is public.

+    `derivepassphrase._types`.

+    Despite the name, the module is public.

     ([#7])

   - Warn the user when entering (directly, or via configuration

     editing/importing) a passphrase that is not in the configured Unicode

-    normalization form. (But don't otherwise reject any textual master

-    passphrases.) ([#9])

+    normalization form.

+    (But don't otherwise reject any textual master passphrases.)

+    ([#9])

   - Move all existing functionality into a subcommand, in anticipation of

     other passphrase derivation schemes, with different settings.

     Automatically forward calls without a subcommand to the "vault"

     subcommand.

     Also store the settings in a file specific to the respective subsystem,

-    instead of globally.  Automatically fall back to, and migrate, the old

-    global settings file if no subsystem-specific configuration was found.

+    instead of globally.

+    Automatically fall back to, and migrate, the old global settings file if

+    no subsystem-specific configuration was found.

     ([#10])

   - Make `derivepassphrase_export` a subcommand: `derivepassphrase export`.

@@ -311,12 +326,15 @@ effectively constitute a new <q>major</q> release.)

 ### Fixed

   - Do not crash upon selecting a key on the command-line if there already

-    is a key stored in the configuration. ([#5])

+    is a key stored in the configuration.

+    ([#5])

   - Create the configuration directory upon saving, if it does not yet

-    exist.  ([#6])

+    exist.

+    ([#6])

   - Isolate the tests properly and consistently from the user's

     configuration, so that user configuration problems do not cause

-    unrelated test failures. ([#8])

+    unrelated test failures.

+    ([#8])

   - Add an alternate MkDocs configuration for building the documentation in

     offline mode.

   - Fix typing issues according to `mypy`'s strict mode.

@@ -331,8 +349,9 @@ effectively constitute a new <q>major</q> release.)

 ### Fixed

   - Include and exclude the correct files in the `sdist` and `wheel`

-    distributions.  (Previously, `sdist` contained VCS artifacts, and

-    `wheel` was missing some paths.)

+    distributions.

+    (Previously, `sdist` contained VCS artifacts, and `wheel` was missing

+    some paths.)

   - Lint and reformat all code using [ruff](https://pypi.org/package/ruff/).

   - Mention

     [`mkdocstrings-python`](https://pypi.org/package/mkdocstrings-python/)