Change the code style to use double quotes for strings (e981744) - derivepassphrase.git

Change the code style to use double quotes for strings

Marco Ricci commited on 2025-08-05 21:11:03
Zeige 29 geänderte Dateien mit 4479 Einfügungen und 4479 Löschungen.

As is standard in Python auto-formatting (Black, Ruff), we now use
double quotes for strings where possible, reverting to single quotes
only where necessary.

(The numerous code changes in `scripts/`, `src/` and `tests/` stem from
the auto-formatter re-adjusting the quotes.)

Background: I originally started out as a Perl programmer, and in Perl,
single quotes signify literal strings without any interpolation
whatsoever, and double quotes signify strings with interpolation and
escape sequences. In those languages, the choice of string quotes makes
a subtle difference. In Python, the choice of quote character does not
matter, so while there is no reason to prefer one over the other, the
inertia of being used to "single means literal, double means
interpolated" meant that I basically kept my existing style of quoting.

Python, meanwhile, although careful not to *prescribe* one quote
character or the other (see PEP 8), uses double quotes by default in
`str.__repr__` and in docstrings (see PEP 257). The Black
auto-formatter, which Ruff is modeled on, also defaults to double
quotes, arguing in its style guide that (among other things) the empty
string with double quotes unambiguously looks like an empty string,
regardless of fonts and syntax highlighting, but the empty string with
single quotes not necessarily: it may look like a single double quote
character.

More importantly, auto-formatters are specifically designed to make
these (essentially arbitrary) decisions about code formatting for you,
in the name of a uniform code style such that a reader can focus on the
code *content*, not the code *presentation*.  The concrete set of
arbitrary decisions is essentially secondary, but the Black team (and
the Ruff team too) have a pretty good track record of keeping the
resulting code readable and sensibly diffable, and this styling decision
has long been established by Black and "blackened" code "in the wild"
(and thus tested), so I have no reason to object to this particular
arbitrary choice.  Furthermore, there's no need to manually adjust all
quote characters, or even to pay much attention during code authoring to
the quote characters; the auto-formatting pass will take care of
harmonizing them for you.

Given these reasons, continuing to insist on single-quoted strings, in
Python, out of some vague sense of familiarity with *other* programming
languages where quote characters have different meanings, seems rather
untenable to me.

pyproject.toml eac8053..1e1b948
scripts/man_diagnostics.py fde71b4..46942b1
scripts/qc_auto.py 265a219..5356b12
scripts/test_key_signatures_and_outputs.py f935616..50ca08a
src/derivepassphrase/__init__.py e6e1b20..de5e6b6
src/derivepassphrase/__main__.py 638f9c3..91e82be
src/derivepassphrase/_internals/cli_helpers.py dee5350..fcf2635
src/derivepassphrase/_internals/cli_machinery.py 220d895..26b0609
src/derivepassphrase/_internals/cli_messages.py e73f72c..e5f5fae
src/derivepassphrase/_types.py d3a06e0..b0f109f
src/derivepassphrase/cli.py ccff23f..76fad9d
src/derivepassphrase/exporter/__init__.py 97b8956..797274c
src/derivepassphrase/exporter/storeroom.py 08cd380..ca7c721
src/derivepassphrase/exporter/vault_native.py 458207b..ba28f31
src/derivepassphrase/sequin.py 709783c..592a8ea
src/derivepassphrase/ssh_agent/__init__.py f1076c0..e7733cb
src/derivepassphrase/ssh_agent/socketprovider.py 295055e..30b6503
src/derivepassphrase/vault.py 1957109..269351b
tests/__init__.py 89983e6..1bff599
tests/conftest.py 03b9381..3ff8c14
tests/test_000_testing_machinery.py 6de5277..9c18e3e
tests/test_derivepassphrase_cli.py 3852e4e..758bef6
tests/test_derivepassphrase_cli_export_vault.py 53dcded..2eac738
tests/test_derivepassphrase_exporter.py ce7f963..706a951
tests/test_derivepassphrase_sequin.py e48ab45..0d2a223
tests/test_derivepassphrase_ssh_agent.py ea446ed..3689890
tests/test_derivepassphrase_types.py e637b1e..55f9fec
tests/test_derivepassphrase_vault.py 8bcf9e3..56650c3
tests/test_l10n.py 897e443..c87145b

pyproject.toml

Zeige Datei @ e981744

@@ -187,8 +187,8 @@ first_value = '1'
 
 [[tool.bumpversion.files]]
 filename = 'src/derivepassphrase/__init__.py'
-search = "^ *__version__ *= *'{current_version}'"
-replace = "__version__ = '{new_version}'"
+search = '^ *__version__ *= *"{current_version}"'
+replace = '__version__ = "{new_version}"'
 regex = true
 
 [[tool.bumpversion.files]]
@@ -425,7 +425,7 @@ src = ["src"]
 docstring-code-format = true
 docstring-code-line-length = "dynamic"
 preview = true
-quote-style = 'single'
+quote-style = "double"
 
 [tool.ruff.lint]
 ignore = [

scripts/man_diagnostics.py

Zeige Datei @ e981744

@@ -12,14 +12,14 @@ import re
 import sys
 from typing import TYPE_CHECKING, Literal, NewType, cast
 
-sys.path.append(str(pathlib.Path(sys.argv[0]).resolve().parent.parent / 'src'))
+sys.path.append(str(pathlib.Path(sys.argv[0]).resolve().parent.parent / "src"))
 from derivepassphrase._internals import cli_messages  # noqa: PLC2701
 
 if TYPE_CHECKING:
     from collections.abc import Iterator
 
-    EnumName = NewType('EnumName', str)
-    DiagnosticText = NewType('DiagnosticText', str)
+    EnumName = NewType("EnumName", str)
+    DiagnosticText = NewType("DiagnosticText", str)
 
 known_errors = cli_messages.ErrMsgTemplate.__members__
 known_warnings = cli_messages.WarnMsgTemplate.__members__
@@ -28,17 +28,17 @@ known_warnings = cli_messages.WarnMsgTemplate.__members__
 def _replace_known_metavars(string: str) -> str:
     return (
         string.replace(
-            '{service_metavar!s}',
+            "{service_metavar!s}",
             cli_messages.Label.VAULT_METAVAR_SERVICE.value.singular,
         )
         .replace(
-            '{service_metavar}',
+            "{service_metavar}",
             cli_messages.Label.VAULT_METAVAR_SERVICE.value.singular,
         )
-        .replace('{PROG_NAME!s}', cli_messages.PROG_NAME)
-        .replace('{PROG_NAME}', cli_messages.PROG_NAME)
-        .replace('{settings_type!s}', 'global/service-specific settings')
-        .replace('{settings_type}', 'global/service-specific settings')
+        .replace("{PROG_NAME!s}", cli_messages.PROG_NAME)
+        .replace("{PROG_NAME}", cli_messages.PROG_NAME)
+        .replace("{settings_type!s}", "global/service-specific settings")
+        .replace("{settings_type}", "global/service-specific settings")
     )
 
 
@@ -50,20 +50,20 @@ def _replace_known_metavars(string: str) -> str:
 def _mismatches_text(
     pattern: re.Pattern[str],
     enum_name: EnumName,
-    name_type: Literal['warning', 'error'],
+    name_type: Literal["warning", "error"],
 ) -> bool:
-    while '.' in enum_name:
-        enum_name = cast('EnumName', enum_name.partition('.')[2])
+    while "." in enum_name:
+        enum_name = cast("EnumName", enum_name.partition(".")[2])
     try:
         enum_value = (
             known_errors[enum_name].value
-            if name_type == 'error'
+            if name_type == "error"
             else known_warnings[enum_name].value
         )
     except KeyError:
         # No text, so no mismatch.
         return False
-    texts = {enum_value.singular, enum_value.plural} - {''}
+    texts = {enum_value.singular, enum_value.plural} - {""}
     return not all(pattern.match(_replace_known_metavars(t)) for t in texts)
 
 
@@ -72,120 +72,120 @@ def _entries_from_text(
     enum_names: set[EnumName],
 ) -> Iterator[
     tuple[
-        Literal['warning', 'error'],
+        Literal["warning", "error"],
         tuple[DiagnosticText, EnumName],
     ]
 ]:
     assert text not in manpage_documented_warnings
     assert text not in manpage_documented_errors
     pattern_parts = [
-        '.*' if part == '%s' else re.escape(part)
-        for part in re.split(r'(%s)', text)
+        ".*" if part == "%s" else re.escape(part)
+        for part in re.split(r"(%s)", text)
     ]
-    pattern = re.compile(''.join(pattern_parts))
+    pattern = re.compile("".join(pattern_parts))
     for name in enum_names:
-        _class_name, dot, enum_entry = name.partition('.')
-        assert dot == '.', f'Invalid enum name {name!r}'
-        assert '.' not in enum_entry, f'Unsupported enum name {name!r}'
-        if name.startswith('WarnMsgTemplate.'):
+        _class_name, dot, enum_entry = name.partition(".")
+        assert dot == ".", f"Invalid enum name {name!r}"
+        assert "." not in enum_entry, f"Unsupported enum name {name!r}"
+        if name.startswith("WarnMsgTemplate."):
             assert not _mismatches_text(
-                pattern, enum_name=name, name_type='warning'
+                pattern, enum_name=name, name_type="warning"
             ), (
                 f"Warning text for {name} doesn't match the manpage: "
-                f'{text!r} -> {pattern.pattern!r}'
+                f"{text!r} -> {pattern.pattern!r}"
             )
-            yield ('warning', (text, cast('EnumName', enum_entry)))
-        if name.startswith('ErrMsgTemplate.'):
+            yield ("warning", (text, cast("EnumName", enum_entry)))
+        if name.startswith("ErrMsgTemplate."):
             assert not _mismatches_text(
-                pattern, enum_name=name, name_type='error'
+                pattern, enum_name=name, name_type="error"
             ), (
                 f"Error text for {name} doesn't match the manpage: "
-                f'{text!r} -> {pattern.pattern!r}'
+                f"{text!r} -> {pattern.pattern!r}"
             )
-            yield ('error', (text, cast('EnumName', enum_entry)))
+            yield ("error", (text, cast("EnumName", enum_entry)))
 
 
 def _check_manpage(
     path: pathlib.Path,
 ) -> Iterator[
     tuple[
-        Literal['warning', 'error'],
+        Literal["warning", "error"],
         tuple[DiagnosticText, EnumName],
     ]
 ]:
     enum_names: set[EnumName] = set()
 
-    for line in path.read_text(encoding='UTF-8').splitlines(keepends=False):
-        if enum_names and line.startswith('.It '):
+    for line in path.read_text(encoding="UTF-8").splitlines(keepends=False):
+        if enum_names and line.startswith(".It "):
             # Some *roff escape sequences need to be undone.  This is not an
             # exhaustive list; new entries will be added based on the actual
             # manpages as the need arises.
             text = cast(
-                'DiagnosticText',
-                line.removeprefix('.It ').replace('"', '').replace(r'\-', '-'),
+                "DiagnosticText",
+                line.removeprefix(".It ").replace('"', "").replace(r"\-", "-"),
             )
             yield from _entries_from_text(text=text, enum_names=enum_names)
             enum_names.clear()
-        elif line.startswith(r'.\" Message-ID (mark only):'):
+        elif line.startswith(r".\" Message-ID (mark only):"):
             yield from _entries_from_mark_only(
-                cast('EnumName', line.split(None, 4)[4])
+                cast("EnumName", line.split(None, 4)[4])
             )
-        elif line.startswith(r'.\" Message-ID:'):
-            enum_names.add(cast('EnumName', line.split(None, 2)[2]))
+        elif line.startswith(r".\" Message-ID:"):
+            enum_names.add(cast("EnumName", line.split(None, 2)[2]))
 
 
 def _entries_from_mark_only(
     name: EnumName,
 ) -> Iterator[
     tuple[
-        Literal['warning', 'error'],
+        Literal["warning", "error"],
         tuple[DiagnosticText, EnumName],
     ]
 ]:
-    text = cast('DiagnosticText', '<mark only>')
-    _class_name, dot, enum_entry = name.partition('.')
-    assert dot == '.', f'Invalid enum name {name!r}'
-    assert '.' not in enum_entry, f'Unsupported enum name {name!r}'
-    if name.startswith('WarnMsgTemplate.'):
-        yield ('warning', (text, cast('EnumName', enum_entry)))
-    if name.startswith('ErrMsgTemplate.'):
-        yield ('error', (text, cast('EnumName', enum_entry)))
+    text = cast("DiagnosticText", "<mark only>")
+    _class_name, dot, enum_entry = name.partition(".")
+    assert dot == ".", f"Invalid enum name {name!r}"
+    assert "." not in enum_entry, f"Unsupported enum name {name!r}"
+    if name.startswith("WarnMsgTemplate."):
+        yield ("warning", (text, cast("EnumName", enum_entry)))
+    if name.startswith("ErrMsgTemplate."):
+        yield ("error", (text, cast("EnumName", enum_entry)))
 
 
 def _check_manpagedoc(
     path: pathlib.Path,
 ) -> Iterator[
     tuple[
-        Literal['warning', 'error'],
+        Literal["warning", "error"],
         tuple[DiagnosticText, EnumName],
     ]
 ]:
     enum_names: set[EnumName] = set()
 
-    for line in path.read_text(encoding='UTF-8').splitlines(keepends=False):
-        if enum_names and line.startswith(('??? failure ', '??? warning ')):
-            text = cast('DiagnosticText', line.split(None, 2)[2])
-            for ch in ['"', '`']:
+    for line in path.read_text(encoding="UTF-8").splitlines(keepends=False):
+        if enum_names and line.startswith(("??? failure ", "??? warning ")):
+            text = cast("DiagnosticText", line.split(None, 2)[2])
+            for ch in ['"', "`"]:
                 assert text.startswith(ch)
                 assert text.endswith(ch)
-                text = cast('DiagnosticText', text[1:-1])
+                text = cast("DiagnosticText", text[1:-1])
             yield from _entries_from_text(text=text, enum_names=enum_names)
             enum_names.clear()
-        elif line.startswith('<!-- Message-ID (mark only):') and line.endswith(
-            '-->'
+        elif line.startswith("<!-- Message-ID (mark only):") and line.endswith(
+            "-->"
         ):
             name = cast(
-                'EnumName',
-                line.removeprefix('<!-- Message-ID (mark only):')
-                .removesuffix('-->')
+                "EnumName",
+                line.removeprefix("<!-- Message-ID (mark only):")
+                .removesuffix("-->")
                 .strip(),
             )
             yield from _entries_from_mark_only(name)
-        elif line.startswith('<!-- Message-ID:') and line.endswith('-->'):
+        elif line.startswith("<!-- Message-ID:") and line.endswith("-->"):
             name = cast(
-                'EnumName',
-                line.removeprefix('<!-- Message-ID:')
-                .removesuffix('-->')
+                "EnumName",
+                line.removeprefix("<!-- Message-ID:")
+                .removesuffix("-->")
                 .strip(),
             )
             enum_names.add(name)
@@ -198,20 +198,20 @@ manpagedoc_documented_errors: dict[EnumName, DiagnosticText] = {}
 manpagedoc_documented_warnings: dict[EnumName, DiagnosticText] = {}
 for set_name, globs, errors, warnings in [
     (
-        'manpages',
+        "manpages",
         sorted(
-            pathlib.Path(base, 'share', 'man', 'man1').glob(
-                'derivepassphrase*.1'
+            pathlib.Path(base, "share", "man", "man1").glob(
+                "derivepassphrase*.1"
             )
         ),
         manpage_documented_errors,
         manpage_documented_warnings,
     ),
     (
-        'manpage-ish docs',
+        "manpage-ish docs",
         sorted(
-            pathlib.Path(base, 'docs', 'reference').glob(
-                'derivepassphrase*.1.md'
+            pathlib.Path(base, "docs", "reference").glob(
+                "derivepassphrase*.1.md"
             )
         ),
         manpagedoc_documented_errors,
@@ -219,17 +219,17 @@ for set_name, globs, errors, warnings in [
     ),
 ]:
     for path in globs:
-        print(f'CHECK DOC {str(path.relative_to(base))!r}')
+        print(f"CHECK DOC {str(path.relative_to(base))!r}")
         checker = (
-            _check_manpage if set_name == 'manpages' else _check_manpagedoc
+            _check_manpage if set_name == "manpages" else _check_manpagedoc
         )
         for diagnostic_type, (text, name) in checker(path):
-            if diagnostic_type == 'warning':
+            if diagnostic_type == "warning":
                 warnings[name] = text
-                print(f'DOC WARN {name} {text!r}')
+                print(f"DOC WARN {name} {text!r}")
             else:
                 errors[name] = text
-                print(f'DOC ERR {name} {text!r}')
+                print(f"DOC ERR {name} {text!r}")
     assert set(errors) >= set(known_errors), (
         f"Some error messages aren't documented in the {set_name}: "
         + repr(set(known_errors) - set(errors))
@@ -239,35 +239,35 @@ for set_name, globs, errors, warnings in [
         + repr(set(known_warnings) - set(warnings))
     )
     assert set(errors) <= set(known_errors), (
-        f'Some unknown error messages are documented in the {set_name}: '
+        f"Some unknown error messages are documented in the {set_name}: "
         + repr(set(errors) - set(known_errors))  # type: ignore[arg-type]
     )
     assert set(warnings) <= set(known_warnings), (
-        f'Some unknown warning messages are documented in the {set_name}: '
+        f"Some unknown warning messages are documented in the {set_name}: "
         + repr(set(warnings) - set(known_warnings))  # type: ignore[arg-type]
     )
 
 py_file_errors: set[EnumName] = set()
 py_file_warnings: set[EnumName] = set()
 match_errors_warnings = re.compile(
-    r'\b(?:cli_messages|msg|_msg)\.(Err|Warn)MsgTemplate\.([A-Z0-9_]+)'
+    r"\b(?:cli_messages|msg|_msg)\.(Err|Warn)MsgTemplate\.([A-Z0-9_]+)"
 )
 for path in sorted(
-    pathlib.Path(base, 'src', 'derivepassphrase').glob('**/*.py')
+    pathlib.Path(base, "src", "derivepassphrase").glob("**/*.py")
 ):
     if path != pathlib.Path(
-        base, 'src', 'derivepassphrase', '_internals', 'cli_messages.py'
+        base, "src", "derivepassphrase", "_internals", "cli_messages.py"
     ):
-        print(f'CHECK SOURCE {str(path.relative_to(base))!r}')
-        filecontents = path.read_text(encoding='UTF-8')
+        print(f"CHECK SOURCE {str(path.relative_to(base))!r}")
+        filecontents = path.read_text(encoding="UTF-8")
         for match in match_errors_warnings.finditer(filecontents):
             message_type, symbol = match.group(1, 2)
-            if message_type == 'Err':
-                py_file_errors.add(cast('EnumName', symbol))
-                print(f'SOURCE ERR {symbol}')
-            elif message_type == 'Warn':
-                py_file_warnings.add(cast('EnumName', symbol))
-                print(f'SOURCE WARN {symbol}')
+            if message_type == "Err":
+                py_file_errors.add(cast("EnumName", symbol))
+                print(f"SOURCE ERR {symbol}")
+            elif message_type == "Warn":
+                py_file_warnings.add(cast("EnumName", symbol))
+                print(f"SOURCE WARN {symbol}")
 if py_file_errors != set(known_errors):
     print(
         "Some error messages aren't in use: "

scripts/qc_auto.py

Zeige Datei @ e981744

@@ -29,13 +29,13 @@ import sys
 
 BLOCK_SIZE = 4096
 
-envs = ['3.9', '3.11', '3.13', 'pypy3.10']
-opts = ['-py', ','.join(envs)]
+envs = ["3.9", "3.11", "3.13", "pypy3.10"]
+opts = ["-py", ",".join(envs)]
 
 current_branch = (
-    os.getenv('GIT_CURRENT_BRANCH')
+    os.getenv("GIT_CURRENT_BRANCH")
     or subprocess.run(
-        ['git', 'branch', '--show-current'],
+        ["git", "branch", "--show-current"],
         capture_output=True,
         text=True,
         check=False,
@@ -48,11 +48,11 @@ current_branch = (
 is_stgit_patch = bool(
     subprocess.run(
         [
-            'git',
-            'rev-parse',
-            '--verify',
-            '--end-of-options',
-            f'refs/stacks/{current_branch}',
+            "git",
+            "rev-parse",
+            "--verify",
+            "--end-of-options",
+            f"refs/stacks/{current_branch}",
         ],
         capture_output=True,
         check=False,
@@ -66,17 +66,17 @@ try:
     # violations.  Afterwards, run with normal settings to handle true
     # E501s.
     subprocess.run(
-        ['hatch', 'fmt', '-l', '--', '--ignore=E501,RUF100'], check=True
+        ["hatch", "fmt", "-l", "--", "--ignore=E501,RUF100"], check=True
     )
-    subprocess.run(['hatch', 'fmt', '-f'], check=True)
-    subprocess.run(['hatch', 'fmt', '-l'], check=True)
-    if current_branch == 'master':
+    subprocess.run(["hatch", "fmt", "-f"], check=True)
+    subprocess.run(["hatch", "fmt", "-l"], check=True)
+    if current_branch == "master":
         subprocess.run(
-            ['hatch', 'env', 'run', '-e', 'types', '--', 'check'], check=True
+            ["hatch", "env", "run", "-e", "types", "--", "check"], check=True
         )
         try:
             h = hashlib.sha256(
-                pathlib.Path('po/derivepassphrase.pot').read_bytes(),
+                pathlib.Path("po/derivepassphrase.pot").read_bytes(),
                 usedforsecurity=True,
             )
         except FileNotFoundError:
@@ -85,22 +85,22 @@ try:
             h2 = hashlib.sha256(
                 subprocess.run(
                     [
-                        'hatch',
-                        'run',
-                        'python3',
-                        '-m',
-                        'derivepassphrase._internals.cli_messages',
+                        "hatch",
+                        "run",
+                        "python3",
+                        "-m",
+                        "derivepassphrase._internals.cli_messages",
                     ],
                     check=True,
                     stdout=subprocess.PIPE,
-                    input=b'',
+                    input=b"",
                 ).stdout,
                 usedforsecurity=True,
             )
             if h.digest() != h2.digest():
                 sys.exit(
-                    'ERROR: po/derivepassphrase.pot '
-                    'has unreproducible contents'
+                    "ERROR: po/derivepassphrase.pot "
+                    "has unreproducible contents"
                 )
         # fmt: off
         subprocess.run(
@@ -112,19 +112,19 @@ try:
         )
         # fmt: on
         subprocess.run(
-            ['hatch', 'test', '-acpqr', '--', '--maxfail', '1'],
+            ["hatch", "test", "-acpqr", "--", "--maxfail", "1"],
             check=True,
         )
     elif not is_stgit_patch:
         subprocess.run(
-            ['hatch', 'env', 'run', '-e', 'types', '--', 'check'], check=True
+            ["hatch", "env", "run", "-e", "types", "--", "check"], check=True
         )
         subprocess.run(
-            ['hatch', 'test', '-cpqr', *opts, '--', '--maxfail', '1'],
-            env={**os.environ} | {'HYPOTHESIS_PROFILE': 'dev'},
+            ["hatch", "test", "-cpqr", *opts, "--", "--maxfail", "1"],
+            env={**os.environ} | {"HYPOTHESIS_PROFILE": "dev"},
             check=True,
         )
 except subprocess.CalledProcessError as exc:
-    sys.exit(getattr(exc, 'returncode', 1))
+    sys.exit(getattr(exc, "returncode", 1))
 except KeyboardInterrupt:
     sys.exit(1)

scripts/test_key_signatures_and_outputs.py

Zeige Datei @ e981744

@@ -105,7 +105,7 @@ def try_key(
 def format_key(key: tests.SSHTestKey) -> str:
     """Return a formatted SSH test key."""
     ascii_printables = range(32, 127)
-    ascii_whitespace = {ord(' '), ord('\n'), ord('\t'), ord('\r'), ord('\f')}
+    ascii_whitespace = {ord(" "), ord("\n"), ord("\t"), ord("\r"), ord("\f")}
 
     def as_raw_string_or_hex(bytestring: bytes) -> str:
         if bytestring.find(b'"""') < 0 and all(
@@ -113,8 +113,8 @@ def format_key(key: tests.SSHTestKey) -> str:
             for byte in bytestring
         ):
             return f'rb"""{bytestring.decode("ascii")}"""'
-        hexstring = bytestring.hex(' ', 1)
-        wrapped_hexstring = '\n'.join(
+        hexstring = bytestring.hex(" ", 1)
+        wrapped_hexstring = "\n".join(
             textwrap.TextWrapper(width=48).wrap(hexstring)
         )
         return f'''bytes.fromhex("""
@@ -124,40 +124,40 @@ def format_key(key: tests.SSHTestKey) -> str:
     f = as_raw_string_or_hex
 
     lines = [
-        'SSHTestKey(\n',
-        '    public_key=' + f(key.public_key) + ',\n',
-        '    public_key_data=' + f(key.public_key_data) + ',\n',
-        '    private_key=' + f(key.private_key) + ',\n',
-        '    private_key_blob=' + f(key.private_key_blob) + ',\n',
+        "SSHTestKey(\n",
+        "    public_key=" + f(key.public_key) + ",\n",
+        "    public_key_data=" + f(key.public_key_data) + ",\n",
+        "    private_key=" + f(key.private_key) + ",\n",
+        "    private_key_blob=" + f(key.private_key_blob) + ",\n",
     ]
     if key.expected_signatures:
         expected_signature_lines = [
-            'expected_signatures={\n',
+            "expected_signatures={\n",
         ]
         for sig in key.expected_signatures.values():
             expected_signature_lines.extend([
-                f'    {sig.signature_class!s}: '
-                'SSHTestKeyDeterministicSignature(\n',
-                '        signature=' + f(sig.signature) + ',\n',
-                '        derived_passphrase='
+                f"    {sig.signature_class!s}: "
+                "SSHTestKeyDeterministicSignature(\n",
+                "        signature=" + f(sig.signature) + ",\n",
+                "        derived_passphrase="
                 + f(sig.derived_passphrase)
-                + ',\n',
+                + ",\n",
             ])
             if (
                 sig.signature_class
                 != tests.SSHTestKeyDeterministicSignatureClass.SPEC
             ):
                 expected_signature_lines.append(
-                    f'        signature_class={sig.signature_class!s},\n'
+                    f"        signature_class={sig.signature_class!s},\n"
                 )
-            expected_signature_lines.append('    ),\n')
-        expected_signature_lines.append('},\n')
-        lines.extend('    ' + x for x in expected_signature_lines)
+            expected_signature_lines.append("    ),\n")
+        expected_signature_lines.append("},\n")
+        lines.extend("    " + x for x in expected_signature_lines)
     else:
-        lines.append('    expected_signatures={},\n')
-    lines.append(')')
+        lines.append("    expected_signatures={},\n")
+    lines.append(")")
 
-    return ''.join(lines)
+    return "".join(lines)
 
 
 def main(argv: list[str] | None = None) -> None:
@@ -165,27 +165,27 @@ def main(argv: list[str] | None = None) -> None:
     ap = argparse.ArgumentParser()
     group = ap.add_mutually_exclusive_group()
     group.add_argument(
-        '--rfc-6979',
-        action='store_const',
-        dest='deterministic_signature_class',
+        "--rfc-6979",
+        action="store_const",
+        dest="deterministic_signature_class",
         const=tests.SSHTestKeyDeterministicSignatureClass.RFC_6979,
         default=tests.SSHTestKeyDeterministicSignatureClass.RFC_6979,
-        help='assume RFC 6979 signatures for deterministic DSA',
+        help="assume RFC 6979 signatures for deterministic DSA",
     )
     group.add_argument(
-        '--pageant-068-080',
-        action='store_const',
-        dest='deterministic_signature_class',
+        "--pageant-068-080",
+        action="store_const",
+        dest="deterministic_signature_class",
         const=tests.SSHTestKeyDeterministicSignatureClass.Pageant_068_080,
         default=tests.SSHTestKeyDeterministicSignatureClass.RFC_6979,
-        help='assume Pageant 0.68-0.80 signatures for deterministic DSA',
+        help="assume Pageant 0.68-0.80 signatures for deterministic DSA",
     )
     ap.add_argument(
-        'keynames',
-        nargs='*',
-        metavar='KEYNAME',
-        help='query the named test key in the agent '
-        '(multiple use possible; default: all keys)',
+        "keynames",
+        nargs="*",
+        metavar="KEYNAME",
+        help="query the named test key in the agent "
+        "(multiple use possible; default: all keys)",
     )
     args = ap.parse_args(args=argv)
     if not args.keynames:
@@ -198,8 +198,8 @@ def main(argv: list[str] | None = None) -> None:
                 deterministic_signature_class=args.deterministic_signature_class,
             )
             if key is not None:
-                print(f'keys[{keyname!r}] =', format_key(key))
+                print(f"keys[{keyname!r}] =", format_key(key))
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     main()

src/derivepassphrase/__init__.py

Zeige Datei @ e981744

@@ -4,10 +4,10 @@
 
 """Work-alike of vault(1) – a deterministic, stateless password manager"""  # noqa: D415,RUF002
 
-__author__ = 'Marco Ricci <software@the13thletter.info>'
-__distribution_name__ = 'derivepassphrase'
+__author__ = "Marco Ricci <software@the13thletter.info>"
+__distribution_name__ = "derivepassphrase"
 
 # Automatically generated.  DO NOT EDIT! Use importlib.metadata instead
 # to query the correct values.
-__version__ = '0.5.2'
+__version__ = "0.5.2"
 # END automatically generated.

src/derivepassphrase/__main__.py

Zeige Datei @ e981744

@@ -5,7 +5,7 @@
 
 import sys
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     from derivepassphrase.cli import derivepassphrase
 
     sys.exit(derivepassphrase())

src/derivepassphrase/_internals/cli_helpers.py

Zeige Datei @ e981744

@@ -65,10 +65,10 @@ PROG_NAME = _msg.PROG_NAME
 KEY_DISPLAY_LENGTH = 50
 
 # Error messages
-INVALID_VAULT_CONFIG = 'Invalid vault config'
-AGENT_COMMUNICATION_ERROR = 'Error communicating with the SSH agent'
-NO_SUITABLE_KEYS = 'No suitable SSH keys were found'
-EMPTY_SELECTION = 'Empty selection'
+INVALID_VAULT_CONFIG = "Invalid vault config"
+AGENT_COMMUNICATION_ERROR = "Error communicating with the SSH agent"
+NO_SUITABLE_KEYS = "No suitable SSH keys were found"
+EMPTY_SELECTION = "Empty selection"
 
 
 # Shell completion
@@ -92,7 +92,7 @@ def shell_complete_path(
 ) -> list[str | click.shell_completion.CompletionItem]:
     """Request standard path completion for the `path` argument."""  # noqa: DOC201
     del ctx, parameter, value
-    return [click.shell_completion.CompletionItem('', type='file')]
+    return [click.shell_completion.CompletionItem("", type="file")]
 
 
 # The standard `click` shell completion scripts serialize the completion
@@ -128,7 +128,7 @@ def is_completable_item(obj: object) -> bool:
 
     """
     obj = str(obj)
-    forbidden = frozenset(chr(i) for i in range(32)) | {'\x7f'}
+    forbidden = frozenset(chr(i) for i in range(32)) | {"\x7f"}
     return not any(f in obj for f in forbidden)
 
 
@@ -150,7 +150,7 @@ def shell_complete_service(
         config = load_config()
         return sorted(
             sv
-            for sv in config['services']
+            for sv in config["services"]
             if sv.startswith(value) and is_completable_item(sv)
         )
     except FileNotFoundError:
@@ -158,7 +158,7 @@ def shell_complete_service(
             config, _exc = migrate_and_load_old_config()
             return sorted(
                 sv
-                for sv in config['services']
+                for sv in config["services"]
                 if sv.startswith(value) and is_completable_item(sv)
             )
         except FileNotFoundError:
@@ -171,14 +171,14 @@ def shell_complete_service(
 # =====
 
 config_filename_table = {
-    None: '.',
-    'write lock': '',
-    'vault': 'vault.json',
-    'user configuration': 'config.toml',
+    None: ".",
+    "write lock": "",
+    "vault": "vault.json",
+    "user configuration": "config.toml",
     # TODO(the-13th-letter): Remove the old settings.json file.
     # https://the13thletter.info/derivepassphrase/latest/upgrade-notes.html#v1.0-old-settings-file
-    'old settings.json': 'settings.json',
-    'notes backup': 'old-notes.txt',
+    "old settings.json": "settings.json",
+    "notes backup": "old-notes.txt",
 }
 
 LOCK_SIZE = 4096
@@ -243,7 +243,7 @@ class ConfigurationMutex:
 
     def __init__(self) -> None:
         """Initialize self."""
-        if sys.platform == 'win32':  # pragma: unless the-annoying-os no cover
+        if sys.platform == "win32":  # pragma: unless the-annoying-os no cover
             import msvcrt  # noqa: PLC0415
 
             locking = msvcrt.locking
@@ -276,14 +276,14 @@ class ConfigurationMutex:
                 )
                 self.write_lock_condition.notify()
                 self.write_lock_file.touch()
-                self.write_lock_fileobj = self.write_lock_file.open('wb')
+                self.write_lock_fileobj = self.write_lock_file.open("wb")
                 lock_fd(self.write_lock_fileobj.fileno())
 
         def unlock_func() -> None:
             with self.write_lock_condition:
                 assert self.write_lock_fileobj is not None, (
-                    'We lost track of the configuration write lock '
-                    'file object, so we cannot unlock it anymore!'
+                    "We lost track of the configuration write lock "
+                    "file object, so we cannot unlock it anymore!"
                 )
                 unlock_fd(self.write_lock_fileobj.fileno())
                 self.write_lock_fileobj.close()
@@ -292,7 +292,7 @@ class ConfigurationMutex:
         self.lock = lock_func
         self.unlock = unlock_func
         self.write_lock_fileobj = None
-        self.write_lock_file = config_filename('write lock')
+        self.write_lock_file = config_filename("write lock")
         self.write_lock_condition = threading.Condition(threading.Lock())
 
     def __enter__(self) -> Self:
@@ -364,28 +364,28 @@ def get_tempdir() -> pathlib.Path:
     """
     paths_to_try: list[pathlib.PurePath] = []
     env_paths_to_try = [
-        os.getenv('TMPDIR'),
-        os.getenv('TEMP'),
-        os.getenv('TMP'),
+        os.getenv("TMPDIR"),
+        os.getenv("TEMP"),
+        os.getenv("TMP"),
     ]
     paths_to_try.extend(
         pathlib.PurePath(p) for p in env_paths_to_try if p is not None
     )
     posix_paths_to_try = [
-        pathlib.PurePosixPath('/tmp'),  # noqa: S108
-        pathlib.PurePosixPath('/var/tmp'),  # noqa: S108
-        pathlib.PurePosixPath('/usr/tmp'),
+        pathlib.PurePosixPath("/tmp"),  # noqa: S108
+        pathlib.PurePosixPath("/var/tmp"),  # noqa: S108
+        pathlib.PurePosixPath("/usr/tmp"),
     ]
     windows_paths_to_try = [
-        pathlib.PureWindowsPath(r'~\AppData\Local\Temp'),
-        pathlib.PureWindowsPath(os.path.expandvars(r'%SYSTEMROOT%\Temp')),
-        pathlib.PureWindowsPath(r'C:\TEMP'),
-        pathlib.PureWindowsPath(r'C:\TMP'),
-        pathlib.PureWindowsPath(r'\TEMP'),
-        pathlib.PureWindowsPath(r'\TMP'),
+        pathlib.PureWindowsPath(r"~\AppData\Local\Temp"),
+        pathlib.PureWindowsPath(os.path.expandvars(r"%SYSTEMROOT%\Temp")),
+        pathlib.PureWindowsPath(r"C:\TEMP"),
+        pathlib.PureWindowsPath(r"C:\TMP"),
+        pathlib.PureWindowsPath(r"\TEMP"),
+        pathlib.PureWindowsPath(r"\TMP"),
     ]
     paths_to_try.extend(
-        windows_paths_to_try if sys.platform == 'win32' else posix_paths_to_try
+        windows_paths_to_try if sys.platform == "win32" else posix_paths_to_try
     )
     for p in paths_to_try:
         path = pathlib.Path(p).expanduser()
@@ -400,7 +400,7 @@ def get_tempdir() -> pathlib.Path:
 
 
 def config_filename(
-    subsystem: str | None = 'old settings.json',
+    subsystem: str | None = "old settings.json",
 ) -> pathlib.Path:
     """Return the filename of the configuration file for the subsystem.
 
@@ -429,21 +429,21 @@ def config_filename(
 
     """
     path = pathlib.Path(
-        os.getenv(PROG_NAME.upper() + '_PATH')
+        os.getenv(PROG_NAME.upper() + "_PATH")
         or click.get_app_dir(PROG_NAME, force_posix=True)
     )
-    if subsystem == 'write lock':
+    if subsystem == "write lock":
         path_hash = base64.b32encode(
             hashlib.sha256(os.fsencode(path.resolve())).digest()
         )
-        path_hash_text = path_hash[:12].lower().decode('ASCII')
+        path_hash_text = path_hash[:12].lower().decode("ASCII")
         temp_path = get_tempdir()
-        filename_ = f'derivepassphrase-lock-{path_hash_text}.txt'
+        filename_ = f"derivepassphrase-lock-{path_hash_text}.txt"
         return temp_path / filename_
     try:
         filename = config_filename_table[subsystem]
     except (KeyError, TypeError):  # pragma: no cover [failsafe]
-        msg = f'Unknown configuration subsystem: {subsystem!r}'
+        msg = f"Unknown configuration subsystem: {subsystem!r}"
         raise AssertionError(msg) from None
     return path / filename
 
@@ -465,8 +465,8 @@ def load_config() -> _types.VaultConfig:
             config.
 
     """
-    filename = config_filename(subsystem='vault')
-    with filename.open('rb') as fileobj:
+    filename = config_filename(subsystem="vault")
+    with filename.open("rb") as fileobj:
         data = json.load(fileobj)
     if not _types.is_vault_config(data):
         raise ValueError(INVALID_VAULT_CONFIG)
@@ -495,9 +495,9 @@ def migrate_and_load_old_config() -> tuple[_types.VaultConfig, OSError | None]:
             config.
 
     """
-    new_filename = config_filename(subsystem='vault')
-    old_filename = config_filename(subsystem='old settings.json')
-    with old_filename.open('rb') as fileobj:
+    new_filename = config_filename(subsystem="vault")
+    old_filename = config_filename(subsystem="old settings.json")
+    with old_filename.open("rb") as fileobj:
         data = json.load(fileobj)
     if not _types.is_vault_config(data):
         raise ValueError(INVALID_VAULT_CONFIG)
@@ -528,10 +528,10 @@ def save_config(config: _types.VaultConfig, /) -> None:
     """
     if not _types.is_vault_config(config):
         raise ValueError(INVALID_VAULT_CONFIG)
-    filename = config_filename(subsystem='vault')
+    filename = config_filename(subsystem="vault")
     filedir = filename.resolve().parent
     filedir.mkdir(parents=True, exist_ok=True)
-    with filename.open('w', encoding='UTF-8') as fileobj:
+    with filename.open("w", encoding="UTF-8") as fileobj:
         json.dump(
             config, fileobj, ensure_ascii=False, indent=2, sort_keys=True
         )
@@ -553,8 +553,8 @@ def load_user_config() -> dict[str, Any]:
             file.
 
     """
-    filename = config_filename(subsystem='user configuration')
-    with filename.open('rb') as fileobj:
+    filename = config_filename(subsystem="user configuration")
+    with filename.open("rb") as fileobj:
         return tomllib.load(fileobj)
 
 
@@ -625,8 +625,8 @@ def get_suitable_ssh_keys(
 
 def prompt_for_selection(
     items: Sequence[str | bytes],
-    heading: str = 'Possible choices:',
-    single_choice_prompt: str = 'Confirm this choice?',
+    heading: str = "Possible choices:",
+    single_choice_prompt: str = "Confirm this choice?",
     ctx: click.Context | None = None,
 ) -> int:
     """Prompt user for a choice among the given items.
@@ -667,20 +667,20 @@ def prompt_for_selection(
         click.echo(click.style(heading, bold=True), err=True, color=color)
     for i, x in enumerate(items, start=1):
         click.echo(
-            click.style(f'[{i}]', bold=True), nl=False, err=True, color=color
+            click.style(f"[{i}]", bold=True), nl=False, err=True, color=color
         )
-        click.echo(' ', nl=False, err=True, color=color)
+        click.echo(" ", nl=False, err=True, color=color)
         click.echo(x, err=True, color=color)
     if n > 1:
-        choices = click.Choice([''] + [str(i) for i in range(1, n + 1)])
+        choices = click.Choice([""] + [str(i) for i in range(1, n + 1)])
         try:
             choice = click.prompt(
-                f'Your selection? (1-{n}, leave empty to abort)',
+                f"Your selection? (1-{n}, leave empty to abort)",
                 err=True,
                 type=choices,
                 show_choices=False,
                 show_default=False,
-                default='',
+                default="",
             )
         except click.Abort:  # pragma: no cover [external]
             # This branch will not be triggered during testing on
@@ -690,12 +690,12 @@ def prompt_for_selection(
             # coverage.
             #
             # https://github.com/pallets/click/issues/2934
-            choice = ''
+            choice = ""
         if not choice:
             raise IndexError(EMPTY_SELECTION)
         return int(choice) - 1
     prompt_suffix = (
-        ' ' if single_choice_prompt.endswith(tuple('?.!')) else ': '
+        " " if single_choice_prompt.endswith(tuple("?.!")) else ": "
     )
     try:
         click.confirm(
@@ -895,21 +895,21 @@ def select_ssh_key(
     key_listing: list[str] = []
     unstring_prefix = ssh_agent.SSHAgentClient.unstring_prefix
     for key, comment in suitable_keys:
-        keytype = unstring_prefix(key)[0].decode('ASCII')
-        key_str = base64.standard_b64encode(key).decode('ASCII')
+        keytype = unstring_prefix(key)[0].decode("ASCII")
+        key_str = base64.standard_b64encode(key).decode("ASCII")
         remaining_key_display_length = KEY_DISPLAY_LENGTH - 1 - len(keytype)
         key_extract = min(
             key_str,
-            '...' + key_str[-remaining_key_display_length:],
+            "..." + key_str[-remaining_key_display_length:],
             key=len,
         )
-        comment_str = comment.decode('UTF-8', errors='replace')
-        key_listing.append(f'{keytype} {key_extract}  {comment_str}')
+        comment_str = comment.decode("UTF-8", errors="replace")
+        key_listing.append(f"{keytype} {key_extract}  {comment_str}")
     try:
         choice = prompt_for_selection(
             key_listing,
-            heading='Suitable SSH keys:',
-            single_choice_prompt='Use this key?',
+            heading="Suitable SSH keys:",
+            single_choice_prompt="Use this key?",
             ctx=ctx,
         )
     except IndexError:
@@ -933,10 +933,10 @@ def prompt_for_passphrase() -> str:
     """
     try:
         return cast(
-            'str',
+            "str",
             click.prompt(
-                'Passphrase',
-                default='',
+                "Passphrase",
+                default="",
                 hide_input=True,
                 show_default=False,
                 err=True,
@@ -949,7 +949,7 @@ def prompt_for_passphrase() -> str:
         # of nondeterminism, exclude it from coverage.
         #
         # https://github.com/pallets/click/issues/2934
-        return ''
+        return ""
 
 
 def toml_key(*parts: str) -> str:
@@ -957,29 +957,29 @@ def toml_key(*parts: str) -> str:
 
     def escape(string: str) -> str:
         translated = string.translate({
-            0: r'\u0000',
-            1: r'\u0001',
-            2: r'\u0002',
-            3: r'\u0003',
-            4: r'\u0004',
-            5: r'\u0005',
-            6: r'\u0006',
-            7: r'\u0007',
-            8: r'\b',
-            9: r'\t',
-            10: r'\n',
-            11: r'\u000B',
-            12: r'\f',
-            13: r'\r',
-            14: r'\u000E',
-            15: r'\u000F',
-            ord('"'): r'\"',
-            ord('\\'): r'\\',
-            127: r'\u007F',
+            0: r"\u0000",
+            1: r"\u0001",
+            2: r"\u0002",
+            3: r"\u0003",
+            4: r"\u0004",
+            5: r"\u0005",
+            6: r"\u0006",
+            7: r"\u0007",
+            8: r"\b",
+            9: r"\t",
+            10: r"\n",
+            11: r"\u000B",
+            12: r"\f",
+            13: r"\r",
+            14: r"\u000E",
+            15: r"\u000F",
+            ord('"'): r"\"",
+            ord("\\"): r"\\",
+            127: r"\u007F",
         })
         return f'"{translated}"' if translated != string else string
 
-    return '.'.join(map(escape, parts))
+    return ".".join(map(escape, parts))
 
 
 class ORIGIN(enum.Enum):
@@ -1026,23 +1026,23 @@ def check_for_misleading_passphrase(
             The main user configuration is invalid.
 
     """
-    form_key = 'unicode-normalization-form'
-    default_form: str = main_config.get('vault', {}).get(
-        f'default-{form_key}', 'NFC'
+    form_key = "unicode-normalization-form"
+    default_form: str = main_config.get("vault", {}).get(
+        f"default-{form_key}", "NFC"
     )
-    form_dict: dict[str, dict] = main_config.get('vault', {}).get(form_key, {})
+    form_dict: dict[str, dict] = main_config.get("vault", {}).get(form_key, {})
     form: Any = (
         default_form
-        if isinstance(key, ORIGIN) or key == ('global',)
+        if isinstance(key, ORIGIN) or key == ("global",)
         else form_dict.get(key[1], default_form)
     )
     config_key = (
-        toml_key('vault', key[1], form_key)
+        toml_key("vault", key[1], form_key)
         if isinstance(key, tuple) and len(key) > 1 and key[1] in form_dict
-        else f'vault.default-{form_key}'
+        else f"vault.default-{form_key}"
     )
-    if form not in {'NFC', 'NFD', 'NFKC', 'NFKD'}:
-        msg = f'Invalid value {form!r} for config key {config_key}'
+    if form not in {"NFC", "NFD", "NFKC", "NFKD"}:
+        msg = f"Invalid value {form!r} for config key {config_key}"
         raise AssertionError(msg)
     logger = logging.getLogger(PROG_NAME)
     formatted_key = (
@@ -1050,8 +1050,8 @@ def check_for_misleading_passphrase(
         if isinstance(key, ORIGIN)
         else _types.json_path(key)
     )
-    if 'phrase' in value:
-        phrase = value['phrase']
+    if "phrase" in value:
+        phrase = value["phrase"]
         if not unicodedata.is_normalized(form, phrase):
             logger.warning(
                 _msg.TranslatedString(
@@ -1060,7 +1060,7 @@ def check_for_misleading_passphrase(
                     form=form,
                 ),
                 stacklevel=2,
-                extra={'color': ctx.color if ctx is not None else None},
+                extra={"color": ctx.color if ctx is not None else None},
             )
 
 
@@ -1141,27 +1141,27 @@ def print_config_as_sh_script(
 
     """
     service_keys = (
-        'length',
-        'repeat',
-        'lower',
-        'upper',
-        'number',
-        'space',
-        'dash',
-        'symbol',
+        "length",
+        "repeat",
+        "lower",
+        "upper",
+        "number",
+        "space",
+        "dash",
+        "symbol",
     )
-    print('#!/bin/sh -e', file=outfile)
+    print("#!/bin/sh -e", file=outfile)
     print(file=outfile)
-    print(shlex.join([*prog_name_list, '--clear']), file=outfile)
+    print(shlex.join([*prog_name_list, "--clear"]), file=outfile)
     sv_obj_pairs: list[
         tuple[
             str | None,
             _types.VaultConfigGlobalSettings
             | _types.VaultConfigServicesSettings,
         ],
-    ] = list(config['services'].items())
-    if config.get('global', {}):
-        sv_obj_pairs.insert(0, (None, config['global']))
+    ] = list(config["services"].items())
+    if config.get("global", {}):
+        sv_obj_pairs.insert(0, (None, config["global"]))
     for sv, sv_obj in sv_obj_pairs:
         this_service_keys = tuple(k for k in service_keys if k in sv_obj)
         this_other_keys = tuple(k for k in sv_obj if k not in service_keys)
@@ -1169,37 +1169,37 @@ def print_config_as_sh_script(
             other_sv_obj = {k: sv_obj[k] for k in this_other_keys}  # type: ignore[literal-required]
             dumped_config = json.dumps(
                 (
-                    {'services': {sv: other_sv_obj}}
+                    {"services": {sv: other_sv_obj}}
                     if sv is not None
-                    else {'global': other_sv_obj, 'services': {}}
+                    else {"global": other_sv_obj, "services": {}}
                 ),
                 ensure_ascii=False,
                 indent=None,
             )
             print(
-                shlex.join([*prog_name_list, '--import', '-']) + " <<'HERE'",
+                shlex.join([*prog_name_list, "--import", "-"]) + " <<'HERE'",
                 dumped_config,
-                'HERE',
-                sep='\n',
+                "HERE",
+                sep="\n",
                 file=outfile,
             )
         if not this_service_keys and not this_other_keys and sv:
             dumped_config = json.dumps(
-                {'services': {sv: {}}},
+                {"services": {sv: {}}},
                 ensure_ascii=False,
                 indent=None,
             )
             print(
-                shlex.join([*prog_name_list, '--import', '-']) + " <<'HERE'",
+                shlex.join([*prog_name_list, "--import", "-"]) + " <<'HERE'",
                 dumped_config,
-                'HERE',
-                sep='\n',
+                "HERE",
+                sep="\n",
                 file=outfile,
             )
         elif this_service_keys:
-            tokens = [*prog_name_list, '--config']
+            tokens = [*prog_name_list, "--config"]
             for key in this_service_keys:
-                tokens.extend([f'--{key}', str(sv_obj[key])])  # type: ignore[literal-required]
+                tokens.extend([f"--{key}", str(sv_obj[key])])  # type: ignore[literal-required]
             if sv is not None:
-                tokens.extend(['--', sv])
+                tokens.extend(["--", sv])
             print(shlex.join(tokens), file=outfile)

src/derivepassphrase/_internals/cli_machinery.py

Zeige Datei @ e981744

@@ -41,9 +41,9 @@ VERSION = _internals.VERSION
 VERSION_OUTPUT_WRAPPING_WIDTH = 72
 
 # Error messages
-NOT_AN_INTEGER = 'not an integer'
-NOT_A_NONNEGATIVE_INTEGER = 'not a non-negative integer'
-NOT_A_POSITIVE_INTEGER = 'not a positive integer'
+NOT_AN_INTEGER = "not an integer"
+NOT_A_NONNEGATIVE_INTEGER = "not a non-negative integer"
+NOT_A_POSITIVE_INTEGER = "not a positive integer"
 
 
 # Logging
@@ -67,7 +67,7 @@ class ClickEchoStderrHandler(logging.Handler):
         click.echo(
             self.format(record),
             err=True,
-            color=getattr(record, 'color', None),
+            color=getattr(record, "color", None),
         )
 
 
@@ -103,7 +103,7 @@ class CLIofPackageFormatter(logging.Formatter):
         self.package_name = (
             package_name
             if package_name is not None
-            else prog_name.lower().replace(' ', '_').replace('-', '_')
+            else prog_name.lower().replace(" ", "_").replace("-", "_")
         )
 
     def format(self, record: logging.LogRecord) -> str:
@@ -142,38 +142,38 @@ class CLIofPackageFormatter(logging.Formatter):
 
         """
         preliminary_result = record.getMessage()
-        prefix = f'{self.prog_name}: '
-        if record.levelname == 'DEBUG':  # pragma: no cover [unused]
-            level_indicator = 'Debug: '
-        elif record.levelname == 'INFO':
-            level_indicator = ''
-        elif record.levelname == 'WARNING':
+        prefix = f"{self.prog_name}: "
+        if record.levelname == "DEBUG":  # pragma: no cover [unused]
+            level_indicator = "Debug: "
+        elif record.levelname == "INFO":
+            level_indicator = ""
+        elif record.levelname == "WARNING":
             level_indicator = (
-                f'{click.style("Deprecation warning", bold=True)}: '
-                if record.name.endswith('.deprecation')
-                else f'{click.style("Warning", bold=True)}: '
+                f"{click.style('Deprecation warning', bold=True)}: "
+                if record.name.endswith(".deprecation")
+                else f"{click.style('Warning', bold=True)}: "
             )
-        elif record.levelname in {'ERROR', 'CRITICAL'}:
-            level_indicator = ''
+        elif record.levelname in {"ERROR", "CRITICAL"}:
+            level_indicator = ""
         else:  # pragma: no cover [failsafe]
-            msg = f'Unsupported logging level: {record.levelname}'
+            msg = f"Unsupported logging level: {record.levelname}"
             raise AssertionError(msg)
         parts = [
-            ''.join(
+            "".join(
                 prefix + level_indicator + line
                 for line in preliminary_result.splitlines(True)  # noqa: FBT003
             )
         ]
         if record.exc_info:
-            parts.append(self.formatException(record.exc_info) + '\n')
-        return ''.join(parts)
+            parts.append(self.formatException(record.exc_info) + "\n")
+        return "".join(parts)
 
 
 class StandardCLILogging:
     """Set up CLI logging handlers upon instantiation."""
 
     prog_name = PROG_NAME
-    package_name = PROG_NAME.lower().replace(' ', '_').replace('-', '_')
+    package_name = PROG_NAME.lower().replace(" ", "_").replace("-", "_")
     cli_formatter = CLIofPackageFormatter(
         prog_name=prog_name, package_name=package_name
     )
@@ -182,7 +182,7 @@ class StandardCLILogging:
     cli_handler.setFormatter(cli_formatter)
     cli_handler.setLevel(logging.WARNING)
     warnings_handler = ClickEchoStderrHandler()
-    warnings_handler.addFilter(logging.Filter(name='py.warnings'))
+    warnings_handler.addFilter(logging.Filter(name="py.warnings"))
     warnings_handler.setFormatter(cli_formatter)
     warnings_handler.setLevel(logging.WARNING)
 
@@ -264,7 +264,7 @@ class StandardWarningsLoggingContextManager(StandardLoggingContextManager):
         self,
         handler: logging.Handler,
     ) -> None:
-        super().__init__(handler=handler, root_logger='py.warnings')
+        super().__init__(handler=handler, root_logger="py.warnings")
         self.stack: MutableSequence[
             tuple[
                 Callable[
@@ -303,7 +303,7 @@ class StandardWarningsLoggingContextManager(StandardLoggingContextManager):
                     message, category, filename, lineno, file, line
                 )
             else:
-                logging.getLogger('py.warnings').warning(
+                logging.getLogger("py.warnings").warning(
                     str(
                         warnings.formatwarning(
                             message, category, filename, lineno, line
@@ -330,8 +330,8 @@ class StandardWarningsLoggingContextManager(StandardLoggingContextManager):
         return ret
 
 
-P = ParamSpec('P')
-R = TypeVar('R')
+P = ParamSpec("P")
+R = TypeVar("R")
 
 
 def adjust_logging_level(
@@ -375,9 +375,9 @@ class OptionGroupOption(click.Option):
 
     """
 
-    option_group_name: object = ''
+    option_group_name: object = ""
     """"""
-    epilog: object = ''
+    epilog: object = ""
     """"""
 
     def __init__(self, *args: Any, **kwargs: Any) -> None:  # noqa: ANN401
@@ -390,7 +390,7 @@ class OptionGroupOption(click.Option):
         # help text from the constructor arguments and re-adding it,
         # unprocessed, after constructor finishes.
         unset = object()
-        help = kwargs.pop('help', unset)  # noqa: A001
+        help = kwargs.pop("help", unset)  # noqa: A001
         super().__init__(*args, **kwargs)
         if help is not unset:  # pragma: no branch
             self.help = help
@@ -458,7 +458,7 @@ class CommandWithHelpGroups(click.Command):
     @staticmethod
     def _text(text: object, /) -> str:
         if isinstance(text, (list, tuple)):
-            return '\n\n'.join(str(x) for x in text)
+            return "\n\n".join(str(x) for x in text)
         return str(text)
 
     # This method is based on click 8.1; see the comment above the class
@@ -542,7 +542,7 @@ class CommandWithHelpGroups(click.Command):
                 self._text(self.help), limit
             )
         else:  # pragma: no cover [external-api]
-            text = ''
+            text = ""
         if self.deprecated:  # pragma: no cover [external-api]
             # Modification against click 8.1: The translated string is
             # looked up in the derivepassphrase message domain, not the
@@ -574,9 +574,9 @@ class CommandWithHelpGroups(click.Command):
         # Used to implement translatable strings, as objects that
         # stringify to the translation.
         text = (
-            inspect.cleandoc(self._text(self.help).partition('\f')[0])
+            inspect.cleandoc(self._text(self.help).partition("\f")[0])
             if self.help is not None
-            else ''
+            else ""
         )
         if self.deprecated:  # pragma: no cover [external-api]
             # Modification against click 8.1: The translated string is
@@ -623,7 +623,7 @@ class CommandWithHelpGroups(click.Command):
                 The formatter for the `--help` listing.
 
         """
-        default_group_name = ''
+        default_group_name = ""
         help_records: dict[str, list[tuple[str, str]]] = {}
         epilogs: dict[str, str] = {}
         params = self.params[:]
@@ -656,7 +656,7 @@ class CommandWithHelpGroups(click.Command):
         for group_name, records in help_records.items():
             with formatter.section(group_name):
                 formatter.write_dl(records)
-            epilog = inspect.cleandoc(epilogs.get(group_name, ''))
+            epilog = inspect.cleandoc(epilogs.get(group_name, ""))
             if epilog:
                 formatter.write_paragraph()
                 with formatter.indentation():
@@ -697,7 +697,7 @@ class CommandWithHelpGroups(click.Command):
             limit = formatter.width - 6 - len(longest_command)
             rows: list[tuple[str, str]] = []
             for subcommand, cmd in commands:
-                help_str = self._text(cmd.get_short_help_str(limit) or '')
+                help_str = self._text(cmd.get_short_help_str(limit) or "")
                 rows.append((subcommand, help_str))
             if rows:  # pragma: no branch
                 commands_label = self._text(
@@ -822,20 +822,20 @@ class DefaultToVaultGroup(CommandWithHelpGroups, click.Group):
             #
             # END modifications for derivepassphrase
             ####
-            if cmd_name.startswith('-'):
+            if cmd_name.startswith("-"):
                 self.parse_args(ctx, ctx.args)
             ####
             # BEGIN modifications for derivepassphrase
             #
             # Instead of calling ctx.fail here, default to "vault", and
             # issue a deprecation warning.
-            deprecation = logging.getLogger(f'{PROG_NAME}.deprecation')
+            deprecation = logging.getLogger(f"{PROG_NAME}.deprecation")
             deprecation.warning(
                 _msg.TranslatedString(
                     _msg.WarnMsgTemplate.V10_SUBCOMMAND_REQUIRED
                 )
             )
-            cmd_name = 'vault'
+            cmd_name = "vault"
             cmd = self.get_command(ctx, cmd_name)
             assert cmd is not None, 'Mandatory subcommand "vault" missing!'
             args = [cmd_name, *args]
@@ -984,15 +984,15 @@ def common_version_output(
     del param, value
     major_dependencies: list[str] = []
     try:
-        cryptography_version = importlib.metadata.version('cryptography')
+        cryptography_version = importlib.metadata.version("cryptography")
     except ModuleNotFoundError:
         pass
     else:
-        major_dependencies.append(f'cryptography {cryptography_version}')
-    major_dependencies.append(f'click {importlib.metadata.version("click")}')
+        major_dependencies.append(f"cryptography {cryptography_version}")
+    major_dependencies.append(f"click {importlib.metadata.version('click')}")
 
     click.echo(
-        ' '.join([
+        " ".join([
             click.style(PROG_NAME, bold=True),
             VERSION,
         ]),
@@ -1022,26 +1022,26 @@ def print_version_info_types(
             formatted_item_list_pieces: list[str] = []
             n = len(item_list)
             for i, item in enumerate(item_list, start=1):
-                space = ' '
-                punctuation = '.' if i == n else ','
+                space = " "
+                punctuation = "." if i == n else ","
                 if (
                     current_length + len(space) + len(item) + len(punctuation)
                     <= VERSION_OUTPUT_WRAPPING_WIDTH
                 ):
                     current_length += len(space) + len(item) + len(punctuation)
-                    piece = f'{space}{item}{punctuation}'
+                    piece = f"{space}{item}{punctuation}"
                 else:
-                    space = '    '
+                    space = "    "
                     current_length = len(space) + len(item) + len(punctuation)
-                    piece = f'\n{space}{item}{punctuation}'
+                    piece = f"\n{space}{item}{punctuation}"
                 formatted_item_list_pieces.append(piece)
             click.echo(
-                ''.join([
+                "".join([
                     click.style(
                         str(_msg.TranslatedString(message_label)),
                         bold=True,
                     ),
-                    ''.join(formatted_item_list_pieces),
+                    "".join(formatted_item_list_pieces),
                 ]),
                 color=ctx.color,
             )
@@ -1159,7 +1159,7 @@ def version_option(
     ],
 ) -> Callable[[Callable[P, R]], Callable[P, R]]:
     return click.option(
-        '--version',
+        "--version",
         is_flag=True,
         is_eager=True,
         expose_value=False,
@@ -1170,14 +1170,14 @@ def version_option(
 
 
 color_forcing_pseudo_option = click.option(
-    '--_pseudo-option-color-forcing',
-    '_color_forcing',
+    "--_pseudo-option-color-forcing",
+    "_color_forcing",
     is_flag=True,
     is_eager=True,
     expose_value=False,
     hidden=True,
     callback=color_forcing_callback,
-    help='(pseudo-option)',
+    help="(pseudo-option)",
 )
 
 
@@ -1228,12 +1228,12 @@ class LoggingOption(OptionGroupOption):
     """Logging options for the CLI."""
 
     option_group_name = _msg.TranslatedString(_msg.Label.LOGGING_LABEL)
-    epilog = ''
+    epilog = ""
 
 
 debug_option = click.option(
-    '--debug',
-    'logging_level',
+    "--debug",
+    "logging_level",
     is_flag=True,
     flag_value=logging.DEBUG,
     expose_value=False,
@@ -1242,9 +1242,9 @@ debug_option = click.option(
     cls=LoggingOption,
 )
 verbose_option = click.option(
-    '-v',
-    '--verbose',
-    'logging_level',
+    "-v",
+    "--verbose",
+    "logging_level",
     is_flag=True,
     flag_value=logging.INFO,
     expose_value=False,
@@ -1253,9 +1253,9 @@ verbose_option = click.option(
     cls=LoggingOption,
 )
 quiet_option = click.option(
-    '-q',
-    '--quiet',
-    'logging_level',
+    "-q",
+    "--quiet",
+    "logging_level",
     is_flag=True,
     flag_value=logging.ERROR,
     expose_value=False,
@@ -1324,9 +1324,9 @@ class ZshComplete(click.shell_completion.ZshComplete):
         non-degenerate.
 
         """
-        help_ = item.help or '_'
-        value = item.value.replace(':', r'\:' if help_ != '_' else ':')
-        return f'{item.type}\n{value}\n{help_}'
+        help_ = item.help or "_"
+        value = item.value.replace(":", r"\:" if help_ != "_" else ":")
+        return f"{item.type}\n{value}\n{help_}"
 
 
 # Our ZshComplete class depends crucially on the exact shape of the Zsh

src/derivepassphrase/_internals/cli_messages.py

Zeige Datei @ e981744

@@ -40,7 +40,7 @@ if TYPE_CHECKING:
 
     from typing_extensions import Any, Self
 
-__all__ = ('PROG_NAME',)
+__all__ = ("PROG_NAME",)
 
 PROG_NAME = _internals.PROG_NAME
 VERSION = _internals.VERSION
@@ -88,22 +88,22 @@ def load_translations(
         # stores its packaged translations.  Then reimplement `gettext.find`
         # and `gettext.translation` with support for `importlib.resources`.
         # The heavy lifting is already being done by `locale.normalize`.
-        if sys.platform.startswith('win'):
+        if sys.platform.startswith("win"):
             xdg_data_home = (
-                pathlib.Path(os.environ['APPDATA'])
-                if os.environ.get('APPDATA')
-                else pathlib.Path('~').expanduser()
+                pathlib.Path(os.environ["APPDATA"])
+                if os.environ.get("APPDATA")
+                else pathlib.Path("~").expanduser()
             )
-        elif os.environ.get('XDG_DATA_HOME'):
-            xdg_data_home = pathlib.Path(os.environ['XDG_DATA_HOME'])
+        elif os.environ.get("XDG_DATA_HOME"):
+            xdg_data_home = pathlib.Path(os.environ["XDG_DATA_HOME"])
         else:
             xdg_data_home = (
-                pathlib.Path('~').expanduser() / '.local' / '.share'
+                pathlib.Path("~").expanduser() / ".local" / ".share"
             )
         localedirs = [
-            pathlib.Path(xdg_data_home, 'locale'),
-            pathlib.Path(sys.prefix, 'share', 'locale'),
-            pathlib.Path(sys.base_prefix, 'share', 'locale'),
+            pathlib.Path(xdg_data_home, "locale"),
+            pathlib.Path(sys.prefix, "share", "locale"),
+            pathlib.Path(sys.base_prefix, "share", "locale"),
         ]
     for localedir in localedirs:
         with contextlib.suppress(OSError):
@@ -137,13 +137,13 @@ class DebugTranslations(gettext.NullTranslations):
         cache = _debug_translation_message_cache
         for enum_class in MSG_TEMPLATE_CLASSES:
             for member in enum_class.__members__.values():
-                value = cast('TranslatableString', member.value)
+                value = cast("TranslatableString", member.value)
                 queue: list[tuple[TranslatableString, frozenset[str]]] = [
                     (value, frozenset())
                 ]
                 value2 = value.maybe_without_filename()
                 if value != value2:
-                    queue.append((value2, frozenset({'filename'})))
+                    queue.append((value2, frozenset({"filename"})))
                 for v, trimmed in queue:
                     singular = v.singular
                     plural = v.plural
@@ -158,8 +158,8 @@ class DebugTranslations(gettext.NullTranslations):
         message: str,
         /,
         *,
-        context: str = '',
-        message_plural: str = '',
+        context: str = "",
+        message_plural: str = "",
         n: int = 1,
     ) -> str:
         try:
@@ -170,7 +170,7 @@ class DebugTranslations(gettext.NullTranslations):
             return message if not message_plural or n == 1 else message_plural
         return cls._format_enum_name_maybe_with_fields(
             enum_name=str(enum_value),
-            ts=cast('TranslatableString', enum_value.value),
+            ts=cast("TranslatableString", enum_value.value),
             trimmed=trimmed,
         )
 
@@ -181,11 +181,11 @@ class DebugTranslations(gettext.NullTranslations):
         trimmed: frozenset[str] = frozenset(),
     ) -> str:
         formatted_fields = [
-            f'{f}=None' if f in trimmed else f'{f}={{{f}!r}}'
+            f"{f}=None" if f in trimmed else f"{f}={{{f}!r}}"
             for f in ts.fields()
         ]
         return (
-            '{}({})'.format(enum_name, ', '.join(formatted_fields))
+            "{}({})".format(enum_name, ", ".join(formatted_fields))
             if formatted_fields
             else str(enum_name)
         )
@@ -261,11 +261,11 @@ class TranslatableString(NamedTuple):
     """"""
     singular: str
     """"""
-    plural: str = ''
+    plural: str = ""
     """"""
     flags: frozenset[str] = frozenset()
     """"""
-    translator_comments: str = ''
+    translator_comments: str = ""
     """"""
 
     def fields(self) -> list[str]:
@@ -277,15 +277,15 @@ class TranslatableString(NamedTuple):
                 implemented.
 
         """
-        if 'python-format' in self.flags:  # pragma: no cover [unused]
+        if "python-format" in self.flags:  # pragma: no cover [unused]
             err_msg = (
-                'Replacement field discovery for %-formatting '
-                'is not implemented'
+                "Replacement field discovery for %-formatting "
+                "is not implemented"
             )
             raise NotImplementedError(err_msg)
         if (
-            'no-python-brace-format' in self.flags
-            or 'python-brace-format' not in self.flags
+            "no-python-brace-format" in self.flags
+            or "python-brace-format" not in self.flags
         ):
             return []
         formatter = string.Formatter()
@@ -303,19 +303,19 @@ class TranslatableString(NamedTuple):
         fix_sentence_endings: bool = True,
     ) -> str:
         string = inspect.cleandoc(string)
-        if not any(s.strip() == '\b' for s in string.splitlines()):
-            string = '\n'.join(
+        if not any(s.strip() == "\b" for s in string.splitlines()):
+            string = "\n".join(
                 textwrap.wrap(
                     string,
-                    width=float('inf'),  # type: ignore[arg-type]
+                    width=float("inf"),  # type: ignore[arg-type]
                     fix_sentence_endings=fix_sentence_endings,
                 )
             )
         else:
-            string = ''.join(
+            string = "".join(
                 s
                 for s in string.splitlines(True)  # noqa: FBT003
-                if s.strip() != '\b'
+                if s.strip() != "\b"
             )
         return string
 
@@ -329,7 +329,7 @@ class TranslatableString(NamedTuple):
         necessarily in other languages.
 
         """
-        filename_str = ': {filename!r}'
+        filename_str = ": {filename!r}"
         ret = self
         a, sep1, b = self.singular.partition(filename_str)
         c, sep2, d = self.plural.partition(filename_str)
@@ -369,9 +369,9 @@ class TranslatableString(NamedTuple):
 
         """
         if comments.strip() and not comments.lstrip().startswith(
-            'TRANSLATORS:'
+            "TRANSLATORS:"
         ):  # pragma: no cover [unused]
-            comments = 'TRANSLATORS: ' + comments.lstrip()
+            comments = "TRANSLATORS: " + comments.lstrip()
         comments = self._maybe_rewrap(comments, fix_sentence_endings=False)
         return self._replace(translator_comments=comments)
 
@@ -388,29 +388,29 @@ class TranslatableString(NamedTuple):
                 message for details.
 
         Examples:
-            >>> TranslatableString('', 'all OK').validate_flags()
+            >>> TranslatableString("", "all OK").validate_flags()
             ... # doctest: +NORMALIZE_WHITESPACE
             TranslatableString(l10n_context='', singular='all OK', plural='',
                                flags=frozenset(), translator_comments='')
-            >>> TranslatableString('', '20% OK').validate_flags(
-            ...     'no-python-format'
+            >>> TranslatableString("", "20% OK").validate_flags(
+            ...     "no-python-format"
             ... )
             ... # doctest: +NORMALIZE_WHITESPACE
             TranslatableString(l10n_context='', singular='20% OK', plural='',
                                flags=frozenset({'no-python-format'}),
                                translator_comments='')
-            >>> TranslatableString('', '%d items').validate_flags()
+            >>> TranslatableString("", "%d items").validate_flags()
             ... # doctest: +ELLIPSIS
             Traceback (most recent call last):
                 ...
             ValueError: Missing flag for how to deal with percent character ...
-            >>> TranslatableString('', '{braces}').validate_flags()
+            >>> TranslatableString("", "{braces}").validate_flags()
             ... # doctest: +ELLIPSIS
             Traceback (most recent call last):
                 ...
             ValueError: Missing flag for how to deal with brace character ...
-            >>> TranslatableString('', 'no braces').validate_flags(
-            ...     'python-brace-format'
+            >>> TranslatableString("", "no braces").validate_flags(
+            ...     "python-brace-format"
             ... )
             ... # doctest: +ELLIPSIS
             Traceback (most recent call last):
@@ -419,28 +419,28 @@ class TranslatableString(NamedTuple):
 
         """
         all_flags = frozenset(f.strip() for f in self.flags.union(extra_flags))
-        if '{' in self.singular and not bool(
-            all_flags & {'python-brace-format', 'no-python-brace-format'}
+        if "{" in self.singular and not bool(
+            all_flags & {"python-brace-format", "no-python-brace-format"}
         ):
             msg = (
-                f'Missing flag for how to deal with brace character '
-                f'in {self.singular!r}'
+                f"Missing flag for how to deal with brace character "
+                f"in {self.singular!r}"
             )
             raise ValueError(msg)
-        if '%' in self.singular and not bool(
-            all_flags & {'python-format', 'no-python-format'}
+        if "%" in self.singular and not bool(
+            all_flags & {"python-format", "no-python-format"}
         ):
             msg = (
-                f'Missing flag for how to deal with percent character '
-                f'in {self.singular!r}'
+                f"Missing flag for how to deal with percent character "
+                f"in {self.singular!r}"
             )
             raise ValueError(msg)
         if (
-            all_flags & {'python-format', 'python-brace-format'}
-            and '%' not in self.singular
-            and '{' not in self.singular
+            all_flags & {"python-format", "python-brace-format"}
+            and "%" not in self.singular
+            and "{" not in self.singular
         ):
-            msg = f'Missing format string parameters in {self.singular!r}'
+            msg = f"Missing format string parameters in {self.singular!r}"
             raise ValueError(msg)
         return self._replace(flags=all_flags)
 
@@ -450,8 +450,8 @@ def translatable(
     single: str,
     /,
     flags: Iterable[str] = (),
-    plural: str = '',
-    comments: str = '',
+    plural: str = "",
+    comments: str = "",
 ) -> TranslatableString:
     """Return a [`TranslatableString`][] with validated parts.
 
@@ -502,7 +502,7 @@ class TranslatedString:
 
         """
         if isinstance(template, MSG_TEMPLATE_CLASSES):
-            template = cast('TranslatableString', template.value)
+            template = cast("TranslatableString", template.value)
         self.template = template
         self.kwargs = {**args_dict, **kwargs}
         self._rendered: str | None = None
@@ -522,8 +522,8 @@ class TranslatedString:
     def __repr__(self) -> str:  # pragma: no cover [debug]
         """"""  # noqa: D419
         return (
-            f'{self.__class__.__name__}({self.template!r}, '
-            f'{dict(self.kwargs)!r})'
+            f"{self.__class__.__name__}({self.template!r}, "
+            f"{dict(self.kwargs)!r})"
         )
 
     def __str__(self) -> str:
@@ -537,12 +537,12 @@ class TranslatedString:
         if self._rendered is None:
             do_escape = False
             if isinstance(self.template, str):
-                context = ''
+                context = ""
                 template = self.template
             else:
                 context = self.template.l10n_context
                 template = self.template.singular
-                do_escape = 'no-python-brace-format' in self.template.flags
+                do_escape = "no-python-brace-format" in self.template.flags
             template = (
                 translation.pgettext(context, template)
                 if context
@@ -559,8 +559,8 @@ class TranslatedString:
     @staticmethod
     def _escape(template: str) -> str:
         return template.translate({
-            ord('{'): '{{',
-            ord('}'): '}}',
+            ord("{"): "{{",
+            ord("}"): "}}",
         })
 
     @classmethod
@@ -583,7 +583,7 @@ class TranslatedString:
         )
         if (
             not isinstance(new_template, str)
-            and self.kwargs.get('filename') is None
+            and self.kwargs.get("filename") is None
             and new_template != self.template
         ):
             return self.__class__(new_template, self.kwargs)
@@ -599,8 +599,8 @@ class TranslatableStringConstructor(Protocol):
         single: str,
         /,
         flags: Iterable[str] = (),
-        plural: str = '',
-        comments: str = '',
+        plural: str = "",
+        comments: str = "",
     ) -> TranslatableString:
         """Return a [`TranslatableString`][] from these parts.
 
@@ -612,7 +612,7 @@ class TranslatableStringConstructor(Protocol):
         """
 
 
-def commented(comments: str = '', /) -> TranslatableStringConstructor:
+def commented(comments: str = "", /) -> TranslatableStringConstructor:
     """A "decorator" for readably constructing commented enum values.
 
     Returns a partial application of [`translatable`][] with the `comments`
@@ -640,161 +640,161 @@ class Label(enum.Enum):
     """
 
     DEPRECATION_WARNING_LABEL = commented(
-        'This is a short label that will be prepended to '
+        "This is a short label that will be prepended to "
         'a warning message, e.g., "Deprecation warning: A subcommand '
         'will be required in v1.0."',
     )(
-        'Label :: Diagnostics :: Marker',
-        'Deprecation warning',
+        "Label :: Diagnostics :: Marker",
+        "Deprecation warning",
     )
     """"""
     WARNING_LABEL = commented(
-        'This is a short label that will be prepended to '
+        "This is a short label that will be prepended to "
         'a warning message, e.g., "Warning: An empty service name '
         'is not supported by vault(1)."',
     )(
-        'Label :: Diagnostics :: Marker',
-        'Warning',
+        "Label :: Diagnostics :: Marker",
+        "Warning",
     )
     """"""
     CANNOT_UPDATE_SETTINGS_METAVAR_SETTINGS_TYPE_GLOBAL = commented(
-        'This is one of two values of the settings_type metavar '
-        'used in the CANNOT_UPDATE_SETTINGS_NO_SETTINGS entry.  '
-        'It is only used there.  '
-        'The full sentence then reads: '
+        "This is one of two values of the settings_type metavar "
+        "used in the CANNOT_UPDATE_SETTINGS_NO_SETTINGS entry.  "
+        "It is only used there.  "
+        "The full sentence then reads: "
         '"Cannot update the global settings without any given settings."',
     )(
-        'Label :: Error message :: Metavar',
-        'global settings',
+        "Label :: Error message :: Metavar",
+        "global settings",
     )
     """"""
     CANNOT_UPDATE_SETTINGS_METAVAR_SETTINGS_TYPE_SERVICE = commented(
-        'This is one of two values of the settings_type metavar '
-        'used in the CANNOT_UPDATE_SETTINGS_NO_SETTINGS entry.  '
-        'It is only used there.  '
-        'The full sentence then reads: '
+        "This is one of two values of the settings_type metavar "
+        "used in the CANNOT_UPDATE_SETTINGS_NO_SETTINGS entry.  "
+        "It is only used there.  "
+        "The full sentence then reads: "
         '"Cannot update the service-specific settings without any '
         'given settings."',
     )(
-        'Label :: Error message :: Metavar',
-        'service-specific settings',
+        "Label :: Error message :: Metavar",
+        "service-specific settings",
     )
     """"""
     SETTINGS_ORIGIN_INTERACTIVE = commented(
-        'This value is used as the {key} metavar for '
-        'Label.PASSPHRASE_NOT_NORMALIZED if the passphrase was '
-        'entered interactively.',
+        "This value is used as the {key} metavar for "
+        "Label.PASSPHRASE_NOT_NORMALIZED if the passphrase was "
+        "entered interactively.",
     )(
-        'Label :: Error message :: Metavar',
-        'interactive input',
+        "Label :: Error message :: Metavar",
+        "interactive input",
     )
     CONFIGURATION_EPILOG = commented(
-        '',
+        "",
     )(
-        'Label :: Help text :: Explanation',
-        'Use $VISUAL or $EDITOR to configure the spawned editor.',
+        "Label :: Help text :: Explanation",
+        "Use $VISUAL or $EDITOR to configure the spawned editor.",
     )
     """"""
     DERIVEPASSPHRASE_02 = commented(
-        '',
+        "",
     )(
-        'Label :: Help text :: Explanation',
+        "Label :: Help text :: Explanation",
         'The currently implemented subcommands are "vault" '
         '(for the scheme used by vault) and "export" '
-        '(for exporting foreign configuration data).  '
-        'See the respective `--help` output for instructions.  '
+        "(for exporting foreign configuration data).  "
+        "See the respective `--help` output for instructions.  "
         'If no subcommand is given, we default to "vault".',
     )
     """"""
     DERIVEPASSPHRASE_03 = commented(
-        '',
+        "",
     )(
-        'Label :: Help text :: Explanation',
+        "Label :: Help text :: Explanation",
         'Deprecation notice: Defaulting to "vault" is deprecated.  '
-        'Starting in v1.0, the subcommand must be specified explicitly.',
+        "Starting in v1.0, the subcommand must be specified explicitly.",
     )
     """"""
     DERIVEPASSPHRASE_EPILOG_01 = commented(
-        '',
+        "",
     )(
-        'Label :: Help text :: Explanation',
-        'Configuration is stored in a directory according to the '
-        '`DERIVEPASSPHRASE_PATH` variable, which defaults to '
-        '`~/.derivepassphrase` on UNIX-like systems and '
-        r'`C:\Users\<user>\AppData\Roaming\Derivepassphrase` on Windows.',
+        "Label :: Help text :: Explanation",
+        "Configuration is stored in a directory according to the "
+        "`DERIVEPASSPHRASE_PATH` variable, which defaults to "
+        "`~/.derivepassphrase` on UNIX-like systems and "
+        r"`C:\Users\<user>\AppData\Roaming\Derivepassphrase` on Windows.",
     )
     """"""
     DERIVEPASSPHRASE_EXPORT_02 = commented(
-        '',
+        "",
     )(
-        'Label :: Help text :: Explanation',
+        "Label :: Help text :: Explanation",
         'The only available subcommand is "vault", '
-        'which implements the vault-native configuration scheme.  '
+        "which implements the vault-native configuration scheme.  "
         'If no subcommand is given, we default to "vault".',
     )
     """"""
     DERIVEPASSPHRASE_EXPORT_03 = DERIVEPASSPHRASE_03
     """"""
     DERIVEPASSPHRASE_EXPORT_VAULT_02 = commented(
-        'The metavar is Label.EXPORT_VAULT_METAVAR_PATH.',
+        "The metavar is Label.EXPORT_VAULT_METAVAR_PATH.",
     )(
-        'Label :: Help text :: Explanation',
-        'Depending on the configuration format, '
-        '{path_metavar} may either be a file or a directory.  '
+        "Label :: Help text :: Explanation",
+        "Depending on the configuration format, "
+        "{path_metavar} may either be a file or a directory.  "
         'We support the vault "v0.2", "v0.3" and "storeroom" formats.',
-        flags='python-brace-format',
+        flags="python-brace-format",
     )
     """"""
     DERIVEPASSPHRASE_EXPORT_VAULT_03 = commented(
-        'The metavar is Label.EXPORT_VAULT_METAVAR_PATH.',
+        "The metavar is Label.EXPORT_VAULT_METAVAR_PATH.",
     )(
-        'Label :: Help text :: Explanation',
-        'If {path_metavar} is explicitly given as `VAULT_PATH`, '
-        'then use the `VAULT_PATH` environment variable to '
-        'determine the correct path.  '
-        '(Use `./VAULT_PATH` or similar to indicate a file/directory '
-        'actually named `VAULT_PATH`.)',
-        flags='python-brace-format',
+        "Label :: Help text :: Explanation",
+        "If {path_metavar} is explicitly given as `VAULT_PATH`, "
+        "then use the `VAULT_PATH` environment variable to "
+        "determine the correct path.  "
+        "(Use `./VAULT_PATH` or similar to indicate a file/directory "
+        "actually named `VAULT_PATH`.)",
+        flags="python-brace-format",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_02 = commented(
-        'The metavar is Label.VAULT_METAVAR_SERVICE.',
+        "The metavar is Label.VAULT_METAVAR_SERVICE.",
     )(
-        'Label :: Help text :: Explanation',
-        'If operating on global settings, or importing/exporting settings, '
-        'then {service_metavar} must be omitted.  '
-        'Otherwise it is required.',
-        flags='python-brace-format',
+        "Label :: Help text :: Explanation",
+        "If operating on global settings, or importing/exporting settings, "
+        "then {service_metavar} must be omitted.  "
+        "Otherwise it is required.",
+        flags="python-brace-format",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_EPILOG_01 = commented(
-        '',
+        "",
     )(
-        'Label :: Help text :: Explanation',
-        'WARNING: There is NO WAY to retrieve the generated passphrases '
-        'if the master passphrase, the SSH key, or the exact '
-        'passphrase settings are lost, '
-        'short of trying out all possible combinations.  '
-        'You are STRONGLY advised to keep independent backups of '
-        'the settings and the SSH key, if any.',
+        "Label :: Help text :: Explanation",
+        "WARNING: There is NO WAY to retrieve the generated passphrases "
+        "if the master passphrase, the SSH key, or the exact "
+        "passphrase settings are lost, "
+        "short of trying out all possible combinations.  "
+        "You are STRONGLY advised to keep independent backups of "
+        "the settings and the SSH key, if any.",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_EPILOG_02 = commented(
-        '',
+        "",
     )(
-        'Label :: Help text :: Explanation',
-        'The configuration is NOT encrypted, and you are '
-        'STRONGLY discouraged from using a stored passphrase.',
+        "Label :: Help text :: Explanation",
+        "The configuration is NOT encrypted, and you are "
+        "STRONGLY discouraged from using a stored passphrase.",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_NOTES_INSTRUCTION_TEXT = commented(
         "This instruction text is shown above the user's old stored notes "
-        'for this service, if any, if the recommended '
+        "for this service, if any, if the recommended "
         '"modern" editor interface is used.  '
-        'The next line is the cut marking defined in '
-        'Label.DERIVEPASSPHRASE_VAULT_NOTES_MARKER.'
+        "The next line is the cut marking defined in "
+        "Label.DERIVEPASSPHRASE_VAULT_NOTES_MARKER."
     )(
-        'Label :: Help text :: Explanation',
+        "Label :: Help text :: Explanation",
         """\
 \b
 # Enter notes below the line with the cut mark (ASCII scissors and
@@ -809,591 +809,591 @@ class Label(enum.Enum):
     )
     """"""
     DERIVEPASSPHRASE_VAULT_NOTES_LEGACY_INSTRUCTION_TEXT = commented(
-        'This instruction text is shown if the vault(1)-compatible '
+        "This instruction text is shown if the vault(1)-compatible "
         '"legacy" editor interface is used and no previous notes exist.  '
-        'The interface does not support commentary in the notes, '
-        'so we fill this with obvious placeholder text instead.  '
-        '(Please replace this with what *your* language/culture would '
-        'obviously recognize as placeholder text.)'
+        "The interface does not support commentary in the notes, "
+        "so we fill this with obvious placeholder text instead.  "
+        "(Please replace this with what *your* language/culture would "
+        "obviously recognize as placeholder text.)"
     )(
-        'Label :: Help text :: Explanation',
-        'INSERT NOTES HERE',
+        "Label :: Help text :: Explanation",
+        "INSERT NOTES HERE",
     )
     """"""
     PASSPHRASE_GENERATION_EPILOG = commented(
-        'The metavar is Label.PASSPHRASE_GENERATION_METAVAR_NUMBER.',
+        "The metavar is Label.PASSPHRASE_GENERATION_METAVAR_NUMBER.",
     )(
-        'Label :: Help text :: Explanation',
-        'Use {metavar}=0 to exclude a character type from the output.',
-        flags='python-brace-format',
+        "Label :: Help text :: Explanation",
+        "Use {metavar}=0 to exclude a character type from the output.",
+        flags="python-brace-format",
     )
     """"""
     STORAGE_MANAGEMENT_EPILOG = commented(
-        'The metavar is Label.STORAGE_MANAGEMENT_METAVAR_PATH.',
+        "The metavar is Label.STORAGE_MANAGEMENT_METAVAR_PATH.",
     )(
-        'Label :: Help text :: Explanation',
+        "Label :: Help text :: Explanation",
         'Using "-" as {metavar} for standard input/standard output '
-        'is supported.',
-        flags='python-brace-format',
+        "is supported.",
+        flags="python-brace-format",
     )
     """"""
     DEPRECATED_COMMAND_LABEL = commented(
-        'We use this format string to indicate, at the beginning '
+        "We use this format string to indicate, at the beginning "
         "of a command's help text, that this command is deprecated.",
     )(
-        'Label :: Help text :: Marker',
-        '(Deprecated) {text}',
-        flags='python-brace-format',
+        "Label :: Help text :: Marker",
+        "(Deprecated) {text}",
+        flags="python-brace-format",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_NOTES_MARKER = commented(
-        'The marker for separating the text from '
-        'Label.DERIVEPASSPHRASE_VAULT_NOTES_INSTRUCTION_TEXT '
+        "The marker for separating the text from "
+        "Label.DERIVEPASSPHRASE_VAULT_NOTES_INSTRUCTION_TEXT "
         "from the user's input (below the marker).  "
-        'The first line starting with this label marks the separation point.',
+        "The first line starting with this label marks the separation point.",
     )(
-        'Label :: Help text :: Marker',
-        '# - - - - - >8 - - - - - >8 - - - - - >8 - - - - - >8 - - - - -',
+        "Label :: Help text :: Marker",
+        "# - - - - - >8 - - - - - >8 - - - - - >8 - - - - - >8 - - - - -",
     )
     """"""
     EXPORT_VAULT_FORMAT_METAVAR_FMT = commented(
-        'This text is used as {metavar} in '
-        'Label.EXPORT_VAULT_FORMAT_HELP_TEXT, yielding e.g. '
+        "This text is used as {metavar} in "
+        "Label.EXPORT_VAULT_FORMAT_HELP_TEXT, yielding e.g. "
         '"Try the following storage format FMT."',
     )(
-        'Label :: Help text :: Metavar :: export vault',
-        'FMT',
+        "Label :: Help text :: Metavar :: export vault",
+        "FMT",
     )
     """"""
     EXPORT_VAULT_KEY_METAVAR_K = commented(
-        'This text is used as {metavar} in '
-        'Label.EXPORT_VAULT_KEY_HELP_TEXT, yielding e.g. '
+        "This text is used as {metavar} in "
+        "Label.EXPORT_VAULT_KEY_HELP_TEXT, yielding e.g. "
         '"Use K as the storage master key."',
     )(
-        'Label :: Help text :: Metavar :: export vault',
-        'K',
+        "Label :: Help text :: Metavar :: export vault",
+        "K",
     )
     """"""
     EXPORT_VAULT_METAVAR_PATH = commented(
         'Used as "path_metavar" in '
-        'Label.DERIVEPASSPHRASE_EXPORT_VAULT_02 and others, '
+        "Label.DERIVEPASSPHRASE_EXPORT_VAULT_02 and others, "
         'yielding e.g. "Depending on the configuration format, '
         'PATH may either be a file or a directory."',
     )(
-        'Label :: Help text :: Metavar :: export vault',
-        'PATH',
+        "Label :: Help text :: Metavar :: export vault",
+        "PATH",
     )
     """"""
     PASSPHRASE_GENERATION_METAVAR_NUMBER = commented(
-        'This metavar is used in Label.PASSPHRASE_GENERATION_EPILOG, '
-        'Label.DERIVEPASSPHRASE_VAULT_LENGTH_HELP_TEXT and others, '
+        "This metavar is used in Label.PASSPHRASE_GENERATION_EPILOG, "
+        "Label.DERIVEPASSPHRASE_VAULT_LENGTH_HELP_TEXT and others, "
         'yielding e.g. "Ensure a passphrase length of NUMBER characters.".  ',
     )(
-        'Label :: Help text :: Metavar :: vault',
-        'NUMBER',
+        "Label :: Help text :: Metavar :: vault",
+        "NUMBER",
     )
     """"""
     STORAGE_MANAGEMENT_METAVAR_PATH = commented(
-        'This metavar is used in Label.STORAGE_MANAGEMENT_EPILOG, '
-        'Label.DERIVEPASSPHRASE_VAULT_IMPORT_HELP_TEXT and others, '
+        "This metavar is used in Label.STORAGE_MANAGEMENT_EPILOG, "
+        "Label.DERIVEPASSPHRASE_VAULT_IMPORT_HELP_TEXT and others, "
         'yielding e.g. "Ensure a passphrase length of NUMBER characters.".  ',
     )(
-        'Label :: Help text :: Metavar :: vault',
-        'PATH',
+        "Label :: Help text :: Metavar :: vault",
+        "PATH",
     )
     """"""
     VAULT_METAVAR_SERVICE = commented(
         'This metavar is used as "service_metavar" in multiple help texts, '
-        'such as Label.DERIVEPASSPHRASE_VAULT_CONFIG_HELP_TEXT, '
-        'Label.DERIVEPASSPHRASE_VAULT_02, ErrMsgTemplate.SERVICE_REQUIRED, '
+        "such as Label.DERIVEPASSPHRASE_VAULT_CONFIG_HELP_TEXT, "
+        "Label.DERIVEPASSPHRASE_VAULT_02, ErrMsgTemplate.SERVICE_REQUIRED, "
         'etc.  Sample texts are "Deriving a passphrase requires a SERVICE.", '
         '"save the given settings for SERVICE, or global" and '
         '"If operating on global settings, or importing/exporting settings, '
         'then SERVICE must be omitted."',
     )(
-        'Label :: Help text :: Metavar :: vault',
-        'SERVICE',
+        "Label :: Help text :: Metavar :: vault",
+        "SERVICE",
     )
     """"""
     DEBUG_OPTION_HELP_TEXT = commented(
-        '',
+        "",
     )(
-        'Label :: Help text :: One-line description',
-        'Also emit debug information.  Implies --verbose.',
+        "Label :: Help text :: One-line description",
+        "Also emit debug information.  Implies --verbose.",
     )
     """"""
     DERIVEPASSPHRASE_01 = commented(
-        'This is the first paragraph of the command help text, '
-        'but it also appears (in truncated form, if necessary) '
-        'as one-line help text for this command.  '
-        'The translation should thus be as meaningful as possible '
-        'even if truncated.',
+        "This is the first paragraph of the command help text, "
+        "but it also appears (in truncated form, if necessary) "
+        "as one-line help text for this command.  "
+        "The translation should thus be as meaningful as possible "
+        "even if truncated.",
     )(
-        'Label :: Help text :: One-line description',
-        'Derive a strong passphrase, deterministically, from a master secret.',
+        "Label :: Help text :: One-line description",
+        "Derive a strong passphrase, deterministically, from a master secret.",
     )
     """"""
     DERIVEPASSPHRASE_EXPORT_01 = commented(
-        'This is the first paragraph of the command help text, '
-        'but it also appears (in truncated form, if necessary) '
-        'as one-line help text for this command.  '
-        'The translation should thus be as meaningful as possible '
-        'even if truncated.',
+        "This is the first paragraph of the command help text, "
+        "but it also appears (in truncated form, if necessary) "
+        "as one-line help text for this command.  "
+        "The translation should thus be as meaningful as possible "
+        "even if truncated.",
     )(
-        'Label :: Help text :: One-line description',
-        'Export a foreign configuration to standard output.',
+        "Label :: Help text :: One-line description",
+        "Export a foreign configuration to standard output.",
     )
     """"""
     DERIVEPASSPHRASE_EXPORT_VAULT_01 = commented(
-        'This is the first paragraph of the command help text, '
-        'but it also appears (in truncated form, if necessary) '
-        'as one-line help text for this command.  '
-        'The translation should thus be as meaningful as possible '
-        'even if truncated.',
+        "This is the first paragraph of the command help text, "
+        "but it also appears (in truncated form, if necessary) "
+        "as one-line help text for this command.  "
+        "The translation should thus be as meaningful as possible "
+        "even if truncated.",
     )(
-        'Label :: Help text :: One-line description',
-        'Export a vault-native configuration to standard output.',
+        "Label :: Help text :: One-line description",
+        "Export a vault-native configuration to standard output.",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_01 = commented(
-        'This is the first paragraph of the command help text, '
-        'but it also appears (in truncated form, if necessary) '
-        'as one-line help text for this command.  '
-        'The translation should thus be as meaningful as possible '
-        'even if truncated.',
+        "This is the first paragraph of the command help text, "
+        "but it also appears (in truncated form, if necessary) "
+        "as one-line help text for this command.  "
+        "The translation should thus be as meaningful as possible "
+        "even if truncated.",
     )(
-        'Label :: Help text :: One-line description',
-        'Derive a passphrase using the vault derivation scheme.',
+        "Label :: Help text :: One-line description",
+        "Derive a passphrase using the vault derivation scheme.",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_CONFIG_HELP_TEXT = commented(
-        'The metavar is Label.VAULT_METAVAR_SERVICE.',
+        "The metavar is Label.VAULT_METAVAR_SERVICE.",
     )(
-        'Label :: Help text :: One-line description',
-        'Save the given settings for {service_metavar}, or global.',
-        flags='python-brace-format',
+        "Label :: Help text :: One-line description",
+        "Save the given settings for {service_metavar}, or global.",
+        flags="python-brace-format",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_DASH_HELP_TEXT = commented(
-        'The metavar is Label.PASSPHRASE_GENERATION_METAVAR_NUMBER.',
+        "The metavar is Label.PASSPHRASE_GENERATION_METAVAR_NUMBER.",
     )(
-        'Label :: Help text :: One-line description',
+        "Label :: Help text :: One-line description",
         'Ensure at least {metavar} "-" or "_" characters.',
-        flags='python-brace-format',
+        flags="python-brace-format",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_DELETE_ALL_HELP_TEXT = commented(
-        '',
+        "",
     )(
-        'Label :: Help text :: One-line description',
-        'Delete all settings.',
+        "Label :: Help text :: One-line description",
+        "Delete all settings.",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_DELETE_GLOBALS_HELP_TEXT = commented(
-        '',
+        "",
     )(
-        'Label :: Help text :: One-line description',
-        'Delete the global settings.',
+        "Label :: Help text :: One-line description",
+        "Delete the global settings.",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_DELETE_HELP_TEXT = commented(
-        'The metavar is Label.VAULT_METAVAR_SERVICE.',
+        "The metavar is Label.VAULT_METAVAR_SERVICE.",
     )(
-        'Label :: Help text :: One-line description',
-        'Delete the settings for {service_metavar}.',
-        flags='python-brace-format',
+        "Label :: Help text :: One-line description",
+        "Delete the settings for {service_metavar}.",
+        flags="python-brace-format",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_EDITOR_INTERFACE_HELP_TEXT = commented(
-        'The corresponding option is displayed as '
+        "The corresponding option is displayed as "
         '"--modern-editor-interface / --vault-legacy-editor-interface", '
-        'so you may want to hint that the default (legacy) '
-        'is the second of those options.  '
-        'Though the vault(1) legacy editor interface clearly has deficiencies '
-        'and (in my opinion) should only be used for compatibility purposes, '
-        'the one-line help text should try not to sound too judgmental, '
-        'if possible.',
+        "so you may want to hint that the default (legacy) "
+        "is the second of those options.  "
+        "Though the vault(1) legacy editor interface clearly has deficiencies "
+        "and (in my opinion) should only be used for compatibility purposes, "
+        "the one-line help text should try not to sound too judgmental, "
+        "if possible.",
     )(
-        'Label :: Help text :: One-line description',
-        'Edit notes using the modern editor interface '
-        'or the vault-like legacy one (default).',
+        "Label :: Help text :: One-line description",
+        "Edit notes using the modern editor interface "
+        "or the vault-like legacy one (default).",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_EXPORT_AS_HELP_TEXT = commented(
-        'The corresponding option is displayed as '
+        "The corresponding option is displayed as "
         '"--export-as=json|sh", so json refers to the JSON format (default) '
-        'and sh refers to the POSIX sh format.  '
+        "and sh refers to the POSIX sh format.  "
         'Please ensure that it is clear what the "json" and "sh" refer to '
-        'in your translation... even if you cannot use texutal correspondence '
-        'like the English text does.',
+        "in your translation... even if you cannot use texutal correspondence "
+        "like the English text does.",
     )(
-        'Label :: Help text :: One-line description',
-        'When exporting, export as JSON (default) or as POSIX sh.',
+        "Label :: Help text :: One-line description",
+        "When exporting, export as JSON (default) or as POSIX sh.",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_EXPORT_HELP_TEXT = commented(
-        'The metavar is Label.STORAGE_MANAGEMENT_METAVAR_PATH.',
+        "The metavar is Label.STORAGE_MANAGEMENT_METAVAR_PATH.",
     )(
-        'Label :: Help text :: One-line description',
-        'Export all saved settings to {metavar}.',
-        flags='python-brace-format',
+        "Label :: Help text :: One-line description",
+        "Export all saved settings to {metavar}.",
+        flags="python-brace-format",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_IMPORT_HELP_TEXT = commented(
-        'The metavar is Label.STORAGE_MANAGEMENT_METAVAR_PATH.',
+        "The metavar is Label.STORAGE_MANAGEMENT_METAVAR_PATH.",
     )(
-        'Label :: Help text :: One-line description',
-        'Import saved settings from {metavar}.',
-        flags='python-brace-format',
+        "Label :: Help text :: One-line description",
+        "Import saved settings from {metavar}.",
+        flags="python-brace-format",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_KEY_HELP_TEXT = commented(
-        '',
+        "",
     )(
-        'Label :: Help text :: One-line description',
-        'Select a suitable SSH key from the SSH agent.',
+        "Label :: Help text :: One-line description",
+        "Select a suitable SSH key from the SSH agent.",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_LENGTH_HELP_TEXT = commented(
-        'The metavar is Label.PASSPHRASE_GENERATION_METAVAR_NUMBER.',
+        "The metavar is Label.PASSPHRASE_GENERATION_METAVAR_NUMBER.",
     )(
-        'Label :: Help text :: One-line description',
-        'Ensure a passphrase length of {metavar} characters.',
-        flags='python-brace-format',
+        "Label :: Help text :: One-line description",
+        "Ensure a passphrase length of {metavar} characters.",
+        flags="python-brace-format",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_LOWER_HELP_TEXT = commented(
-        'The metavar is Label.PASSPHRASE_GENERATION_METAVAR_NUMBER.',
+        "The metavar is Label.PASSPHRASE_GENERATION_METAVAR_NUMBER.",
     )(
-        'Label :: Help text :: One-line description',
-        'Ensure at least {metavar} lowercase characters.',
-        flags='python-brace-format',
+        "Label :: Help text :: One-line description",
+        "Ensure at least {metavar} lowercase characters.",
+        flags="python-brace-format",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_NOTES_HELP_TEXT = commented(
-        'The metavar is Label.VAULT_METAVAR_SERVICE.',
+        "The metavar is Label.VAULT_METAVAR_SERVICE.",
     )(
-        'Label :: Help text :: One-line description',
-        'With --config and {service_metavar}, spawn an editor to edit notes.',
-        flags='python-brace-format',
+        "Label :: Help text :: One-line description",
+        "With --config and {service_metavar}, spawn an editor to edit notes.",
+        flags="python-brace-format",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_NUMBER_HELP_TEXT = commented(
-        'The metavar is Label.PASSPHRASE_GENERATION_METAVAR_NUMBER.',
+        "The metavar is Label.PASSPHRASE_GENERATION_METAVAR_NUMBER.",
     )(
-        'Label :: Help text :: One-line description',
-        'Ensure at least {metavar} digits.',
-        flags='python-brace-format',
+        "Label :: Help text :: One-line description",
+        "Ensure at least {metavar} digits.",
+        flags="python-brace-format",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_OVERWRITE_HELP_TEXT = commented(
-        'The corresponding option is displayed as '
+        "The corresponding option is displayed as "
         '"--overwrite-existing / --merge-existing", so you may want to '
-        'hint that the default (merge) is the second of those options.',
+        "hint that the default (merge) is the second of those options.",
     )(
-        'Label :: Help text :: One-line description',
-        'Overwrite or merge (default) the existing configuration.',
+        "Label :: Help text :: One-line description",
+        "Overwrite or merge (default) the existing configuration.",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_PHRASE_HELP_TEXT = commented(
-        '',
+        "",
     )(
-        'Label :: Help text :: One-line description',
-        'Prompt for a master passphrase.',
+        "Label :: Help text :: One-line description",
+        "Prompt for a master passphrase.",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_PRINT_NOTES_BEFORE_HELP_TEXT = commented(
-        'The corresponding option is displayed as '
+        "The corresponding option is displayed as "
         '"--print-notes-before / --print-notes-after", so you may want to '
-        'hint that the default (after) is the second of those options.',
+        "hint that the default (after) is the second of those options.",
     )(
-        'Label :: Help text :: One-line description',
-        'Print the notes for {service_metavar} (if any) before or '
-        'after (default) the derived passphrase.',
-        flags='python-brace-format',
+        "Label :: Help text :: One-line description",
+        "Print the notes for {service_metavar} (if any) before or "
+        "after (default) the derived passphrase.",
+        flags="python-brace-format",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_REPEAT_HELP_TEXT = commented(
-        'The metavar is Label.PASSPHRASE_GENERATION_METAVAR_NUMBER.',
+        "The metavar is Label.PASSPHRASE_GENERATION_METAVAR_NUMBER.",
     )(
-        'Label :: Help text :: One-line description',
-        'Restrict runs of identical characters to at most {metavar} '
-        'characters.',
-        flags='python-brace-format',
+        "Label :: Help text :: One-line description",
+        "Restrict runs of identical characters to at most {metavar} "
+        "characters.",
+        flags="python-brace-format",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_SPACE_HELP_TEXT = commented(
-        'The metavar is Label.PASSPHRASE_GENERATION_METAVAR_NUMBER.',
+        "The metavar is Label.PASSPHRASE_GENERATION_METAVAR_NUMBER.",
     )(
-        'Label :: Help text :: One-line description',
-        'Ensure at least {metavar} spaces.',
-        flags='python-brace-format',
+        "Label :: Help text :: One-line description",
+        "Ensure at least {metavar} spaces.",
+        flags="python-brace-format",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_SYMBOL_HELP_TEXT = commented(
-        'The metavar is Label.PASSPHRASE_GENERATION_METAVAR_NUMBER.',
+        "The metavar is Label.PASSPHRASE_GENERATION_METAVAR_NUMBER.",
     )(
-        'Label :: Help text :: One-line description',
-        'Ensure at least {metavar} symbol characters.',
-        flags='python-brace-format',
+        "Label :: Help text :: One-line description",
+        "Ensure at least {metavar} symbol characters.",
+        flags="python-brace-format",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_UNSET_HELP_TEXT = commented(
-        'The corresponding option is displayed as '
+        "The corresponding option is displayed as "
         '"--unset=phrase|key|...|symbol", so the "given setting" is '
         'referring to "phrase", "key", "lower", ..., or "symbol", '
-        'respectively.  '
+        "respectively.  "
         '"with --config" here means that the user must also specify '
         '"--config" for this option to have any effect.',
     )(
-        'Label :: Help text :: One-line description',
-        'With --config, also unset the given setting.  '
-        'May be specified multiple times.',
+        "Label :: Help text :: One-line description",
+        "With --config, also unset the given setting.  "
+        "May be specified multiple times.",
     )
     """"""
     DERIVEPASSPHRASE_VAULT_UPPER_HELP_TEXT = commented(
-        'The metavar is Label.PASSPHRASE_GENERATION_METAVAR_NUMBER.',
+        "The metavar is Label.PASSPHRASE_GENERATION_METAVAR_NUMBER.",
     )(
-        'Label :: Help text :: One-line description',
-        'Ensure at least {metavar} uppercase characters.',
-        flags='python-brace-format',
+        "Label :: Help text :: One-line description",
+        "Ensure at least {metavar} uppercase characters.",
+        flags="python-brace-format",
     )
     """"""
 
     EXPORT_VAULT_FORMAT_DEFAULTS_HELP_TEXT = commented(
-        'See EXPORT_VAULT_FORMAT_HELP_TEXT.  '
+        "See EXPORT_VAULT_FORMAT_HELP_TEXT.  "
         'The format names/labels "v0.3", "v0.2" and "storeroom" '
-        'should not be translated.',
+        "should not be translated.",
     )(
-        'Label :: Help text :: One-line description',
-        'Default: v0.3, v0.2, storeroom.',
+        "Label :: Help text :: One-line description",
+        "Default: v0.3, v0.2, storeroom.",
     )
     """"""
     EXPORT_VAULT_FORMAT_HELP_TEXT = commented(
-        'The defaults_hint is Label.EXPORT_VAULT_FORMAT_DEFAULTS_HELP_TEXT, '
-        'the metavar is Label.EXPORT_VAULT_FORMAT_METAVAR_FMT.',
+        "The defaults_hint is Label.EXPORT_VAULT_FORMAT_DEFAULTS_HELP_TEXT, "
+        "the metavar is Label.EXPORT_VAULT_FORMAT_METAVAR_FMT.",
     )(
-        'Label :: Help text :: One-line description',
-        'Try the following storage format {metavar}.  '
-        'If specified multiple times, the '
-        'formats will be tried in order.  '
-        '{defaults_hint}',
-        flags='python-brace-format',
+        "Label :: Help text :: One-line description",
+        "Try the following storage format {metavar}.  "
+        "If specified multiple times, the "
+        "formats will be tried in order.  "
+        "{defaults_hint}",
+        flags="python-brace-format",
     )
     """"""
     EXPORT_VAULT_KEY_DEFAULTS_HELP_TEXT = commented(
-        'See EXPORT_VAULT_KEY_HELP_TEXT.',
+        "See EXPORT_VAULT_KEY_HELP_TEXT.",
     )(
-        'Label :: Help text :: One-line description',
-        'Default: check the VAULT_KEY, LOGNAME, USER, or USERNAME '
-        'environment variables.',
+        "Label :: Help text :: One-line description",
+        "Default: check the VAULT_KEY, LOGNAME, USER, or USERNAME "
+        "environment variables.",
     )
     """"""
     EXPORT_VAULT_KEY_HELP_TEXT = commented(
-        'The defaults_hint is Label.EXPORT_VAULT_KEY_DEFAULTS_HELP_TEXT, '
-        'the metavar is Label.EXPORT_VAULT_KEY_METAVAR_K.',
+        "The defaults_hint is Label.EXPORT_VAULT_KEY_DEFAULTS_HELP_TEXT, "
+        "the metavar is Label.EXPORT_VAULT_KEY_METAVAR_K.",
     )(
-        'Label :: Help text :: One-line description',
-        'Use {metavar} as the storage master key.  {defaults_hint}',
-        flags='python-brace-format',
+        "Label :: Help text :: One-line description",
+        "Use {metavar} as the storage master key.  {defaults_hint}",
+        flags="python-brace-format",
     )
     """"""
     HELP_OPTION_HELP_TEXT = commented(
-        '',
+        "",
     )(
-        'Label :: Help text :: One-line description',
-        'Show this help text, then exit.',
+        "Label :: Help text :: One-line description",
+        "Show this help text, then exit.",
     )
     """"""
     QUIET_OPTION_HELP_TEXT = commented(
-        '',
+        "",
     )(
-        'Label :: Help text :: One-line description',
-        'Suppress even warnings; emit only errors.',
+        "Label :: Help text :: One-line description",
+        "Suppress even warnings; emit only errors.",
     )
     """"""
     VERBOSE_OPTION_HELP_TEXT = commented(
-        '',
+        "",
     )(
-        'Label :: Help text :: One-line description',
-        'Emit extra/progress information to standard error.',
+        "Label :: Help text :: One-line description",
+        "Emit extra/progress information to standard error.",
     )
     """"""
     VERSION_OPTION_HELP_TEXT = commented(
-        '',
+        "",
     )(
-        'Label :: Help text :: One-line description',
-        'Show version and feature information, then exit.',
+        "Label :: Help text :: One-line description",
+        "Show version and feature information, then exit.",
     )
     """"""
     COMMANDS_LABEL = commented(
-        '',
+        "",
     )(
-        'Label :: Help text :: Option group name',
-        'Commands',
+        "Label :: Help text :: Option group name",
+        "Commands",
     )
     """"""
     COMPATIBILITY_OPTION_LABEL = commented(
-        '',
+        "",
     )(
-        'Label :: Help text :: Option group name',
-        'Compatibility and extension options',
+        "Label :: Help text :: Option group name",
+        "Compatibility and extension options",
     )
     """"""
     CONFIGURATION_LABEL = commented(
-        '',
+        "",
     )(
-        'Label :: Help text :: Option group name',
-        'Configuration',
+        "Label :: Help text :: Option group name",
+        "Configuration",
     )
     """"""
     LOGGING_LABEL = commented(
-        '',
+        "",
     )(
-        'Label :: Help text :: Option group name',
-        'Logging',
+        "Label :: Help text :: Option group name",
+        "Logging",
     )
     """"""
     OPTIONS_LABEL = commented(
-        '',
+        "",
     )(
-        'Label :: Help text :: Option group name',
-        'Options',
+        "Label :: Help text :: Option group name",
+        "Options",
     )
     """"""
     OTHER_OPTIONS_LABEL = commented(
-        '',
+        "",
     )(
-        'Label :: Help text :: Option group name',
-        'Other options',
+        "Label :: Help text :: Option group name",
+        "Other options",
     )
     """"""
     PASSPHRASE_GENERATION_LABEL = commented(
-        '',
+        "",
     )(
-        'Label :: Help text :: Option group name',
-        'Passphrase generation',
+        "Label :: Help text :: Option group name",
+        "Passphrase generation",
     )
     """"""
     STORAGE_MANAGEMENT_LABEL = commented(
-        '',
+        "",
     )(
-        'Label :: Help text :: Option group name',
-        'Storage management',
+        "Label :: Help text :: Option group name",
+        "Storage management",
     )
     """"""
     VERSION_INFO_MAJOR_LIBRARY_TEXT = commented(
-        'This message reports on the version of a major library '
+        "This message reports on the version of a major library "
         'currently in use, such as "cryptography".',
     )(
-        'Label :: Info Message',
-        'Using {dependency_name_and_version}',
-        flags='python-brace-format',
+        "Label :: Info Message",
+        "Using {dependency_name_and_version}",
+        flags="python-brace-format",
     )
     """"""
     ENABLED_PEP508_EXTRAS = commented(
-        'This is part of the version output, emitting lists of enabled '
-        'PEP 508 extras.  '
-        'A comma-separated English list of items follows, '
-        'with standard English punctuation.',
+        "This is part of the version output, emitting lists of enabled "
+        "PEP 508 extras.  "
+        "A comma-separated English list of items follows, "
+        "with standard English punctuation.",
     )(
-        'Label :: Info Message:: Table row header',
-        'PEP 508 extras:',
+        "Label :: Info Message:: Table row header",
+        "PEP 508 extras:",
     )
     """"""
     SUPPORTED_DERIVATION_SCHEMES = commented(
-        'This is part of the version output, emitting lists of supported '
-        'derivation schemes.  '
-        'A comma-separated English list of items follows, '
-        'with standard English punctuation.',
+        "This is part of the version output, emitting lists of supported "
+        "derivation schemes.  "
+        "A comma-separated English list of items follows, "
+        "with standard English punctuation.",
     )(
-        'Label :: Info Message:: Table row header',
-        'Supported derivation schemes:',
+        "Label :: Info Message:: Table row header",
+        "Supported derivation schemes:",
     )
     """"""
     SUPPORTED_FEATURES = commented(
-        'This is part of the version output, emitting lists of supported '
-        'features for this subcommand.  '
-        'A comma-separated English list of items follows, '
-        'with standard English punctuation.',
+        "This is part of the version output, emitting lists of supported "
+        "features for this subcommand.  "
+        "A comma-separated English list of items follows, "
+        "with standard English punctuation.",
     )(
-        'Label :: Info Message:: Table row header',
-        'Supported features:',
+        "Label :: Info Message:: Table row header",
+        "Supported features:",
     )
     """"""
     SUPPORTED_FOREIGN_CONFIGURATION_FORMATS = commented(
-        'This is part of the version output, emitting lists of supported '
-        'foreign configuration formats.  '
-        'A comma-separated English list of items follows, '
-        'with standard English punctuation.',
+        "This is part of the version output, emitting lists of supported "
+        "foreign configuration formats.  "
+        "A comma-separated English list of items follows, "
+        "with standard English punctuation.",
     )(
-        'Label :: Info Message:: Table row header',
-        'Supported foreign configuration formats:',
+        "Label :: Info Message:: Table row header",
+        "Supported foreign configuration formats:",
     )
     """"""
     SUPPORTED_SUBCOMMANDS = commented(
-        'This is part of the version output, emitting lists of supported '
-        'subcommands.  '
-        'A comma-separated English list of items follows, '
-        'with standard English punctuation.',
+        "This is part of the version output, emitting lists of supported "
+        "subcommands.  "
+        "A comma-separated English list of items follows, "
+        "with standard English punctuation.",
     )(
-        'Label :: Info Message:: Table row header',
-        'Supported subcommands:',
+        "Label :: Info Message:: Table row header",
+        "Supported subcommands:",
     )
     """"""
     UNAVAILABLE_DERIVATION_SCHEMES = commented(
-        'This is part of the version output, emitting lists of known, '
-        'unavailable derivation schemes.  '
-        'A comma-separated English list of items follows, '
-        'with standard English punctuation.',
+        "This is part of the version output, emitting lists of known, "
+        "unavailable derivation schemes.  "
+        "A comma-separated English list of items follows, "
+        "with standard English punctuation.",
     )(
-        'Label :: Info Message:: Table row header',
-        'Known derivation schemes:',
+        "Label :: Info Message:: Table row header",
+        "Known derivation schemes:",
     )
     """"""
     UNAVAILABLE_FEATURES = commented(
-        'This is part of the version output, emitting lists of known, '
-        'unavailable features for this subcommand.  '
-        'A comma-separated English list of items follows, '
-        'with standard English punctuation.',
+        "This is part of the version output, emitting lists of known, "
+        "unavailable features for this subcommand.  "
+        "A comma-separated English list of items follows, "
+        "with standard English punctuation.",
     )(
-        'Label :: Info Message:: Table row header',
-        'Known features:',
+        "Label :: Info Message:: Table row header",
+        "Known features:",
     )
     """"""
     UNAVAILABLE_FOREIGN_CONFIGURATION_FORMATS = commented(
-        'This is part of the version output, emitting lists of known, '
-        'unavailable foreign configuration formats.  '
-        'A comma-separated English list of items follows, '
-        'with standard English punctuation.',
+        "This is part of the version output, emitting lists of known, "
+        "unavailable foreign configuration formats.  "
+        "A comma-separated English list of items follows, "
+        "with standard English punctuation.",
     )(
-        'Label :: Info Message:: Table row header',
-        'Known foreign configuration formats:',
+        "Label :: Info Message:: Table row header",
+        "Known foreign configuration formats:",
     )
     """"""
     CONFIRM_THIS_CHOICE_PROMPT_TEXT = commented(
         'There is no support for "yes" or "no" in other languages '
-        'than English, so it is advised that your translation makes it '
+        "than English, so it is advised that your translation makes it "
         'clear that only the strings "y", "yes", "n" or "no" are supported, '
-        'even if the prompt becomes a bit longer.',
+        "even if the prompt becomes a bit longer.",
     )(
-        'Label :: Interactive prompt',
-        'Confirm this choice? (y/N)',
+        "Label :: Interactive prompt",
+        "Confirm this choice? (y/N)",
     )
     """"""
     SUITABLE_SSH_KEYS_LABEL = commented(
-        'This label is the heading of the list of suitable SSH keys.',
+        "This label is the heading of the list of suitable SSH keys.",
     )(
-        'Label :: Interactive prompt',
-        'Suitable SSH keys:',
+        "Label :: Interactive prompt",
+        "Suitable SSH keys:",
     )
     """"""
     YOUR_SELECTION_PROMPT_TEXT = commented(
-        '',
+        "",
     )(
-        'Label :: Interactive prompt',
-        'Your selection? (1-{n}, leave empty to abort)',
-        flags='python-brace-format',
+        "Label :: Interactive prompt",
+        "Your selection? (1-{n}, leave empty to abort)",
+        flags="python-brace-format",
     )
     """"""
 
@@ -1402,25 +1402,25 @@ class DebugMsgTemplate(enum.Enum):
     """Debug messages for the `derivepassphrase` command-line."""
 
     BUCKET_ITEM_FOUND = commented(
-        'This message is emitted by the vault configuration exporter '
+        "This message is emitted by the vault configuration exporter "
         'for "storeroom"-type configuration directories.  '
         'The system stores entries in different "buckets" of a hash table.  '
-        'Here, we report on a single item (path and value) we discovered '
-        'after decrypting the whole bucket.  '
-        '(We ensure the path and value are printable as-is.)',
+        "Here, we report on a single item (path and value) we discovered "
+        "after decrypting the whole bucket.  "
+        "(We ensure the path and value are printable as-is.)",
     )(
-        'Debug message',
-        'Found bucket item: {path} -> {value}',
-        flags='python-brace-format',
+        "Debug message",
+        "Found bucket item: {path} -> {value}",
+        flags="python-brace-format",
     )
     """"""
     DECRYPT_BUCKET_ITEM_INFO = commented(
         '"AES256-CBC" and "PKCS#7" are, in essence, names of formats, '
-        'and should not be translated.  '
+        "and should not be translated.  "
         '"IV" means "initialization vector", and is specifically '
         'a cryptographic term, as are "plaintext" and "ciphertext".',
     )(
-        'Debug message',
+        "Debug message",
         """\
 Decrypt bucket item contents:
 
@@ -1431,13 +1431,13 @@ Decrypt bucket item contents:
   Encrypted ciphertext: {ciphertext}
   Plaintext: {plaintext}
 """,
-        flags='python-brace-format',
+        flags="python-brace-format",
     )
     """"""
     DECRYPT_BUCKET_ITEM_KEY_INFO = commented(
-        '',
+        "",
     )(
-        'Debug message',
+        "Debug message",
         """\
 Decrypt bucket item:
 
@@ -1446,20 +1446,20 @@ Decrypt bucket item:
   Encryption key (master key): {enc_key}
   Signing key (master key): {sign_key}
 """,
-        flags='python-brace-format',
+        flags="python-brace-format",
     )
     """"""
     DECRYPT_BUCKET_ITEM_MAC_INFO = commented(
         'The MAC stands for "message authentication code", '
-        'which guarantees the authenticity of the message to anyone '
-        'who holds the corresponding key, similar to a digital signature.  '
+        "which guarantees the authenticity of the message to anyone "
+        "who holds the corresponding key, similar to a digital signature.  "
         'The acronym "MAC" is assumed to be well-known to the '
-        'English target audience, or at least discoverable by them; '
-        'they *are* asking for debug output, after all.  '
-        'Please use your judgement as to whether to translate this term '
-        'or not, expanded or not.',
+        "English target audience, or at least discoverable by them; "
+        "they *are* asking for debug output, after all.  "
+        "Please use your judgement as to whether to translate this term "
+        "or not, expanded or not.",
     )(
-        'Debug message',
+        "Debug message",
         """\
 Decrypt bucket item contents:
 
@@ -1469,16 +1469,16 @@ Decrypt bucket item contents:
   Claimed MAC value: {claimed_mac}
   Computed MAC value: {actual_mac}
 """,
-        flags='python-brace-format',
+        flags="python-brace-format",
     )
     """"""
     DECRYPT_BUCKET_ITEM_SESSION_KEYS_INFO = commented(
         '"AES256-CBC" and "PKCS#7" are, in essence, names of formats, '
-        'and should not be translated.  '
+        "and should not be translated.  "
         '"IV" means "initialization vector", and is specifically '
         'a cryptographic term, as are "plaintext" and "ciphertext".',
     )(
-        'Debug message',
+        "Debug message",
         """\
 Decrypt bucket item session keys:
 
@@ -1490,20 +1490,20 @@ Decrypt bucket item session keys:
   Plaintext: {plaintext}
   Parsed plaintext: {code}
 """,
-        flags='python-brace-format',
+        flags="python-brace-format",
     )
     """"""
     DECRYPT_BUCKET_ITEM_SESSION_KEYS_MAC_INFO = commented(
         'The MAC stands for "message authentication code", '
-        'which guarantees the authenticity of the message to anyone '
-        'who holds the corresponding key, similar to a digital signature.  '
+        "which guarantees the authenticity of the message to anyone "
+        "who holds the corresponding key, similar to a digital signature.  "
         'The acronym "MAC" is assumed to be well-known to the '
-        'English target audience, or at least discoverable by them; '
-        'they *are* asking for debug output, after all.  '
-        'Please use your judgement as to whether to translate this term '
-        'or not, expanded or not.',
+        "English target audience, or at least discoverable by them; "
+        "they *are* asking for debug output, after all.  "
+        "Please use your judgement as to whether to translate this term "
+        "or not, expanded or not.",
     )(
-        'Debug message',
+        "Debug message",
         """\
 Decrypt bucket item session keys:
 
@@ -1513,13 +1513,13 @@ Decrypt bucket item session keys:
   Claimed MAC value: {claimed_mac}
   Computed MAC value: {actual_mac}
 """,
-        flags='python-brace-format',
+        flags="python-brace-format",
     )
     """"""
     DERIVED_MASTER_KEYS_KEYS = commented(
-        '',
+        "",
     )(
-        'Debug message',
+        "Debug message",
         """\
 Derived master keys' keys:
 
@@ -1529,36 +1529,36 @@ Derived master keys' keys:
   Password: {pw_bytes}
   Function call: pbkdf2(algorithm={algorithm!r}, length={length!r}, salt={salt!r}, iterations={iterations!r})
 """,  # noqa: E501
-        flags='python-brace-format',
+        flags="python-brace-format",
     )
     """"""
     DIRECTORY_CONTENTS_CHECK_OK = commented(
-        'This message is emitted by the vault configuration exporter '
+        "This message is emitted by the vault configuration exporter "
         'for "storeroom"-type configuration directories, '
         'while "assembling" the items stored in the configuration '
         """according to the item's "path".  """
         'Each "directory" in the path contains a list of children '
-        'it claims to contain, and this list must be matched '
-        'against the actual discovered items.  '
-        'Now, at the end, we actually confirm the claim.  '
-        '(We would have already thrown an error here otherwise.)',
+        "it claims to contain, and this list must be matched "
+        "against the actual discovered items.  "
+        "Now, at the end, we actually confirm the claim.  "
+        "(We would have already thrown an error here otherwise.)",
     )(
-        'Debug message',
-        'Directory contents check OK: {path} -> {contents}',
-        flags='python-brace-format',
+        "Debug message",
+        "Directory contents check OK: {path} -> {contents}",
+        flags="python-brace-format",
     )
     """"""
     MASTER_KEYS_DATA_MAC_INFO = commented(
         'The MAC stands for "message authentication code", '
-        'which guarantees the authenticity of the message to anyone '
-        'who holds the corresponding key, similar to a digital signature.  '
+        "which guarantees the authenticity of the message to anyone "
+        "who holds the corresponding key, similar to a digital signature.  "
         'The acronym "MAC" is assumed to be well-known to the '
-        'English target audience, or at least discoverable by them; '
-        'they *are* asking for debug output, after all.  '
-        'Please use your judgement as to whether to translate this term '
-        'or not, expanded or not.',
+        "English target audience, or at least discoverable by them; "
+        "they *are* asking for debug output, after all.  "
+        "Please use your judgement as to whether to translate this term "
+        "or not, expanded or not.",
     )(
-        'Debug message',
+        "Debug message",
         """\
 Master keys data:
 
@@ -1568,59 +1568,59 @@ Master keys data:
   Claimed MAC value: {claimed_mac}
   Computed MAC value: {actual_mac}
 """,
-        flags='python-brace-format',
+        flags="python-brace-format",
     )
     """"""
     POSTPONING_DIRECTORY_CONTENTS_CHECK = commented(
-        'This message is emitted by the vault configuration exporter '
+        "This message is emitted by the vault configuration exporter "
         'for "storeroom"-type configuration directories, '
         'while "assembling" the items stored in the configuration '
         """according to the item's "path".  """
         'Each "directory" in the path contains a list of children '
-        'it claims to contain, and this list must be matched '
-        'against the actual discovered items.  '
-        'When emitting this message, we merely indicate that we saved '
+        "it claims to contain, and this list must be matched "
+        "against the actual discovered items.  "
+        "When emitting this message, we merely indicate that we saved "
         'the "claimed" list for this directory for later.',
     )(
-        'Debug message',
-        'Postponing directory contents check: {path} -> {contents}',
-        flags='python-brace-format',
+        "Debug message",
+        "Postponing directory contents check: {path} -> {contents}",
+        flags="python-brace-format",
     )
     """"""
     SETTING_CONFIG_STRUCTURE_CONTENTS = commented(
-        'This message is emitted by the vault configuration exporter '
+        "This message is emitted by the vault configuration exporter "
         'for "storeroom"-type configuration directories, '
         'while "assembling" the items stored in the configuration '
         """according to the item's "path".  """
-        'We confirm that we set the entry at the given path '
-        'to the given value.',
+        "We confirm that we set the entry at the given path "
+        "to the given value.",
     )(
-        'Debug message',
-        'Setting contents: {path} -> {value}',
-        flags='python-brace-format',
+        "Debug message",
+        "Setting contents: {path} -> {value}",
+        flags="python-brace-format",
     )
     """"""
     SETTING_CONFIG_STRUCTURE_CONTENTS_EMPTY_DIRECTORY = commented(
-        'This message is emitted by the vault configuration exporter '
+        "This message is emitted by the vault configuration exporter "
         'for "storeroom"-type configuration directories, '
         'while "assembling" the items stored in the configuration '
         """according to the item's "path".  """
-        'We confirm that we set up a currently empty directory '
-        'at the given path.',
+        "We confirm that we set up a currently empty directory "
+        "at the given path.",
     )(
-        'Debug message',
-        'Setting contents (empty directory): {path}',
-        flags='python-brace-format',
+        "Debug message",
+        "Setting contents (empty directory): {path}",
+        flags="python-brace-format",
     )
     """"""
     VAULT_NATIVE_CHECKING_MAC_DETAILS = commented(
-        'This message is emitted by the vault configuration exporter '
+        "This message is emitted by the vault configuration exporter "
         'for "native"-type configuration directories.  '
-        'It is preceded by the info message '
-        'VAULT_NATIVE_PARSING_IV_PAYLOAD_MAC; see the commentary there '
-        'concerning the terms and thoughts on translating them.',
+        "It is preceded by the info message "
+        "VAULT_NATIVE_PARSING_IV_PAYLOAD_MAC; see the commentary there "
+        "concerning the terms and thoughts on translating them.",
     )(
-        'Debug message',
+        "Debug message",
         """\
 MAC details:
 
@@ -1628,18 +1628,18 @@ MAC details:
   MAC input: {mac_input}
   Expected MAC: {mac}
 """,
-        flags='python-brace-format',
+        flags="python-brace-format",
     )
     """"""
     VAULT_NATIVE_EVP_BYTESTOKEY_INIT = commented(
-        'This message is emitted by the vault configuration exporter '
+        "This message is emitted by the vault configuration exporter "
         'for "native"-type configuration directories: '
         'in v0.2, the non-standard and deprecated "EVP_bytestokey" function '
-        'from OpenSSL must be reimplemented from scratch.  '
+        "from OpenSSL must be reimplemented from scratch.  "
         'The terms "salt" and "IV" (initialization vector) '
-        'are cryptographic terms.',
+        "are cryptographic terms.",
     )(
-        'Debug message',
+        "Debug message",
         """\
 evp_bytestokey_md5 (initialization):
 
@@ -1651,19 +1651,19 @@ evp_bytestokey_md5 (initialization):
   Buffer length: {buffer_length}
   Buffer: {buffer}
 """,
-        flags='python-brace-format',
+        flags="python-brace-format",
     )
     """"""
     VAULT_NATIVE_EVP_BYTESTOKEY_RESULT = commented(
-        'This message is emitted by the vault configuration exporter '
+        "This message is emitted by the vault configuration exporter "
         'for "native"-type configuration directories: '
         'in v0.2, the non-standard and deprecated "EVP_bytestokey" function '
-        'from OpenSSL must be reimplemented from scratch.  '
+        "from OpenSSL must be reimplemented from scratch.  "
         'The terms "salt" and "IV" (initialization vector) '
-        'are cryptographic terms.'
-        'This function reports on the final results.',
+        "are cryptographic terms."
+        "This function reports on the final results.",
     )(
-        'Debug message',
+        "Debug message",
         """\
 evp_bytestokey_md5 (result):
 
@@ -1671,20 +1671,20 @@ evp_bytestokey_md5 (result):
   Encryption key: {enc_key}
   IV: {iv}
 """,
-        flags='python-brace-format',
+        flags="python-brace-format",
     )
     """"""
     VAULT_NATIVE_EVP_BYTESTOKEY_ROUND = commented(
-        'This message is emitted by the vault configuration exporter '
+        "This message is emitted by the vault configuration exporter "
         'for "native"-type configuration directories: '
         'in v0.2, the non-standard and deprecated "EVP_bytestokey" function '
-        'from OpenSSL must be reimplemented from scratch.  '
+        "from OpenSSL must be reimplemented from scratch.  "
         'The terms "salt" and "IV" (initialization vector) '
-        'are cryptographic terms.'
-        'This function reports on the updated buffer length and contents '
-        'after executing one round of hashing.',
+        "are cryptographic terms."
+        "This function reports on the updated buffer length and contents "
+        "after executing one round of hashing.",
     )(
-        'Debug message',
+        "Debug message",
         """\
 evp_bytestokey_md5 (round update):
 
@@ -1692,27 +1692,27 @@ evp_bytestokey_md5 (round update):
   Buffer length: {buffer_length}
   Buffer: {buffer}
 """,
-        flags='python-brace-format',
+        flags="python-brace-format",
     )
     """"""
     VAULT_NATIVE_PADDED_PLAINTEXT = commented(
-        'This message is emitted by the vault configuration exporter '
+        "This message is emitted by the vault configuration exporter "
         'for "native"-type configuration directories.  '
         '"padding" and "plaintext" are cryptographic terms.',
     )(
-        'Debug message',
-        'Padded plaintext: {contents}',
-        flags='python-brace-format',
+        "Debug message",
+        "Padded plaintext: {contents}",
+        flags="python-brace-format",
     )
     """"""
     VAULT_NATIVE_PARSE_BUFFER = commented(
-        'This message is emitted by the vault configuration exporter '
+        "This message is emitted by the vault configuration exporter "
         'for "native"-type configuration directories.  '
-        'It is preceded by the info message '
-        'VAULT_NATIVE_PARSING_IV_PAYLOAD_MAC; see the commentary there '
-        'concerning the terms and thoughts on translating them.',
+        "It is preceded by the info message "
+        "VAULT_NATIVE_PARSING_IV_PAYLOAD_MAC; see the commentary there "
+        "concerning the terms and thoughts on translating them.",
     )(
-        'Debug message',
+        "Debug message",
         """\
 Buffer: {contents}
 
@@ -1721,13 +1721,13 @@ Buffer: {contents}
   Payload (ciphertext): {payload}
   MAC: {mac}
 """,
-        flags='python-brace-format',
+        flags="python-brace-format",
     )
     """"""
     VAULT_NATIVE_PBKDF2_CALL = commented(
-        '',
+        "",
     )(
-        'Debug message',
+        "Debug message",
         """\
 Master key derivation:
 
@@ -1736,28 +1736,28 @@ Master key derivation:
   Result (binary): {raw_result}
   Result (hex key): {result_key!r}
 """,  # noqa: E501
-        flags='python-brace-format',
+        flags="python-brace-format",
     )
     """"""
     VAULT_NATIVE_PLAINTEXT = commented(
-        'This message is emitted by the vault configuration exporter '
+        "This message is emitted by the vault configuration exporter "
         'for "native"-type configuration directories.  '
         '"plaintext" is a cryptographic term.',
     )(
-        'Debug message',
-        'Plaintext: {contents}',
-        flags='python-brace-format',
+        "Debug message",
+        "Plaintext: {contents}",
+        flags="python-brace-format",
     )
     """"""
     VAULT_NATIVE_V02_PAYLOAD_MAC_POSTPROCESSING = commented(
-        'This message is emitted by the vault configuration exporter '
+        "This message is emitted by the vault configuration exporter "
         'for "native"-type configuration directories.  '
-        'It is preceded by the info message '
-        'VAULT_NATIVE_PARSING_IV_PAYLOAD_MAC and the debug message '
-        'PARSING_NATIVE_PARSE_BUFFER; see the commentary there concerning '
-        'the terms and thoughts on translating them.',
+        "It is preceded by the info message "
+        "VAULT_NATIVE_PARSING_IV_PAYLOAD_MAC and the debug message "
+        "PARSING_NATIVE_PARSE_BUFFER; see the commentary there concerning "
+        "the terms and thoughts on translating them.",
     )(
-        'Debug message',
+        "Debug message",
         """\
 Postprocessing buffer (v0.2):
 
@@ -1765,7 +1765,7 @@ Postprocessing buffer (v0.2):
   Payload: {payload} (decoded from base64)
   MAC: {mac} (decoded from hex)
 """,
-        flags='python-brace-format',
+        flags="python-brace-format",
     )
     """"""
 
@@ -1774,122 +1774,122 @@ class InfoMsgTemplate(enum.Enum):
     """Info messages for the `derivepassphrase` command-line."""
 
     ASSEMBLING_CONFIG_STRUCTURE = commented(
-        'This message is emitted by the vault configuration exporter '
+        "This message is emitted by the vault configuration exporter "
         'for "storeroom"-type configuration directories.  '
         'The system stores entries in different "buckets" of a hash table.  '
-        'After the respective items in the buckets have been decrypted, '
-        'we then have a list of item paths plus contents to populate.  '
+        "After the respective items in the buckets have been decrypted, "
+        "we then have a list of item paths plus contents to populate.  "
         "This must be done in a certain order (we don't yet have an "
-        'existing directory tree to rely on, but rather must '
+        "existing directory tree to rely on, but rather must "
         'build it on-the-fly), hence the term "assembling".',
     )(
-        'Info message',
-        'Assembling config structure.',
+        "Info message",
+        "Assembling config structure.",
     )
     """"""
     CANNOT_LOAD_AS_VAULT_CONFIG = commented(
         '"fmt" is a string such as "v0.2" or "storeroom", '
-        'indicating the format which we tried to load the '
-        'vault configuration as.',
+        "indicating the format which we tried to load the "
+        "vault configuration as.",
     )(
-        'Info message',
-        'Cannot load {path!r} as a {fmt} vault configuration.',
-        flags='python-brace-format',
+        "Info message",
+        "Cannot load {path!r} as a {fmt} vault configuration.",
+        flags="python-brace-format",
     )
     """"""
     CHECKING_CONFIG_STRUCTURE_CONSISTENCY = commented(
-        'This message is emitted by the vault configuration exporter '
+        "This message is emitted by the vault configuration exporter "
         'for "storeroom"-type configuration directories.  '
         'Having "assembled" the configuration items according to '
-        'their claimed paths and contents, we then check if the '
-        'assembled structure is internally consistent.',
+        "their claimed paths and contents, we then check if the "
+        "assembled structure is internally consistent.",
     )(
-        'Info message',
-        'Checking config structure consistency.',
+        "Info message",
+        "Checking config structure consistency.",
     )
     """"""
     DECRYPTING_BUCKET = commented(
-        'This message is emitted by the vault configuration exporter '
+        "This message is emitted by the vault configuration exporter "
         'for "storeroom"-type configuration directories.  '
         'The system stores entries in different "buckets" of a hash table.  '
-        'We parse the directory bucket by bucket.  '
-        'All buckets are numbered in hexadecimal, and typically there are '
-        '32 buckets, so 2-digit hex numbers.',
+        "We parse the directory bucket by bucket.  "
+        "All buckets are numbered in hexadecimal, and typically there are "
+        "32 buckets, so 2-digit hex numbers.",
     )(
-        'Info message',
-        'Decrypting bucket {bucket_number}.',
-        flags='python-brace-format',
+        "Info message",
+        "Decrypting bucket {bucket_number}.",
+        flags="python-brace-format",
     )
     """"""
     PARSING_MASTER_KEYS_DATA = commented(
-        'This message is emitted by the vault configuration exporter '
+        "This message is emitted by the vault configuration exporter "
         'for "storeroom"-type configuration directories.  '
-        '`.keys` is a filename, from which data about the master keys '
-        'for this configuration are loaded.',
+        "`.keys` is a filename, from which data about the master keys "
+        "for this configuration are loaded.",
     )(
-        'Info message',
-        'Parsing master keys data from `.keys`.',
+        "Info message",
+        "Parsing master keys data from `.keys`.",
     )
     """"""
     PIP_INSTALL_EXTRA = commented(
-        'This message immediately follows an error message about '
-        'a missing library that needs to be installed.  '
-        'The Python Package Index (PyPI) supports declaring sets of '
+        "This message immediately follows an error message about "
+        "a missing library that needs to be installed.  "
+        "The Python Package Index (PyPI) supports declaring sets of "
         'optional dependencies as "extras", so users installing from PyPI '
         'can request reinstallation with a named "extra" being enabled.  '
-        'This would then let the installer take care of the '
-        'missing libraries automatically, '
-        'hence this suggestion to PyPI users.',
+        "This would then let the installer take care of the "
+        "missing libraries automatically, "
+        "hence this suggestion to PyPI users.",
     )(
-        'Info message',
-        'For users installing from PyPI, see the {extra_name!r} extra.',
-        flags='python-brace-format',
+        "Info message",
+        "For users installing from PyPI, see the {extra_name!r} extra.",
+        flags="python-brace-format",
     )
     """"""
     SUCCESSFULLY_MIGRATED = commented(
-        'This info message immediately follows the '
+        "This info message immediately follows the "
         '"Using deprecated v0.1-style ..." deprecation warning.',
     )(
-        'Info message',
-        'Successfully migrated to {path!r}.',
-        flags='python-brace-format',
+        "Info message",
+        "Successfully migrated to {path!r}.",
+        flags="python-brace-format",
     )
     """"""
     VAULT_NATIVE_CHECKING_MAC = commented(
-        '',
+        "",
     )(
-        'Info message',
-        'Checking MAC.',
+        "Info message",
+        "Checking MAC.",
     )
     """"""
     VAULT_NATIVE_DECRYPTING_CONTENTS = commented(
-        '',
+        "",
     )(
-        'Info message',
-        'Decrypting contents.',
+        "Info message",
+        "Decrypting contents.",
     )
     """"""
     VAULT_NATIVE_DERIVING_KEYS = commented(
-        '',
+        "",
     )(
-        'Info message',
-        'Deriving an encryption and signing key.',
+        "Info message",
+        "Deriving an encryption and signing key.",
     )
     """"""
     VAULT_NATIVE_PARSING_IV_PAYLOAD_MAC = commented(
-        'This message is emitted by the vault configuration exporter '
+        "This message is emitted by the vault configuration exporter "
         'for "native"-type configuration directories.  '
         '"IV" means "initialization vector", and "MAC" means '
         '"message authentication code".  '
         'They are specifically cryptographic terms, as is "payload".  '
         'The acronyms "IV" and "MAC" are assumed to be well-known to the '
-        'English target audience, or at least discoverable by them; '
-        'they *are* asking for debug output, after all.  '
-        'Please use your judgement as to whether to translate these terms '
-        'or not, expanded or not.',
+        "English target audience, or at least discoverable by them; "
+        "they *are* asking for debug output, after all.  "
+        "Please use your judgement as to whether to translate these terms "
+        "or not, expanded or not.",
     )(
-        'Info message',
-        'Parsing IV, payload and MAC from the file contents.',
+        "Info message",
+        "Parsing IV, payload and MAC from the file contents.",
     )
     """"""
 
@@ -1898,160 +1898,160 @@ class WarnMsgTemplate(enum.Enum):
     """Warning messages for the `derivepassphrase` command-line."""
 
     EDITING_NOTES_BUT_NOT_STORING_CONFIG = commented(
-        '',
+        "",
     )(
-        'Warning message',
-        'Specifying --notes without --config is ineffective.  '
-        'No notes will be edited.',
+        "Warning message",
+        "Specifying --notes without --config is ineffective.  "
+        "No notes will be edited.",
     )
     EMPTY_SERVICE_NOT_SUPPORTED = commented(
-        '',
+        "",
     )(
-        'Warning message',
-        'An empty {service_metavar} is not supported by vault(1).  '
-        'For compatibility, this will be treated as if '
-        '{service_metavar} was not supplied, i.e., it will error out, '
-        'or operate on global settings.',
-        flags='python-brace-format',
+        "Warning message",
+        "An empty {service_metavar} is not supported by vault(1).  "
+        "For compatibility, this will be treated as if "
+        "{service_metavar} was not supplied, i.e., it will error out, "
+        "or operate on global settings.",
+        flags="python-brace-format",
     )
     """"""
     EMPTY_SERVICE_SETTINGS_INACCESSIBLE = commented(
-        '',
+        "",
     )(
-        'Warning message',
-        'An empty {service_metavar} is not supported by vault(1).  '
-        'The empty-string service settings will be inaccessible '
-        'and ineffective.  '
-        'To ensure that vault(1) and {PROG_NAME} see the settings, '  # noqa: RUF027
+        "Warning message",
+        "An empty {service_metavar} is not supported by vault(1).  "
+        "The empty-string service settings will be inaccessible "
+        "and ineffective.  "
+        "To ensure that vault(1) and {PROG_NAME} see the settings, "  # noqa: RUF027
         'move them into the "global" section.',
-        flags='python-brace-format',
+        flags="python-brace-format",
     )
     """"""
     FAILED_TO_MIGRATE_CONFIG = commented(
         '"error" is supplied by the operating system (errno/strerror).',
     )(
-        'Warning message',
-        'Failed to migrate to {path!r}: {error}: {filename!r}.',
-        flags='python-brace-format',
+        "Warning message",
+        "Failed to migrate to {path!r}: {error}: {filename!r}.",
+        flags="python-brace-format",
     )
     """"""
     GLOBAL_PASSPHRASE_INEFFECTIVE = commented(
-        '',
+        "",
     )(
-        'Warning message',
-        'Setting a global passphrase is ineffective '
-        'because a key is also set.',
+        "Warning message",
+        "Setting a global passphrase is ineffective "
+        "because a key is also set.",
     )
     """"""
     LEGACY_EDITOR_INTERFACE_NOTES_BACKUP = commented(
-        '',
+        "",
     )(
-        'Warning message',
-        'A backup copy of the old notes was saved to {filename!r}.  '
-        'This is a safeguard against editing mistakes, because the '
-        'vault(1)-compatible legacy editor interface does not allow '
-        'aborting mid-edit, and because the notes were actually changed.',
-        flags='python-brace-format',
+        "Warning message",
+        "A backup copy of the old notes was saved to {filename!r}.  "
+        "This is a safeguard against editing mistakes, because the "
+        "vault(1)-compatible legacy editor interface does not allow "
+        "aborting mid-edit, and because the notes were actually changed.",
+        flags="python-brace-format",
     )
     NO_AF_UNIX = commented(
-        '',
+        "",
     )(
-        'Warning message',
-        'Cannot connect to an SSH agent via UNIX domain sockets '
-        'because this Python version does not support them.',
+        "Warning message",
+        "Cannot connect to an SSH agent via UNIX domain sockets "
+        "because this Python version does not support them.",
     )
     """"""
     NO_ANNOYING_OS_NAMED_PIPES = commented(
-        '',
+        "",
     )(
-        'Warning message',
-        'Cannot connect to an SSH agent via Windows named pipes '
-        'because this Python version does not support them.',
+        "Warning message",
+        "Cannot connect to an SSH agent via Windows named pipes "
+        "because this Python version does not support them.",
     )
     """"""
     PASSPHRASE_NOT_NORMALIZED = commented(
-        'The key is a (vault) configuration key, in JSONPath syntax, '
+        "The key is a (vault) configuration key, in JSONPath syntax, "
         'typically "$.global" for the global passphrase or '
         '"$.services.service_name" or "$.services["service with spaces"]" '
         'for the services "service_name" and "service with spaces", '
-        'respectively.  '
-        'Alternatively, it may be the value of '
-        'Label.SETTINGS_ORIGIN_INTERACTIVE if the passphrase was '
-        'entered interactively.  '
-        'The form is one of the four Unicode normalization forms: '
-        'NFC, NFD, NFKC, NFKD.  '
-        'The asterisks are not special.  '
-        'Please feel free to substitute any other appropriate way to '
+        "respectively.  "
+        "Alternatively, it may be the value of "
+        "Label.SETTINGS_ORIGIN_INTERACTIVE if the passphrase was "
+        "entered interactively.  "
+        "The form is one of the four Unicode normalization forms: "
+        "NFC, NFD, NFKC, NFKD.  "
+        "The asterisks are not special.  "
+        "Please feel free to substitute any other appropriate way to "
         'mark up emphasis of the word "displays".',
     )(
-        'Warning message',
-        'The {key} passphrase is not {form}-normalized.  '
-        'Its serialization as a byte string may not be what you '
-        'expect it to be, even if it *displays* correctly.  '
-        'Please make sure to double-check any derived passphrases '
-        'for unexpected results.',
-        flags='python-brace-format',
+        "Warning message",
+        "The {key} passphrase is not {form}-normalized.  "
+        "Its serialization as a byte string may not be what you "
+        "expect it to be, even if it *displays* correctly.  "
+        "Please make sure to double-check any derived passphrases "
+        "for unexpected results.",
+        flags="python-brace-format",
     )
     """"""
     SERVICE_NAME_INCOMPLETABLE = commented(
-        '',
+        "",
     )(
-        'Warning message',
-        'The service name {service!r} contains an ASCII control character, '
-        'which is not supported by our shell completion code.  '
-        'This service name will therefore not be available for completion '
-        'on the command-line.  '
-        'You may of course still type it in manually in whatever format '
-        'your shell accepts, but we highly recommend choosing a different '
-        'service name instead.',
-        flags='python-brace-format',
+        "Warning message",
+        "The service name {service!r} contains an ASCII control character, "
+        "which is not supported by our shell completion code.  "
+        "This service name will therefore not be available for completion "
+        "on the command-line.  "
+        "You may of course still type it in manually in whatever format "
+        "your shell accepts, but we highly recommend choosing a different "
+        "service name instead.",
+        flags="python-brace-format",
     )
     """"""
     SERVICE_PASSPHRASE_INEFFECTIVE = commented(
-        'The key that is set need not necessarily be set at the '
-        'service level; it may be a global key as well.',
+        "The key that is set need not necessarily be set at the "
+        "service level; it may be a global key as well.",
     )(
-        'Warning message',
-        'Setting a service passphrase is ineffective '
-        'because a key is also set: {service}.',
-        flags='python-brace-format',
+        "Warning message",
+        "Setting a service passphrase is ineffective "
+        "because a key is also set: {service}.",
+        flags="python-brace-format",
     )
     """"""
     STEP_REMOVE_INEFFECTIVE_VALUE = commented(
-        '',
+        "",
     )(
-        'Warning message',
-        'Removing ineffective setting {path} = {old}.',
-        flags='python-brace-format',
+        "Warning message",
+        "Removing ineffective setting {path} = {old}.",
+        flags="python-brace-format",
     )
     """"""
     STEP_REPLACE_INVALID_VALUE = commented(
-        '',
+        "",
     )(
-        'Warning message',
-        'Replacing invalid value {old} for key {path} with {new}.',
-        flags='python-brace-format',
+        "Warning message",
+        "Replacing invalid value {old} for key {path} with {new}.",
+        flags="python-brace-format",
     )
     """"""
     V01_STYLE_CONFIG = commented(
-        '',
+        "",
     )(
-        'Warning message :: Deprecation',
-        'Using deprecated v0.1-style config file {old!r}, '
-        'instead of v0.2-style {new!r}.  '
-        'Support for v0.1-style config filenames will be removed in v1.0.',
-        flags='python-brace-format',
+        "Warning message :: Deprecation",
+        "Using deprecated v0.1-style config file {old!r}, "
+        "instead of v0.2-style {new!r}.  "
+        "Support for v0.1-style config filenames will be removed in v1.0.",
+        flags="python-brace-format",
     )
     """"""
     V10_SUBCOMMAND_REQUIRED = commented(
-        'This deprecation warning may be issued at any level, '
-        'i.e. we may actually be talking about subcommands, '
-        'or sub-subcommands, or sub-sub-subcommands, etc., '
+        "This deprecation warning may be issued at any level, "
+        "i.e. we may actually be talking about subcommands, "
+        "or sub-subcommands, or sub-sub-subcommands, etc., "
         'which is what the "here" is supposed to indicate.',
     )(
-        'Warning message :: Deprecation',
-        'A subcommand will be required here in v1.0.  '
-        'See --help for available subcommands.  '
+        "Warning message :: Deprecation",
+        "A subcommand will be required here in v1.0.  "
+        "See --help for available subcommands.  "
         'Defaulting to subcommand "vault".',
     )
     """"""
@@ -2063,277 +2063,277 @@ class ErrMsgTemplate(enum.Enum):
     AGENT_REFUSED_LIST_KEYS = commented(
         '"loaded keys" being keys loaded into the agent.',
     )(
-        'Error message',
-        'The SSH agent failed to or refused to supply a list of loaded keys.',
+        "Error message",
+        "The SSH agent failed to or refused to supply a list of loaded keys.",
     )
     """"""
     AGENT_REFUSED_SIGNATURE = commented(
-        'The message to be signed is the vault UUID, '
+        "The message to be signed is the vault UUID, "
         "but there's no space to explain that here, "
-        'so ideally the error message does not go into detail.',
+        "so ideally the error message does not go into detail.",
     )(
-        'Error message',
-        'The SSH agent failed to or refused to issue a signature '
-        'with the selected key, necessary for deriving a service passphrase.',
+        "Error message",
+        "The SSH agent failed to or refused to issue a signature "
+        "with the selected key, necessary for deriving a service passphrase.",
     )
     """"""
     CANNOT_CONNECT_TO_AGENT = commented(
         '"error" is supplied by the operating system (errno/strerror).',
     )(
-        'Error message',
-        'Cannot connect to the SSH agent: {error}: {filename!r}.',
-        flags='python-brace-format',
+        "Error message",
+        "Cannot connect to the SSH agent: {error}: {filename!r}.",
+        flags="python-brace-format",
     )
     """"""
     CANNOT_DECODEIMPORT_VAULT_SETTINGS = commented(
         '"error" is supplied by the operating system (errno/strerror).',
     )(
-        'Error message',
-        'Cannot import vault settings: cannot decode JSON: {error}.',
-        flags='python-brace-format',
+        "Error message",
+        "Cannot import vault settings: cannot decode JSON: {error}.",
+        flags="python-brace-format",
     )
     """"""
     CANNOT_EXPORT_VAULT_SETTINGS = commented(
         '"error" is supplied by the operating system (errno/strerror).',
     )(
-        'Error message',
-        'Cannot export vault settings: {error}: {filename!r}.',
-        flags='python-brace-format',
+        "Error message",
+        "Cannot export vault settings: {error}: {filename!r}.",
+        flags="python-brace-format",
     )
     """"""
     CANNOT_IMPORT_VAULT_SETTINGS = commented(
         '"error" is supplied by the operating system (errno/strerror).',
     )(
-        'Error message',
-        'Cannot import vault settings: {error}: {filename!r}.',
-        flags='python-brace-format',
+        "Error message",
+        "Cannot import vault settings: {error}: {filename!r}.",
+        flags="python-brace-format",
     )
     """"""
     CANNOT_LOAD_USER_CONFIG = commented(
         '"error" is supplied by the operating system (errno/strerror).',
     )(
-        'Error message',
-        'Cannot load user config: {error}: {filename!r}.',
-        flags='python-brace-format',
+        "Error message",
+        "Cannot load user config: {error}: {filename!r}.",
+        flags="python-brace-format",
     )
     """"""
     CANNOT_LOAD_VAULT_SETTINGS = commented(
         '"error" is supplied by the operating system (errno/strerror).',
     )(
-        'Error message',
-        'Cannot load vault settings: {error}: {filename!r}.',
-        flags='python-brace-format',
+        "Error message",
+        "Cannot load vault settings: {error}: {filename!r}.",
+        flags="python-brace-format",
     )
     """"""
     CANNOT_PARSE_AS_VAULT_CONFIG = commented(
         'Unlike the "Cannot load {path!r} as a {fmt} '
         'vault configuration." message, *this* error message is emitted '
-        'when we have tried loading the path in each of our '
-        'supported formats, and failed.  '
+        "when we have tried loading the path in each of our "
+        "supported formats, and failed.  "
         'The user will thus see the above "Cannot load ..." warning message '
-        'potentially multiple times, '
-        'and this error message at the very bottom.',
+        "potentially multiple times, "
+        "and this error message at the very bottom.",
     )(
-        'Error message',
-        'Cannot parse {path!r} as a valid vault-native '
-        'configuration file/directory.',
-        flags='python-brace-format',
+        "Error message",
+        "Cannot parse {path!r} as a valid vault-native "
+        "configuration file/directory.",
+        flags="python-brace-format",
     )
     """"""
     CANNOT_PARSE_AS_VAULT_CONFIG_OSERROR = commented(
         '"error" is supplied by the operating system (errno/strerror).',
     )(
-        'Error message',
-        r'Cannot parse {path!r} as a valid vault-native '
-        'configuration file/directory: {error}: {filename!r}.',
-        flags='python-brace-format',
+        "Error message",
+        r"Cannot parse {path!r} as a valid vault-native "
+        "configuration file/directory: {error}: {filename!r}.",
+        flags="python-brace-format",
     )
     """"""
     CANNOT_STORE_VAULT_SETTINGS = commented(
         '"error" is supplied by the operating system (errno/strerror).',
     )(
-        'Error message',
-        'Cannot store vault settings: {error}: {filename!r}.',
-        flags='python-brace-format',
+        "Error message",
+        "Cannot store vault settings: {error}: {filename!r}.",
+        flags="python-brace-format",
     )
     """"""
     CANNOT_UNDERSTAND_AGENT = commented(
-        'This error message is used whenever we cannot make '
-        'any sense of a response from the SSH agent '
-        'because the response is ill-formed '
-        '(truncated, improperly encoded, etc.) '
-        'or otherwise violates the communications protocol.  '
-        'Well-formed responses that adhere to the protocol, '
-        'even if they indicate that the requested operation failed, '
-        'are handled with a different error message.',
-    )(
-        'Error message',
+        "This error message is used whenever we cannot make "
+        "any sense of a response from the SSH agent "
+        "because the response is ill-formed "
+        "(truncated, improperly encoded, etc.) "
+        "or otherwise violates the communications protocol.  "
+        "Well-formed responses that adhere to the protocol, "
+        "even if they indicate that the requested operation failed, "
+        "are handled with a different error message.",
+    )(
+        "Error message",
         "Cannot understand the SSH agent's response because it "
-        'violates the communication protocol.',
+        "violates the communication protocol.",
     )
     """"""
     CANNOT_UPDATE_SETTINGS_NO_SETTINGS = commented(
-        'The settings_type metavar contains translations for '
+        "The settings_type metavar contains translations for "
         'either "global settings" or "service-specific settings"; '
-        'see the CANNOT_UPDATE_SETTINGS_METAVAR_SETTINGS_TYPE_GLOBAL and '
-        'CANNOT_UPDATE_SETTINGS_METAVAR_SETTINGS_TYPE_SERVICE entries.  '
-        'The first sentence will thus read either '
+        "see the CANNOT_UPDATE_SETTINGS_METAVAR_SETTINGS_TYPE_GLOBAL and "
+        "CANNOT_UPDATE_SETTINGS_METAVAR_SETTINGS_TYPE_SERVICE entries.  "
+        "The first sentence will thus read either "
         '"Cannot update the global settings without any given settings." or '
         '"Cannot update the service-specific settings without any '
         'given settings.".  '
-        'You may update this entry, and the two metavar entries, '
-        'in any way you see fit that achieves the desired translations '
-        'of the first sentence.',
+        "You may update this entry, and the two metavar entries, "
+        "in any way you see fit that achieves the desired translations "
+        "of the first sentence.",
     )(
-        'Error message',
-        'Cannot update the {settings_type} without any given settings.  '
-        'You must specify at least one of --lower, ..., --symbol, --notes, '
-        'or --phrase or --key.',
-        flags='python-brace-format',
+        "Error message",
+        "Cannot update the {settings_type} without any given settings.  "
+        "You must specify at least one of --lower, ..., --symbol, --notes, "
+        "or --phrase or --key.",
+        flags="python-brace-format",
     )
     """"""
     INVALID_USER_CONFIG = commented(
         '"error" is supplied by the operating system (errno/strerror).',
     )(
-        'Error message',
-        'The user configuration file is invalid.  {error}: {filename!r}.',
-        flags='python-brace-format',
+        "Error message",
+        "The user configuration file is invalid.  {error}: {filename!r}.",
+        flags="python-brace-format",
     )
     """"""
     INVALID_VAULT_CONFIG = commented(
-        'This error message is a reaction to a validator function '
-        'saying *that* the configuration is not valid, '
-        'but not *how* it is not valid.  '
-        'The configuration file is principally parsable, however.',
+        "This error message is a reaction to a validator function "
+        "saying *that* the configuration is not valid, "
+        "but not *how* it is not valid.  "
+        "The configuration file is principally parsable, however.",
     )(
-        'Error message',
-        'Invalid vault config: {config!r}.',
-        flags='python-brace-format',
+        "Error message",
+        "Invalid vault config: {config!r}.",
+        flags="python-brace-format",
     )
     """"""
     MISSING_MODULE = commented(
-        '',
+        "",
     )(
-        'Error message',
-        'Cannot load the required Python module {module!r}.',
-        flags='python-brace-format',
+        "Error message",
+        "Cannot load the required Python module {module!r}.",
+        flags="python-brace-format",
     )
     """"""
     NO_AGENT_SUPPORT = commented(
-        '',
+        "",
     )(
-        'Error message',
-        'Cannot connect to an SSH agent because this Python version '
-        'does not support communicating with it.',
+        "Error message",
+        "Cannot connect to an SSH agent because this Python version "
+        "does not support communicating with it.",
     )
     """"""
     NO_KEY_OR_PHRASE = commented(
-        '',
+        "",
     )(
-        'Error message',
-        'No passphrase or key was given in the configuration.  '
-        'In this case, the --phrase or --key argument is required.',
+        "Error message",
+        "No passphrase or key was given in the configuration.  "
+        "In this case, the --phrase or --key argument is required.",
     )
     """"""
     NO_SSH_AGENT_FOUND = commented(
-        '',
+        "",
     )(
-        'Error message',
-        'Cannot find any running SSH agent because SSH_AUTH_SOCK is not set.',
+        "Error message",
+        "Cannot find any running SSH agent because SSH_AUTH_SOCK is not set.",
     )
     """"""
     NO_SUITABLE_SSH_KEYS = commented(
-        '',
+        "",
     )(
-        'Error message',
-        'The SSH agent contains no keys suitable for {PROG_NAME}.',  # noqa: RUF027
-        flags='python-brace-format',
+        "Error message",
+        "The SSH agent contains no keys suitable for {PROG_NAME}.",  # noqa: RUF027
+        flags="python-brace-format",
     )
     """"""
     PARAMS_MUTUALLY_EXCLUSIVE = commented(
-        'The params are long-form command-line option names.  '
+        "The params are long-form command-line option names.  "
         'Typical example: "--key is mutually exclusive with --phrase."',
     )(
-        'Error message',
-        '{param1} is mutually exclusive with {param2}.',
-        flags='python-brace-format',
+        "Error message",
+        "{param1} is mutually exclusive with {param2}.",
+        flags="python-brace-format",
     )
     """"""
     PARAMS_NEEDS_SERVICE = commented(
-        'The param is a long-form command-line option name, '
-        'the metavar is Label.VAULT_METAVAR_SERVICE.',
+        "The param is a long-form command-line option name, "
+        "the metavar is Label.VAULT_METAVAR_SERVICE.",
     )(
-        'Error message',
-        '{param} requires a {service_metavar}.',
-        flags='python-brace-format',
+        "Error message",
+        "{param} requires a {service_metavar}.",
+        flags="python-brace-format",
     )
     """"""
     PARAMS_NEEDS_SERVICE_OR_CONFIG = commented(
-        'The param is a long-form command-line option name, '
-        'the metavar is Label.VAULT_METAVAR_SERVICE.',
+        "The param is a long-form command-line option name, "
+        "the metavar is Label.VAULT_METAVAR_SERVICE.",
     )(
-        'Error message',
-        '{param} requires a {service_metavar} or --config.',
-        flags='python-brace-format',
+        "Error message",
+        "{param} requires a {service_metavar} or --config.",
+        flags="python-brace-format",
     )
     """"""
     PARAMS_NO_SERVICE = commented(
-        'The param is a long-form command-line option name, '
-        'the metavar is Label.VAULT_METAVAR_SERVICE.',
+        "The param is a long-form command-line option name, "
+        "the metavar is Label.VAULT_METAVAR_SERVICE.",
     )(
-        'Error message',
-        '{param} does not take a {service_metavar} argument.',
-        flags='python-brace-format',
+        "Error message",
+        "{param} does not take a {service_metavar} argument.",
+        flags="python-brace-format",
     )
     """"""
     SERVICE_REQUIRED = commented(
-        'The metavar is Label.VAULT_METAVAR_SERVICE.',
+        "The metavar is Label.VAULT_METAVAR_SERVICE.",
     )(
-        'Error message',
-        'Deriving a passphrase requires a {service_metavar}.',
-        flags='python-brace-format',
+        "Error message",
+        "Deriving a passphrase requires a {service_metavar}.",
+        flags="python-brace-format",
     )
     """"""
     SET_AND_UNSET_SAME_SETTING = commented(
-        'The rephrasing '
+        "The rephrasing "
         '"Attempted to unset and set the same setting '
         '(--unset={setting} --{setting}=...) at the same time."'
-        'may or may not be more suitable as a basis for translation instead.',
+        "may or may not be more suitable as a basis for translation instead.",
     )(
-        'Error message',
-        'Attempted to unset and set --{setting} at the same time.',
-        flags='python-brace-format',
+        "Error message",
+        "Attempted to unset and set --{setting} at the same time.",
+        flags="python-brace-format",
     )
     """"""
     SSH_KEY_NOT_LOADED = commented(
-        '',
+        "",
     )(
-        'Error message',
-        'The requested SSH key is not loaded into the agent.',
+        "Error message",
+        "The requested SSH key is not loaded into the agent.",
     )
     """"""
     USER_ABORTED_EDIT = commented(
-        'The user requested to edit the notes for a service, '
-        'but aborted the request mid-editing.',
+        "The user requested to edit the notes for a service, "
+        "but aborted the request mid-editing.",
     )(
-        'Error message',
-        'Not saving any new notes: the user aborted the request.',
+        "Error message",
+        "Not saving any new notes: the user aborted the request.",
     )
     """"""
     USER_ABORTED_PASSPHRASE = commented(
-        'The user was prompted for a master passphrase, '
-        'but aborted the request.',
+        "The user was prompted for a master passphrase, "
+        "but aborted the request.",
     )(
-        'Error message',
-        'No passphrase was given; the user aborted the request.',
+        "Error message",
+        "No passphrase was given; the user aborted the request.",
     )
     """"""
     USER_ABORTED_SSH_KEY_SELECTION = commented(
-        'The user was prompted to select a master SSH key, '
-        'but aborted the request.',
+        "The user was prompted to select a master SSH key, "
+        "but aborted the request.",
     )(
-        'Error message',
-        'No SSH key was selected; the user aborted the request.',
+        "Error message",
+        "No SSH key was selected; the user aborted the request.",
     )
     """"""
 
@@ -2381,7 +2381,7 @@ def _write_po_file(  # noqa: C901,PLR0912
     entries: dict[str, dict[str, MsgTemplate]] = {}
     for enum_class in MSG_TEMPLATE_CLASSES:
         for member in enum_class.__members__.values():
-            value = cast('TranslatableString', member.value)
+            value = cast("TranslatableString", member.value)
             ctx = value.l10n_context
             msg = value.singular
             if (
@@ -2389,15 +2389,15 @@ def _write_po_file(  # noqa: C901,PLR0912
                 and entries[ctx][msg] != member
             ):
                 raise AssertionError(  # noqa: TRY003
-                    f'Duplicate entry for ({ctx!r}, {msg!r}): '  # noqa: EM102
-                    f'{entries[ctx][msg]!r} and {member!r}'
+                    f"Duplicate entry for ({ctx!r}, {msg!r}): "  # noqa: EM102
+                    f"{entries[ctx][msg]!r} and {member!r}"
                 )
             entries[ctx][msg] = member
-    if build_time is None and os.environ.get('SOURCE_DATE_EPOCH'):
+    if build_time is None and os.environ.get("SOURCE_DATE_EPOCH"):
         try:
-            source_date_epoch = int(os.environ['SOURCE_DATE_EPOCH'])
+            source_date_epoch = int(os.environ["SOURCE_DATE_EPOCH"])
         except ValueError as exc:
-            err_msg = 'Cannot parse SOURCE_DATE_EPOCH'
+            err_msg = "Cannot parse SOURCE_DATE_EPOCH"
             raise RuntimeError(err_msg) from exc
         else:
             build_time = datetime.datetime.fromtimestamp(
@@ -2410,65 +2410,65 @@ def _write_po_file(  # noqa: C901,PLR0912
         header = (
             inspect.cleandoc(rf"""
             # English translation for {PROG_NAME}.
-            # Copyright (C) {build_time.strftime('%Y')} AUTHOR
+            # Copyright (C) {build_time.strftime("%Y")} AUTHOR
             # This file is distributed under the same license as {PROG_NAME}.
-            # AUTHOR <someone@example.com>, {build_time.strftime('%Y')}.
+            # AUTHOR <someone@example.com>, {build_time.strftime("%Y")}.
             #
             msgid ""
             msgstr ""
-            """).removesuffix('\n')
-            + '\n'
+            """).removesuffix("\n")
+            + "\n"
         )
     else:
         header = (
             inspect.cleandoc(rf"""
             # English debug translation for {PROG_NAME}.
-            # Copyright (C) {build_time.strftime('%Y')} {AUTHOR}
+            # Copyright (C) {build_time.strftime("%Y")} {AUTHOR}
             # This file is distributed under the same license as {PROG_NAME}.
             #
             msgid ""
             msgstr ""
-            """).removesuffix('\n')
-            + '\n'
+            """).removesuffix("\n")
+            + "\n"
         )
     fileobj.write(header)
     po_info = {
-        'Project-Id-Version': f'{PROG_NAME} {version}',
-        'Report-Msgid-Bugs-To': 'software@the13thletter.info',
-        'PO-Revision-Date': build_time.strftime('%Y-%m-%d %H:%M%z'),
-        'MIME-Version': '1.0',
-        'Content-Type': 'text/plain; charset=UTF-8',
-        'Content-Transfer-Encoding': '8bit',
-        'Plural-Forms': 'nplurals=2; plural=(n != 1);',
+        "Project-Id-Version": f"{PROG_NAME} {version}",
+        "Report-Msgid-Bugs-To": "software@the13thletter.info",
+        "PO-Revision-Date": build_time.strftime("%Y-%m-%d %H:%M%z"),
+        "MIME-Version": "1.0",
+        "Content-Type": "text/plain; charset=UTF-8",
+        "Content-Transfer-Encoding": "8bit",
+        "Plural-Forms": "nplurals=2; plural=(n != 1);",
     }
     if is_template:
         po_info.update({
-            'POT-Creation-Date': build_time.strftime('%Y-%m-%d %H:%M%z'),
-            'Last-Translator': 'AUTHOR <someone@example.com>',
-            'Language': 'en',
-            'Language-Team': 'English',
+            "POT-Creation-Date": build_time.strftime("%Y-%m-%d %H:%M%z"),
+            "Last-Translator": "AUTHOR <someone@example.com>",
+            "Language": "en",
+            "Language-Team": "English",
         })
     else:
         po_info.update({
-            'Last-Translator': AUTHOR,
-            'Language': 'en_US@DEBUG',
-            'Language-Team': 'English',
+            "Last-Translator": AUTHOR,
+            "Language": "en_US@DEBUG",
+            "Language-Team": "English",
         })
-    print(*_format_po_info(po_info), sep='\n', end='\n', file=fileobj)
+    print(*_format_po_info(po_info), sep="\n", end="\n", file=fileobj)
 
     context_class = {
-        'Label': Label,
-        'Debug message': DebugMsgTemplate,
-        'Info message': InfoMsgTemplate,
-        'Warning message': WarnMsgTemplate,
-        'Error message': ErrMsgTemplate,
+        "Label": Label,
+        "Debug message": DebugMsgTemplate,
+        "Info message": InfoMsgTemplate,
+        "Warning message": WarnMsgTemplate,
+        "Error message": ErrMsgTemplate,
     }
 
     def _sort_position_msg_template_class(
         item: tuple[str, Any],
         /,
     ) -> tuple[int, str]:
-        context_type = item[0].split(' :: ')[0]
+        context_type = item[0].split(" :: ")[0]
         return (
             MSG_TEMPLATE_CLASSES.index(context_class[context_type]),
             item[0],
@@ -2480,7 +2480,7 @@ def _write_po_file(  # noqa: C901,PLR0912
         for _msg, enum_value in sorted(
             subdict.items(), key=lambda kv: str(kv[1])
         ):
-            value = cast('TranslatableString', enum_value.value)
+            value = cast("TranslatableString", enum_value.value)
             value2 = value.maybe_without_filename()
             fileobj.writelines(
                 _format_po_entry(
@@ -2503,29 +2503,29 @@ def _format_po_info(
 ) -> Iterator[str]:  # pragma: no cover [internal]
     """"""  # noqa: D419
     sortorder = [
-        'project-id-version',
-        'report-msgid-bugs-to',
-        'pot-creation-date',
-        'po-revision-date',
-        'last-translator',
-        'language',
-        'language-team',
-        'mime-version',
-        'content-type',
-        'content-transfer-encoding',
-        'plural-forms',
+        "project-id-version",
+        "report-msgid-bugs-to",
+        "pot-creation-date",
+        "po-revision-date",
+        "last-translator",
+        "language",
+        "language-team",
+        "mime-version",
+        "content-type",
+        "content-transfer-encoding",
+        "plural-forms",
     ]
 
     def _sort_position(s: str, /) -> int:
         n = len(sortorder)
         for i, x in enumerate(sortorder):
-            if s.lower().rstrip(':') == x:
+            if s.lower().rstrip(":") == x:
                 return i
         return n
 
     for key in sorted(data.keys(), key=_sort_position):
         value = data[key]
-        line = f'{key}: {value}\n'
+        line = f"{key}: {value}\n"
         yield _cstr(line)
 
 
@@ -2537,27 +2537,27 @@ def _format_po_entry(
     transformed_string: TranslatableString | None = None,
 ) -> tuple[str, ...]:  # pragma: no cover [internal]
     """"""  # noqa: D419
-    ret: list[str] = ['\n']
-    ts = transformed_string or cast('TranslatableString', enum_value.value)
+    ret: list[str] = ["\n"]
+    ts = transformed_string or cast("TranslatableString", enum_value.value)
     if ts.translator_comments:
         comments = ts.translator_comments.splitlines(False)  # noqa: FBT003
-        comments.extend(['', f'Message-ID: {enum_value}'])
+        comments.extend(["", f"Message-ID: {enum_value}"])
     else:
-        comments = [f'TRANSLATORS: Message-ID: {enum_value}']
-    ret.extend(f'#. {line}\n' for line in comments)
+        comments = [f"TRANSLATORS: Message-ID: {enum_value}"]
+    ret.extend(f"#. {line}\n" for line in comments)
     if ts.flags:
-        ret.append(f'#, {", ".join(sorted(ts.flags))}\n')
+        ret.append(f"#, {', '.join(sorted(ts.flags))}\n")
     if ts.l10n_context:
-        ret.append(f'msgctxt {_cstr(ts.l10n_context)}\n')
-    ret.append(f'msgid {_cstr(ts.singular)}\n')
+        ret.append(f"msgctxt {_cstr(ts.l10n_context)}\n")
+    ret.append(f"msgid {_cstr(ts.singular)}\n")
     if ts.plural:
-        ret.append(f'msgid_plural {_cstr(ts.plural)}\n')
+        ret.append(f"msgid_plural {_cstr(ts.plural)}\n")
     value = (
         DebugTranslations().pgettext(ts.l10n_context, ts.singular)
         if is_debug_translation
-        else ''
+        else ""
     )
-    ret.append(f'msgstr {_cstr(value)}\n')
+    ret.append(f"msgstr {_cstr(value)}\n")
     return tuple(ret)
 
 
@@ -2566,75 +2566,75 @@ def _cstr(s: str) -> str:  # pragma: no cover [internal]
 
     def escape(string: str) -> str:
         return string.translate({
-            0: r'\000',
-            1: r'\001',
-            2: r'\002',
-            3: r'\003',
-            4: r'\004',
-            5: r'\005',
-            6: r'\006',
-            7: r'\007',
-            8: r'\b',
-            9: r'\t',
-            10: r'\n',
-            11: r'\013',
-            12: r'\f',
-            13: r'\r',
-            14: r'\016',
-            15: r'\017',
-            ord('"'): r'\"',
-            ord('\\'): r'\\',
-            127: r'\177',
+            0: r"\000",
+            1: r"\001",
+            2: r"\002",
+            3: r"\003",
+            4: r"\004",
+            5: r"\005",
+            6: r"\006",
+            7: r"\007",
+            8: r"\b",
+            9: r"\t",
+            10: r"\n",
+            11: r"\013",
+            12: r"\f",
+            13: r"\r",
+            14: r"\016",
+            15: r"\017",
+            ord('"'): r"\"",
+            ord("\\"): r"\\",
+            127: r"\177",
         })
 
-    return '\n'.join(
+    return "\n".join(
         f'"{escape(line)}"'
-        for line in s.splitlines(True) or ['']  # noqa: FBT003
+        for line in s.splitlines(True) or [""]  # noqa: FBT003
     )
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     import argparse
 
     def validate_build_time(value: str | None) -> datetime.datetime | None:
         if value is None:
             return None
         ret = datetime.datetime.fromisoformat(value)
-        if ret.isoformat(sep=' ', timespec='seconds') != value:
-            raise ValueError(f'invalid time specification: {value}')  # noqa: EM102,TRY003
+        if ret.isoformat(sep=" ", timespec="seconds") != value:
+            raise ValueError(f"invalid time specification: {value}")  # noqa: EM102,TRY003
         return ret
 
     ap = argparse.ArgumentParser()
     ex = ap.add_mutually_exclusive_group()
     ex.add_argument(
-        '--template',
-        action='store_true',
-        dest='is_template',
+        "--template",
+        action="store_true",
+        dest="is_template",
         default=True,
-        help='Generate a template file (default)',
+        help="Generate a template file (default)",
     )
     ex.add_argument(
-        '--debug-translation',
-        action='store_false',
-        dest='is_template',
+        "--debug-translation",
+        action="store_false",
+        dest="is_template",
         default=True,
         help='Generate a "debug" translation file',
     )
     ap.add_argument(
-        '--set-version',
-        action='store',
-        dest='version',
+        "--set-version",
+        action="store",
+        dest="version",
         default=VERSION,
-        help='Override declared software version',
+        help="Override declared software version",
     )
     ap.add_argument(
-        '--set-build-time',
-        action='store',
-        dest='build_time',
+        "--set-build-time",
+        action="store",
+        dest="build_time",
         default=None,
         type=validate_build_time,
-        help='Override the time of build (YYYY-MM-DD HH:MM:SS+HH:MM format, '
-        'default: $SOURCE_DATE_EPOCH, or the current time)',
+        help="Override the time of build (YYYY-MM-DD HH:MM:SS+HH:MM format, "
+        "default: $SOURCE_DATE_EPOCH, or the current time)",
     )
     args = ap.parse_args()
     _write_po_file(

src/derivepassphrase/_types.py

Zeige Datei @ e981744

@@ -36,11 +36,11 @@ if TYPE_CHECKING:
     )
 
 __all__ = (
-    'SSH_AGENT',
-    'SSH_AGENTC',
-    'SSHKeyCommentPair',
-    'VaultConfig',
-    'is_vault_config',
+    "SSH_AGENT",
+    "SSH_AGENTC",
+    "SSHKeyCommentPair",
+    "VaultConfig",
+    "is_vault_config",
 )
 
 
@@ -49,7 +49,7 @@ class _Omitted:
         return False
 
     def __repr__(self) -> str:
-        return '...'
+        return "..."
 
 
 class VaultConfigGlobalSettings(TypedDict, total=False):
@@ -95,7 +95,7 @@ class VaultConfigGlobalSettings(TypedDict, total=False):
     phrase: NotRequired[str]
     """"""
     unicode_normalization_form: NotRequired[
-        Literal['NFC', 'NFD', 'NFKC', 'NFKD']
+        Literal["NFC", "NFD", "NFKC", "NFKD"]
     ]
     """"""
     length: NotRequired[int]
@@ -153,8 +153,8 @@ class VaultConfigServicesSettings(VaultConfigGlobalSettings, total=False):
 
 
 _VaultConfig = TypedDict(
-    '_VaultConfig',
-    {'global': NotRequired[VaultConfigGlobalSettings]},
+    "_VaultConfig",
+    {"global": NotRequired[VaultConfigGlobalSettings]},
     total=False,
 )
 
@@ -193,15 +193,15 @@ def json_path(path: Sequence[str | int], /) -> str:
         JSON value.
 
     Examples:
-        >>> json_path(['global', 'phrase'])
+        >>> json_path(["global", "phrase"])
         '$.global.phrase'
-        >>> json_path(['services', 'service name with spaces', 'length'])
+        >>> json_path(["services", "service name with spaces", "length"])
         '$.services["service name with spaces"].length'
-        >>> json_path(['services', 'special\u000acharacters', 'notes'])
+        >>> json_path(["services", "special\u000acharacters", "notes"])
         '$.services["special\\ncharacters"].notes'
-        >>> print(json_path(['services', 'special\u000acharacters', 'notes']))
+        >>> print(json_path(["services", "special\u000acharacters", "notes"]))
         $.services["special\ncharacters"].notes
-        >>> json_path(['custom_array', 2, 0])
+        >>> json_path(["custom_array", 2, 0])
         '$.custom_array[2][0]'
 
     """
@@ -210,7 +210,7 @@ def json_path(path: Sequence[str | int], /) -> str:
         initial = (
             frozenset(string.ascii_lowercase)
             | frozenset(string.ascii_uppercase)
-            | frozenset('_')
+            | frozenset("_")
         )
         chars = initial | frozenset(string.digits)
         return not (
@@ -220,15 +220,15 @@ def json_path(path: Sequence[str | int], /) -> str:
             and x[:1] in initial
         )
 
-    chunks = ['$']
+    chunks = ["$"]
     chunks.extend(
-        f'[{json.dumps(x)}]' if needs_longhand(x) else f'.{x}' for x in path
+        f"[{json.dumps(x)}]" if needs_longhand(x) else f".{x}" for x in path
     )
-    return ''.join(chunks)
+    return "".join(chunks)
 
 
 class _VaultConfigValidator:
-    INVALID_CONFIG_ERROR = 'vault config is invalid'
+    INVALID_CONFIG_ERROR = "vault config is invalid"
 
     def __init__(self, maybe_config: Any) -> None:  # noqa: ANN401
         self.maybe_config = maybe_config
@@ -242,86 +242,86 @@ class _VaultConfigValidator:
     def walk_subconfigs(
         self,
     ) -> Iterator[tuple[tuple[str] | tuple[str, str], str, Any]]:
-        obj = cast('dict[str, dict[str, Any]]', self.maybe_config)
-        if isinstance(obj.get('global', False), dict):
-            for k, v in list(obj['global'].items()):
-                yield ('global',), k, v
-        for sv_name, sv_obj in list(obj['services'].items()):
+        obj = cast("dict[str, dict[str, Any]]", self.maybe_config)
+        if isinstance(obj.get("global", False), dict):
+            for k, v in list(obj["global"].items()):
+                yield ("global",), k, v
+        for sv_name, sv_obj in list(obj["services"].items()):
             for k, v in list(sv_obj.items()):
-                yield ('services', sv_name), k, v
+                yield ("services", sv_name), k, v
 
     def validate(  # noqa: C901,PLR0912
         self,
         *,
         allow_unknown_settings: bool = False,
     ) -> None:
-        err_obj_not_a_dict = 'vault config is not a dict'
+        err_obj_not_a_dict = "vault config is not a dict"
         err_non_str_service_name = (
-            'vault config contains non-string service name {sv_name!r}'
+            "vault config contains non-string service name {sv_name!r}"
         )
-        err_not_a_dict = 'vault config entry {json_path_str} is not a dict'
-        err_not_a_string = 'vault config entry {json_path_str} is not a string'
-        err_not_an_int = 'vault config entry {json_path_str} is not an integer'
+        err_not_a_dict = "vault config entry {json_path_str} is not a dict"
+        err_not_a_string = "vault config entry {json_path_str} is not a string"
+        err_not_an_int = "vault config entry {json_path_str} is not an integer"
         err_unknown_setting = (
-            'vault config entry {json_path_str} uses unknown setting {key!r}'
+            "vault config entry {json_path_str} uses unknown setting {key!r}"
         )
-        err_bad_number0 = 'vault config entry {json_path_str} is negative'
-        err_bad_number1 = 'vault config entry {json_path_str} is not positive'
+        err_bad_number0 = "vault config entry {json_path_str} is negative"
+        err_bad_number1 = "vault config entry {json_path_str} is not positive"
 
         kwargs: dict[str, Any] = {
-            'allow_unknown_settings': allow_unknown_settings,
+            "allow_unknown_settings": allow_unknown_settings,
         }
         if not isinstance(self.maybe_config, dict):
             raise TypeError(err_obj_not_a_dict.format(**kwargs))
-        if 'global' in self.maybe_config:
-            o_global = self.maybe_config['global']
+        if "global" in self.maybe_config:
+            o_global = self.maybe_config["global"]
             if not isinstance(o_global, dict):
-                kwargs['json_path_str'] = json_path(['global'])
+                kwargs["json_path_str"] = json_path(["global"])
                 raise TypeError(err_not_a_dict.format(**kwargs))
-        if not isinstance(self.maybe_config.get('services'), dict):
-            kwargs['json_path_str'] = json_path(['services'])
+        if not isinstance(self.maybe_config.get("services"), dict):
+            kwargs["json_path_str"] = json_path(["services"])
             raise TypeError(err_not_a_dict.format(**kwargs))
-        for sv_name, service in self.maybe_config['services'].items():
+        for sv_name, service in self.maybe_config["services"].items():
             if not isinstance(sv_name, str):
-                kwargs['sv_name'] = sv_name
+                kwargs["sv_name"] = sv_name
                 raise TypeError(err_non_str_service_name.format(**kwargs))
             if not isinstance(service, dict):
-                kwargs['json_path_str'] = json_path(['services', sv_name])
+                kwargs["json_path_str"] = json_path(["services", sv_name])
                 raise TypeError(err_not_a_dict.format(**kwargs))
         for path, key, value in self.walk_subconfigs():
-            kwargs['path'] = path
-            kwargs['key'] = key
-            kwargs['value'] = value
-            kwargs['json_path_str'] = json_path([*path, key])
+            kwargs["path"] = path
+            kwargs["key"] = key
+            kwargs["value"] = value
+            kwargs["json_path_str"] = json_path([*path, key])
             # TODO(the-13th-letter): Rewrite using structural pattern
             # matching.
             # https://the13thletter.info/derivepassphrase/latest/pycompatibility/#after-eol-py3.9
-            if key in {'key', 'phrase'}:
+            if key in {"key", "phrase"}:
                 if not isinstance(value, str):
                     raise TypeError(err_not_a_string.format(**kwargs))
-            elif key == 'unicode_normalization_form' and path == ('global',):
+            elif key == "unicode_normalization_form" and path == ("global",):
                 if not isinstance(value, str):
                     raise TypeError(err_not_a_string.format(**kwargs))
                 if not allow_unknown_settings:
                     raise ValueError(err_unknown_setting.format(**kwargs))
-            elif key == 'notes' and path != ('global',):
+            elif key == "notes" and path != ("global",):
                 if not isinstance(value, str):
                     raise TypeError(err_not_a_string.format(**kwargs))
             elif key in {
-                'length',
-                'repeat',
-                'lower',
-                'upper',
-                'number',
-                'space',
-                'dash',
-                'symbol',
+                "length",
+                "repeat",
+                "lower",
+                "upper",
+                "number",
+                "space",
+                "dash",
+                "symbol",
             }:
                 if not isinstance(value, int):
                     raise TypeError(err_not_an_int.format(**kwargs))
-                if key == 'length' and value < 1:
+                if key == "length" and value < 1:
                     raise ValueError(err_bad_number1.format(**kwargs))
-                if key != 'length' and value < 0:
+                if key != "length" and value < 0:
                     raise ValueError(err_bad_number0.format(**kwargs))
             elif not allow_unknown_settings:
                 raise ValueError(err_unknown_setting.format(**kwargs))
@@ -330,19 +330,19 @@ class _VaultConfigValidator:
         obj = self.maybe_config
         if (
             not isinstance(obj, dict)
-            or 'services' not in obj
-            or not isinstance(obj['services'], dict)
+            or "services" not in obj
+            or not isinstance(obj["services"], dict)
         ):
             raise ValueError(
                 self.INVALID_CONFIG_ERROR
             )  # pragma: no cover [failsafe]
-        if 'global' in obj and not isinstance(obj['global'], dict):
+        if "global" in obj and not isinstance(obj["global"], dict):
             raise ValueError(
                 self.INVALID_CONFIG_ERROR
             )  # pragma: no cover [failsafe]
         if not all(
             isinstance(service_obj, dict)
-            for service_obj in obj['services'].values()
+            for service_obj in obj["services"].values()
         ):
             raise ValueError(
                 self.INVALID_CONFIG_ERROR
@@ -357,60 +357,60 @@ class _VaultConfigValidator:
             )
 
         def falsy_but_not_string(value: Any) -> bool:  # noqa: ANN401
-            return not js_truthiness(value) and value != ''  # noqa: PLC1901
+            return not js_truthiness(value) and value != ""  # noqa: PLC1901
 
         for path, key, value in self.walk_subconfigs():
             service_obj = self.traverse_path(path)
             # TODO(the-13th-letter): Rewrite using structural pattern
             # matching.
             # https://the13thletter.info/derivepassphrase/latest/pycompatibility/#after-eol-py3.9
-            if key == 'phrase' and falsy_but_not_string(value):
+            if key == "phrase" and falsy_but_not_string(value):
                 yield CleanupStep(
-                    (*path, key), service_obj[key], 'replace', ''
+                    (*path, key), service_obj[key], "replace", ""
                 )
-                service_obj[key] = ''
-            elif key == 'notes' and falsy(value):
+                service_obj[key] = ""
+            elif key == "notes" and falsy(value):
                 yield CleanupStep(
-                    (*path, key), service_obj[key], 'remove', None
+                    (*path, key), service_obj[key], "remove", None
                 )
                 service_obj.pop(key)
-            elif key == 'key' and falsy(value):
-                if path == ('global',):
+            elif key == "key" and falsy(value):
+                if path == ("global",):
                     yield CleanupStep(
-                        (*path, key), service_obj[key], 'remove', None
+                        (*path, key), service_obj[key], "remove", None
                     )
                     service_obj.pop(key)
                 else:
                     yield CleanupStep(
-                        (*path, key), service_obj[key], 'replace', ''
+                        (*path, key), service_obj[key], "replace", ""
                     )
-                    service_obj[key] = ''
-            elif key == 'length' and falsy(value):
+                    service_obj[key] = ""
+            elif key == "length" and falsy(value):
                 yield CleanupStep(
-                    (*path, key), service_obj[key], 'replace', 20
+                    (*path, key), service_obj[key], "replace", 20
                 )
                 service_obj[key] = 20
-            elif key == 'repeat' and falsy_but_not_zero(value):
-                yield CleanupStep((*path, key), service_obj[key], 'replace', 0)
+            elif key == "repeat" and falsy_but_not_zero(value):
+                yield CleanupStep((*path, key), service_obj[key], "replace", 0)
                 service_obj[key] = 0
             elif key in {
-                'lower',
-                'upper',
-                'number',
-                'space',
-                'dash',
-                'symbol',
+                "lower",
+                "upper",
+                "number",
+                "space",
+                "dash",
+                "symbol",
             } and falsy_but_not_zero(value):
                 yield CleanupStep(
-                    (*path, key), service_obj[key], 'remove', None
+                    (*path, key), service_obj[key], "remove", None
                 )
                 service_obj.pop(key)
 
 
 @overload
 @deprecated(
-    'allow_derivepassphrase_extensions argument is deprecated since v0.4.0, '
-    'to be removed in v1.0: no extensions are defined'
+    "allow_derivepassphrase_extensions argument is deprecated since v0.4.0, "
+    "to be removed in v1.0: no extensions are defined"
 )
 def validate_vault_config(
     obj: Any,  # noqa: ANN401
@@ -496,7 +496,7 @@ def is_vault_config(obj: Any) -> TypeIs[VaultConfig]:  # noqa: ANN401
             allow_unknown_settings=True,
         )
     except (TypeError, ValueError) as exc:
-        if 'vault config ' not in str(exc):  # pragma: no cover [failsafe]
+        if "vault config " not in str(exc):  # pragma: no cover [failsafe]
             raise
         return False
     return True
@@ -532,7 +532,7 @@ def js_truthiness(value: Any, /) -> bool:  # noqa: ANN401
 
     """  # noqa: RUF002
     try:
-        if value in {None, False, 0, 0.0, ''}:  # noqa: B033
+        if value in {None, False, 0, 0.0, ""}:  # noqa: B033
             return False
     except TypeError:
         # All falsy values are hashable, so this can't be falsy.
@@ -561,7 +561,7 @@ class CleanupStep(NamedTuple):
     """"""
     old_value: Any
     """"""
-    action: Literal['replace', 'remove']
+    action: Literal["replace", "remove"]
     """"""
     new_value: Any
     """"""
@@ -605,7 +605,7 @@ def clean_up_falsy_vault_config_values(
 
 # TODO(the-13th-letter): Use type variables local to each class.
 # https://the13thletter.info/derivepassphrase/latest/pycompatibility/#after-eol-py3.11
-T_Buffer = TypeVar('T_Buffer', bound=Buffer)
+T_Buffer = TypeVar("T_Buffer", bound=Buffer)
 """
 A [`TypeVar`][] for classes implementing the [`Buffer`][] interface.
 
@@ -805,7 +805,7 @@ class PEP508Extra(str, enum.Enum):
 
     """
 
-    EXPORT = 'export'
+    EXPORT = "export"
     """"""
 
     @_feature_test_function
@@ -814,7 +814,7 @@ class PEP508Extra(str, enum.Enum):
         """Return true if [`PEP508Extra.EXPORT`][] is currently supported."""
         import importlib.util  # noqa: PLC0415
 
-        return importlib.util.find_spec('cryptography') is not None
+        return importlib.util.find_spec("cryptography") is not None
 
     def test(self, *_args: Any, **_kwargs: Any) -> bool:  # noqa: ANN401
         """Return true if this extra is enabled."""
@@ -840,7 +840,7 @@ class Feature(str, enum.Enum):
 
     """
 
-    SSH_KEY = 'master SSH key'
+    SSH_KEY = "master SSH key"
     """"""
 
     @_feature_test_function
@@ -896,7 +896,7 @@ class DerivationScheme(str, enum.Enum):
 
     """
 
-    VAULT = 'vault'
+    VAULT = "vault"
     """"""
 
     def test(self, *_args: Any, **_kwargs: Any) -> bool:  # noqa: ANN401
@@ -923,7 +923,7 @@ class ForeignConfigurationFormat(str, enum.Enum):
 
     """
 
-    VAULT_STOREROOM = 'vault storeroom'
+    VAULT_STOREROOM = "vault storeroom"
     """"""
 
     @_feature_test_function
@@ -934,9 +934,9 @@ class ForeignConfigurationFormat(str, enum.Enum):
 
         return not storeroom.STUBBED
 
-    VAULT_V02 = 'vault v0.2'
+    VAULT_V02 = "vault v0.2"
     """"""
-    VAULT_V03 = 'vault v0.3'
+    VAULT_V03 = "vault v0.3"
     """"""
 
     @_feature_test_function
@@ -971,7 +971,7 @@ class ExportSubcommand(str, enum.Enum):
 
     """
 
-    VAULT = 'vault'
+    VAULT = "vault"
     """"""
 
     def test(self, *_args: Any, **_kwargs: Any) -> bool:  # noqa: ANN401
@@ -993,9 +993,9 @@ class Subcommand(str, enum.Enum):
 
     """
 
-    EXPORT = 'export'
+    EXPORT = "export"
     """"""
-    VAULT = 'vault'
+    VAULT = "vault"
     """"""
 
     def test(self, *_args: Any, **_kwargs: Any) -> bool:  # noqa: ANN401
@@ -1033,7 +1033,7 @@ class SSHAgentSocket(Protocol):
     def recv(self, data: int, flags: int = 0, /) -> bytes: ...
 
 
-SSHAgentSocketProvider: TypeAlias = 'Callable[[], SSHAgentSocket]'
+SSHAgentSocketProvider: TypeAlias = "Callable[[], SSHAgentSocket]"
 """A callable that provides an SSH agent socket."""
 
 

src/derivepassphrase/cli.py

Zeige Datei @ e981744

@@ -38,7 +38,7 @@ if TYPE_CHECKING:
     from collections.abc import Set as AbstractSet
     from contextlib import AbstractContextManager
 
-__all__ = ('derivepassphrase',)
+__all__ = ("derivepassphrase",)
 
 PROG_NAME = _internals.PROG_NAME
 VERSION = _internals.VERSION
@@ -46,9 +46,9 @@ VERSION = _internals.VERSION
 
 @click.group(
     context_settings={
-        'help_option_names': ['-h', '--help'],
-        'ignore_unknown_options': True,
-        'allow_interspersed_args': False,
+        "help_option_names": ["-h", "--help"],
+        "ignore_unknown_options": True,
+        "allow_interspersed_args": False,
     },
     epilog=_msg.TranslatedString(_msg.Label.DERIVEPASSPHRASE_EPILOG_01),
     invoke_without_command=True,
@@ -79,18 +79,18 @@ def derivepassphrase(ctx: click.Context, /) -> None:
     """
     # TODO(the-13th-letter): Turn this callback into a no-op in v1.0.
     # https://the13thletter.info/derivepassphrase/latest/upgrade-notes/#v1.0-implied-subcommands
-    deprecation = logging.getLogger(f'{PROG_NAME}.deprecation')
+    deprecation = logging.getLogger(f"{PROG_NAME}.deprecation")
     if ctx.invoked_subcommand is None:
         deprecation.warning(
             _msg.TranslatedString(
                 _msg.WarnMsgTemplate.V10_SUBCOMMAND_REQUIRED
             ),
-            extra={'color': ctx.color},
+            extra={"color": ctx.color},
         )
         # See definition of click.Group.invoke, non-chained case.
         with ctx:
             sub_ctx = derivepassphrase_vault.make_context(
-                'vault', ctx.args, parent=ctx
+                "vault", ctx.args, parent=ctx
             )
             with sub_ctx:
                 return derivepassphrase_vault.invoke(sub_ctx)
@@ -102,11 +102,11 @@ def derivepassphrase(ctx: click.Context, /) -> None:
 
 
 @derivepassphrase.group(
-    'export',
+    "export",
     context_settings={
-        'help_option_names': ['-h', '--help'],
-        'ignore_unknown_options': True,
-        'allow_interspersed_args': False,
+        "help_option_names": ["-h", "--help"],
+        "ignore_unknown_options": True,
+        "allow_interspersed_args": False,
     },
     invoke_without_command=True,
     cls=cli_machinery.DefaultToVaultGroup,
@@ -134,18 +134,18 @@ def derivepassphrase_export(ctx: click.Context, /) -> None:
     """
     # TODO(the-13th-letter): Turn this callback into a no-op in v1.0.
     # https://the13thletter.info/derivepassphrase/latest/upgrade-notes/#v1.0-implied-subcommands
-    deprecation = logging.getLogger(f'{PROG_NAME}.deprecation')
+    deprecation = logging.getLogger(f"{PROG_NAME}.deprecation")
     if ctx.invoked_subcommand is None:
         deprecation.warning(
             _msg.TranslatedString(
                 _msg.WarnMsgTemplate.V10_SUBCOMMAND_REQUIRED
             ),
-            extra={'color': ctx.color},
+            extra={"color": ctx.color},
         )
         # See definition of click.Group.invoke, non-chained case.
         with ctx:
             sub_ctx = derivepassphrase_export_vault.make_context(
-                'vault', ctx.args, parent=ctx
+                "vault", ctx.args, parent=ctx
             )
             # Constructing the subcontext above will usually already
             # lead to a click.UsageError, so this block typically won't
@@ -156,8 +156,8 @@ def derivepassphrase_export(ctx: click.Context, /) -> None:
 
 
 @derivepassphrase_export.command(
-    'vault',
-    context_settings={'help_option_names': ['-h', '--help']},
+    "vault",
+    context_settings={"help_option_names": ["-h", "--help"]},
     cls=cli_machinery.CommandWithHelpGroups,
     help=(
         _msg.TranslatedString(_msg.Label.DERIVEPASSPHRASE_EXPORT_VAULT_01),
@@ -176,13 +176,13 @@ def derivepassphrase_export(ctx: click.Context, /) -> None:
     ),
 )
 @click.option(
-    '-f',
-    '--format',
-    'formats',
+    "-f",
+    "--format",
+    "formats",
     metavar=_msg.TranslatedString(_msg.Label.EXPORT_VAULT_FORMAT_METAVAR_FMT),
     multiple=True,
-    default=('v0.3', 'v0.2', 'storeroom'),
-    type=click.Choice(['v0.2', 'v0.3', 'storeroom']),
+    default=("v0.3", "v0.2", "storeroom"),
+    type=click.Choice(["v0.2", "v0.3", "storeroom"]),
     help=_msg.TranslatedString(
         _msg.Label.EXPORT_VAULT_FORMAT_HELP_TEXT,
         defaults_hint=_msg.TranslatedString(
@@ -195,8 +195,8 @@ def derivepassphrase_export(ctx: click.Context, /) -> None:
     cls=cli_machinery.StandardOption,
 )
 @click.option(
-    '-k',
-    '--key',
+    "-k",
+    "--key",
     metavar=_msg.TranslatedString(_msg.Label.EXPORT_VAULT_KEY_METAVAR_K),
     help=_msg.TranslatedString(
         _msg.Label.EXPORT_VAULT_KEY_HELP_TEXT,
@@ -213,7 +213,7 @@ def derivepassphrase_export(ctx: click.Context, /) -> None:
 @cli_machinery.color_forcing_pseudo_option
 @cli_machinery.standard_logging_options
 @click.argument(
-    'path',
+    "path",
     metavar=_msg.TranslatedString(_msg.Label.EXPORT_VAULT_METAVAR_PATH),
     required=True,
     shell_complete=cli_helpers.shell_complete_path,
@@ -224,7 +224,7 @@ def derivepassphrase_export_vault(
     /,
     *,
     path: str | bytes | os.PathLike[str] | None,
-    formats: Sequence[Literal['v0.2', 'v0.3', 'storeroom']] = (),
+    formats: Sequence[Literal["v0.2", "v0.3", "storeroom"]] = (),
     key: str | bytes | None = None,
 ) -> None:
     """Export a vault-native configuration to standard output.
@@ -239,10 +239,10 @@ def derivepassphrase_export_vault(
 
     """
     logger = logging.getLogger(PROG_NAME)
-    if path in {'VAULT_PATH', b'VAULT_PATH'}:
+    if path in {"VAULT_PATH", b"VAULT_PATH"}:
         path = None
     if isinstance(key, str):  # pragma: no branch
-        key = key.encode('utf-8')
+        key = key.encode("utf-8")
     for fmt in formats:
         try:
             config = exporter.export_vault_config_data(path, key, format=fmt)
@@ -258,7 +258,7 @@ def derivepassphrase_export_vault(
                     path=path or exporter.get_vault_path(),
                     fmt=fmt,
                 ),
-                extra={'color': ctx.color},
+                extra={"color": ctx.color},
             )
             continue
         except OSError as exc:
@@ -269,23 +269,23 @@ def derivepassphrase_export_vault(
                     error=exc.strerror,
                     filename=exc.filename,
                 ).maybe_without_filename(),
-                extra={'color': ctx.color},
+                extra={"color": ctx.color},
             )
             ctx.exit(1)
         except ModuleNotFoundError:
             logger.error(
                 _msg.TranslatedString(
                     _msg.ErrMsgTemplate.MISSING_MODULE,
-                    module='cryptography',
+                    module="cryptography",
                 ),
-                extra={'color': ctx.color},
+                extra={"color": ctx.color},
             )
             logger.info(
                 _msg.TranslatedString(
                     _msg.InfoMsgTemplate.PIP_INSTALL_EXTRA,
-                    extra_name='export',
+                    extra_name="export",
                 ),
-                extra={'color': ctx.color},
+                extra={"color": ctx.color},
             )
             ctx.exit(1)
         else:
@@ -295,7 +295,7 @@ def derivepassphrase_export_vault(
                         _msg.ErrMsgTemplate.INVALID_VAULT_CONFIG,
                         config=config,
                     ),
-                    extra={'color': ctx.color},
+                    extra={"color": ctx.color},
                 )
                 ctx.exit(1)
             click.echo(
@@ -311,7 +311,7 @@ def derivepassphrase_export_vault(
                 _msg.ErrMsgTemplate.CANNOT_PARSE_AS_VAULT_CONFIG,
                 path=path,
             ).maybe_without_filename(),
-            extra={'color': ctx.color},
+            extra={"color": ctx.color},
         )
         ctx.exit(1)
 
@@ -355,26 +355,26 @@ class _VaultContext:  # noqa: PLR0904
 
     logger: Final = logging.getLogger(PROG_NAME)
     """"""
-    deprecation: Final = logging.getLogger(PROG_NAME + '.deprecation')
+    deprecation: Final = logging.getLogger(PROG_NAME + ".deprecation")
     """"""
     ctx: Final[click.Context]
     """"""
     all_ops: tuple[str, ...] = (
-        'delete_service_settings',
-        'delete_globals',
-        'clear_all_settings',
-        'import_settings',
-        'export_settings',
-        'store_config_only',
+        "delete_service_settings",
+        "delete_globals",
+        "clear_all_settings",
+        "import_settings",
+        "export_settings",
+        "store_config_only",
         # The default op "derive_passphrase" must be last!
-        'derive_passphrase',
+        "derive_passphrase",
     )
     readwrite_ops: AbstractSet[str] = frozenset({
-        'delete_service_settings',
-        'delete_globals',
-        'clear_all_settings',
-        'import_settings',
-        'store_config_only',
+        "delete_service_settings",
+        "delete_globals",
+        "clear_all_settings",
+        "import_settings",
+        "store_config_only",
     })
     options_in_group: dict[type[click.Option], list[click.Option]]
     params_by_str: dict[str, click.Parameter]
@@ -408,7 +408,7 @@ class _VaultContext:  # noqa: PLR0904
                             group = class_
                             break
                     else:  # pragma: no cover [failsafe]
-                        assert False, f'Unknown option group for {param!r}'  # noqa: B011,PT015
+                        assert False, f"Unknown option group for {param!r}"  # noqa: B011,PT015
                 else:
                     group = click.Option
                 self.options_in_group.setdefault(group, []).append(param)
@@ -439,7 +439,7 @@ class _VaultContext:  # noqa: PLR0904
         """
         param = self.params_by_str[param] if isinstance(param, str) else param
         names = [param.human_readable_name, *param.opts, *param.secondary_opts]
-        option_names = [n for n in names if n.startswith('--')]
+        option_names = [n for n in names if n.startswith("--")]
         return min(option_names, key=len)
 
     def check_incompatible_options(
@@ -486,10 +486,10 @@ class _VaultContext:  # noqa: PLR0904
         is logged.
 
         """
-        stacklevel = kwargs.pop('stacklevel', 1)
+        stacklevel = kwargs.pop("stacklevel", 1)
         stacklevel += 1
-        extra = kwargs.pop('extra', {})
-        extra.setdefault('color', self.ctx.color)
+        extra = kwargs.pop("extra", {})
+        extra.setdefault("color", self.ctx.color)
         self.logger.error(msg, stacklevel=stacklevel, extra=extra, **kwargs)
         self.ctx.exit(1)
 
@@ -500,10 +500,10 @@ class _VaultContext:  # noqa: PLR0904
         warning is logged.
 
         """
-        stacklevel = kwargs.pop('stacklevel', 1)
+        stacklevel = kwargs.pop("stacklevel", 1)
         stacklevel += 1
-        extra = kwargs.pop('extra', {})
-        extra.setdefault('color', self.ctx.color)
+        extra = kwargs.pop("extra", {})
+        extra.setdefault("color", self.ctx.color)
         self.logger.warning(msg, stacklevel=stacklevel, extra=extra, **kwargs)
 
     def deprecation_warning(self, msg: Any, /, **kwargs: Any) -> None:  # noqa: ANN401
@@ -513,10 +513,10 @@ class _VaultContext:  # noqa: PLR0904
         warning is logged.
 
         """
-        stacklevel = kwargs.pop('stacklevel', 1)
+        stacklevel = kwargs.pop("stacklevel", 1)
         stacklevel += 1
-        extra = kwargs.pop('extra', {})
-        extra.setdefault('color', self.ctx.color)
+        extra = kwargs.pop("extra", {})
+        extra.setdefault("color", self.ctx.color)
         self.deprecation.warning(
             msg, stacklevel=stacklevel, extra=extra, **kwargs
         )
@@ -528,10 +528,10 @@ class _VaultContext:  # noqa: PLR0904
         warning is logged.
 
         """
-        stacklevel = kwargs.pop('stacklevel', 1)
+        stacklevel = kwargs.pop("stacklevel", 1)
         stacklevel += 1
-        extra = kwargs.pop('extra', {})
-        extra.setdefault('color', self.ctx.color)
+        extra = kwargs.pop("extra", {})
+        extra.setdefault("color", self.ctx.color)
         self.deprecation.info(
             msg, stacklevel=stacklevel, extra=extra, **kwargs
         )
@@ -554,11 +554,11 @@ class _VaultContext:  # noqa: PLR0904
             try:
                 backup_config, exc = cli_helpers.migrate_and_load_old_config()
             except FileNotFoundError:
-                return {'services': {}}
+                return {"services": {}}
             old_name = cli_helpers.config_filename(
-                subsystem='old settings.json'
+                subsystem="old settings.json"
             ).name
-            new_name = cli_helpers.config_filename(subsystem='vault').name
+            new_name = cli_helpers.config_filename(subsystem="vault").name
             self.deprecation_warning(
                 _msg.TranslatedString(
                     _msg.WarnMsgTemplate.V01_STYLE_CONFIG,
@@ -662,15 +662,15 @@ class _VaultContext:  # noqa: PLR0904
 
         """
         param: click.Parameter
-        self.check_incompatible_options('--phrase', '--key')
+        self.check_incompatible_options("--phrase", "--key")
         for group in (
             cli_machinery.ConfigurationOption,
             cli_machinery.StorageManagementOption,
         ):
             for opt in self.options_in_group[group]:
                 if opt not in {
-                    self.params_by_str['--config'],
-                    self.params_by_str['--notes'],
+                    self.params_by_str["--config"],
+                    self.params_by_str["--notes"],
                 }:
                     for other_opt in self.options_in_group[
                         cli_machinery.PassphraseGenerationOption
@@ -686,15 +686,15 @@ class _VaultContext:  # noqa: PLR0904
                     cli_machinery.ConfigurationOption
                 ]:
                     if {opt, other_opt} != {
-                        self.params_by_str['--config'],
-                        self.params_by_str['--notes'],
+                        self.params_by_str["--config"],
+                        self.params_by_str["--notes"],
                     }:
                         self.check_incompatible_options(opt, other_opt)
                 for other_opt in self.options_in_group[
                     cli_machinery.StorageManagementOption
                 ]:
                     self.check_incompatible_options(opt, other_opt)
-        service: str | None = self.ctx.params['service']
+        service: str | None = self.ctx.params["service"]
         service_metavar = _msg.TranslatedString(
             _msg.Label.VAULT_METAVAR_SERVICE
         )
@@ -704,7 +704,7 @@ class _VaultContext:  # noqa: PLR0904
         for param in sv_or_global_options:
             if self.is_param_set(param) and not (
                 service is not None
-                or self.is_param_set(self.params_by_str['--config'])
+                or self.is_param_set(self.params_by_str["--config"])
             ):
                 err_msg = _msg.TranslatedString(
                     _msg.ErrMsgTemplate.PARAMS_NEEDS_SERVICE_OR_CONFIG,
@@ -713,8 +713,8 @@ class _VaultContext:  # noqa: PLR0904
                 )
                 raise click.UsageError(str(err_msg))
         sv_options = [
-            self.params_by_str['--notes'],
-            self.params_by_str['--delete'],
+            self.params_by_str["--notes"],
+            self.params_by_str["--delete"],
         ]
         for param in sv_options:
             if self.is_param_set(param) and not service is not None:
@@ -725,8 +725,8 @@ class _VaultContext:  # noqa: PLR0904
                 )
                 raise click.UsageError(str(err_msg))
         no_sv_options = [
-            self.params_by_str['--delete-globals'],
-            self.params_by_str['--clear'],
+            self.params_by_str["--delete-globals"],
+            self.params_by_str["--clear"],
             *self.options_in_group[cli_machinery.StorageManagementOption],
         ]
         for param in no_sv_options:
@@ -771,15 +771,15 @@ class _VaultContext:  # noqa: PLR0904
         service_metavar = _msg.TranslatedString(
             _msg.Label.VAULT_METAVAR_SERVICE
         )
-        if self.ctx.params['service'] == '':  # noqa: PLC1901
+        if self.ctx.params["service"] == "":  # noqa: PLC1901
             self.warning(
                 _msg.TranslatedString(
                     _msg.WarnMsgTemplate.EMPTY_SERVICE_NOT_SUPPORTED,
                     service_metavar=service_metavar,
                 ),
             )
-        if self.ctx.params.get('edit_notes') and not self.ctx.params.get(
-            'store_config_only'
+        if self.ctx.params.get("edit_notes") and not self.ctx.params.get(
+            "store_config_only"
         ):
             self.warning(
                 _msg.TranslatedString(
@@ -795,28 +795,28 @@ class _VaultContext:  # noqa: PLR0904
         else:
             op = self.all_ops[-1]
         with self.get_mutex(op):
-            op_func = getattr(self, 'run_op_' + op)
+            op_func = getattr(self, "run_op_" + op)
             return op_func()
 
     def run_op_delete_service_settings(self) -> None:
         """Delete settings for a specific service."""
-        service = self.ctx.params['service']
+        service = self.ctx.params["service"]
         assert service is not None
         configuration = self.get_config()
-        if service in configuration['services']:
-            del configuration['services'][service]
+        if service in configuration["services"]:
+            del configuration["services"][service]
             self.put_config(configuration)
 
     def run_op_delete_globals(self) -> None:
         """Delete the global settings."""
         configuration = self.get_config()
-        if 'global' in configuration:
-            del configuration['global']
+        if "global" in configuration:
+            del configuration["global"]
             self.put_config(configuration)
 
     def run_op_clear_all_settings(self) -> None:
         """Clear all settings."""
-        self.put_config({'services': {}})
+        self.put_config({"services": {}})
 
     def run_op_import_settings(self) -> None:  # noqa: C901,PLR0912
         """Import settings from a given file.
@@ -832,17 +832,17 @@ class _VaultContext:  # noqa: PLR0904
             _msg.Label.VAULT_METAVAR_SERVICE
         )
         user_config = self.get_user_config()
-        import_settings = self.ctx.params['import_settings']
-        overwrite_config = self.ctx.params['overwrite_config']
+        import_settings = self.ctx.params["import_settings"]
+        overwrite_config = self.ctx.params["overwrite_config"]
         try:
             # TODO(the-13th-letter): keep track of auto-close; try
             # os.dup if feasible
             infile = cast(
-                'TextIO',
+                "TextIO",
                 (
                     import_settings
-                    if hasattr(import_settings, 'close')
-                    else click.open_file(os.fspath(import_settings), 'rt')
+                    if hasattr(import_settings, "close")
+                    else click.open_file(os.fspath(import_settings), "rt")
                 ),
             )
             # Don't specifically catch TypeError or ValueError here if
@@ -884,7 +884,7 @@ class _VaultContext:  # noqa: PLR0904
             # These are never fatal errors, because the semantics of
             # vault upon encountering these settings are ill-specified,
             # but not ill-defined.
-            if step.action == 'replace':
+            if step.action == "replace":
                 self.warning(
                     _msg.TranslatedString(
                         _msg.WarnMsgTemplate.STEP_REPLACE_INVALID_VALUE,
@@ -901,7 +901,7 @@ class _VaultContext:  # noqa: PLR0904
                         old=json.dumps(step.old_value),
                     ),
                 )
-        if '' in maybe_config['services']:
+        if "" in maybe_config["services"]:
             self.warning(
                 _msg.TranslatedString(
                     _msg.WarnMsgTemplate.EMPTY_SERVICE_SETTINGS_INACCESSIBLE,
@@ -909,7 +909,7 @@ class _VaultContext:  # noqa: PLR0904
                     PROG_NAME=PROG_NAME,
                 ),
             )
-        for service_name in sorted(maybe_config['services'].keys()):
+        for service_name in sorted(maybe_config["services"].keys()):
             if not cli_helpers.is_completable_item(service_name):
                 self.warning(
                     _msg.TranslatedString(
@@ -919,15 +919,15 @@ class _VaultContext:  # noqa: PLR0904
                 )
         try:
             cli_helpers.check_for_misleading_passphrase(
-                ('global',),
-                cast('dict[str, Any]', maybe_config.get('global', {})),
+                ("global",),
+                cast("dict[str, Any]", maybe_config.get("global", {})),
                 main_config=user_config,
                 ctx=self.ctx,
             )
-            for key, value in maybe_config['services'].items():
+            for key, value in maybe_config["services"].items():
                 cli_helpers.check_for_misleading_passphrase(
-                    ('services', key),
-                    cast('dict[str, Any]', value),
+                    ("services", key),
+                    cast("dict[str, Any]", value),
                     main_config=user_config,
                     ctx=self.ctx,
                 )
@@ -939,22 +939,22 @@ class _VaultContext:  # noqa: PLR0904
                     filename=None,
                 ).maybe_without_filename(),
             )
-        global_obj = maybe_config.get('global', {})
-        has_key = _types.js_truthiness(global_obj.get('key'))
-        has_phrase = _types.js_truthiness(global_obj.get('phrase'))
+        global_obj = maybe_config.get("global", {})
+        has_key = _types.js_truthiness(global_obj.get("key"))
+        has_phrase = _types.js_truthiness(global_obj.get("phrase"))
         if has_key and has_phrase:
             self.warning(
                 _msg.TranslatedString(
                     _msg.WarnMsgTemplate.GLOBAL_PASSPHRASE_INEFFECTIVE,
                 ),
             )
-        for service_name, service_obj in maybe_config['services'].items():
+        for service_name, service_obj in maybe_config["services"].items():
             has_key = _types.js_truthiness(
-                service_obj.get('key')
-            ) or _types.js_truthiness(global_obj.get('key'))
+                service_obj.get("key")
+            ) or _types.js_truthiness(global_obj.get("key"))
             has_phrase = _types.js_truthiness(
-                service_obj.get('phrase')
-            ) or _types.js_truthiness(global_obj.get('phrase'))
+                service_obj.get("phrase")
+            ) or _types.js_truthiness(global_obj.get("phrase"))
             if has_key and has_phrase:
                 self.warning(
                     _msg.TranslatedString(
@@ -969,16 +969,16 @@ class _VaultContext:  # noqa: PLR0904
             merged_config: collections.ChainMap[str, Any] = (
                 collections.ChainMap(
                     {
-                        'services': collections.ChainMap(
-                            maybe_config['services'],
-                            configuration['services'],
+                        "services": collections.ChainMap(
+                            maybe_config["services"],
+                            configuration["services"],
                         ),
                     },
-                    {'global': maybe_config['global']}
-                    if 'global' in maybe_config
+                    {"global": maybe_config["global"]}
+                    if "global" in maybe_config
                     else {},
-                    {'global': configuration['global']}
-                    if 'global' in configuration
+                    {"global": configuration["global"]}
+                    if "global" in configuration
                     else {},
                 )
             )
@@ -996,18 +996,18 @@ class _VaultContext:  # noqa: PLR0904
         configuration to the file.
 
         """
-        export_settings = self.ctx.params['export_settings']
-        export_as = self.ctx.params['export_as']
+        export_settings = self.ctx.params["export_settings"]
+        export_as = self.ctx.params["export_as"]
         configuration = self.get_config()
         try:
             # TODO(the-13th-letter): keep track of auto-close; try
             # os.dup if feasible
             outfile = cast(
-                'TextIO',
+                "TextIO",
                 (
                     export_settings
-                    if hasattr(export_settings, 'close')
-                    else click.open_file(os.fspath(export_settings), 'wt')
+                    if hasattr(export_settings, "close")
+                    else click.open_file(os.fspath(export_settings), "wt")
                 ),
             )
             # Don't specifically catch TypeError or ValueError here if
@@ -1016,10 +1016,10 @@ class _VaultContext:  # noqa: PLR0904
             # and for programmatic use, our caller may want accurate
             # error information.
             with outfile:
-                if export_as == 'sh':
+                if export_as == "sh":
                     this_ctx = self.ctx
                     prog_name_pieces = collections.deque([
-                        this_ctx.info_name or 'vault',
+                        this_ctx.info_name or "vault",
                     ])
                     while (
                         this_ctx.parent is not None
@@ -1094,20 +1094,20 @@ class _VaultContext:  # noqa: PLR0904
             entered master passphrase for Unicode normalization issues.
 
         """
-        service = self.ctx.params['service']
-        use_key = self.ctx.params['use_key']
-        use_phrase = self.ctx.params['use_phrase']
+        service = self.ctx.params["service"]
+        use_key = self.ctx.params["use_key"]
+        use_phrase = self.ctx.params["use_phrase"]
         if configuration is None:
             configuration = self.get_config()
         service_keys_on_commandline = {
-            'length',
-            'repeat',
-            'lower',
-            'upper',
-            'number',
-            'space',
-            'dash',
-            'symbol',
+            "length",
+            "repeat",
+            "lower",
+            "upper",
+            "number",
+            "space",
+            "dash",
+            "symbol",
         }
         settings: collections.ChainMap[str, Any] = collections.ChainMap(
             {
@@ -1116,10 +1116,10 @@ class _VaultContext:  # noqa: PLR0904
                 if (v := self.ctx.params.get(k)) is not None
             },
             cast(
-                'dict[str, Any]',
-                configuration['services'].get(service, {}) if service else {},
+                "dict[str, Any]",
+                configuration["services"].get(service, {}) if service else {},
             ),
-            cast('dict[str, Any]', configuration.get('global', {})),
+            cast("dict[str, Any]", configuration.get("global", {})),
         )
         if not service and not empty_service_permitted:
             err_msg = _msg.TranslatedString(
@@ -1130,13 +1130,13 @@ class _VaultContext:  # noqa: PLR0904
             )
             raise click.UsageError(str(err_msg))
         if use_key:
-            settings.maps[0]['key'] = base64.standard_b64encode(
+            settings.maps[0]["key"] = base64.standard_b64encode(
                 cli_helpers.select_ssh_key(
                     ctx=self.ctx,
                     error_callback=self.err,
                     warning_callback=self.warning,
                 )
-            ).decode('ASCII')
+            ).decode("ASCII")
         elif use_phrase:
             maybe_phrase = cli_helpers.prompt_for_passphrase()
             if not maybe_phrase:
@@ -1146,7 +1146,7 @@ class _VaultContext:  # noqa: PLR0904
                     )
                 )
             else:
-                settings.maps[0]['phrase'] = maybe_phrase
+                settings.maps[0]["phrase"] = maybe_phrase
         return settings
 
     def run_op_store_config_only(self) -> None:  # noqa: C901,PLR0912,PLR0914,PLR0915
@@ -1173,13 +1173,13 @@ class _VaultContext:  # noqa: PLR0904
                 and set.
 
         """
-        service = self.ctx.params['service']
-        use_key = self.ctx.params['use_key']
-        use_phrase = self.ctx.params['use_phrase']
-        unset_settings = self.ctx.params['unset_settings']
-        overwrite_config = self.ctx.params['overwrite_config']
-        edit_notes = self.ctx.params['edit_notes']
-        modern_editor_interface = self.ctx.params['modern_editor_interface']
+        service = self.ctx.params["service"]
+        use_key = self.ctx.params["use_key"]
+        use_phrase = self.ctx.params["use_phrase"]
+        unset_settings = self.ctx.params["unset_settings"]
+        overwrite_config = self.ctx.params["overwrite_config"]
+        edit_notes = self.ctx.params["edit_notes"]
+        modern_editor_interface = self.ctx.params["modern_editor_interface"]
         configuration = self.get_config()
         user_config = self.get_user_config()
         settings = self.run_subop_query_phrase_or_key_change(
@@ -1193,12 +1193,12 @@ class _VaultContext:  # noqa: PLR0904
             else collections.ChainMap(settings.maps[0], settings.maps[2])
         )
         if use_key:
-            view['key'] = overrides['key']
+            view["key"] = overrides["key"]
         elif use_phrase:
-            view['phrase'] = overrides['phrase']
+            view["phrase"] = overrides["phrase"]
             try:
                 cli_helpers.check_for_misleading_passphrase(
-                    ('services', service) if service else ('global',),
+                    ("services", service) if service else ("global",),
                     overrides,
                     main_config=user_config,
                     ctx=self.ctx,
@@ -1211,7 +1211,7 @@ class _VaultContext:  # noqa: PLR0904
                         filename=None,
                     ).maybe_without_filename(),
                 )
-            if 'key' in settings:
+            if "key" in settings:
                 if service:
                     w_msg = _msg.TranslatedString(
                         _msg.WarnMsgTemplate.SERVICE_PASSPHRASE_INEFFECTIVE,
@@ -1247,9 +1247,9 @@ class _VaultContext:  # noqa: PLR0904
                 ),
             )
         subtree: dict[str, Any] = (
-            configuration['services'].setdefault(service, {})  # type: ignore[assignment]
+            configuration["services"].setdefault(service, {})  # type: ignore[assignment]
             if service
-            else configuration.setdefault('global', {})
+            else configuration.setdefault("global", {})
         )
         if overwrite_config:
             subtree.clear()
@@ -1258,7 +1258,7 @@ class _VaultContext:  # noqa: PLR0904
                 subtree.pop(setting, None)
         subtree.update(view)
         assert _types.is_vault_config(configuration), (
-            f'Invalid vault configuration: {configuration!r}'
+            f"Invalid vault configuration: {configuration!r}"
         )
         if edit_notes:
             assert service is not None
@@ -1271,9 +1271,9 @@ class _VaultContext:  # noqa: PLR0904
             notes_legacy_instructions = _msg.TranslatedString(
                 _msg.Label.DERIVEPASSPHRASE_VAULT_NOTES_LEGACY_INSTRUCTION_TEXT
             )
-            old_notes_value = subtree.get('notes', '')
+            old_notes_value = subtree.get("notes", "")
             if modern_editor_interface:
-                text = '\n'.join([
+                text = "\n".join([
                     str(notes_instructions),
                     str(notes_marker),
                     old_notes_value,
@@ -1287,16 +1287,16 @@ class _VaultContext:  # noqa: PLR0904
                 and notes_value.strip() != old_notes_value.strip()
             ):
                 backup_file = cli_helpers.config_filename(
-                    subsystem='notes backup'
+                    subsystem="notes backup"
                 )
-                backup_file.write_text(old_notes_value, encoding='UTF-8')
+                backup_file.write_text(old_notes_value, encoding="UTF-8")
                 self.warning(
                     _msg.TranslatedString(
                         _msg.WarnMsgTemplate.LEGACY_EDITOR_INTERFACE_NOTES_BACKUP,
                         filename=str(backup_file),
                     ),
                 )
-                subtree['notes'] = notes_value.strip()
+                subtree["notes"] = notes_value.strip()
             elif (
                 modern_editor_interface and notes_value.strip() != text.strip()
             ):
@@ -1306,7 +1306,7 @@ class _VaultContext:  # noqa: PLR0904
                 while notes_lines:
                     line = notes_lines.popleft()
                     if line.startswith(str(notes_marker)):
-                        notes_value = ''.join(notes_lines)
+                        notes_value = "".join(notes_lines)
                         break
                 else:
                     if not notes_value.strip():
@@ -1315,7 +1315,7 @@ class _VaultContext:  # noqa: PLR0904
                                 _msg.ErrMsgTemplate.USER_ABORTED_EDIT
                             )
                         )
-                subtree['notes'] = notes_value.strip()
+                subtree["notes"] = notes_value.strip()
         self.put_config(configuration)
 
     def run_op_derive_passphrase(self) -> None:
@@ -1338,10 +1338,10 @@ class _VaultContext:  # noqa: PLR0904
                 No master passphrase or master SSH key was given on both
                 the command-line and in the vault configuration on disk.
         """
-        service = self.ctx.params['service']
-        use_key = self.ctx.params['use_key']
-        use_phrase = self.ctx.params['use_phrase']
-        print_notes_before = self.ctx.params['print_notes_before']
+        service = self.ctx.params["service"]
+        use_key = self.ctx.params["use_key"]
+        use_phrase = self.ctx.params["use_phrase"]
+        print_notes_before = self.ctx.params["print_notes_before"]
         user_config = self.get_user_config()
         settings = self.run_subop_query_phrase_or_key_change(
             empty_service_permitted=False
@@ -1350,7 +1350,7 @@ class _VaultContext:  # noqa: PLR0904
             try:
                 cli_helpers.check_for_misleading_passphrase(
                     cli_helpers.ORIGIN.INTERACTIVE,
-                    {'phrase': settings['phrase']},
+                    {"phrase": settings["phrase"]},
                     main_config=user_config,
                     ctx=self.ctx,
                 )
@@ -1363,7 +1363,7 @@ class _VaultContext:  # noqa: PLR0904
                     ).maybe_without_filename(),
                 )
         phrase: str | bytes
-        overrides = cast('dict[str, int | str]', settings.maps[0])
+        overrides = cast("dict[str, int | str]", settings.maps[0])
         # If either --key or --phrase are given, use that setting.
         # Otherwise, if both key and phrase are set in the config,
         # use the key.  Otherwise, if only one of key and phrase is
@@ -1372,53 +1372,53 @@ class _VaultContext:  # noqa: PLR0904
         # a key is given.  Finally, if nothing is set, error out.
         if use_key:
             phrase = cli_helpers.key_to_phrase(
-                cast('str', overrides['key']),
+                cast("str", overrides["key"]),
                 error_callback=self.err,
                 warning_callback=self.warning,
             )
         elif use_phrase:
-            phrase = cast('str', overrides['phrase'])
-        elif settings.get('key'):
+            phrase = cast("str", overrides["phrase"])
+        elif settings.get("key"):
             phrase = cli_helpers.key_to_phrase(
-                cast('str', settings['key']), error_callback=self.err
+                cast("str", settings["key"]), error_callback=self.err
             )
-        elif settings.get('phrase'):
-            phrase = cast('str', settings['phrase'])
+        elif settings.get("phrase"):
+            phrase = cast("str", settings["phrase"])
         else:
             err_msg = _msg.TranslatedString(
                 _msg.ErrMsgTemplate.NO_KEY_OR_PHRASE
             )
             raise click.UsageError(str(err_msg))
-        overrides.pop('key', '')
-        overrides.pop('phrase', '')
+        overrides.pop("key", "")
+        overrides.pop("phrase", "")
         assert service is not None
         vault_service_keys = {
-            'length',
-            'repeat',
-            'lower',
-            'upper',
-            'number',
-            'space',
-            'dash',
-            'symbol',
+            "length",
+            "repeat",
+            "lower",
+            "upper",
+            "number",
+            "space",
+            "dash",
+            "symbol",
         }
         kwargs = {
-            cast('str', k): cast('int', settings[k])
+            cast("str", k): cast("int", settings[k])
             for k in vault_service_keys
             if k in settings
         }
         result = vault.Vault(phrase=phrase, **kwargs).generate(service)
-        service_notes = cast('str', settings.get('notes', '')).strip()
+        service_notes = cast("str", settings.get("notes", "")).strip()
         if print_notes_before and service_notes.strip():
-            click.echo(f'{service_notes}\n', err=True, color=self.ctx.color)
-        click.echo(result.decode('ASCII'), color=self.ctx.color)
+            click.echo(f"{service_notes}\n", err=True, color=self.ctx.color)
+        click.echo(result.decode("ASCII"), color=self.ctx.color)
         if not print_notes_before and service_notes.strip():
-            click.echo(f'\n{service_notes}\n', err=True, color=self.ctx.color)
+            click.echo(f"\n{service_notes}\n", err=True, color=self.ctx.color)
 
 
 @derivepassphrase.command(
-    'vault',
-    context_settings={'help_option_names': ['-h', '--help']},
+    "vault",
+    context_settings={"help_option_names": ["-h", "--help"]},
     cls=cli_machinery.CommandWithHelpGroups,
     help=(
         _msg.TranslatedString(_msg.Label.DERIVEPASSPHRASE_VAULT_01),
@@ -1435,9 +1435,9 @@ class _VaultContext:  # noqa: PLR0904
     ),
 )
 @click.option(
-    '-p',
-    '--phrase',
-    'use_phrase',
+    "-p",
+    "--phrase",
+    "use_phrase",
     is_flag=True,
     help=_msg.TranslatedString(
         _msg.Label.DERIVEPASSPHRASE_VAULT_PHRASE_HELP_TEXT
@@ -1445,9 +1445,9 @@ class _VaultContext:  # noqa: PLR0904
     cls=cli_machinery.PassphraseGenerationOption,
 )
 @click.option(
-    '-k',
-    '--key',
-    'use_key',
+    "-k",
+    "--key",
+    "use_key",
     is_flag=True,
     help=_msg.TranslatedString(
         _msg.Label.DERIVEPASSPHRASE_VAULT_KEY_HELP_TEXT
@@ -1455,8 +1455,8 @@ class _VaultContext:  # noqa: PLR0904
     cls=cli_machinery.PassphraseGenerationOption,
 )
 @click.option(
-    '-l',
-    '--length',
+    "-l",
+    "--length",
     metavar=_msg.TranslatedString(
         _msg.Label.PASSPHRASE_GENERATION_METAVAR_NUMBER
     ),
@@ -1470,8 +1470,8 @@ class _VaultContext:  # noqa: PLR0904
     cls=cli_machinery.PassphraseGenerationOption,
 )
 @click.option(
-    '-r',
-    '--repeat',
+    "-r",
+    "--repeat",
     metavar=_msg.TranslatedString(
         _msg.Label.PASSPHRASE_GENERATION_METAVAR_NUMBER
     ),
@@ -1485,7 +1485,7 @@ class _VaultContext:  # noqa: PLR0904
     cls=cli_machinery.PassphraseGenerationOption,
 )
 @click.option(
-    '--lower',
+    "--lower",
     metavar=_msg.TranslatedString(
         _msg.Label.PASSPHRASE_GENERATION_METAVAR_NUMBER
     ),
@@ -1499,7 +1499,7 @@ class _VaultContext:  # noqa: PLR0904
     cls=cli_machinery.PassphraseGenerationOption,
 )
 @click.option(
-    '--upper',
+    "--upper",
     metavar=_msg.TranslatedString(
         _msg.Label.PASSPHRASE_GENERATION_METAVAR_NUMBER
     ),
@@ -1513,7 +1513,7 @@ class _VaultContext:  # noqa: PLR0904
     cls=cli_machinery.PassphraseGenerationOption,
 )
 @click.option(
-    '--number',
+    "--number",
     metavar=_msg.TranslatedString(
         _msg.Label.PASSPHRASE_GENERATION_METAVAR_NUMBER
     ),
@@ -1527,7 +1527,7 @@ class _VaultContext:  # noqa: PLR0904
     cls=cli_machinery.PassphraseGenerationOption,
 )
 @click.option(
-    '--space',
+    "--space",
     metavar=_msg.TranslatedString(
         _msg.Label.PASSPHRASE_GENERATION_METAVAR_NUMBER
     ),
@@ -1541,7 +1541,7 @@ class _VaultContext:  # noqa: PLR0904
     cls=cli_machinery.PassphraseGenerationOption,
 )
 @click.option(
-    '--dash',
+    "--dash",
     metavar=_msg.TranslatedString(
         _msg.Label.PASSPHRASE_GENERATION_METAVAR_NUMBER
     ),
@@ -1555,7 +1555,7 @@ class _VaultContext:  # noqa: PLR0904
     cls=cli_machinery.PassphraseGenerationOption,
 )
 @click.option(
-    '--symbol',
+    "--symbol",
     metavar=_msg.TranslatedString(
         _msg.Label.PASSPHRASE_GENERATION_METAVAR_NUMBER
     ),
@@ -1569,9 +1569,9 @@ class _VaultContext:  # noqa: PLR0904
     cls=cli_machinery.PassphraseGenerationOption,
 )
 @click.option(
-    '-n',
-    '--notes',
-    'edit_notes',
+    "-n",
+    "--notes",
+    "edit_notes",
     is_flag=True,
     help=_msg.TranslatedString(
         _msg.Label.DERIVEPASSPHRASE_VAULT_NOTES_HELP_TEXT,
@@ -1582,9 +1582,9 @@ class _VaultContext:  # noqa: PLR0904
     cls=cli_machinery.ConfigurationOption,
 )
 @click.option(
-    '-c',
-    '--config',
-    'store_config_only',
+    "-c",
+    "--config",
+    "store_config_only",
     is_flag=True,
     help=_msg.TranslatedString(
         _msg.Label.DERIVEPASSPHRASE_VAULT_CONFIG_HELP_TEXT,
@@ -1595,9 +1595,9 @@ class _VaultContext:  # noqa: PLR0904
     cls=cli_machinery.ConfigurationOption,
 )
 @click.option(
-    '-x',
-    '--delete',
-    'delete_service_settings',
+    "-x",
+    "--delete",
+    "delete_service_settings",
     is_flag=True,
     help=_msg.TranslatedString(
         _msg.Label.DERIVEPASSPHRASE_VAULT_DELETE_HELP_TEXT,
@@ -1608,7 +1608,7 @@ class _VaultContext:  # noqa: PLR0904
     cls=cli_machinery.ConfigurationOption,
 )
 @click.option(
-    '--delete-globals',
+    "--delete-globals",
     is_flag=True,
     help=_msg.TranslatedString(
         _msg.Label.DERIVEPASSPHRASE_VAULT_DELETE_GLOBALS_HELP_TEXT,
@@ -1616,9 +1616,9 @@ class _VaultContext:  # noqa: PLR0904
     cls=cli_machinery.ConfigurationOption,
 )
 @click.option(
-    '-X',
-    '--clear',
-    'clear_all_settings',
+    "-X",
+    "--clear",
+    "clear_all_settings",
     is_flag=True,
     help=_msg.TranslatedString(
         _msg.Label.DERIVEPASSPHRASE_VAULT_DELETE_ALL_HELP_TEXT,
@@ -1626,9 +1626,9 @@ class _VaultContext:  # noqa: PLR0904
     cls=cli_machinery.ConfigurationOption,
 )
 @click.option(
-    '-e',
-    '--export',
-    'export_settings',
+    "-e",
+    "--export",
+    "export_settings",
     metavar=_msg.TranslatedString(
         _msg.Label.PASSPHRASE_GENERATION_METAVAR_NUMBER
     ),
@@ -1642,9 +1642,9 @@ class _VaultContext:  # noqa: PLR0904
     shell_complete=cli_helpers.shell_complete_path,
 )
 @click.option(
-    '-i',
-    '--import',
-    'import_settings',
+    "-i",
+    "--import",
+    "import_settings",
     metavar=_msg.TranslatedString(
         _msg.Label.PASSPHRASE_GENERATION_METAVAR_NUMBER
     ),
@@ -1658,8 +1658,8 @@ class _VaultContext:  # noqa: PLR0904
     shell_complete=cli_helpers.shell_complete_path,
 )
 @click.option(
-    '--overwrite-existing/--merge-existing',
-    'overwrite_config',
+    "--overwrite-existing/--merge-existing",
+    "overwrite_config",
     default=False,
     help=_msg.TranslatedString(
         _msg.Label.DERIVEPASSPHRASE_VAULT_OVERWRITE_HELP_TEXT
@@ -1667,21 +1667,21 @@ class _VaultContext:  # noqa: PLR0904
     cls=cli_machinery.CompatibilityOption,
 )
 @click.option(
-    '--unset',
-    'unset_settings',
+    "--unset",
+    "unset_settings",
     multiple=True,
     type=click.Choice([
-        'phrase',
-        'key',
-        'length',
-        'repeat',
-        'lower',
-        'upper',
-        'number',
-        'space',
-        'dash',
-        'symbol',
-        'notes',
+        "phrase",
+        "key",
+        "length",
+        "repeat",
+        "lower",
+        "upper",
+        "number",
+        "space",
+        "dash",
+        "symbol",
+        "notes",
     ]),
     help=_msg.TranslatedString(
         _msg.Label.DERIVEPASSPHRASE_VAULT_UNSET_HELP_TEXT
@@ -1689,17 +1689,17 @@ class _VaultContext:  # noqa: PLR0904
     cls=cli_machinery.CompatibilityOption,
 )
 @click.option(
-    '--export-as',
-    type=click.Choice(['json', 'sh']),
-    default='json',
+    "--export-as",
+    type=click.Choice(["json", "sh"]),
+    default="json",
     help=_msg.TranslatedString(
         _msg.Label.DERIVEPASSPHRASE_VAULT_EXPORT_AS_HELP_TEXT
     ),
     cls=cli_machinery.CompatibilityOption,
 )
 @click.option(
-    '--modern-editor-interface/--vault-legacy-editor-interface',
-    'modern_editor_interface',
+    "--modern-editor-interface/--vault-legacy-editor-interface",
+    "modern_editor_interface",
     default=False,
     help=_msg.TranslatedString(
         _msg.Label.DERIVEPASSPHRASE_VAULT_EDITOR_INTERFACE_HELP_TEXT
@@ -1707,8 +1707,8 @@ class _VaultContext:  # noqa: PLR0904
     cls=cli_machinery.CompatibilityOption,
 )
 @click.option(
-    '--print-notes-before/--print-notes-after',
-    'print_notes_before',
+    "--print-notes-before/--print-notes-after",
+    "print_notes_before",
     default=False,
     help=_msg.TranslatedString(
         _msg.Label.DERIVEPASSPHRASE_VAULT_PRINT_NOTES_BEFORE_HELP_TEXT,
@@ -1722,7 +1722,7 @@ class _VaultContext:  # noqa: PLR0904
 @cli_machinery.color_forcing_pseudo_option
 @cli_machinery.standard_logging_options
 @click.argument(
-    'service',
+    "service",
     metavar=_msg.TranslatedString(_msg.Label.VAULT_METAVAR_SERVICE),
     required=False,
     default=None,
@@ -1843,5 +1843,5 @@ def derivepassphrase_vault(
     vault_context.dispatch_op()
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     derivepassphrase()

src/derivepassphrase/exporter/__init__.py

Zeige Datei @ e981744

@@ -21,7 +21,7 @@ __all__ = ()
 
 
 INVALID_VAULT_NATIVE_CONFIGURATION_FORMAT = (
-    'Invalid vault native configuration format: {fmt!r}'
+    "Invalid vault native configuration format: {fmt!r}"
 )
 
 
@@ -39,11 +39,11 @@ class NotAVaultConfigError(ValueError):
     def __str__(self) -> str:  # pragma: no cover [failsafe]
         """"""  # noqa: D419
         formatted_format = (
-            f'vault {self.format} configuration'
+            f"vault {self.format} configuration"
             if self.format
-            else 'vault configuration'
+            else "vault configuration"
         )
-        return f'Not a {formatted_format}: {self.path!r}'
+        return f"Not a {formatted_format}: {self.path!r}"
 
 
 def get_vault_key() -> bytes:
@@ -66,22 +66,22 @@ def get_vault_key() -> bytes:
     """
 
     def getenv_environb(env_var: str) -> bytes:  # pragma: no cover [external]
-        return os.environb.get(env_var.encode('UTF-8'), b'')  # type: ignore[attr-defined]
+        return os.environb.get(env_var.encode("UTF-8"), b"")  # type: ignore[attr-defined]
 
     def getenv_environ(env_var: str) -> bytes:  # pragma: no cover [external]
-        return os.environ.get(env_var, '').encode('UTF-8')
+        return os.environ.get(env_var, "").encode("UTF-8")
 
     getenv: Callable[[str], bytes] = (
         getenv_environb if os.supports_bytes_environ else getenv_environ
     )
     username = (
-        getenv('VAULT_KEY')
-        or getenv('LOGNAME')
-        or getenv('USER')
-        or getenv('USERNAME')
+        getenv("VAULT_KEY")
+        or getenv("LOGNAME")
+        or getenv("USER")
+        or getenv("USERNAME")
     )
     if not username:
-        env_var = 'VAULT_KEY'
+        env_var = "VAULT_KEY"
         raise KeyError(env_var)
     return username
 
@@ -104,7 +104,7 @@ def get_vault_path() -> pathlib.Path:
 
     """
     return pathlib.Path(
-        '~', os.environ.get('VAULT_PATH', '.vault')
+        "~", os.environ.get("VAULT_PATH", ".vault")
     ).expanduser()
 
 
@@ -181,10 +181,10 @@ def register_export_vault_config_data_handler(
     *names: str,
 ) -> Callable[[ExportVaultConfigDataFunction], ExportVaultConfigDataFunction]:
     if not names:
-        msg = 'No names given to export_data handler registry'
+        msg = "No names given to export_data handler registry"
         raise ValueError(msg)
-    if '' in names:
-        msg = 'Cannot register export_data handler under an empty name'
+    if "" in names:
+        msg = "Cannot register export_data handler under an empty name"
         raise ValueError(msg)
 
     def wrapper(
@@ -192,7 +192,7 @@ def register_export_vault_config_data_handler(
     ) -> ExportVaultConfigDataFunction:
         for name in names:
             if name in _export_vault_config_data_registry:
-                msg = f'export_data handler already registered: {name!r}'
+                msg = f"export_data handler already registered: {name!r}"
                 raise ValueError(msg)
             _export_vault_config_data_registry[name] = f
         return f
@@ -214,8 +214,8 @@ def find_vault_config_data_handlers() -> None:
     # imports.  The modules themselves contain function definitions that
     # register themselves automatically with
     # `_export_vault_config_data_registry`.
-    importlib.import_module('derivepassphrase.exporter.storeroom')
-    importlib.import_module('derivepassphrase.exporter.vault_native')
+    importlib.import_module("derivepassphrase.exporter.storeroom")
+    importlib.import_module("derivepassphrase.exporter.vault_native")
 
 
 def export_vault_config_data(

src/derivepassphrase/exporter/storeroom.py

Zeige Datei @ e981744

@@ -50,7 +50,7 @@ if TYPE_CHECKING:
     STUBBED = False
 else:
     try:
-        importlib.import_module('cryptography')
+        importlib.import_module("cryptography")
     except ModuleNotFoundError as exc:
 
         class _DummyModule:
@@ -78,24 +78,24 @@ else:
 
         STUBBED = False
 
-STOREROOM_MASTER_KEYS_UUID = b'35b7c7ed-f71e-4adf-9051-02fb0f1e0e17'
-VAULT_CIPHER_UUID = b'73e69e8a-cb05-4b50-9f42-59d76a511299'
+STOREROOM_MASTER_KEYS_UUID = b"35b7c7ed-f71e-4adf-9051-02fb0f1e0e17"
+VAULT_CIPHER_UUID = b"73e69e8a-cb05-4b50-9f42-59d76a511299"
 IV_SIZE = 16
 KEY_SIZE = MAC_SIZE = 32
 ENCRYPTED_KEYPAIR_SIZE = 128
 VERSION_SIZE = 1
 
-__all__ = ('export_storeroom_data',)
+__all__ = ("export_storeroom_data",)
 
 logger = logging.getLogger(__name__)
 
 
-@exporter.register_export_vault_config_data_handler('storeroom')
+@exporter.register_export_vault_config_data_handler("storeroom")
 def export_storeroom_data(  # noqa: C901,D417,PLR0912,PLR0914,PLR0915
     path: str | bytes | os.PathLike | None = None,
     key: str | Buffer | None = None,
     *,
-    format: str = 'storeroom',  # noqa: A002
+    format: str = "storeroom",  # noqa: A002
 ) -> dict[str, Any]:
     """Export the full configuration stored in the storeroom.
 
@@ -108,39 +108,39 @@ def export_storeroom_data(  # noqa: C901,D417,PLR0912,PLR0914,PLR0915
 
     """  # noqa: DOC201,DOC501
     # Trigger import errors if necessary.
-    importlib.import_module('cryptography')
+    importlib.import_module("cryptography")
     if path is None:
         path = exporter.get_vault_path()
     else:
         path = pathlib.Path(os.fsdecode(path))
     if key is None:
         key = exporter.get_vault_key()
-    if format != 'storeroom':  # pragma: no cover [failsafe]
+    if format != "storeroom":  # pragma: no cover [failsafe]
         msg = exporter.INVALID_VAULT_NATIVE_CONFIGURATION_FORMAT.format(
             fmt=format
         )
         raise ValueError(msg)
     try:
-        master_keys_file = pathlib.Path(path, '.keys').open(  # noqa: SIM115
-            encoding='utf-8',
+        master_keys_file = pathlib.Path(path, ".keys").open(  # noqa: SIM115
+            encoding="utf-8",
         )
     except FileNotFoundError as exc:
-        raise exporter.NotAVaultConfigError(path, format='storeroom') from exc
+        raise exporter.NotAVaultConfigError(path, format="storeroom") from exc
     with master_keys_file:
         header = json.loads(master_keys_file.readline())
-        if header != {'version': 1}:
-            msg = 'bad or unsupported keys version header'
+        if header != {"version": 1}:
+            msg = "bad or unsupported keys version header"
             raise RuntimeError(msg)
         raw_keys_data = base64.standard_b64decode(master_keys_file.readline())
         encrypted_keys_params, encrypted_keys = struct.unpack(
-            f'B {len(raw_keys_data) - 1}s', raw_keys_data
+            f"B {len(raw_keys_data) - 1}s", raw_keys_data
         )
         if master_keys_file.read():
-            msg = 'trailing data; cannot make sense of .keys file'
+            msg = "trailing data; cannot make sense of .keys file"
             raise RuntimeError(msg)
     encrypted_keys_version = encrypted_keys_params >> 4
     if encrypted_keys_version != 1:
-        msg = f'cannot handle version {encrypted_keys_version} encrypted keys'
+        msg = f"cannot handle version {encrypted_keys_version} encrypted keys"
         raise RuntimeError(msg)
     logger.info(
         _msg.TranslatedString(_msg.InfoMsgTemplate.PARSING_MASTER_KEYS_DATA)
@@ -151,7 +151,7 @@ def export_storeroom_data(  # noqa: C901,D417,PLR0912,PLR0914,PLR0915
 
     config_structure: dict[str, Any] = {}
     json_contents: dict[str, bytes] = {}
-    valid_hashdirs = list(path.glob('[01][0-9a-f]'))
+    valid_hashdirs = list(path.glob("[01][0-9a-f]"))
     for file in valid_hashdirs:
         logger.info(
             _msg.TranslatedString(
@@ -178,12 +178,12 @@ def export_storeroom_data(  # noqa: C901,D417,PLR0912,PLR0914,PLR0915
         _msg.TranslatedString(_msg.InfoMsgTemplate.ASSEMBLING_CONFIG_STRUCTURE)
     )
     for item_path, json_content in sorted(json_contents.items()):
-        if item_path.endswith('/'):
+        if item_path.endswith("/"):
             logger.debug(
                 _msg.TranslatedString(
                     _msg.DebugMsgTemplate.POSTPONING_DIRECTORY_CONTENTS_CHECK,
                     path=item_path,
-                    contents=json_content.decode('utf-8'),
+                    contents=json_content.decode("utf-8"),
                 )
             )
             json_payload = json.loads(json_content)
@@ -191,8 +191,8 @@ def export_storeroom_data(  # noqa: C901,D417,PLR0912,PLR0914,PLR0915
                 not isinstance(x, str) for x in json_payload
             ):
                 msg = (
-                    f'Directory index is not actually an index: '
-                    f'{json_content!r}'
+                    f"Directory index is not actually an index: "
+                    f"{json_content!r}"
                 )
                 raise RuntimeError(msg)
             dirs_to_check[item_path] = json_payload
@@ -202,13 +202,13 @@ def export_storeroom_data(  # noqa: C901,D417,PLR0912,PLR0914,PLR0915
                     path=item_path,
                 ),
             )
-            _store(config_structure, item_path, b'{}')
+            _store(config_structure, item_path, b"{}")
         else:
             logger.debug(
                 _msg.TranslatedString(
                     _msg.DebugMsgTemplate.SETTING_CONFIG_STRUCTURE_CONTENTS,
                     path=item_path,
-                    value=json_content.decode('utf-8'),
+                    value=json_content.decode("utf-8"),
                 ),
             )
             _store(config_structure, item_path, json_content)
@@ -219,9 +219,9 @@ def export_storeroom_data(  # noqa: C901,D417,PLR0912,PLR0914,PLR0915
     )
     # Sorted order is important; see `maybe_obj` below.
     for dir_, namelist_ in sorted(dirs_to_check.items()):
-        namelist = [x.rstrip('/') for x in namelist_]
+        namelist = [x.rstrip("/") for x in namelist_]
         obj: dict[Any, Any] = config_structure
-        for part in dir_.split('/'):
+        for part in dir_.split("/"):
             if part:
                 # Because we iterate paths in sorted order, parent
                 # directories are encountered before child directories.
@@ -232,11 +232,11 @@ def export_storeroom_data(  # noqa: C901,D417,PLR0912,PLR0914,PLR0915
                 # this, so we need to use assertions anyway.
                 maybe_obj = obj.get(part)
                 assert isinstance(maybe_obj, dict), (
-                    f'Cannot traverse storage path {dir_!r}'
+                    f"Cannot traverse storage path {dir_!r}"
                 )
                 obj = maybe_obj
         if set(obj.keys()) != set(namelist):
-            msg = f'Object key mismatch for path {dir_!r}'
+            msg = f"Object key mismatch for path {dir_!r}"
             raise RuntimeError(msg)
         logger.debug(
             _msg.TranslatedString(
@@ -249,7 +249,7 @@ def export_storeroom_data(  # noqa: C901,D417,PLR0912,PLR0914,PLR0915
 
 
 def _h(bs: Buffer) -> str:
-    return '<{}>'.format(memoryview(bs).hex(' '))
+    return "<{}>".format(memoryview(bs).hex(" "))
 
 
 def _derive_master_keys_keys(
@@ -284,7 +284,7 @@ def _derive_master_keys_keys(
 
     """
     if isinstance(password, str):
-        password = password.encode('ASCII')
+        password = password.encode("ASCII")
     master_keys_keys_blob = pbkdf2.PBKDF2HMAC(
         algorithm=hashes.SHA1(),
         length=2 * KEY_SIZE,
@@ -292,7 +292,7 @@ def _derive_master_keys_keys(
         iterations=iterations,
     ).derive(bytes(password))
     encryption_key, signing_key = struct.unpack(
-        f'{KEY_SIZE}s {KEY_SIZE}s', master_keys_keys_blob
+        f"{KEY_SIZE}s {KEY_SIZE}s", master_keys_keys_blob
     )
     logger.debug(
         _msg.TranslatedString(
@@ -300,7 +300,7 @@ def _derive_master_keys_keys(
             enc_key=_h(encryption_key),
             sign_key=_h(signing_key),
             pw_bytes=_h(password),
-            algorithm='SHA256',
+            algorithm="SHA256",
             length=64,
             salt=STOREROOM_MASTER_KEYS_UUID,
             iterations=iterations,
@@ -362,10 +362,10 @@ def _decrypt_master_keys_data(
         removal.
 
     """
-    data = memoryview(data).toreadonly().cast('c')
+    data = memoryview(data).toreadonly().cast("c")
     keys = keys.toreadonly()
     ciphertext, claimed_mac = struct.unpack(
-        f'{len(data) - MAC_SIZE}s {MAC_SIZE}s', data
+        f"{len(data) - MAC_SIZE}s {MAC_SIZE}s", data
     )
     actual_mac = hmac.HMAC(keys.signing_key, hashes.SHA256())
     actual_mac.update(ciphertext)
@@ -382,7 +382,7 @@ def _decrypt_master_keys_data(
 
     try:
         iv, payload = struct.unpack(
-            f'{IV_SIZE}s {len(ciphertext) - IV_SIZE}s', ciphertext
+            f"{IV_SIZE}s {len(ciphertext) - IV_SIZE}s", ciphertext
         )
         decryptor = ciphers.Cipher(
             algorithms.AES256(keys.encryption_key), modes.CBC(iv)
@@ -395,10 +395,10 @@ def _decrypt_master_keys_data(
         plaintext.extend(unpadder.update(padded_plaintext))
         plaintext.extend(unpadder.finalize())
         hashing_key, encryption_key, signing_key = struct.unpack(
-            f'{KEY_SIZE}s {KEY_SIZE}s {KEY_SIZE}s', plaintext
+            f"{KEY_SIZE}s {KEY_SIZE}s {KEY_SIZE}s", plaintext
         )
     except (ValueError, struct.error) as exc:
-        msg = 'Invalid encrypted master keys payload'
+        msg = "Invalid encrypted master keys payload"
         raise ValueError(msg) from exc
     return _types.StoreroomMasterKeys(
         hashing_key=hashing_key,
@@ -455,10 +455,10 @@ def _decrypt_session_keys(
         removal.
 
     """
-    data = memoryview(data).toreadonly().cast('c')
+    data = memoryview(data).toreadonly().cast("c")
     master_keys = master_keys.toreadonly()
     ciphertext, claimed_mac = struct.unpack(
-        f'{len(data) - MAC_SIZE}s {MAC_SIZE}s', data
+        f"{len(data) - MAC_SIZE}s {MAC_SIZE}s", data
     )
     actual_mac = hmac.HMAC(master_keys.signing_key, hashes.SHA256())
     actual_mac.update(ciphertext)
@@ -475,7 +475,7 @@ def _decrypt_session_keys(
 
     try:
         iv, payload = struct.unpack(
-            f'{IV_SIZE}s {len(ciphertext) - IV_SIZE}s', ciphertext
+            f"{IV_SIZE}s {len(ciphertext) - IV_SIZE}s", ciphertext
         )
         decryptor = ciphers.Cipher(
             algorithms.AES256(master_keys.encryption_key), modes.CBC(iv)
@@ -488,10 +488,10 @@ def _decrypt_session_keys(
         plaintext.extend(unpadder.update(padded_plaintext))
         plaintext.extend(unpadder.finalize())
         session_encryption_key, session_signing_key = struct.unpack(
-            f'{KEY_SIZE}s {KEY_SIZE}s', plaintext
+            f"{KEY_SIZE}s {KEY_SIZE}s", plaintext
         )
     except (ValueError, struct.error) as exc:
-        msg = 'Invalid encrypted session keys payload'
+        msg = "Invalid encrypted session keys payload"
         raise ValueError(msg) from exc
 
     session_keys = _types.StoreroomKeyPair(
@@ -507,10 +507,10 @@ def _decrypt_session_keys(
             ciphertext=_h(payload),
             plaintext=_h(plaintext),
             code=_msg.TranslatedString(
-                'StoreroomKeyPair(encryption_key=bytes.fromhex({enc_key!r}), '
-                'signing_key=bytes.fromhex({sign_key!r}))',
-                enc_key=session_keys.encryption_key.hex(' '),
-                sign_key=session_keys.signing_key.hex(' '),
+                "StoreroomKeyPair(encryption_key=bytes.fromhex({enc_key!r}), "
+                "signing_key=bytes.fromhex({sign_key!r}))",
+                enc_key=session_keys.encryption_key.hex(" "),
+                sign_key=session_keys.signing_key.hex(" "),
             ),
         ),
     )
@@ -562,10 +562,10 @@ def _decrypt_contents(
         removal.
 
     """
-    data = memoryview(data).toreadonly().cast('c')
+    data = memoryview(data).toreadonly().cast("c")
     session_keys = session_keys.toreadonly()
     ciphertext, claimed_mac = struct.unpack(
-        f'{len(data) - MAC_SIZE}s {MAC_SIZE}s', data
+        f"{len(data) - MAC_SIZE}s {MAC_SIZE}s", data
     )
     actual_mac = hmac.HMAC(session_keys.signing_key, hashes.SHA256())
     actual_mac.update(ciphertext)
@@ -581,7 +581,7 @@ def _decrypt_contents(
     actual_mac.verify(claimed_mac)
 
     iv, payload = struct.unpack(
-        f'{IV_SIZE}s {len(ciphertext) - IV_SIZE}s', ciphertext
+        f"{IV_SIZE}s {len(ciphertext) - IV_SIZE}s", ciphertext
     )
     decryptor = ciphers.Cipher(
         algorithms.AES256(session_keys.encryption_key), modes.CBC(iv)
@@ -638,7 +638,7 @@ def _decrypt_bucket_item(
         removal.
 
     """
-    bucket_item = memoryview(bucket_item).toreadonly().cast('c')
+    bucket_item = memoryview(bucket_item).toreadonly().cast("c")
     master_keys = master_keys.toreadonly()
     logger.debug(
         _msg.TranslatedString(
@@ -650,13 +650,13 @@ def _decrypt_bucket_item(
     )
     data_version, encrypted_session_keys, data_contents = struct.unpack(
         (
-            f'B {ENCRYPTED_KEYPAIR_SIZE}s '
-            f'{len(bucket_item) - 1 - ENCRYPTED_KEYPAIR_SIZE}s'
+            f"B {ENCRYPTED_KEYPAIR_SIZE}s "
+            f"{len(bucket_item) - 1 - ENCRYPTED_KEYPAIR_SIZE}s"
         ),
         bucket_item,
     )
     if data_version != 1:
-        msg = f'Cannot handle version {data_version} encrypted data'
+        msg = f"Cannot handle version {data_version} encrypted data"
         raise ValueError(msg)
     session_keys = _decrypt_session_keys(encrypted_session_keys, master_keys)
     return _decrypt_contents(data_contents, session_keys)
@@ -666,7 +666,7 @@ def _decrypt_bucket_file(
     filename: str | bytes | os.PathLike,
     master_keys: _types.StoreroomMasterKeys,
     *,
-    root_dir: str | bytes | os.PathLike = '.',
+    root_dir: str | bytes | os.PathLike = ".",
 ) -> Iterator[Buffer]:
     """Decrypt a complete bucket.
 
@@ -701,15 +701,15 @@ def _decrypt_bucket_file(
     master_keys = master_keys.toreadonly()
     root_dir = pathlib.Path(os.fsdecode(root_dir))
     filename = pathlib.Path(os.fsdecode(filename))
-    with (root_dir / filename).open('rb') as bucket_file:
+    with (root_dir / filename).open("rb") as bucket_file:
         header_line = bucket_file.readline()
         try:
             header = json.loads(header_line)
         except ValueError as exc:
-            msg = f'Invalid bucket file: {filename}'
+            msg = f"Invalid bucket file: {filename}"
             raise ValueError(msg) from exc
-        if header != {'version': 1}:
-            msg = f'Invalid bucket file: {filename}'
+        if header != {"version": 1}:
+            msg = f"Invalid bucket file: {filename}"
             raise ValueError(msg) from None
         for line in bucket_file:
             yield _decrypt_bucket_item(
@@ -740,14 +740,14 @@ def _store(config: dict[str, Any], path: str, json_contents: bytes) -> None:
 
     """
     contents = json.loads(json_contents)
-    path_parts = [part for part in path.split('/') if part]
+    path_parts = [part for part in path.split("/") if part]
     for part in path_parts[:-1]:
         config = config.setdefault(part, {})
     if path_parts:
         config[path_parts[-1]] = contents
 
 
-if __name__ == '__main__':
-    logging.basicConfig(level=('DEBUG' if os.getenv('DEBUG') else 'WARNING'))
-    config_structure = export_storeroom_data(format='storeroom')
+if __name__ == "__main__":
+    logging.basicConfig(level=("DEBUG" if os.getenv("DEBUG") else "WARNING"))
+    config_structure = export_storeroom_data(format="storeroom")
     print(json.dumps(config_structure, indent=2, sort_keys=True))  # noqa: T201

src/derivepassphrase/exporter/vault_native.py

Zeige Datei @ e981744

@@ -54,7 +54,7 @@ if TYPE_CHECKING:
     STUBBED = False
 else:
     try:
-        importlib.import_module('cryptography')
+        importlib.import_module("cryptography")
     except ModuleNotFoundError as exc:
 
         class _DummyModule:
@@ -85,12 +85,12 @@ else:
 
         STUBBED = False
 
-__all__ = ('export_vault_native_data',)
+__all__ = ("export_vault_native_data",)
 
 logger = logging.getLogger(__name__)
 
 
-@exporter.register_export_vault_config_data_handler('v0.2', 'v0.3')
+@exporter.register_export_vault_config_data_handler("v0.2", "v0.3")
 def export_vault_native_data(  # noqa: D417
     path: str | bytes | os.PathLike | None = None,
     key: str | Buffer | None = None,
@@ -108,18 +108,18 @@ def export_vault_native_data(  # noqa: D417
 
     """  # noqa: DOC201,DOC501
     # Trigger import errors if necessary.
-    importlib.import_module('cryptography')
+    importlib.import_module("cryptography")
     if path is None:
         path = exporter.get_vault_path()
     else:
         path = pathlib.Path(os.fsdecode(path))
-    with path.open('rb') as infile:
+    with path.open("rb") as infile:
         contents = base64.standard_b64decode(infile.read())
     if key is None:
         key = exporter.get_vault_key()
     parser_class: type[VaultNativeConfigParser] | None = {
-        'v0.2': VaultNativeV02ConfigParser,
-        'v0.3': VaultNativeV03ConfigParser,
+        "v0.2": VaultNativeV02ConfigParser,
+        "v0.3": VaultNativeV03ConfigParser,
     }.get(format)
     if parser_class is None:  # pragma: no cover [failsafe]
         msg = exporter.INVALID_VAULT_NATIVE_CONFIGURATION_FORMAT.format(
@@ -133,7 +133,7 @@ def export_vault_native_data(  # noqa: D417
 
 
 def _h(bs: Buffer) -> str:
-    return '<{}>'.format(memoryview(bs).hex(' '))
+    return "<{}>".format(memoryview(bs).hex(" "))
 
 
 class VaultNativeConfigParser(abc.ABC):
@@ -175,20 +175,20 @@ class VaultNativeConfigParser(abc.ABC):
 
         """
         if not password:
-            msg = 'Password must not be empty'
+            msg = "Password must not be empty"
             raise ValueError(msg)
         self._consistency_lock = threading.RLock()
         self._contents = bytes(contents)
         self._iv_size = 0
         self._mac_size = 0
-        self._encryption_key = b''
+        self._encryption_key = b""
         self._encryption_key_size = 0
-        self._signing_key = b''
+        self._signing_key = b""
         self._signing_key_size = 0
-        self._message = b''
-        self._message_tag = b''
-        self._iv = b''
-        self._payload = b''
+        self._message = b""
+        self._message_tag = b""
+        self._iv = b""
+        self._payload = b""
         self._password = password
         self._sentinel: object = object()
         self._data: Any = self._sentinel
@@ -247,14 +247,14 @@ class VaultNativeConfigParser(abc.ABC):
 
         """
         if isinstance(password, str):
-            password = password.encode('utf-8')
+            password = password.encode("utf-8")
         raw_key = pbkdf2.PBKDF2HMAC(
             algorithm=hashes.SHA1(),
             length=key_size // 2,
             salt=vault.Vault.UUID,
             iterations=iterations,
         ).derive(bytes(password))
-        result_key = raw_key.hex().lower().encode('ASCII')
+        result_key = raw_key.hex().lower().encode("ASCII")
         logger.debug(
             _msg.TranslatedString(
                 _msg.DebugMsgTemplate.VAULT_NATIVE_PBKDF2_CALL,
@@ -262,9 +262,9 @@ class VaultNativeConfigParser(abc.ABC):
                 salt=vault.Vault.UUID,
                 iterations=iterations,
                 key_size=key_size // 2,
-                algorithm='sha1',
+                algorithm="sha1",
                 raw_result=raw_key,
-                result_key=result_key.decode('ASCII'),
+                result_key=result_key.decode("ASCII"),
             ),
         )
         return result_key
@@ -295,7 +295,7 @@ class VaultNativeConfigParser(abc.ABC):
             mac_size = self._mac_size
 
             if len(contents) < iv_size + 16 + mac_size:
-                msg = 'Invalid vault configuration file: file is truncated'
+                msg = "Invalid vault configuration file: file is truncated"
                 raise ValueError(msg)
 
             cutpos1 = len(contents) - mac_size
@@ -333,10 +333,10 @@ class VaultNativeConfigParser(abc.ABC):
         with self._consistency_lock:
             self._generate_keys()
             assert len(self._encryption_key) == self._encryption_key_size, (
-                'Derived encryption key is invalid'
+                "Derived encryption key is invalid"
             )
             assert len(self._signing_key) == self._signing_key_size, (
-                'Derived signing key is invalid'
+                "Derived signing key is invalid"
             )
 
     @abc.abstractmethod
@@ -384,7 +384,7 @@ class VaultNativeConfigParser(abc.ABC):
         try:
             mac.verify(mac_expected)
         except crypt_exceptions.InvalidSignature:
-            msg = 'File does not contain a valid signature'
+            msg = "File does not contain a valid signature"
             raise ValueError(msg) from None
 
     @abc.abstractmethod
@@ -513,7 +513,7 @@ class VaultNativeV03ConfigParser(VaultNativeConfigParser):
         This includes hexadecimal encoding of the message payload.
 
         """
-        return self._message.hex().lower().encode('ASCII')
+        return self._message.hex().lower().encode("ASCII")
 
     def _make_decryptor(self) -> ciphers.CipherContext:
         """Return the cipher context object used for decryption.
@@ -575,7 +575,7 @@ class VaultNativeV02ConfigParser(VaultNativeConfigParser):
             super()._parse_contents()
             payload = self._payload = base64.standard_b64decode(self._payload)
             message_tag = self._message_tag = bytes.fromhex(
-                self._message_tag.decode('ASCII')
+                self._message_tag.decode("ASCII")
             )
         logger.debug(
             _msg.TranslatedString(
@@ -647,7 +647,7 @@ class VaultNativeV02ConfigParser(VaultNativeConfigParser):
             value (if any):
 
             ~~~~ python
-            data = block_input = b''.join([previous_block, input_string, salt])
+            data = block_input = b"".join([previous_block, input_string, salt])
             for i in range(iteration_count):
                 data = message_digest(data)
             block = data
@@ -683,8 +683,8 @@ class VaultNativeV02ConfigParser(VaultNativeConfigParser):
         """
         total_size = key_size + iv_size
         buffer = bytearray()
-        last_block = b''
-        salt = b''
+        last_block = b""
+        salt = b""
         logger.debug(
             _msg.TranslatedString(
                 _msg.DebugMsgTemplate.VAULT_NATIVE_EVP_BYTESTOKEY_INIT,
@@ -699,7 +699,7 @@ class VaultNativeV02ConfigParser(VaultNativeConfigParser):
         while len(buffer) < total_size:
             with warnings.catch_warnings():
                 warnings.simplefilter(
-                    'ignore', crypt_utils.CryptographyDeprecationWarning
+                    "ignore", crypt_utils.CryptographyDeprecationWarning
                 )
                 block = hashes.Hash(hashes.MD5())
             block.update(last_block)
@@ -753,11 +753,11 @@ class VaultNativeV02ConfigParser(VaultNativeConfigParser):
         ).decryptor()
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     import os
 
-    logging.basicConfig(level=('DEBUG' if os.getenv('DEBUG') else 'WARNING'))
-    with exporter.get_vault_path().open('rb') as infile:
+    logging.basicConfig(level=("DEBUG" if os.getenv("DEBUG") else "WARNING"))
+    with exporter.get_vault_path().open("rb") as infile:
         contents = base64.standard_b64decode(infile.read())
     password = exporter.get_vault_key()
     try:

src/derivepassphrase/sequin.py

Zeige Datei @ e981744

@@ -31,7 +31,7 @@ from typing_extensions import assert_type
 if TYPE_CHECKING:
     from collections.abc import Iterator, Sequence
 
-__all__ = ('Sequin', 'SequinExhaustedError')
+__all__ = ("Sequin", "SequinExhaustedError")
 
 
 class Sequin:
@@ -85,7 +85,7 @@ class Sequin:
                 range.
 
         """
-        msg = 'sequence item out of range'
+        msg = "sequence item out of range"
 
         def uint8_to_bits(value: int) -> Iterator[int]:
             """Yield individual bits of an 8-bit number, MSB first."""
@@ -94,7 +94,7 @@ class Sequin:
 
         if isinstance(sequence, str):
             try:
-                sequence = tuple(sequence.encode('iso-8859-1'))
+                sequence = tuple(sequence.encode("iso-8859-1"))
             except UnicodeError as e:
                 raise ValueError(msg) from e
         else:
@@ -204,7 +204,7 @@ class Sequin:
 
         """  # noqa: DOC501
         if base < 2:  # noqa: PLR2004
-            msg = f'invalid base: {base!r}'
+            msg = f"invalid base: {base!r}"
             raise ValueError(msg)
         ret = 0
         allowed_range = range(base)
@@ -213,10 +213,10 @@ class Sequin:
             i2 = (n - 1) - i
             x = digits[i]
             if not isinstance(x, int):
-                msg = f'not an integer: {x!r}'
+                msg = f"not an integer: {x!r}"
                 raise TypeError(msg)
             if x not in allowed_range:
-                msg = f'invalid base {base!r} digit: {x!r}'
+                msg = f"invalid base {base!r} digit: {x!r}"
                 raise ValueError(msg)
             ret += (base**i2) * x
         return ret
@@ -355,10 +355,10 @@ class Sequin:
 
         """
         if n < 1:
-            msg = 'invalid target range'
+            msg = "invalid target range"
             raise ValueError(msg)
         if base < 2:  # noqa: PLR2004
-            msg = f'invalid base: {base!r}'
+            msg = f"invalid base: {base!r}"
             raise ValueError(msg)
         # p = base ** k, where k is the smallest integer such that
         # p >= n.  We determine p and k inductively.
@@ -413,4 +413,4 @@ class SequinExhaustedError(Exception):
     """
 
     def __init__(self) -> None:  # noqa: D107
-        super().__init__('Sequin is exhausted')
+        super().__init__("Sequin is exhausted")

src/derivepassphrase/ssh_agent/__init__.py

Zeige Datei @ e981744

@@ -26,7 +26,7 @@ if TYPE_CHECKING:
 
     from typing_extensions import Buffer
 
-__all__ = ('SSHAgentClient',)
+__all__ = ("SSHAgentClient",)
 
 # In SSH bytestrings, the "length" of the byte string is stored as
 # a 4-byte/32-bit unsigned integer at the beginning.
@@ -37,7 +37,7 @@ class TrailingDataError(RuntimeError):
     """The result contained trailing data."""
 
     def __init__(self) -> None:
-        super().__init__('Overlong response from SSH agent')
+        super().__init__("Overlong response from SSH agent")
 
 
 class SSHAgentFailedError(RuntimeError):
@@ -48,19 +48,19 @@ class SSHAgentFailedError(RuntimeError):
         # https://the13thletter.info/derivepassphrase/latest/pycompatibility/#after-eol-py3.9
         if self.args == (  # pragma: no branch
             _types.SSH_AGENT.FAILURE.value,
-            b'',
+            b"",
         ):
-            return 'The SSH agent failed to complete the request'
+            return "The SSH agent failed to complete the request"
         elif self.args[1]:  # noqa: RET505  # pragma: no cover [failsafe]
             code = self.args[0]
-            msg = self.args[1].decode('utf-8', 'surrogateescape')
-            return f'[Code {code:d}] {msg:s}'
+            msg = self.args[1].decode("utf-8", "surrogateescape")
+            return f"[Code {code:d}] {msg:s}"
         else:  # pragma: no cover [failsafe]
             return repr(self)
 
     def __repr__(self) -> str:  # pragma: no cover [debug]
         """"""  # noqa: D419
-        return f'{self.__class__.__name__}{self.args!r}'
+        return f"{self.__class__.__name__}{self.args!r}"
 
 
 class SSHAgentClient:
@@ -80,7 +80,7 @@ class SSHAgentClient:
     """
 
     _connection: _types.SSHAgentSocket
-    SOCKET_PROVIDERS: ClassVar = ('native',)
+    SOCKET_PROVIDERS: ClassVar = ("native",)
     """
     The default list of SSH agent socket providers.
     """
@@ -156,7 +156,7 @@ class SSHAgentClient:
                 else:
                     break
             else:
-                msg = 'No supported SSH agent socket provider found.'
+                msg = "No supported SSH agent socket provider found."
                 raise (
                     ExceptionGroup(msg, excs)
                     if excs
@@ -166,7 +166,7 @@ class SSHAgentClient:
             self._connection = socket
         else:  # pragma: no cover [failsafe]
             assert_type(socket, Never)
-            msg = f'invalid socket object: {socket!r}'
+            msg = f"invalid socket object: {socket!r}"
             raise TypeError(msg)
 
     def __enter__(self) -> Self:
@@ -221,7 +221,7 @@ class SSHAgentClient:
             b'\x01\x00\x00\x00'
 
         """
-        return int.to_bytes(num, 4, 'big', signed=False)
+        return int.to_bytes(num, 4, "big", signed=False)
 
     @classmethod
     def string(cls, payload: Buffer, /) -> bytes:
@@ -235,14 +235,14 @@ class SSHAgentClient:
             as a bytes object.
 
         Examples:
-            >>> SSHAgentClient.string(b'ssh-rsa')
+            >>> SSHAgentClient.string(b"ssh-rsa")
             b'\x00\x00\x00\x07ssh-rsa'
 
         """  # noqa: DOC501
         try:
             payload = memoryview(payload)
         except TypeError as e:
-            msg = 'invalid payload type'
+            msg = "invalid payload type"
             raise TypeError(msg) from e
         ret = bytearray()
         ret.extend(cls.uint32(len(payload)))
@@ -264,17 +264,17 @@ class SSHAgentClient:
                 The byte string is not an SSH string.
 
         Examples:
-            >>> SSHAgentClient.unstring(b'\x00\x00\x00\x07ssh-rsa')
+            >>> SSHAgentClient.unstring(b"\x00\x00\x00\x07ssh-rsa")
             b'ssh-rsa'
-            >>> SSHAgentClient.unstring(SSHAgentClient.string(b'ssh-ed25519'))
+            >>> SSHAgentClient.unstring(SSHAgentClient.string(b"ssh-ed25519"))
             b'ssh-ed25519'
 
         """
         bytestring = memoryview(bytestring)
         n = len(bytestring)
-        msg = 'malformed SSH byte string'
+        msg = "malformed SSH byte string"
         if n < HEAD_LEN or n != HEAD_LEN + int.from_bytes(
-            bytestring[:HEAD_LEN], 'big', signed=False
+            bytestring[:HEAD_LEN], "big", signed=False
         ):
             raise ValueError(msg)
         return bytes(bytestring[HEAD_LEN:])
@@ -299,21 +299,21 @@ class SSHAgentClient:
 
         Examples:
             >>> SSHAgentClient.unstring_prefix(
-            ...     b'\x00\x00\x00\x07ssh-rsa____trailing data'
+            ...     b"\x00\x00\x00\x07ssh-rsa____trailing data"
             ... )
             (b'ssh-rsa', b'____trailing data')
             >>> SSHAgentClient.unstring_prefix(
-            ...     SSHAgentClient.string(b'ssh-ed25519')
+            ...     SSHAgentClient.string(b"ssh-ed25519")
             ... )
             (b'ssh-ed25519', b'')
 
         """
         bytestring = memoryview(bytestring).toreadonly()
         n = len(bytestring)
-        msg = 'malformed SSH byte string'
+        msg = "malformed SSH byte string"
         if n < HEAD_LEN:
             raise ValueError(msg)
-        m = int.from_bytes(bytestring[:HEAD_LEN], 'big', signed=False)
+        m = int.from_bytes(bytestring[:HEAD_LEN], "big", signed=False)
         if m + HEAD_LEN > n:
             raise ValueError(msg)
         return (
@@ -380,7 +380,7 @@ class SSHAgentClient:
                 yield client
         else:  # pragma: no cover [failsafe]
             assert_type(conn, Never)
-            msg = f'invalid connection hint: {conn!r}'
+            msg = f"invalid connection hint: {conn!r}"
             raise TypeError(msg)
 
     def _agent_is_pageant(self) -> bool:
@@ -391,7 +391,7 @@ class SSHAgentClient:
 
         """
         return (
-            b'list-extended@putty.projects.tartarus.org'
+            b"list-extended@putty.projects.tartarus.org"
             in self.query_extensions()
         )
 
@@ -416,7 +416,7 @@ class SSHAgentClient:
 
         """  # noqa: E501
         known_good_agents = {
-            'Pageant': self._agent_is_pageant,
+            "Pageant": self._agent_is_pageant,
         }
         return any(  # pragma: no branch
             v() for v in known_good_agents.values()
@@ -515,12 +515,12 @@ class SSHAgentClient:
         self._connection.sendall(self.string(request_message))
         chunk = self._connection.recv(HEAD_LEN)
         if len(chunk) < HEAD_LEN:
-            msg = 'cannot read response length'
+            msg = "cannot read response length"
             raise EOFError(msg)
-        response_length = int.from_bytes(chunk, 'big', signed=False)
+        response_length = int.from_bytes(chunk, "big", signed=False)
         response = self._connection.recv(response_length)
         if len(response) < response_length:
-            msg = 'truncated response from SSH agent'
+            msg = "truncated response from SSH agent"
             raise EOFError(msg)
         if not response_code:  # pragma: no cover [failsafe]
             return response[0], response[1:]
@@ -547,30 +547,30 @@ class SSHAgentClient:
         """
         response = self.request(
             _types.SSH_AGENTC.REQUEST_IDENTITIES.value,
-            b'',
+            b"",
             response_code=_types.SSH_AGENT.IDENTITIES_ANSWER,
         )
         response_stream = collections.deque(response)
 
         def shift(num: int) -> bytes:
-            buf = collections.deque(b'')
+            buf = collections.deque(b"")
             for _ in range(num):
                 try:
                     val = response_stream.popleft()
                 except IndexError:
                     response_stream.extendleft(reversed(buf))
-                    msg = 'truncated response from SSH agent'
+                    msg = "truncated response from SSH agent"
                     raise EOFError(msg) from None
                 buf.append(val)
             return bytes(buf)
 
-        key_count = int.from_bytes(shift(4), 'big')
+        key_count = int.from_bytes(shift(4), "big")
         keys: collections.deque[_types.SSHKeyCommentPair]
         keys = collections.deque()
         for _ in range(key_count):
-            key_size = int.from_bytes(shift(4), 'big')
+            key_size = int.from_bytes(shift(4), "big")
             key = shift(key_size)
-            comment_size = int.from_bytes(shift(4), 'big')
+            comment_size = int.from_bytes(shift(4), "big")
             comment = shift(comment_size)
             # Both `key` and `comment` are not wrapped as SSH strings.
             keys.append(_types.SSHKeyCommentPair(key, comment))
@@ -629,7 +629,7 @@ class SSHAgentClient:
         if check_if_key_loaded:
             loaded_keys = frozenset({pair.key for pair in self.list_keys()})
             if bytes(key) not in loaded_keys:
-                msg = 'target SSH key not loaded into agent'
+                msg = "target SSH key not loaded into agent"
                 raise KeyError(msg)
         request_data = bytearray(self.string(key))
         request_data.extend(self.string(payload))
@@ -671,7 +671,7 @@ class SSHAgentClient:
         try:
             response_data = self.request(
                 _types.SSH_AGENTC.EXTENSION,
-                self.string(b'query'),
+                self.string(b"query"),
                 response_code={
                     _types.SSH_AGENT.EXTENSION_RESPONSE,
                     _types.SSH_AGENT.SUCCESS,
@@ -682,13 +682,13 @@ class SSHAgentClient:
             # This isn't necessarily true, e.g. for OpenSSH's ssh-agent.
             return frozenset()
         extensions: set[bytes] = set()
-        msg = 'Malformed response from SSH agent'
-        msg2 = 'Extension response message does not match request'
+        msg = "Malformed response from SSH agent"
+        msg2 = "Extension response message does not match request"
         try:
             query, response_data = self.unstring_prefix(response_data)
         except ValueError as e:
             raise RuntimeError(msg) from e
-        if bytes(query) != b'query':
+        if bytes(query) != b"query":
             raise RuntimeError(msg2)
         while response_data:
             try:

src/derivepassphrase/ssh_agent/socketprovider.py

Zeige Datei @ e981744

@@ -17,7 +17,7 @@ if TYPE_CHECKING:
 
     from derivepassphrase import _types
 
-__all__ = ('SocketProvider',)
+__all__ = ("SocketProvider",)
 
 
 class NoSuchProviderError(KeyError):
@@ -64,15 +64,15 @@ class SocketProvider:
                 agent.
 
         """
-        if not hasattr(socket, 'AF_UNIX'):
-            msg = 'This Python version does not support UNIX domain sockets.'
+        if not hasattr(socket, "AF_UNIX"):
+            msg = "This Python version does not support UNIX domain sockets."
             raise AfUnixNotAvailableError(msg)
         else:  # noqa: RET506  # pragma: unless posix no cover
             sock = socket.socket(family=socket.AF_UNIX)
-            if 'SSH_AUTH_SOCK' not in os.environ:
-                msg = 'SSH_AUTH_SOCK environment variable'
+            if "SSH_AUTH_SOCK" not in os.environ:
+                msg = "SSH_AUTH_SOCK environment variable"
                 raise KeyError(msg)
-            ssh_auth_sock = os.environ['SSH_AUTH_SOCK']
+            ssh_auth_sock = os.environ["SSH_AUTH_SOCK"]
             sock.settimeout(timeout)
             sock.connect(ssh_auth_sock)
             return sock
@@ -98,13 +98,13 @@ class SocketProvider:
             [windows-ssh-agent-support]: https://the13thletter.info/derivepassphrase/0.x/wishlist/windows-ssh-agent-support/
 
         """
-        if not hasattr(ctypes, 'WinDLL'):
-            msg = 'This Python version does not support Windows named pipes.'
+        if not hasattr(ctypes, "WinDLL"):
+            msg = "This Python version does not support Windows named pipes."
             raise TheAnnoyingOsNamedPipesNotAvailableError(msg)
         else:  # noqa: RET506  # pragma: unless the-annoying-os no cover
             msg = (
-                'Communicating with Pageant or OpenSSH on Windows '
-                'is not implemented yet.'
+                "Communicating with Pageant or OpenSSH on Windows "
+                "is not implemented yet."
             )
             raise NotImplementedError(msg)
 
@@ -194,8 +194,8 @@ class SocketProvider:
                         cls.registry[alias] = f if alias == name else name
                     elif existing != f:
                         msg = (
-                            f'The SSH agent socket provider {alias!r} '
-                            f'is already registered.'
+                            f"The SSH agent socket provider {alias!r} "
+                            f"is already registered."
                         )
                         raise ValueError(msg)
             return f
@@ -251,13 +251,13 @@ class SocketProvider:
         ret = cls.lookup(provider)
         if ret is None:
             msg = (
-                f'The {ret!r} socket provider is not functional on or '
-                'not applicable to this derivepassphrase installation.'
+                f"The {ret!r} socket provider is not functional on or "
+                "not applicable to this derivepassphrase installation."
             )
             raise NotImplementedError(msg)
         return ret
 
-    ENTRY_POINT_GROUP_NAME = 'derivepassphrase.ssh_agent_socket_providers'
+    ENTRY_POINT_GROUP_NAME = "derivepassphrase.ssh_agent_socket_providers"
     """
     The group name under which [entry
     points][importlib.metadata.entry_points] for the SSH agent socket
@@ -292,42 +292,42 @@ class SocketProvider:
             group=cls.ENTRY_POINT_GROUP_NAME
         ):
             provider_entry = cast(
-                '_types.SSHAgentSocketProviderEntry', entry_point.load()
+                "_types.SSHAgentSocketProviderEntry", entry_point.load()
             )
             key = provider_entry.key
             value = entry_point.value
             dist = (
                 entry_point.dist.name  # type: ignore[union-attr]
-                if getattr(entry_point, 'dist', None) is not None
+                if getattr(entry_point, "dist", None) is not None
                 else None
             )
-            origin = origins.get(key, 'derivepassphrase')
+            origin = origins.get(key, "derivepassphrase")
             if not callable(provider_entry.provider):
                 msg = (
-                    f'Not an SSHAgentSocketProvider: '
-                    f'{dist = }, {cls.ENTRY_POINT_GROUP_NAME = }, '
-                    f'{value = }, {provider_entry = }'
+                    f"Not an SSHAgentSocketProvider: "
+                    f"{dist = }, {cls.ENTRY_POINT_GROUP_NAME = }, "
+                    f"{value = }, {provider_entry = }"
                 )
                 raise AssertionError(msg)  # noqa: TRY004
             if key in entries:
                 if entries[key] != provider_entry.provider:
                     msg = (
-                        f'Name clash in SSH agent socket providers '
-                        f'for entry {key!r}, both by {dist!r} '
-                        f'and by {origin!r}'
+                        f"Name clash in SSH agent socket providers "
+                        f"for entry {key!r}, both by {dist!r} "
+                        f"and by {origin!r}"
                     )
                     raise AssertionError(msg)
             else:
                 entries[key] = provider_entry.provider
                 origins[key] = dist
             for alias in provider_entry.aliases:
-                alias_origin = origins.get(alias, 'derivepassphrase')
+                alias_origin = origins.get(alias, "derivepassphrase")
                 if alias in entries:
                     if entries[alias] != key:
                         msg = (
-                            f'Name clash in SSH agent socket providers '
-                            f'for entry {alias!r}, both by {dist!r} '
-                            f'and by {alias_origin!r}'
+                            f"Name clash in SSH agent socket providers "
+                            f"for entry {alias!r}, both by {dist!r} "
+                            f"and by {alias_origin!r}"
                         )
                         raise AssertionError(msg)
                 else:
@@ -337,21 +337,21 @@ class SocketProvider:
 
 
 SocketProvider.registry.update({
-    'posix': SocketProvider.unix_domain_ssh_auth_sock,
-    'the_annoying_os': SocketProvider.the_annoying_os_named_pipes,
+    "posix": SocketProvider.unix_domain_ssh_auth_sock,
+    "the_annoying_os": SocketProvider.the_annoying_os_named_pipes,
     # known instances
-    'stub_agent': None,
-    'stub_with_address': None,
-    'stub_with_address_and_deterministic_dsa': None,
+    "stub_agent": None,
+    "stub_with_address": None,
+    "stub_with_address_and_deterministic_dsa": None,
     # aliases
-    'native': 'the_annoying_os' if os.name == 'nt' else 'posix',
-    'unix_domain': 'posix',
-    'ssh_auth_sock': 'posix',
-    'the_annoying_os_named_pipe': 'the_annoying_os',
-    'pageant_on_the_annoying_os': 'the_annoying_os',
-    'openssh_on_the_annoying_os': 'the_annoying_os',
-    'windows': 'the_annoying_os',
-    'windows_named_pipe': 'the_annoying_os',
-    'pageant_on_windows': 'the_annoying_os',
-    'openssh_on_windows': 'the_annoying_os',
+    "native": "the_annoying_os" if os.name == "nt" else "posix",
+    "unix_domain": "posix",
+    "ssh_auth_sock": "posix",
+    "the_annoying_os_named_pipe": "the_annoying_os",
+    "pageant_on_the_annoying_os": "the_annoying_os",
+    "openssh_on_the_annoying_os": "the_annoying_os",
+    "windows": "the_annoying_os",
+    "windows_named_pipe": "the_annoying_os",
+    "pageant_on_windows": "the_annoying_os",
+    "openssh_on_windows": "the_annoying_os",
 })

src/derivepassphrase/vault.py

Zeige Datei @ e981744

@@ -46,49 +46,49 @@ class Vault:
 
     """
 
-    UUID: Final = b'e87eb0f4-34cb-46b9-93ad-766c5ab063e7'
+    UUID: Final = b"e87eb0f4-34cb-46b9-93ad-766c5ab063e7"
     """A tag used by vault in the bit stream generation."""
     CHARSETS: Final = types.MappingProxyType(
         collections.OrderedDict([
-            ('lower', b'abcdefghijklmnopqrstuvwxyz'),
-            ('upper', b'ABCDEFGHIJKLMNOPQRSTUVWXYZ'),
+            ("lower", b"abcdefghijklmnopqrstuvwxyz"),
+            ("upper", b"ABCDEFGHIJKLMNOPQRSTUVWXYZ"),
             (
-                'alpha',
+                "alpha",
                 (
                     # CHARSETS['lower']
-                    b'abcdefghijklmnopqrstuvwxyz'
+                    b"abcdefghijklmnopqrstuvwxyz"
                     # CHARSETS['upper']
-                    b'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+                    b"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
                 ),
             ),
-            ('number', b'0123456789'),
+            ("number", b"0123456789"),
             (
-                'alphanum',
+                "alphanum",
                 (
                     # CHARSETS['lower']
-                    b'abcdefghijklmnopqrstuvwxyz'
+                    b"abcdefghijklmnopqrstuvwxyz"
                     # CHARSETS['upper']
-                    b'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+                    b"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
                     # CHARSETS['number']
-                    b'0123456789'
+                    b"0123456789"
                 ),
             ),
-            ('space', b' '),
-            ('dash', b'-_'),
-            ('symbol', b'!"#$%&\'()*+,./:;<=>?@[\\]^{|}~-_'),
+            ("space", b" "),
+            ("dash", b"-_"),
+            ("symbol", b"!\"#$%&'()*+,./:;<=>?@[\\]^{|}~-_"),
             (
-                'all',
+                "all",
                 (
                     # CHARSETS['lower']
-                    b'abcdefghijklmnopqrstuvwxyz'
+                    b"abcdefghijklmnopqrstuvwxyz"
                     # CHARSETS['upper']
-                    b'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+                    b"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
                     # CHARSETS['number']
-                    b'0123456789'
+                    b"0123456789"
                     # CHARSETS['space']
-                    b' '
+                    b" "
                     # CHARSETS['symbol']
-                    b'!"#$%&\'()*+,./:;<=>?@[\\]^{|}~-_'
+                    b"!\"#$%&'()*+,./:;<=>?@[\\]^{|}~-_"
                 ),
             ),
         ])
@@ -103,7 +103,7 @@ class Vault:
     def __init__(  # noqa: PLR0913
         self,
         *,
-        phrase: Buffer | str = b'',
+        phrase: Buffer | str = b"",
         length: int = 20,
         repeat: int = 0,
         lower: int | None = None,
@@ -158,7 +158,7 @@ class Vault:
         self._phrase = self._get_binary_string(phrase)
         self._length = length
         self._repeat = repeat
-        self._allowed = bytearray(self.CHARSETS['all'])
+        self._allowed = bytearray(self.CHARSETS["all"])
         self._required: list[bytes] = []
 
         def subtract_or_require(
@@ -172,17 +172,17 @@ class Vault:
                 for _ in range(count):
                     self._required.append(characters)
 
-        subtract_or_require(lower, self.CHARSETS['lower'])
-        subtract_or_require(upper, self.CHARSETS['upper'])
-        subtract_or_require(number, self.CHARSETS['number'])
-        subtract_or_require(space, self.CHARSETS['space'])
-        subtract_or_require(dash, self.CHARSETS['dash'])
-        subtract_or_require(symbol, self.CHARSETS['symbol'])
+        subtract_or_require(lower, self.CHARSETS["lower"])
+        subtract_or_require(upper, self.CHARSETS["upper"])
+        subtract_or_require(number, self.CHARSETS["number"])
+        subtract_or_require(space, self.CHARSETS["space"])
+        subtract_or_require(dash, self.CHARSETS["dash"])
+        subtract_or_require(symbol, self.CHARSETS["symbol"])
         if len(self._required) > self._length:
-            msg = 'requested passphrase length too short'
+            msg = "requested passphrase length too short"
             raise ValueError(msg)
         if not self._allowed:
-            msg = 'no allowed characters left'
+            msg = "no allowed characters left"
             raise ValueError(msg)
         for _ in range(len(self._required), self._length):
             self._required.append(bytes(self._allowed))
@@ -210,7 +210,7 @@ class Vault:
         """
         factors: list[int] = []
         if not self._required or any(not x for x in self._required):
-            return float('-inf')
+            return float("-inf")
         for i, charset in enumerate(self._required):
             factors.extend([i + 1, len(charset)])
         factors.sort()
@@ -247,10 +247,10 @@ class Vault:
         try:
             safety_factor = float(safety_factor)
         except TypeError as e:
-            msg = f'invalid safety factor: not a float: {safety_factor!r}'
+            msg = f"invalid safety factor: not a float: {safety_factor!r}"
             raise TypeError(msg) from e
         if not math.isfinite(safety_factor) or safety_factor < 1.0:
-            msg = f'invalid safety factor {safety_factor!r}'
+            msg = f"invalid safety factor {safety_factor!r}"
             raise ValueError(msg)
         # Ensure the bound is strictly positive.
         entropy_bound = max(1, self._entropy())
@@ -271,7 +271,7 @@ class Vault:
 
         """
         if isinstance(s, str):
-            return s.encode('UTF-8')
+            return s.encode("UTF-8")
         return bytes(s)
 
     @classmethod
@@ -323,11 +323,11 @@ class Vault:
             ... 0d 08 1f ec f8 73 9b 8c 5f 55 39 16 7c 53 54 2c
             ... 1e 52 bb 30 ed 7f 89 e2 2f 69 51 55 d8 9e a6 02
             ... ''')
-            >>> Vault.create_hash(phrase, 'some_service', length=4)
+            >>> Vault.create_hash(phrase, "some_service", length=4)
             b'M\xb1<S'
-            >>> Vault.create_hash(phrase, b'some_service', length=16)
+            >>> Vault.create_hash(phrase, b"some_service", length=16)
             b'M\xb1<S\x827E\xd1M\xaf\xf8~\xc8n\x10\xcc'
-            >>> Vault.create_hash(phrase, b'NOSUCHSERVICE', length=16)
+            >>> Vault.create_hash(phrase, b"NOSUCHSERVICE", length=16)
             b'\x1c\xc3\x9c\xd9\xb6\x1a\x99CS\x07\xc41\xf4\x85#s'
 
         """
@@ -335,7 +335,7 @@ class Vault:
         assert isinstance(phrase, bytes)
         salt = cls._get_binary_string(service) + cls.UUID
         return hashlib.pbkdf2_hmac(
-            hash_name='sha1',
+            hash_name="sha1",
             password=phrase,
             salt=salt,
             iterations=8,
@@ -347,7 +347,7 @@ class Vault:
         service_name: Buffer | str,
         /,
         *,
-        phrase: Buffer | str = b'',
+        phrase: Buffer | str = b"",
     ) -> bytes:
         r"""Generate a service passphrase.
 
@@ -369,12 +369,12 @@ class Vault:
                 characters, or increase the desired passphrase length.
 
         Examples:
-            >>> phrase = b'She cells C shells bye the sea shoars'
+            >>> phrase = b"She cells C shells bye the sea shoars"
             >>> # Using default options in constructor.
-            >>> Vault(phrase=phrase).generate(b'google')
+            >>> Vault(phrase=phrase).generate(b"google")
             b': 4TVH#5:aZl8LueOT\\{'
             >>> # Also possible:
-            >>> Vault().generate(b'google', phrase=phrase)
+            >>> Vault().generate(b"google", phrase=phrase)
             b': 4TVH#5:aZl8LueOT\\{'
 
             Conflicting constraints are sometimes only found during
@@ -393,7 +393,7 @@ class Vault:
             ... )
             >>> # ... but here.
             >>> v.generate(
-            ...     '0', phrase=b'\x00'
+            ...     "0", phrase=b"\x00"
             ... )  # doctest: +IGNORE_EXCEPTION_DETAIL
             Traceback (most recent call last):
                 ...
@@ -443,7 +443,7 @@ class Vault:
                     pos = seq.generate(len(charset))
                     result.extend(charset[pos : pos + 1])
             except ValueError as exc:
-                msg = 'no allowed characters left'
+                msg = "no allowed characters left"
                 raise ValueError(msg) from exc
             except sequin.SequinExhaustedError:
                 hash_length *= 2
@@ -478,25 +478,25 @@ class Vault:
 
         """
         key = bytes(key)
-        TestFunc: TypeAlias = 'Callable[[bytes | bytearray], bool]'
+        TestFunc: TypeAlias = "Callable[[bytes | bytearray], bool]"
         deterministic_signature_types: dict[str, TestFunc]
         deterministic_signature_types = {
-            'ssh-ed25519': lambda k: k.startswith(
-                b'\x00\x00\x00\x0bssh-ed25519'
+            "ssh-ed25519": lambda k: k.startswith(
+                b"\x00\x00\x00\x0bssh-ed25519"
             ),
-            'ssh-ed448': lambda k: k.startswith(b'\x00\x00\x00\x09ssh-ed448'),
-            'ssh-rsa': lambda k: k.startswith(b'\x00\x00\x00\x07ssh-rsa'),
+            "ssh-ed448": lambda k: k.startswith(b"\x00\x00\x00\x09ssh-ed448"),
+            "ssh-rsa": lambda k: k.startswith(b"\x00\x00\x00\x07ssh-rsa"),
         }
         dsa_signature_types = {
-            'ssh-dss': lambda k: k.startswith(b'\x00\x00\x00\x07ssh-dss'),
-            'ecdsa-sha2-nistp256': lambda k: k.startswith(
-                b'\x00\x00\x00\x13ecdsa-sha2-nistp256'
+            "ssh-dss": lambda k: k.startswith(b"\x00\x00\x00\x07ssh-dss"),
+            "ecdsa-sha2-nistp256": lambda k: k.startswith(
+                b"\x00\x00\x00\x13ecdsa-sha2-nistp256"
             ),
-            'ecdsa-sha2-nistp384': lambda k: k.startswith(
-                b'\x00\x00\x00\x13ecdsa-sha2-nistp384'
+            "ecdsa-sha2-nistp384": lambda k: k.startswith(
+                b"\x00\x00\x00\x13ecdsa-sha2-nistp384"
             ),
-            'ecdsa-sha2-nistp521': lambda k: k.startswith(
-                b'\x00\x00\x00\x13ecdsa-sha2-nistp521'
+            "ecdsa-sha2-nistp521": lambda k: k.startswith(
+                b"\x00\x00\x00\x13ecdsa-sha2-nistp521"
             ),
         }
         criteria = [
@@ -595,8 +595,8 @@ class Vault:
         with ssh_agent.SSHAgentClient.ensure_agent_subcontext(conn) as client:
             if not cls.is_suitable_ssh_key(key, client=client):
                 msg = (
-                    'unsuitable SSH key: bad key, or '
-                    'signature not deterministic under this agent'
+                    "unsuitable SSH key: bad key, or "
+                    "signature not deterministic under this agent"
                 )
                 raise ValueError(msg)
             raw_sig = client.sign(key, cls.UUID)
@@ -679,7 +679,7 @@ class Vault:
                 key[i] = byte
             return bytes(key)
         except IndexError:
-            return h.digest() + b'\x00' * (h.block_size - h.digest_size)
+            return h.digest() + b"\x00" * (h.block_size - h.digest_size)
 
     @staticmethod
     def _subtract(
@@ -710,9 +710,9 @@ class Vault:
             allowed if isinstance(allowed, bytearray) else bytearray(allowed)
         )
         assert_type(allowed, bytearray)
-        charset = memoryview(charset).toreadonly().cast('c')
-        assert_type(charset, 'memoryview[bytes]')
-        msg_dup_characters = 'duplicate characters in set'
+        charset = memoryview(charset).toreadonly().cast("c")
+        assert_type(charset, "memoryview[bytes]")
+        msg_dup_characters = "duplicate characters in set"
         if len(frozenset(allowed)) != len(allowed):
             raise ValueError(msg_dup_characters)
         if len(frozenset(charset)) != len(charset):

tests/__init__.py

Zeige Datei @ e981744

@@ -197,251 +197,251 @@ class VaultTestConfig(NamedTuple):
 
 
 TEST_CONFIGS: list[VaultTestConfig] = [
-    VaultTestConfig(None, 'not a dict', None),
-    VaultTestConfig({}, 'missing required keys', None),
+    VaultTestConfig(None, "not a dict", None),
+    VaultTestConfig({}, "missing required keys", None),
     VaultTestConfig(
-        {'global': None, 'services': {}}, 'bad config value: global', None
+        {"global": None, "services": {}}, "bad config value: global", None
     ),
     VaultTestConfig(
-        {'global': {'key': 123}, 'services': {}},
-        'bad config value: global.key',
+        {"global": {"key": 123}, "services": {}},
+        "bad config value: global.key",
         None,
     ),
     VaultTestConfig(
-        {'global': {'phrase': 'abc', 'key': '...'}, 'services': {}},
-        '',
+        {"global": {"phrase": "abc", "key": "..."}, "services": {}},
+        "",
         None,
     ),
-    VaultTestConfig({'services': None}, 'bad config value: services', None),
+    VaultTestConfig({"services": None}, "bad config value: services", None),
     VaultTestConfig(
-        {'services': {'1': {}, 2: {}}}, 'bad config value: services."2"', None
+        {"services": {"1": {}, 2: {}}}, 'bad config value: services."2"', None
     ),
     VaultTestConfig(
-        {'services': {'1': {}, '2': 2}}, 'bad config value: services."2"', None
+        {"services": {"1": {}, "2": 2}}, 'bad config value: services."2"', None
     ),
     VaultTestConfig(
-        {'services': {'sv': {'notes': ['sentinel', 'list']}}},
-        'bad config value: services.sv.notes',
+        {"services": {"sv": {"notes": ["sentinel", "list"]}}},
+        "bad config value: services.sv.notes",
         None,
     ),
     VaultTestConfig(
-        {'services': {'sv': {'notes': 'blah blah blah'}}}, '', None
+        {"services": {"sv": {"notes": "blah blah blah"}}}, "", None
     ),
     VaultTestConfig(
-        {'services': {'sv': {'length': '200'}}},
-        'bad config value: services.sv.length',
+        {"services": {"sv": {"length": "200"}}},
+        "bad config value: services.sv.length",
         None,
     ),
     VaultTestConfig(
-        {'services': {'sv': {'length': 0.5}}},
-        'bad config value: services.sv.length',
+        {"services": {"sv": {"length": 0.5}}},
+        "bad config value: services.sv.length",
         None,
     ),
     VaultTestConfig(
-        {'services': {'sv': {'length': ['sentinel', 'list']}}},
-        'bad config value: services.sv.length',
+        {"services": {"sv": {"length": ["sentinel", "list"]}}},
+        "bad config value: services.sv.length",
         None,
     ),
     VaultTestConfig(
-        {'services': {'sv': {'length': -10}}},
-        'bad config value: services.sv.length',
+        {"services": {"sv": {"length": -10}}},
+        "bad config value: services.sv.length",
         None,
     ),
     VaultTestConfig(
-        {'services': {'sv': {'lower': '10'}}},
-        'bad config value: services.sv.lower',
+        {"services": {"sv": {"lower": "10"}}},
+        "bad config value: services.sv.lower",
         None,
     ),
     VaultTestConfig(
-        {'services': {'sv': {'upper': -10}}},
-        'bad config value: services.sv.upper',
+        {"services": {"sv": {"upper": -10}}},
+        "bad config value: services.sv.upper",
         None,
     ),
     VaultTestConfig(
-        {'services': {'sv': {'number': ['sentinel', 'list']}}},
-        'bad config value: services.sv.number',
+        {"services": {"sv": {"number": ["sentinel", "list"]}}},
+        "bad config value: services.sv.number",
         None,
     ),
     VaultTestConfig(
         {
-            'global': {'phrase': 'my secret phrase'},
-            'services': {'sv': {'length': 10}},
+            "global": {"phrase": "my secret phrase"},
+            "services": {"sv": {"length": 10}},
         },
-        '',
+        "",
         None,
     ),
     VaultTestConfig(
-        {'services': {'sv': {'length': 10, 'phrase': '...'}}}, '', None
+        {"services": {"sv": {"length": 10, "phrase": "..."}}}, "", None
     ),
     VaultTestConfig(
-        {'services': {'sv': {'length': 10, 'key': '...'}}}, '', None
+        {"services": {"sv": {"length": 10, "key": "..."}}}, "", None
     ),
     VaultTestConfig(
-        {'services': {'sv': {'upper': 10, 'key': '...'}}}, '', None
+        {"services": {"sv": {"upper": 10, "key": "..."}}}, "", None
     ),
     VaultTestConfig(
-        {'services': {'sv': {'phrase': 'abc', 'key': '...'}}}, '', None
+        {"services": {"sv": {"phrase": "abc", "key": "..."}}}, "", None
     ),
     VaultTestConfig(
         {
-            'global': {'phrase': 'abc'},
-            'services': {'sv': {'phrase': 'abc', 'length': 10}},
+            "global": {"phrase": "abc"},
+            "services": {"sv": {"phrase": "abc", "length": 10}},
         },
-        '',
+        "",
         None,
     ),
     VaultTestConfig(
         {
-            'global': {'key': '...'},
-            'services': {'sv': {'phrase': 'abc', 'length': 10}},
+            "global": {"key": "..."},
+            "services": {"sv": {"phrase": "abc", "length": 10}},
         },
-        '',
+        "",
         None,
     ),
     VaultTestConfig(
         {
-            'global': {'key': '...'},
-            'services': {'sv': {'phrase': 'abc', 'key': '...', 'length': 10}},
+            "global": {"key": "..."},
+            "services": {"sv": {"phrase": "abc", "key": "...", "length": 10}},
         },
-        '',
+        "",
         None,
     ),
     VaultTestConfig(
         {
-            'global': {'key': '...'},
-            'services': {
-                'sv1': {'phrase': 'abc', 'length': 10, 'upper': 1},
-                'sv2': {'length': 10, 'repeat': 1, 'lower': 1},
+            "global": {"key": "..."},
+            "services": {
+                "sv1": {"phrase": "abc", "length": 10, "upper": 1},
+                "sv2": {"length": 10, "repeat": 1, "lower": 1},
             },
         },
-        '',
+        "",
         None,
     ),
     VaultTestConfig(
         {
-            'global': {'key': '...', 'unicode_normalization_form': 'NFC'},
-            'services': {
-                'sv1': {'phrase': 'abc', 'length': 10, 'upper': 1},
-                'sv2': {'length': 10, 'repeat': 1, 'lower': 1},
+            "global": {"key": "...", "unicode_normalization_form": "NFC"},
+            "services": {
+                "sv1": {"phrase": "abc", "length": 10, "upper": 1},
+                "sv2": {"length": 10, "repeat": 1, "lower": 1},
             },
         },
-        '',
+        "",
         None,
     ),
     VaultTestConfig(
         {
-            'global': {'key': '...', 'unicode_normalization_form': True},
-            'services': {},
+            "global": {"key": "...", "unicode_normalization_form": True},
+            "services": {},
         },
-        'bad config value: global.unicode_normalization_form',
+        "bad config value: global.unicode_normalization_form",
         None,
     ),
     VaultTestConfig(
         {
-            'global': {'key': '...', 'unicode_normalization_form': 'NFC'},
-            'services': {
-                'sv1': {'phrase': 'abc', 'length': 10, 'upper': 1},
-                'sv2': {'length': 10, 'repeat': 1, 'lower': 1},
+            "global": {"key": "...", "unicode_normalization_form": "NFC"},
+            "services": {
+                "sv1": {"phrase": "abc", "length": 10, "upper": 1},
+                "sv2": {"length": 10, "repeat": 1, "lower": 1},
             },
         },
-        '',
+        "",
         ValidationSettings(True),
     ),
     VaultTestConfig(
         {
-            'global': {'key': '...', 'unicode_normalization_form': 'NFC'},
-            'services': {
-                'sv1': {'phrase': 'abc', 'length': 10, 'upper': 1},
-                'sv2': {'length': 10, 'repeat': 1, 'lower': 1},
+            "global": {"key": "...", "unicode_normalization_form": "NFC"},
+            "services": {
+                "sv1": {"phrase": "abc", "length": 10, "upper": 1},
+                "sv2": {"length": 10, "repeat": 1, "lower": 1},
             },
         },
-        'extension/unknown key: .global.unicode_normalization_form',
+        "extension/unknown key: .global.unicode_normalization_form",
         ValidationSettings(False),
     ),
     VaultTestConfig(
         {
-            'global': {'key': '...', 'unknown_key': True},
-            'services': {
-                'sv1': {'phrase': 'abc', 'length': 10, 'upper': 1},
-                'sv2': {'length': 10, 'repeat': 1, 'lower': 1},
+            "global": {"key": "...", "unknown_key": True},
+            "services": {
+                "sv1": {"phrase": "abc", "length": 10, "upper": 1},
+                "sv2": {"length": 10, "repeat": 1, "lower": 1},
             },
         },
-        '',
+        "",
         ValidationSettings(True),
     ),
     VaultTestConfig(
         {
-            'global': {'key': '...', 'unknown_key': True},
-            'services': {
-                'sv1': {'phrase': 'abc', 'length': 10, 'upper': 1},
-                'sv2': {'length': 10, 'repeat': 1, 'lower': 1},
+            "global": {"key": "...", "unknown_key": True},
+            "services": {
+                "sv1": {"phrase": "abc", "length": 10, "upper": 1},
+                "sv2": {"length": 10, "repeat": 1, "lower": 1},
             },
         },
-        'unknown key: .global.unknown_key',
+        "unknown key: .global.unknown_key",
         ValidationSettings(False),
     ),
     VaultTestConfig(
         {
-            'global': {'key': '...'},
-            'services': {
-                'sv1': {'phrase': 'abc', 'length': 10, 'upper': 1},
-                'sv2': {
-                    'length': 10,
-                    'repeat': 1,
-                    'lower': 1,
-                    'unknown_key': True,
+            "global": {"key": "..."},
+            "services": {
+                "sv1": {"phrase": "abc", "length": 10, "upper": 1},
+                "sv2": {
+                    "length": 10,
+                    "repeat": 1,
+                    "lower": 1,
+                    "unknown_key": True,
                 },
             },
         },
-        'unknown key: .services.sv2.unknown_key',
+        "unknown key: .services.sv2.unknown_key",
         ValidationSettings(False),
     ),
     VaultTestConfig(
         {
-            'global': {'key': '...', 'unicode_normalization_form': 'NFC'},
-            'services': {
-                'sv1': {'phrase': 'abc', 'length': 10, 'upper': 1},
-                'sv2': {
-                    'length': 10,
-                    'repeat': 1,
-                    'lower': 1,
-                    'unknown_key': True,
+            "global": {"key": "...", "unicode_normalization_form": "NFC"},
+            "services": {
+                "sv1": {"phrase": "abc", "length": 10, "upper": 1},
+                "sv2": {
+                    "length": 10,
+                    "repeat": 1,
+                    "lower": 1,
+                    "unknown_key": True,
                 },
             },
         },
-        '',
+        "",
         ValidationSettings(True),
     ),
     VaultTestConfig(
         {
-            'global': {'key': '...', 'unicode_normalization_form': 'NFC'},
-            'services': {
-                'sv1': {'phrase': 'abc', 'length': 10, 'upper': 1},
-                'sv2': {
-                    'length': 10,
-                    'repeat': 1,
-                    'lower': 1,
-                    'unknown_key': True,
+            "global": {"key": "...", "unicode_normalization_form": "NFC"},
+            "services": {
+                "sv1": {"phrase": "abc", "length": 10, "upper": 1},
+                "sv2": {
+                    "length": 10,
+                    "repeat": 1,
+                    "lower": 1,
+                    "unknown_key": True,
                 },
             },
         },
-        '',
+        "",
         ValidationSettings(True),
     ),
     VaultTestConfig(
         {
-            'global': {'key': '...', 'unicode_normalization_form': 'NFC'},
-            'services': {
-                'sv1': {'phrase': 'abc', 'length': 10, 'upper': 1},
-                'sv2': {
-                    'length': 10,
-                    'repeat': 1,
-                    'lower': 1,
-                    'unknown_key': True,
+            "global": {"key": "...", "unicode_normalization_form": "NFC"},
+            "services": {
+                "sv1": {"phrase": "abc", "length": 10, "upper": 1},
+                "sv2": {
+                    "length": 10,
+                    "repeat": 1,
+                    "lower": 1,
+                    "unknown_key": True,
                 },
             },
         },
-        '',
+        "",
         ValidationSettings(True),
     ),
 ]
@@ -497,14 +497,14 @@ def vault_full_service_config(draw: strategies.DrawFn) -> dict[str, int]:
     hypothesis.assume(lower + upper + number + space + symbol > 0)
     hypothesis.assume(repeat >= space)
     return {
-        'lower': lower,
-        'upper': upper,
-        'number': number,
-        'space': space,
-        'dash': dash,
-        'symbol': symbol,
-        'repeat': repeat,
-        'length': length,
+        "lower": lower,
+        "upper": upper,
+        "number": number,
+        "space": space,
+        "dash": dash,
+        "symbol": symbol,
+        "repeat": repeat,
+        "length": length,
     }
 
 
@@ -525,10 +525,10 @@ def is_smudgable_vault_test_config(conf: VaultTestConfig) -> bool:
     config = conf.config
     return bool(
         isinstance(config, dict)
-        and ('global' not in config or isinstance(config['global'], dict))
-        and ('services' in config and isinstance(config['services'], dict))
-        and all(isinstance(x, dict) for x in config['services'].values())
-        and (config['services'] or config.get('global'))
+        and ("global" not in config or isinstance(config["global"], dict))
+        and ("services" in config and isinstance(config["services"], dict))
+        and all(isinstance(x, dict) for x in config["services"].values())
+        and (config["services"] or config.get("global"))
     )
 
 
@@ -557,40 +557,40 @@ def smudged_vault_test_config(
 
     """
 
-    falsy = (None, False, 0, 0.0, '', float('nan'))
-    falsy_no_str = (None, False, 0, 0.0, float('nan'))
-    falsy_no_zero = (None, False, '', float('nan'))
+    falsy = (None, False, 0, 0.0, "", float("nan"))
+    falsy_no_str = (None, False, 0, 0.0, float("nan"))
+    falsy_no_zero = (None, False, "", float("nan"))
     conf = draw(config)
     hypothesis.assume(is_smudgable_vault_test_config(conf))
     obj = copy.deepcopy(conf.config)
-    services: list[dict[str, Any]] = list(obj['services'].values())
-    if 'global' in obj:
-        services.append(obj['global'])
+    services: list[dict[str, Any]] = list(obj["services"].values())
+    if "global" in obj:
+        services.append(obj["global"])
     assert all(isinstance(x, dict) for x in services), (
-        'is_smudgable_vault_test_config guard failed to '
-        'ensure each settings dict is a dict'
+        "is_smudgable_vault_test_config guard failed to "
+        "ensure each settings dict is a dict"
     )
     for service in services:
-        for key in ('phrase',):
+        for key in ("phrase",):
             value = service.get(key)
-            if not _types.js_truthiness(value) and value != '':
+            if not _types.js_truthiness(value) and value != "":
                 service[key] = draw(strategies.sampled_from(falsy_no_str))
         for key in (
-            'notes',
-            'key',
-            'length',
-            'repeat',
+            "notes",
+            "key",
+            "length",
+            "repeat",
         ):
             value = service.get(key)
             if not _types.js_truthiness(value):
                 service[key] = draw(strategies.sampled_from(falsy))
         for key in (
-            'lower',
-            'upper',
-            'number',
-            'space',
-            'dash',
-            'symbol',
+            "lower",
+            "upper",
+            "number",
+            "space",
+            "dash",
+            "symbol",
         ):
             value = service.get(key)
             if not _types.js_truthiness(value) and value != 0:
@@ -615,13 +615,13 @@ class KnownSSHAgent(str, enum.Enum):
 
     """
 
-    UNKNOWN = '(unknown)'
+    UNKNOWN = "(unknown)"
     """"""
-    Pageant = 'Pageant'
+    Pageant = "Pageant"
     """"""
-    OpenSSHAgent = 'OpenSSHAgent'
+    OpenSSHAgent = "OpenSSHAgent"
     """"""
-    StubbedSSHAgent = 'StubbedSSHAgent'
+    StubbedSSHAgent = "StubbedSSHAgent"
     """"""
 
 
@@ -678,14 +678,14 @@ class RunningSSHAgentInfo(NamedTuple):
     def require_external_address(self) -> str:  # pragma: no cover
         if not isinstance(self.socket, str):
             pytest.skip(
-                reason='This test requires a real, externally resolvable '
-                'address for the SSH agent socket.'
+                reason="This test requires a real, externally resolvable "
+                "address for the SSH agent socket."
             )
         return self.socket
 
 
 ALL_KEYS: Mapping[str, SSHTestKey] = {
-    'ed25519': SSHTestKey(
+    "ed25519": SSHTestKey(
         private_key=rb"""-----BEGIN OPENSSH PRIVATE KEY-----
 b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
 QyNTUxOQAAACCBeIFoJtYCSF8P/zJIb+TBMIncHGpFBgnpCQ/7whJpdgAAAKDweO7H8Hju
@@ -731,7 +731,7 @@ idwcakUGCekJD/vCEml2AAAAG3Rlc3Qga2V5IHdpdGhvdXQgcGFzc3BocmFzZQEC
     ),
     # Currently only supported by PuTTY (which is deficient in other
     # niceties of the SSH agent and the agent's client).
-    'ed448': SSHTestKey(
+    "ed448": SSHTestKey(
         private_key=rb"""-----BEGIN OPENSSH PRIVATE KEY-----
 b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAASgAAAAlz
 c2gtZWQ0NDgAAAA54vZy009Wu8wExjvEb3hqtLz1GO/+d5vmGUbErWQ4AUO9mYLT
@@ -786,7 +786,7 @@ dGhvdXQgcGFzc3BocmFzZQECAwQFBgcICQ==
             ),
         },
     ),
-    'rsa': SSHTestKey(
+    "rsa": SSHTestKey(
         private_key=rb"""-----BEGIN OPENSSH PRIVATE KEY-----
 b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
 NhAAAAAwEAAQAAAYEAsaHu6Xs4cVsuDSNJlMCqoPVgmDgEviI8TfXmHKqX3JkIqI3LsvV7
@@ -986,7 +986,7 @@ Bgp6142WnSCQAAABt0ZXN0IGtleSB3aXRob3V0IHBhc3NwaHJhc2UB
             ),
         },
     ),
-    'dsa1024': SSHTestKey(
+    "dsa1024": SSHTestKey(
         private_key=rb"""-----BEGIN OPENSSH PRIVATE KEY-----
 b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABsQAAAAdzc2gtZH
 NzAAAAgQC7KAZXqBGNVLBQPrcMYAoNW54BhD8aIhe7BDWYzJcsaMt72VKSkguZ8+XR7nRa
@@ -1102,7 +1102,7 @@ u7HfrQhdOiKSa+ZO9AAojbURqrLDRfBJa5dXn2AAAAFQDJHfenj4EJ9WkehpdJatPBlqCW
             ),
         },
     ),
-    'ecdsa256': SSHTestKey(
+    "ecdsa256": SSHTestKey(
         private_key=rb"""-----BEGIN OPENSSH PRIVATE KEY-----
 b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
 1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTLbU0zDwsk2Dvp+VYIrsNVf5gWwz2S
@@ -1173,7 +1173,7 @@ dGhvdXQgcGFzc3BocmFzZQECAwQ=
             ),
         },
     ),
-    'ecdsa384': SSHTestKey(
+    "ecdsa384": SSHTestKey(
         private_key=rb"""-----BEGIN OPENSSH PRIVATE KEY-----
 b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAiAAAABNlY2RzYS
 1zaGEyLW5pc3RwMzg0AAAACG5pc3RwMzg0AAAAYQSgkOjkAvq7v5vHuj3KBL4/EAWcn5hZ
@@ -1254,7 +1254,7 @@ JAu0J3Q+cypZuKQVAAAAMQD5sTy8p+B1cn/DhOmXquui1BcxvASqzzevkBlbQoBa73y04B
             ),
         },


...	...	@@ -187,8 +187,8 @@ first_value = '1'
187	187
188	188	[[tool.bumpversion.files]]
189	189	filename = 'src/derivepassphrase/__init__.py'
190		-search = "^ __version__ = *'{current_version}'"
191		-replace = "__version__ = '{new_version}'"
	190	+search = '^ __version__ = *"{current_version}"'
	191	+replace = '__version__ = "{new_version}"'
192	192	regex = true
193	193
194	194	[[tool.bumpversion.files]]
...	...	@@ -425,7 +425,7 @@ src = ["src"]
425	425	docstring-code-format = true
426	426	docstring-code-line-length = "dynamic"
427	427	preview = true
428		-quote-style = 'single'
	428	+quote-style = "double"
429	429
430	430	[tool.ruff.lint]
431	431	ignore = [

...	...	@@ -12,14 +12,14 @@ import re
12	12	import sys
13	13	from typing import TYPE_CHECKING, Literal, NewType, cast
14	14
15		-sys.path.append(str(pathlib.Path(sys.argv[0]).resolve().parent.parent / 'src'))
	15	+sys.path.append(str(pathlib.Path(sys.argv[0]).resolve().parent.parent / "src"))
16	16	from derivepassphrase._internals import cli_messages # noqa: PLC2701
17	17
18	18	if TYPE_CHECKING:
19	19	from collections.abc import Iterator
20	20
21		- EnumName = NewType('EnumName', str)
22		- DiagnosticText = NewType('DiagnosticText', str)
	21	+ EnumName = NewType("EnumName", str)
	22	+ DiagnosticText = NewType("DiagnosticText", str)
23	23
24	24	known_errors = cli_messages.ErrMsgTemplate.__members__
25	25	known_warnings = cli_messages.WarnMsgTemplate.__members__
...	...	@@ -28,17 +28,17 @@ known_warnings = cli_messages.WarnMsgTemplate.__members__
28	28	def _replace_known_metavars(string: str) -> str:
29	29	return (
30	30	string.replace(
31		- '{service_metavar!s}',
	31	+ "{service_metavar!s}",
32	32	cli_messages.Label.VAULT_METAVAR_SERVICE.value.singular,
33	33	)
34	34	.replace(
35		- '{service_metavar}',
	35	+ "{service_metavar}",
36	36	cli_messages.Label.VAULT_METAVAR_SERVICE.value.singular,
37	37	)
38		- .replace('{PROG_NAME!s}', cli_messages.PROG_NAME)
39		- .replace('{PROG_NAME}', cli_messages.PROG_NAME)
40		- .replace('{settings_type!s}', 'global/service-specific settings')
41		- .replace('{settings_type}', 'global/service-specific settings')
	38	+ .replace("{PROG_NAME!s}", cli_messages.PROG_NAME)
	39	+ .replace("{PROG_NAME}", cli_messages.PROG_NAME)
	40	+ .replace("{settings_type!s}", "global/service-specific settings")
	41	+ .replace("{settings_type}", "global/service-specific settings")
42	42	)
43	43
44	44
...	...	@@ -50,20 +50,20 @@ def _replace_known_metavars(string: str) -> str:
50	50	def _mismatches_text(
51	51	pattern: re.Pattern[str],
52	52	enum_name: EnumName,
53		- name_type: Literal['warning', 'error'],
	53	+ name_type: Literal["warning", "error"],
54	54	) -> bool:
55		- while '.' in enum_name:
56		- enum_name = cast('EnumName', enum_name.partition('.')[2])
	55	+ while "." in enum_name:
	56	+ enum_name = cast("EnumName", enum_name.partition(".")[2])
57	57	try:
58	58	enum_value = (
59	59	known_errors[enum_name].value
60		- if name_type == 'error'
	60	+ if name_type == "error"
61	61	else known_warnings[enum_name].value
62	62	)
63	63	except KeyError:
64	64	# No text, so no mismatch.
65	65	return False
66		- texts = {enum_value.singular, enum_value.plural} - {''}
	66	+ texts = {enum_value.singular, enum_value.plural} - {""}
67	67	return not all(pattern.match(_replace_known_metavars(t)) for t in texts)
68	68
69	69
...	...	@@ -72,120 +72,120 @@ def _entries_from_text(
72	72	enum_names: set[EnumName],
73	73	) -> Iterator[
74	74	tuple[
75		- Literal['warning', 'error'],
	75	+ Literal["warning", "error"],
76	76	tuple[DiagnosticText, EnumName],
77	77	]
78	78	]:
79	79	assert text not in manpage_documented_warnings
80	80	assert text not in manpage_documented_errors
81	81	pattern_parts = [
82		- '.*' if part == '%s' else re.escape(part)
83		- for part in re.split(r'(%s)', text)
	82	+ ".*" if part == "%s" else re.escape(part)
	83	+ for part in re.split(r"(%s)", text)
84	84	]
85		- pattern = re.compile(''.join(pattern_parts))
	85	+ pattern = re.compile("".join(pattern_parts))
86	86	for name in enum_names:
87		- _class_name, dot, enum_entry = name.partition('.')
88		- assert dot == '.', f'Invalid enum name {name!r}'
89		- assert '.' not in enum_entry, f'Unsupported enum name {name!r}'
90		- if name.startswith('WarnMsgTemplate.'):
	87	+ _class_name, dot, enum_entry = name.partition(".")
	88	+ assert dot == ".", f"Invalid enum name {name!r}"
	89	+ assert "." not in enum_entry, f"Unsupported enum name {name!r}"
	90	+ if name.startswith("WarnMsgTemplate."):
91	91	assert not _mismatches_text(
92		- pattern, enum_name=name, name_type='warning'
	92	+ pattern, enum_name=name, name_type="warning"
93	93	), (
94	94	f"Warning text for {name} doesn't match the manpage: "
95		- f'{text!r} -> {pattern.pattern!r}'
	95	+ f"{text!r} -> {pattern.pattern!r}"
96	96	)
97		- yield ('warning', (text, cast('EnumName', enum_entry)))
98		- if name.startswith('ErrMsgTemplate.'):
	97	+ yield ("warning", (text, cast("EnumName", enum_entry)))
	98	+ if name.startswith("ErrMsgTemplate."):
99	99	assert not _mismatches_text(
100		- pattern, enum_name=name, name_type='error'
	100	+ pattern, enum_name=name, name_type="error"
101	101	), (
102	102	f"Error text for {name} doesn't match the manpage: "
103		- f'{text!r} -> {pattern.pattern!r}'
	103	+ f"{text!r} -> {pattern.pattern!r}"
104	104	)
105		- yield ('error', (text, cast('EnumName', enum_entry)))
	105	+ yield ("error", (text, cast("EnumName", enum_entry)))
106	106
107	107
108	108	def _check_manpage(
109	109	path: pathlib.Path,
110	110	) -> Iterator[
111	111	tuple[
112		- Literal['warning', 'error'],
	112	+ Literal["warning", "error"],
113	113	tuple[DiagnosticText, EnumName],
114	114	]
115	115	]:
116	116	enum_names: set[EnumName] = set()
117	117
118		- for line in path.read_text(encoding='UTF-8').splitlines(keepends=False):
119		- if enum_names and line.startswith('.It '):
	118	+ for line in path.read_text(encoding="UTF-8").splitlines(keepends=False):
	119	+ if enum_names and line.startswith(".It "):
120	120	# Some *roff escape sequences need to be undone. This is not an
121	121	# exhaustive list; new entries will be added based on the actual
122	122	# manpages as the need arises.
123	123	text = cast(
124		- 'DiagnosticText',
125		- line.removeprefix('.It ').replace('"', '').replace(r'\-', '-'),
	124	+ "DiagnosticText",
	125	+ line.removeprefix(".It ").replace('"', "").replace(r"\-", "-"),
126	126	)
127	127	yield from _entries_from_text(text=text, enum_names=enum_names)
128	128	enum_names.clear()
129		- elif line.startswith(r'.\" Message-ID (mark only):'):
	129	+ elif line.startswith(r".\" Message-ID (mark only):"):
130	130	yield from _entries_from_mark_only(
131		- cast('EnumName', line.split(None, 4)[4])
	131	+ cast("EnumName", line.split(None, 4)[4])
132	132	)
133		- elif line.startswith(r'.\" Message-ID:'):
134		- enum_names.add(cast('EnumName', line.split(None, 2)[2]))
	133	+ elif line.startswith(r".\" Message-ID:"):
	134	+ enum_names.add(cast("EnumName", line.split(None, 2)[2]))
135	135
136	136
137	137	def _entries_from_mark_only(
138	138	name: EnumName,
139	139	) -> Iterator[
140	140	tuple[
141		- Literal['warning', 'error'],
	141	+ Literal["warning", "error"],
142	142	tuple[DiagnosticText, EnumName],
143	143	]
144	144	]:
145		- text = cast('DiagnosticText', '<mark only>')
146		- _class_name, dot, enum_entry = name.partition('.')
147		- assert dot == '.', f'Invalid enum name {name!r}'
148		- assert '.' not in enum_entry, f'Unsupported enum name {name!r}'
149		- if name.startswith('WarnMsgTemplate.'):
150		- yield ('warning', (text, cast('EnumName', enum_entry)))
151		- if name.startswith('ErrMsgTemplate.'):
152		- yield ('error', (text, cast('EnumName', enum_entry)))
	145	+ text = cast("DiagnosticText", "<mark only>")
	146	+ _class_name, dot, enum_entry = name.partition(".")
	147	+ assert dot == ".", f"Invalid enum name {name!r}"
	148	+ assert "." not in enum_entry, f"Unsupported enum name {name!r}"
	149	+ if name.startswith("WarnMsgTemplate."):
	150	+ yield ("warning", (text, cast("EnumName", enum_entry)))
	151	+ if name.startswith("ErrMsgTemplate."):
	152	+ yield ("error", (text, cast("EnumName", enum_entry)))
153	153
154	154
155	155	def _check_manpagedoc(
156	156	path: pathlib.Path,
157	157	) -> Iterator[
158	158	tuple[
159		- Literal['warning', 'error'],
	159	+ Literal["warning", "error"],
160	160	tuple[DiagnosticText, EnumName],
161	161	]
162	162	]:
163	163	enum_names: set[EnumName] = set()
164	164
165		- for line in path.read_text(encoding='UTF-8').splitlines(keepends=False):
166		- if enum_names and line.startswith(('??? failure ', '??? warning ')):
167		- text = cast('DiagnosticText', line.split(None, 2)[2])
168		- for ch in ['"', '`']:
	165	+ for line in path.read_text(encoding="UTF-8").splitlines(keepends=False):
	166	+ if enum_names and line.startswith(("??? failure ", "??? warning ")):
	167	+ text = cast("DiagnosticText", line.split(None, 2)[2])
	168	+ for ch in ['"', "`"]:
169	169	assert text.startswith(ch)
170	170	assert text.endswith(ch)
171		- text = cast('DiagnosticText', text[1:-1])
	171	+ text = cast("DiagnosticText", text[1:-1])
172	172	yield from _entries_from_text(text=text, enum_names=enum_names)
173	173	enum_names.clear()
174		- elif line.startswith('<!-- Message-ID (mark only):') and line.endswith(
175		- '-->'
	174	+ elif line.startswith("<!-- Message-ID (mark only):") and line.endswith(
	175	+ "-->"
176	176	):
177	177	name = cast(
178		- 'EnumName',
179		- line.removeprefix('<!-- Message-ID (mark only):')
180		- .removesuffix('-->')
	178	+ "EnumName",
	179	+ line.removeprefix("<!-- Message-ID (mark only):")
	180	+ .removesuffix("-->")
181	181	.strip(),
182	182	)
183	183	yield from _entries_from_mark_only(name)
184		- elif line.startswith('<!-- Message-ID:') and line.endswith('-->'):
	184	+ elif line.startswith("<!-- Message-ID:") and line.endswith("-->"):
185	185	name = cast(
186		- 'EnumName',
187		- line.removeprefix('<!-- Message-ID:')
188		- .removesuffix('-->')
	186	+ "EnumName",
	187	+ line.removeprefix("<!-- Message-ID:")
	188	+ .removesuffix("-->")
189	189	.strip(),
190	190	)
191	191	enum_names.add(name)
...	...	@@ -198,20 +198,20 @@ manpagedoc_documented_errors: dict[EnumName, DiagnosticText] = {}
198	198	manpagedoc_documented_warnings: dict[EnumName, DiagnosticText] = {}
199	199	for set_name, globs, errors, warnings in [
200	200	(
201		- 'manpages',
	201	+ "manpages",
202	202	sorted(
203		- pathlib.Path(base, 'share', 'man', 'man1').glob(
204		- 'derivepassphrase*.1'
	203	+ pathlib.Path(base, "share", "man", "man1").glob(
	204	+ "derivepassphrase*.1"
205	205	)
206	206	),
207	207	manpage_documented_errors,
208	208	manpage_documented_warnings,
209	209	),
210	210	(
211		- 'manpage-ish docs',
	211	+ "manpage-ish docs",
212	212	sorted(
213		- pathlib.Path(base, 'docs', 'reference').glob(
214		- 'derivepassphrase*.1.md'
	213	+ pathlib.Path(base, "docs", "reference").glob(
	214	+ "derivepassphrase*.1.md"
215	215	)
216	216	),
217	217	manpagedoc_documented_errors,
...	...	@@ -219,17 +219,17 @@ for set_name, globs, errors, warnings in [
219	219	),
220	220	]:
221	221	for path in globs:
222		- print(f'CHECK DOC {str(path.relative_to(base))!r}')
	222	+ print(f"CHECK DOC {str(path.relative_to(base))!r}")
223	223	checker = (
224		- _check_manpage if set_name == 'manpages' else _check_manpagedoc
	224	+ _check_manpage if set_name == "manpages" else _check_manpagedoc
225	225	)
226	226	for diagnostic_type, (text, name) in checker(path):
227		- if diagnostic_type == 'warning':
	227	+ if diagnostic_type == "warning":
228	228	warnings[name] = text
229		- print(f'DOC WARN {name} {text!r}')
	229	+ print(f"DOC WARN {name} {text!r}")
230	230	else:
231	231	errors[name] = text
232		- print(f'DOC ERR {name} {text!r}')
	232	+ print(f"DOC ERR {name} {text!r}")
233	233	assert set(errors) >= set(known_errors), (
234	234	f"Some error messages aren't documented in the {set_name}: "
235	235	+ repr(set(known_errors) - set(errors))
...	...	@@ -239,35 +239,35 @@ for set_name, globs, errors, warnings in [
239	239	+ repr(set(known_warnings) - set(warnings))
240	240	)
241	241	assert set(errors) <= set(known_errors), (
242		- f'Some unknown error messages are documented in the {set_name}: '
	242	+ f"Some unknown error messages are documented in the {set_name}: "
243	243	+ repr(set(errors) - set(known_errors)) # type: ignore[arg-type]
244	244	)
245	245	assert set(warnings) <= set(known_warnings), (
246		- f'Some unknown warning messages are documented in the {set_name}: '
	246	+ f"Some unknown warning messages are documented in the {set_name}: "
247	247	+ repr(set(warnings) - set(known_warnings)) # type: ignore[arg-type]
248	248	)
249	249
250	250	py_file_errors: set[EnumName] = set()
251	251	py_file_warnings: set[EnumName] = set()
252	252	match_errors_warnings = re.compile(
253		- r'\b(?:cli_messages\|msg\|_msg)\.(Err\|Warn)MsgTemplate\.([A-Z0-9_]+)'
	253	+ r"\b(?:cli_messages\|msg\|_msg)\.(Err\|Warn)MsgTemplate\.([A-Z0-9_]+)"
254	254	)
255	255	for path in sorted(
256		- pathlib.Path(base, 'src', 'derivepassphrase').glob('*/.py')
	256	+ pathlib.Path(base, "src", "derivepassphrase").glob("*/.py")
257	257	):
258	258	if path != pathlib.Path(
259		- base, 'src', 'derivepassphrase', '_internals', 'cli_messages.py'
	259	+ base, "src", "derivepassphrase", "_internals", "cli_messages.py"
260	260	):
261		- print(f'CHECK SOURCE {str(path.relative_to(base))!r}')
262		- filecontents = path.read_text(encoding='UTF-8')
	261	+ print(f"CHECK SOURCE {str(path.relative_to(base))!r}")
	262	+ filecontents = path.read_text(encoding="UTF-8")
263	263	for match in match_errors_warnings.finditer(filecontents):
264	264	message_type, symbol = match.group(1, 2)
265		- if message_type == 'Err':
266		- py_file_errors.add(cast('EnumName', symbol))
267		- print(f'SOURCE ERR {symbol}')
268		- elif message_type == 'Warn':
269		- py_file_warnings.add(cast('EnumName', symbol))
270		- print(f'SOURCE WARN {symbol}')
	265	+ if message_type == "Err":
	266	+ py_file_errors.add(cast("EnumName", symbol))
	267	+ print(f"SOURCE ERR {symbol}")
	268	+ elif message_type == "Warn":
	269	+ py_file_warnings.add(cast("EnumName", symbol))
	270	+ print(f"SOURCE WARN {symbol}")
271	271	if py_file_errors != set(known_errors):
272	272	print(
273	273	"Some error messages aren't in use: "

...	...	@@ -29,13 +29,13 @@ import sys
29	29
30	30	BLOCK_SIZE = 4096
31	31
32		-envs = ['3.9', '3.11', '3.13', 'pypy3.10']
33		-opts = ['-py', ','.join(envs)]
	32	+envs = ["3.9", "3.11", "3.13", "pypy3.10"]
	33	+opts = ["-py", ",".join(envs)]
34	34
35	35	current_branch = (
36		- os.getenv('GIT_CURRENT_BRANCH')
	36	+ os.getenv("GIT_CURRENT_BRANCH")
37	37	or subprocess.run(
38		- ['git', 'branch', '--show-current'],
	38	+ ["git", "branch", "--show-current"],
39	39	capture_output=True,
40	40	text=True,
41	41	check=False,
...	...	@@ -48,11 +48,11 @@ current_branch = (
48	48	is_stgit_patch = bool(
49	49	subprocess.run(
50	50	[
51		- 'git',
52		- 'rev-parse',
53		- '--verify',
54		- '--end-of-options',
55		- f'refs/stacks/{current_branch}',
	51	+ "git",
	52	+ "rev-parse",
	53	+ "--verify",
	54	+ "--end-of-options",
	55	+ f"refs/stacks/{current_branch}",
56	56	],
57	57	capture_output=True,
58	58	check=False,
...	...	@@ -66,17 +66,17 @@ try:
66	66	# violations. Afterwards, run with normal settings to handle true
67	67	# E501s.
68	68	subprocess.run(
69		- ['hatch', 'fmt', '-l', '--', '--ignore=E501,RUF100'], check=True
	69	+ ["hatch", "fmt", "-l", "--", "--ignore=E501,RUF100"], check=True
70	70	)
71		- subprocess.run(['hatch', 'fmt', '-f'], check=True)
72		- subprocess.run(['hatch', 'fmt', '-l'], check=True)
73		- if current_branch == 'master':
	71	+ subprocess.run(["hatch", "fmt", "-f"], check=True)
	72	+ subprocess.run(["hatch", "fmt", "-l"], check=True)
	73	+ if current_branch == "master":
74	74	subprocess.run(
75		- ['hatch', 'env', 'run', '-e', 'types', '--', 'check'], check=True
	75	+ ["hatch", "env", "run", "-e", "types", "--", "check"], check=True
76	76	)
77	77	try:
78	78	h = hashlib.sha256(
79		- pathlib.Path('po/derivepassphrase.pot').read_bytes(),
	79	+ pathlib.Path("po/derivepassphrase.pot").read_bytes(),
80	80	usedforsecurity=True,
81	81	)
82	82	except FileNotFoundError:
...	...	@@ -85,22 +85,22 @@ try:
85	85	h2 = hashlib.sha256(
86	86	subprocess.run(
87	87	[
88		- 'hatch',
89		- 'run',
90		- 'python3',
91		- '-m',
92		- 'derivepassphrase._internals.cli_messages',
	88	+ "hatch",
	89	+ "run",
	90	+ "python3",
	91	+ "-m",
	92	+ "derivepassphrase._internals.cli_messages",
93	93	],
94	94	check=True,
95	95	stdout=subprocess.PIPE,
96		- input=b'',
	96	+ input=b"",
97	97	).stdout,
98	98	usedforsecurity=True,
99	99	)
100	100	if h.digest() != h2.digest():
101	101	sys.exit(
102		- 'ERROR: po/derivepassphrase.pot '
103		- 'has unreproducible contents'
	102	+ "ERROR: po/derivepassphrase.pot "
	103	+ "has unreproducible contents"
104	104	)
105	105	# fmt: off
106	106	subprocess.run(
...	...	@@ -112,19 +112,19 @@ try:
112	112	)
113	113	# fmt: on
114	114	subprocess.run(
115		- ['hatch', 'test', '-acpqr', '--', '--maxfail', '1'],
	115	+ ["hatch", "test", "-acpqr", "--", "--maxfail", "1"],
116	116	check=True,
117	117	)
118	118	elif not is_stgit_patch:
119	119	subprocess.run(
120		- ['hatch', 'env', 'run', '-e', 'types', '--', 'check'], check=True
	120	+ ["hatch", "env", "run", "-e", "types", "--", "check"], check=True
121	121	)
122	122	subprocess.run(
123		- ['hatch', 'test', '-cpqr', *opts, '--', '--maxfail', '1'],
124		- env={**os.environ} \| {'HYPOTHESIS_PROFILE': 'dev'},
	123	+ ["hatch", "test", "-cpqr", *opts, "--", "--maxfail", "1"],
	124	+ env={**os.environ} \| {"HYPOTHESIS_PROFILE": "dev"},
125	125	check=True,
126	126	)
127	127	except subprocess.CalledProcessError as exc:
128		- sys.exit(getattr(exc, 'returncode', 1))
	128	+ sys.exit(getattr(exc, "returncode", 1))
129	129	except KeyboardInterrupt:
130	130	sys.exit(1)

...	...	@@ -105,7 +105,7 @@ def try_key(
105	105	def format_key(key: tests.SSHTestKey) -> str:
106	106	"""Return a formatted SSH test key."""
107	107	ascii_printables = range(32, 127)
108		- ascii_whitespace = {ord(' '), ord('\n'), ord('\t'), ord('\r'), ord('\f')}
	108	+ ascii_whitespace = {ord(" "), ord("\n"), ord("\t"), ord("\r"), ord("\f")}
109	109
110	110	def as_raw_string_or_hex(bytestring: bytes) -> str:
111	111	if bytestring.find(b'"""') < 0 and all(
...	...	@@ -113,8 +113,8 @@ def format_key(key: tests.SSHTestKey) -> str:
113	113	for byte in bytestring
114	114	):
115	115	return f'rb"""{bytestring.decode("ascii")}"""'
116		- hexstring = bytestring.hex(' ', 1)
117		- wrapped_hexstring = '\n'.join(
	116	+ hexstring = bytestring.hex(" ", 1)
	117	+ wrapped_hexstring = "\n".join(
118	118	textwrap.TextWrapper(width=48).wrap(hexstring)
119	119	)
120	120	return f'''bytes.fromhex("""
...	...	@@ -124,40 +124,40 @@ def format_key(key: tests.SSHTestKey) -> str:
124	124	f = as_raw_string_or_hex
125	125
126	126	lines = [
127		- 'SSHTestKey(\n',
128		- ' public_key=' + f(key.public_key) + ',\n',
129		- ' public_key_data=' + f(key.public_key_data) + ',\n',
130		- ' private_key=' + f(key.private_key) + ',\n',
131		- ' private_key_blob=' + f(key.private_key_blob) + ',\n',
	127	+ "SSHTestKey(\n",
	128	+ " public_key=" + f(key.public_key) + ",\n",
	129	+ " public_key_data=" + f(key.public_key_data) + ",\n",
	130	+ " private_key=" + f(key.private_key) + ",\n",
	131	+ " private_key_blob=" + f(key.private_key_blob) + ",\n",
132	132	]
133	133	if key.expected_signatures:
134	134	expected_signature_lines = [
135		- 'expected_signatures={\n',
	135	+ "expected_signatures={\n",
136	136	]
137	137	for sig in key.expected_signatures.values():
138	138	expected_signature_lines.extend([
139		- f' {sig.signature_class!s}: '
140		- 'SSHTestKeyDeterministicSignature(\n',
141		- ' signature=' + f(sig.signature) + ',\n',
142		- ' derived_passphrase='
	139	+ f" {sig.signature_class!s}: "
	140	+ "SSHTestKeyDeterministicSignature(\n",
	141	+ " signature=" + f(sig.signature) + ",\n",
	142	+ " derived_passphrase="
143	143	+ f(sig.derived_passphrase)
144		- + ',\n',
	144	+ + ",\n",
145	145	])
146	146	if (
147	147	sig.signature_class
148	148	!= tests.SSHTestKeyDeterministicSignatureClass.SPEC
149	149	):
150	150	expected_signature_lines.append(
151		- f' signature_class={sig.signature_class!s},\n'
	151	+ f" signature_class={sig.signature_class!s},\n"
152	152	)
153		- expected_signature_lines.append(' ),\n')
154		- expected_signature_lines.append('},\n')
155		- lines.extend(' ' + x for x in expected_signature_lines)
	153	+ expected_signature_lines.append(" ),\n")
	154	+ expected_signature_lines.append("},\n")
	155	+ lines.extend(" " + x for x in expected_signature_lines)
156	156	else:
157		- lines.append(' expected_signatures={},\n')
158		- lines.append(')')
	157	+ lines.append(" expected_signatures={},\n")
	158	+ lines.append(")")
159	159
160		- return ''.join(lines)
	160	+ return "".join(lines)
161	161
162	162
163	163	def main(argv: list[str] \| None = None) -> None:
...	...	@@ -165,27 +165,27 @@ def main(argv: list[str] \| None = None) -> None:
165	165	ap = argparse.ArgumentParser()
166	166	group = ap.add_mutually_exclusive_group()
167	167	group.add_argument(
168		- '--rfc-6979',
169		- action='store_const',
170		- dest='deterministic_signature_class',
	168	+ "--rfc-6979",
	169	+ action="store_const",
	170	+ dest="deterministic_signature_class",
171	171	const=tests.SSHTestKeyDeterministicSignatureClass.RFC_6979,
172	172	default=tests.SSHTestKeyDeterministicSignatureClass.RFC_6979,
173		- help='assume RFC 6979 signatures for deterministic DSA',
	173	+ help="assume RFC 6979 signatures for deterministic DSA",
174	174	)
175	175	group.add_argument(
176		- '--pageant-068-080',
177		- action='store_const',
178		- dest='deterministic_signature_class',
	176	+ "--pageant-068-080",
	177	+ action="store_const",
	178	+ dest="deterministic_signature_class",
179	179	const=tests.SSHTestKeyDeterministicSignatureClass.Pageant_068_080,
180	180	default=tests.SSHTestKeyDeterministicSignatureClass.RFC_6979,
181		- help='assume Pageant 0.68-0.80 signatures for deterministic DSA',
	181	+ help="assume Pageant 0.68-0.80 signatures for deterministic DSA",
182	182	)
183	183	ap.add_argument(
184		- 'keynames',
185		- nargs='*',
186		- metavar='KEYNAME',
187		- help='query the named test key in the agent '
188		- '(multiple use possible; default: all keys)',
	184	+ "keynames",
	185	+ nargs="*",
	186	+ metavar="KEYNAME",
	187	+ help="query the named test key in the agent "
	188	+ "(multiple use possible; default: all keys)",
189	189	)
190	190	args = ap.parse_args(args=argv)
191	191	if not args.keynames:
...	...	@@ -198,8 +198,8 @@ def main(argv: list[str] \| None = None) -> None:
198	198	deterministic_signature_class=args.deterministic_signature_class,
199	199	)
200	200	if key is not None:
201		- print(f'keys[{keyname!r}] =', format_key(key))
	201	+ print(f"keys[{keyname!r}] =", format_key(key))
202	202
203	203
204		-if __name__ == '__main__':
	204	+if __name__ == "__main__":
205	205	main()

...	...	@@ -4,10 +4,10 @@
4	4
5	5	"""Work-alike of vault(1) – a deterministic, stateless password manager""" # noqa: D415,RUF002
6	6
7		-__author__ = 'Marco Ricci <software@the13thletter.info>'
8		-__distribution_name__ = 'derivepassphrase'
	7	+__author__ = "Marco Ricci <software@the13thletter.info>"
	8	+__distribution_name__ = "derivepassphrase"
9	9
10	10	# Automatically generated. DO NOT EDIT! Use importlib.metadata instead
11	11	# to query the correct values.
12		-__version__ = '0.5.2'
	12	+__version__ = "0.5.2"
13	13	# END automatically generated.

...	...	@@ -5,7 +5,7 @@
5	5
6	6	import sys
7	7
8		-if __name__ == '__main__':
	8	+if __name__ == "__main__":
9	9	from derivepassphrase.cli import derivepassphrase
10	10
11	11	sys.exit(derivepassphrase())

...	...	@@ -65,10 +65,10 @@ PROG_NAME = _msg.PROG_NAME
65	65	KEY_DISPLAY_LENGTH = 50
66	66
67	67	# Error messages
68		-INVALID_VAULT_CONFIG = 'Invalid vault config'
69		-AGENT_COMMUNICATION_ERROR = 'Error communicating with the SSH agent'
70		-NO_SUITABLE_KEYS = 'No suitable SSH keys were found'
71		-EMPTY_SELECTION = 'Empty selection'
	68	+INVALID_VAULT_CONFIG = "Invalid vault config"
	69	+AGENT_COMMUNICATION_ERROR = "Error communicating with the SSH agent"
	70	+NO_SUITABLE_KEYS = "No suitable SSH keys were found"
	71	+EMPTY_SELECTION = "Empty selection"
72	72
73	73
74	74	# Shell completion
...	...	@@ -92,7 +92,7 @@ def shell_complete_path(
92	92	) -> list[str \| click.shell_completion.CompletionItem]:
93	93	"""Request standard path completion for the `path` argument.""" # noqa: DOC201
94	94	del ctx, parameter, value
95		- return [click.shell_completion.CompletionItem('', type='file')]
	95	+ return [click.shell_completion.CompletionItem("", type="file")]
96	96
97	97
98	98	# The standard `click` shell completion scripts serialize the completion
...	...	@@ -128,7 +128,7 @@ def is_completable_item(obj: object) -> bool:
128	128
129	129	"""
130	130	obj = str(obj)
131		- forbidden = frozenset(chr(i) for i in range(32)) \| {'\x7f'}
	131	+ forbidden = frozenset(chr(i) for i in range(32)) \| {"\x7f"}
132	132	return not any(f in obj for f in forbidden)
133	133
134	134
...	...	@@ -150,7 +150,7 @@ def shell_complete_service(
150	150	config = load_config()
151	151	return sorted(
152	152	sv
153		- for sv in config['services']
	153	+ for sv in config["services"]
154	154	if sv.startswith(value) and is_completable_item(sv)
155	155	)
156	156	except FileNotFoundError:
...	...	@@ -158,7 +158,7 @@ def shell_complete_service(
158	158	config, _exc = migrate_and_load_old_config()
159	159	return sorted(
160	160	sv
161		- for sv in config['services']
	161	+ for sv in config["services"]
162	162	if sv.startswith(value) and is_completable_item(sv)
163	163	)
164	164	except FileNotFoundError:
...	...	@@ -171,14 +171,14 @@ def shell_complete_service(
171	171	# =====
172	172
173	173	config_filename_table = {
174		- None: '.',
175		- 'write lock': '',
176		- 'vault': 'vault.json',
177		- 'user configuration': 'config.toml',
	174	+ None: ".",
	175	+ "write lock": "",
	176	+ "vault": "vault.json",
	177	+ "user configuration": "config.toml",
178	178	# TODO(the-13th-letter): Remove the old settings.json file.
179	179	# https://the13thletter.info/derivepassphrase/latest/upgrade-notes.html#v1.0-old-settings-file
180		- 'old settings.json': 'settings.json',
181		- 'notes backup': 'old-notes.txt',
	180	+ "old settings.json": "settings.json",
	181	+ "notes backup": "old-notes.txt",
182	182	}
183	183
184	184	LOCK_SIZE = 4096
...	...	@@ -243,7 +243,7 @@ class ConfigurationMutex:
243	243
244	244	def __init__(self) -> None:
245	245	"""Initialize self."""
246		- if sys.platform == 'win32': # pragma: unless the-annoying-os no cover
	246	+ if sys.platform == "win32": # pragma: unless the-annoying-os no cover
247	247	import msvcrt # noqa: PLC0415
248	248
249	249	locking = msvcrt.locking
...	...	@@ -276,14 +276,14 @@ class ConfigurationMutex:
276	276	)
277	277	self.write_lock_condition.notify()
278	278	self.write_lock_file.touch()
279		- self.write_lock_fileobj = self.write_lock_file.open('wb')
	279	+ self.write_lock_fileobj = self.write_lock_file.open("wb")
280	280	lock_fd(self.write_lock_fileobj.fileno())
281	281
282	282	def unlock_func() -> None:
283	283	with self.write_lock_condition:
284	284	assert self.write_lock_fileobj is not None, (
285		- 'We lost track of the configuration write lock '
286		- 'file object, so we cannot unlock it anymore!'
	285	+ "We lost track of the configuration write lock "
	286	+ "file object, so we cannot unlock it anymore!"
287	287	)
288	288	unlock_fd(self.write_lock_fileobj.fileno())
289	289	self.write_lock_fileobj.close()
...	...	@@ -292,7 +292,7 @@ class ConfigurationMutex:
292	292	self.lock = lock_func
293	293	self.unlock = unlock_func
294	294	self.write_lock_fileobj = None
295		- self.write_lock_file = config_filename('write lock')
	295	+ self.write_lock_file = config_filename("write lock")
296	296	self.write_lock_condition = threading.Condition(threading.Lock())
297	297
298	298	def __enter__(self) -> Self:
...	...	@@ -364,28 +364,28 @@ def get_tempdir() -> pathlib.Path:
364	364	"""
365	365	paths_to_try: list[pathlib.PurePath] = []
366	366	env_paths_to_try = [
367		- os.getenv('TMPDIR'),
368		- os.getenv('TEMP'),
369		- os.getenv('TMP'),
	367	+ os.getenv("TMPDIR"),
	368	+ os.getenv("TEMP"),
	369	+ os.getenv("TMP"),
370	370	]
371	371	paths_to_try.extend(
372	372	pathlib.PurePath(p) for p in env_paths_to_try if p is not None
373	373	)
374	374	posix_paths_to_try = [
375		- pathlib.PurePosixPath('/tmp'), # noqa: S108
376		- pathlib.PurePosixPath('/var/tmp'), # noqa: S108
377		- pathlib.PurePosixPath('/usr/tmp'),
	375	+ pathlib.PurePosixPath("/tmp"), # noqa: S108
	376	+ pathlib.PurePosixPath("/var/tmp"), # noqa: S108
	377	+ pathlib.PurePosixPath("/usr/tmp"),
378	378	]
379	379	windows_paths_to_try = [
380		- pathlib.PureWindowsPath(r'~\AppData\Local\Temp'),
381		- pathlib.PureWindowsPath(os.path.expandvars(r'%SYSTEMROOT%\Temp')),
382		- pathlib.PureWindowsPath(r'C:\TEMP'),
383		- pathlib.PureWindowsPath(r'C:\TMP'),
384		- pathlib.PureWindowsPath(r'\TEMP'),
385		- pathlib.PureWindowsPath(r'\TMP'),
	380	+ pathlib.PureWindowsPath(r"~\AppData\Local\Temp"),
	381	+ pathlib.PureWindowsPath(os.path.expandvars(r"%SYSTEMROOT%\Temp")),
	382	+ pathlib.PureWindowsPath(r"C:\TEMP"),
	383	+ pathlib.PureWindowsPath(r"C:\TMP"),
	384	+ pathlib.PureWindowsPath(r"\TEMP"),
	385	+ pathlib.PureWindowsPath(r"\TMP"),
386	386	]
387	387	paths_to_try.extend(
388		- windows_paths_to_try if sys.platform == 'win32' else posix_paths_to_try
	388	+ windows_paths_to_try if sys.platform == "win32" else posix_paths_to_try
389	389	)
390	390	for p in paths_to_try:
391	391	path = pathlib.Path(p).expanduser()
...	...	@@ -400,7 +400,7 @@ def get_tempdir() -> pathlib.Path:
400	400
401	401
402	402	def config_filename(
403		- subsystem: str \| None = 'old settings.json',
	403	+ subsystem: str \| None = "old settings.json",
404	404	) -> pathlib.Path:
405	405	"""Return the filename of the configuration file for the subsystem.
406	406
...	...	@@ -429,21 +429,21 @@ def config_filename(
429	429
430	430	"""
431	431	path = pathlib.Path(
432		- os.getenv(PROG_NAME.upper() + '_PATH')
	432	+ os.getenv(PROG_NAME.upper() + "_PATH")
433	433	or click.get_app_dir(PROG_NAME, force_posix=True)
434	434	)
435		- if subsystem == 'write lock':
	435	+ if subsystem == "write lock":
436	436	path_hash = base64.b32encode(
437	437	hashlib.sha256(os.fsencode(path.resolve())).digest()
438	438	)
439		- path_hash_text = path_hash[:12].lower().decode('ASCII')
	439	+ path_hash_text = path_hash[:12].lower().decode("ASCII")
440	440	temp_path = get_tempdir()
441		- filename_ = f'derivepassphrase-lock-{path_hash_text}.txt'
	441	+ filename_ = f"derivepassphrase-lock-{path_hash_text}.txt"
442	442	return temp_path / filename_
443	443	try:
444	444	filename = config_filename_table[subsystem]
445	445	except (KeyError, TypeError): # pragma: no cover [failsafe]
446		- msg = f'Unknown configuration subsystem: {subsystem!r}'
	446	+ msg = f"Unknown configuration subsystem: {subsystem!r}"
447	447	raise AssertionError(msg) from None
448	448	return path / filename
449	449
...	...	@@ -465,8 +465,8 @@ def load_config() -> _types.VaultConfig:
465	465	config.
466	466
467	467	"""
468		- filename = config_filename(subsystem='vault')
469		- with filename.open('rb') as fileobj:
	468	+ filename = config_filename(subsystem="vault")
	469	+ with filename.open("rb") as fileobj:
470	470	data = json.load(fileobj)
471	471	if not _types.is_vault_config(data):
472	472	raise ValueError(INVALID_VAULT_CONFIG)
...	...	@@ -495,9 +495,9 @@ def migrate_and_load_old_config() -> tuple[_types.VaultConfig, OSError \| None]:
495	495	config.
496	496
497	497	"""
498		- new_filename = config_filename(subsystem='vault')
499		- old_filename = config_filename(subsystem='old settings.json')
500		- with old_filename.open('rb') as fileobj:
	498	+ new_filename = config_filename(subsystem="vault")
	499	+ old_filename = config_filename(subsystem="old settings.json")
	500	+ with old_filename.open("rb") as fileobj:
501	501	data = json.load(fileobj)
502	502	if not _types.is_vault_config(data):
503	503	raise ValueError(INVALID_VAULT_CONFIG)
...	...	@@ -528,10 +528,10 @@ def save_config(config: _types.VaultConfig, /) -> None:
528	528	"""
529	529	if not _types.is_vault_config(config):
530	530	raise ValueError(INVALID_VAULT_CONFIG)
531		- filename = config_filename(subsystem='vault')
	531	+ filename = config_filename(subsystem="vault")
532	532	filedir = filename.resolve().parent
533	533	filedir.mkdir(parents=True, exist_ok=True)
534		- with filename.open('w', encoding='UTF-8') as fileobj:
	534	+ with filename.open("w", encoding="UTF-8") as fileobj:
535	535	json.dump(
536	536	config, fileobj, ensure_ascii=False, indent=2, sort_keys=True
537	537	)
...	...	@@ -553,8 +553,8 @@ def load_user_config() -> dict[str, Any]:
553	553	file.
554	554
555	555	"""
556		- filename = config_filename(subsystem='user configuration')
557		- with filename.open('rb') as fileobj:
	556	+ filename = config_filename(subsystem="user configuration")
	557	+ with filename.open("rb") as fileobj:
558	558	return tomllib.load(fileobj)
559	559
560	560
...	...	@@ -625,8 +625,8 @@ def get_suitable_ssh_keys(
625	625
626	626	def prompt_for_selection(
627	627	items: Sequence[str \| bytes],
628		- heading: str = 'Possible choices:',
629		- single_choice_prompt: str = 'Confirm this choice?',
	628	+ heading: str = "Possible choices:",
	629	+ single_choice_prompt: str = "Confirm this choice?",
630	630	ctx: click.Context \| None = None,
631	631	) -> int:
632	632	"""Prompt user for a choice among the given items.
...	...	@@ -667,20 +667,20 @@ def prompt_for_selection(
667	667	click.echo(click.style(heading, bold=True), err=True, color=color)
668	668	for i, x in enumerate(items, start=1):
669	669	click.echo(
670		- click.style(f'[{i}]', bold=True), nl=False, err=True, color=color
	670	+ click.style(f"[{i}]", bold=True), nl=False, err=True, color=color
671	671	)
672		- click.echo(' ', nl=False, err=True, color=color)
	672	+ click.echo(" ", nl=False, err=True, color=color)
673	673	click.echo(x, err=True, color=color)
674	674	if n > 1:
675		- choices = click.Choice([''] + [str(i) for i in range(1, n + 1)])
	675	+ choices = click.Choice([""] + [str(i) for i in range(1, n + 1)])
676	676	try:
677	677	choice = click.prompt(
678		- f'Your selection? (1-{n}, leave empty to abort)',
	678	+ f"Your selection? (1-{n}, leave empty to abort)",
679	679	err=True,
680	680	type=choices,
681	681	show_choices=False,
682	682	show_default=False,
683		- default='',
	683	+ default="",
684	684	)
685	685	except click.Abort: # pragma: no cover [external]
686	686	# This branch will not be triggered during testing on
...	...	@@ -690,12 +690,12 @@ def prompt_for_selection(
690	690	# coverage.
691	691	#
692	692	# https://github.com/pallets/click/issues/2934
693		- choice = ''
	693	+ choice = ""
694	694	if not choice:
695	695	raise IndexError(EMPTY_SELECTION)
696	696	return int(choice) - 1
697	697	prompt_suffix = (
698		- ' ' if single_choice_prompt.endswith(tuple('?.!')) else ': '
	698	+ " " if single_choice_prompt.endswith(tuple("?.!")) else ": "
699	699	)
700	700	try:
701	701	click.confirm(
...	...	@@ -895,21 +895,21 @@ def select_ssh_key(
895	895	key_listing: list[str] = []
896	896	unstring_prefix = ssh_agent.SSHAgentClient.unstring_prefix
897	897	for key, comment in suitable_keys:
898		- keytype = unstring_prefix(key)[0].decode('ASCII')
899		- key_str = base64.standard_b64encode(key).decode('ASCII')
	898	+ keytype = unstring_prefix(key)[0].decode("ASCII")
	899	+ key_str = base64.standard_b64encode(key).decode("ASCII")
900	900	remaining_key_display_length = KEY_DISPLAY_LENGTH - 1 - len(keytype)
901	901	key_extract = min(
902	902	key_str,
903		- '...' + key_str[-remaining_key_display_length:],
	903	+ "..." + key_str[-remaining_key_display_length:],
904	904	key=len,
905	905	)
906		- comment_str = comment.decode('UTF-8', errors='replace')
907		- key_listing.append(f'{keytype} {key_extract} {comment_str}')
	906	+ comment_str = comment.decode("UTF-8", errors="replace")
	907	+ key_listing.append(f"{keytype} {key_extract} {comment_str}")
908	908	try:
909	909	choice = prompt_for_selection(
910	910	key_listing,
911		- heading='Suitable SSH keys:',
912		- single_choice_prompt='Use this key?',
	911	+ heading="Suitable SSH keys:",
	912	+ single_choice_prompt="Use this key?",
913	913	ctx=ctx,
914	914	)
915	915	except IndexError:
...	...	@@ -933,10 +933,10 @@ def prompt_for_passphrase() -> str:
933	933	"""
934	934	try:
935	935	return cast(
936		- 'str',
	936	+ "str",
937	937	click.prompt(
938		- 'Passphrase',
939		- default='',
	938	+ "Passphrase",
	939	+ default="",
940	940	hide_input=True,
941	941	show_default=False,
942	942	err=True,
...	...	@@ -949,7 +949,7 @@ def prompt_for_passphrase() -> str:
949	949	# of nondeterminism, exclude it from coverage.
950	950	#
951	951	# https://github.com/pallets/click/issues/2934
952		- return ''
	952	+ return ""
953	953
954	954
955	955	def toml_key(*parts: str) -> str:
...	...	@@ -957,29 +957,29 @@ def toml_key(*parts: str) -> str:
957	957
958	958	def escape(string: str) -> str:
959	959	translated = string.translate({
960		- 0: r'\u0000',
961		- 1: r'\u0001',
962		- 2: r'\u0002',
963		- 3: r'\u0003',
964		- 4: r'\u0004',
965		- 5: r'\u0005',
966		- 6: r'\u0006',
967		- 7: r'\u0007',
968		- 8: r'\b',
969		- 9: r'\t',
970		- 10: r'\n',
971		- 11: r'\u000B',
972		- 12: r'\f',
973		- 13: r'\r',
974		- 14: r'\u000E',
975		- 15: r'\u000F',
976		- ord('"'): r'\"',
977		- ord('\\'): r'\\',
978		- 127: r'\u007F',
	960	+ 0: r"\u0000",
	961	+ 1: r"\u0001",
	962	+ 2: r"\u0002",
	963	+ 3: r"\u0003",
	964	+ 4: r"\u0004",
	965	+ 5: r"\u0005",
	966	+ 6: r"\u0006",
	967	+ 7: r"\u0007",
	968	+ 8: r"\b",
	969	+ 9: r"\t",
	970	+ 10: r"\n",
	971	+ 11: r"\u000B",
	972	+ 12: r"\f",
	973	+ 13: r"\r",
	974	+ 14: r"\u000E",
	975	+ 15: r"\u000F",
	976	+ ord('"'): r"\"",
	977	+ ord("\\"): r"\\",
	978	+ 127: r"\u007F",
979	979	})
980	980	return f'"{translated}"' if translated != string else string
981	981
982		- return '.'.join(map(escape, parts))
	982	+ return ".".join(map(escape, parts))
983	983
984	984
985	985	class ORIGIN(enum.Enum):
...	...	@@ -1026,23 +1026,23 @@ def check_for_misleading_passphrase(
1026	1026	The main user configuration is invalid.
1027	1027
1028	1028	"""
1029		- form_key = 'unicode-normalization-form'
1030		- default_form: str = main_config.get('vault', {}).get(
1031		- f'default-{form_key}', 'NFC'
	1029	+ form_key = "unicode-normalization-form"
	1030	+ default_form: str = main_config.get("vault", {}).get(
	1031	+ f"default-{form_key}", "NFC"
1032	1032	)
1033		- form_dict: dict[str, dict] = main_config.get('vault', {}).get(form_key, {})
	1033	+ form_dict: dict[str, dict] = main_config.get("vault", {}).get(form_key, {})
1034	1034	form: Any = (
1035	1035	default_form
1036		- if isinstance(key, ORIGIN) or key == ('global',)
	1036	+ if isinstance(key, ORIGIN) or key == ("global",)
1037	1037	else form_dict.get(key[1], default_form)
1038	1038	)
1039	1039	config_key = (
1040		- toml_key('vault', key[1], form_key)
	1040	+ toml_key("vault", key[1], form_key)
1041	1041	if isinstance(key, tuple) and len(key) > 1 and key[1] in form_dict
1042		- else f'vault.default-{form_key}'
	1042	+ else f"vault.default-{form_key}"
1043	1043	)
1044		- if form not in {'NFC', 'NFD', 'NFKC', 'NFKD'}:
1045		- msg = f'Invalid value {form!r} for config key {config_key}'
	1044	+ if form not in {"NFC", "NFD", "NFKC", "NFKD"}:
	1045	+ msg = f"Invalid value {form!r} for config key {config_key}"
1046	1046	raise AssertionError(msg)
1047	1047	logger = logging.getLogger(PROG_NAME)
1048	1048	formatted_key = (
...	...	@@ -1050,8 +1050,8 @@ def check_for_misleading_passphrase(
1050	1050	if isinstance(key, ORIGIN)
1051	1051	else _types.json_path(key)
1052	1052	)
1053		- if 'phrase' in value:
1054		- phrase = value['phrase']
	1053	+ if "phrase" in value:
	1054	+ phrase = value["phrase"]
1055	1055	if not unicodedata.is_normalized(form, phrase):
1056	1056	logger.warning(
1057	1057	_msg.TranslatedString(
...	...	@@ -1060,7 +1060,7 @@ def check_for_misleading_passphrase(
1060	1060	form=form,
1061	1061	),
1062	1062	stacklevel=2,
1063		- extra={'color': ctx.color if ctx is not None else None},
	1063	+ extra={"color": ctx.color if ctx is not None else None},
1064	1064	)
1065	1065
1066	1066
...	...	@@ -1141,27 +1141,27 @@ def print_config_as_sh_script(
1141	1141
1142	1142	"""
1143	1143	service_keys = (
1144		- 'length',
1145		- 'repeat',
1146		- 'lower',
1147		- 'upper',
1148		- 'number',
1149		- 'space',
1150		- 'dash',
1151		- 'symbol',
	1144	+ "length",
	1145	+ "repeat",
	1146	+ "lower",
	1147	+ "upper",
	1148	+ "number",
	1149	+ "space",
	1150	+ "dash",
	1151	+ "symbol",
1152	1152	)
1153		- print('#!/bin/sh -e', file=outfile)
	1153	+ print("#!/bin/sh -e", file=outfile)
1154	1154	print(file=outfile)
1155		- print(shlex.join([*prog_name_list, '--clear']), file=outfile)
	1155	+ print(shlex.join([*prog_name_list, "--clear"]), file=outfile)
1156	1156	sv_obj_pairs: list[
1157	1157	tuple[
1158	1158	str \| None,
1159	1159	_types.VaultConfigGlobalSettings
1160	1160	\| _types.VaultConfigServicesSettings,
1161	1161	],
1162		- ] = list(config['services'].items())
1163		- if config.get('global', {}):
1164		- sv_obj_pairs.insert(0, (None, config['global']))
	1162	+ ] = list(config["services"].items())
	1163	+ if config.get("global", {}):
	1164	+ sv_obj_pairs.insert(0, (None, config["global"]))
1165	1165	for sv, sv_obj in sv_obj_pairs:
1166	1166	this_service_keys = tuple(k for k in service_keys if k in sv_obj)
1167	1167	this_other_keys = tuple(k for k in sv_obj if k not in service_keys)
...	...	@@ -1169,37 +1169,37 @@ def print_config_as_sh_script(
1169	1169	other_sv_obj = {k: sv_obj[k] for k in this_other_keys} # type: ignore[literal-required]
1170	1170	dumped_config = json.dumps(
1171	1171	(
1172		- {'services': {sv: other_sv_obj}}
	1172	+ {"services": {sv: other_sv_obj}}
1173	1173	if sv is not None
1174		- else {'global': other_sv_obj, 'services': {}}
	1174	+ else {"global": other_sv_obj, "services": {}}
1175	1175	),
1176	1176	ensure_ascii=False,
1177	1177	indent=None,
1178	1178	)
1179	1179	print(
1180		- shlex.join([*prog_name_list, '--import', '-']) + " <<'HERE'",
	1180	+ shlex.join([*prog_name_list, "--import", "-"]) + " <<'HERE'",
1181	1181	dumped_config,
1182		- 'HERE',
1183		- sep='\n',
	1182	+ "HERE",
	1183	+ sep="\n",
1184	1184	file=outfile,
1185	1185	)
1186	1186	if not this_service_keys and not this_other_keys and sv:
1187	1187	dumped_config = json.dumps(
1188		- {'services': {sv: {}}},
	1188	+ {"services": {sv: {}}},
1189	1189	ensure_ascii=False,
1190	1190	indent=None,
1191	1191	)
1192	1192	print(
1193		- shlex.join([*prog_name_list, '--import', '-']) + " <<'HERE'",
	1193	+ shlex.join([*prog_name_list, "--import", "-"]) + " <<'HERE'",
1194	1194	dumped_config,
1195		- 'HERE',
1196		- sep='\n',
	1195	+ "HERE",
	1196	+ sep="\n",
1197	1197	file=outfile,
1198	1198	)
1199	1199	elif this_service_keys:
1200		- tokens = [*prog_name_list, '--config']
	1200	+ tokens = [*prog_name_list, "--config"]
1201	1201	for key in this_service_keys:
1202		- tokens.extend([f'--{key}', str(sv_obj[key])]) # type: ignore[literal-required]
	1202	+ tokens.extend([f"--{key}", str(sv_obj[key])]) # type: ignore[literal-required]
1203	1203	if sv is not None:
1204		- tokens.extend(['--', sv])
	1204	+ tokens.extend(["--", sv])
1205	1205	print(shlex.join(tokens), file=outfile)

...	...	@@ -41,9 +41,9 @@ VERSION = _internals.VERSION
41	41	VERSION_OUTPUT_WRAPPING_WIDTH = 72
42	42
43	43	# Error messages
44		-NOT_AN_INTEGER = 'not an integer'
45		-NOT_A_NONNEGATIVE_INTEGER = 'not a non-negative integer'
46		-NOT_A_POSITIVE_INTEGER = 'not a positive integer'
	44	+NOT_AN_INTEGER = "not an integer"
	45	+NOT_A_NONNEGATIVE_INTEGER = "not a non-negative integer"
	46	+NOT_A_POSITIVE_INTEGER = "not a positive integer"
47	47
48	48
49	49	# Logging
...	...	@@ -67,7 +67,7 @@ class ClickEchoStderrHandler(logging.Handler):
67	67	click.echo(
68	68	self.format(record),
69	69	err=True,
70		- color=getattr(record, 'color', None),
	70	+ color=getattr(record, "color", None),
71	71	)
72	72
73	73
...	...	@@ -103,7 +103,7 @@ class CLIofPackageFormatter(logging.Formatter):
103	103	self.package_name = (
104	104	package_name
105	105	if package_name is not None
106		- else prog_name.lower().replace(' ', '_').replace('-', '_')
	106	+ else prog_name.lower().replace(" ", "_").replace("-", "_")
107	107	)
108	108
109	109	def format(self, record: logging.LogRecord) -> str:
...	...	@@ -142,38 +142,38 @@ class CLIofPackageFormatter(logging.Formatter):
142	142
143	143	"""
144	144	preliminary_result = record.getMessage()
145		- prefix = f'{self.prog_name}: '
146		- if record.levelname == 'DEBUG': # pragma: no cover [unused]
147		- level_indicator = 'Debug: '
148		- elif record.levelname == 'INFO':
149		- level_indicator = ''
150		- elif record.levelname == 'WARNING':
	145	+ prefix = f"{self.prog_name}: "
	146	+ if record.levelname == "DEBUG": # pragma: no cover [unused]
	147	+ level_indicator = "Debug: "
	148	+ elif record.levelname == "INFO":
	149	+ level_indicator = ""
	150	+ elif record.levelname == "WARNING":
151	151	level_indicator = (
152		- f'{click.style("Deprecation warning", bold=True)}: '
153		- if record.name.endswith('.deprecation')
154		- else f'{click.style("Warning", bold=True)}: '
	152	+ f"{click.style('Deprecation warning', bold=True)}: "
	153	+ if record.name.endswith(".deprecation")
	154	+ else f"{click.style('Warning', bold=True)}: "
155	155	)
156		- elif record.levelname in {'ERROR', 'CRITICAL'}:
157		- level_indicator = ''
	156	+ elif record.levelname in {"ERROR", "CRITICAL"}:
	157	+ level_indicator = ""
158	158	else: # pragma: no cover [failsafe]
159		- msg = f'Unsupported logging level: {record.levelname}'
	159	+ msg = f"Unsupported logging level: {record.levelname}"
160	160	raise AssertionError(msg)
161	161	parts = [
162		- ''.join(
	162	+ "".join(
163	163	prefix + level_indicator + line
164	164	for line in preliminary_result.splitlines(True) # noqa: FBT003
165	165	)
166	166	]
167	167	if record.exc_info:
168		- parts.append(self.formatException(record.exc_info) + '\n')
169		- return ''.join(parts)
	168	+ parts.append(self.formatException(record.exc_info) + "\n")
	169	+ return "".join(parts)
170	170
171	171
172	172	class StandardCLILogging:
173	173	"""Set up CLI logging handlers upon instantiation."""
174	174
175	175	prog_name = PROG_NAME
176		- package_name = PROG_NAME.lower().replace(' ', '_').replace('-', '_')
	176	+ package_name = PROG_NAME.lower().replace(" ", "_").replace("-", "_")
177	177	cli_formatter = CLIofPackageFormatter(
178	178	prog_name=prog_name, package_name=package_name
179	179	)
...	...	@@ -182,7 +182,7 @@ class StandardCLILogging:
182	182	cli_handler.setFormatter(cli_formatter)
183	183	cli_handler.setLevel(logging.WARNING)
184	184	warnings_handler = ClickEchoStderrHandler()
185		- warnings_handler.addFilter(logging.Filter(name='py.warnings'))
	185	+ warnings_handler.addFilter(logging.Filter(name="py.warnings"))
186	186	warnings_handler.setFormatter(cli_formatter)
187	187	warnings_handler.setLevel(logging.WARNING)
188	188
...	...	@@ -264,7 +264,7 @@ class StandardWarningsLoggingContextManager(StandardLoggingContextManager):
264	264	self,
265	265	handler: logging.Handler,
266	266	) -> None:
267		- super().__init__(handler=handler, root_logger='py.warnings')
	267	+ super().__init__(handler=handler, root_logger="py.warnings")
268	268	self.stack: MutableSequence[
269	269	tuple[
270	270	Callable[
...	...	@@ -303,7 +303,7 @@ class StandardWarningsLoggingContextManager(StandardLoggingContextManager):
303	303	message, category, filename, lineno, file, line
304	304	)
305	305	else:
306		- logging.getLogger('py.warnings').warning(
	306	+ logging.getLogger("py.warnings").warning(
307	307	str(
308	308	warnings.formatwarning(
309	309	message, category, filename, lineno, line
...	...	@@ -330,8 +330,8 @@ class StandardWarningsLoggingContextManager(StandardLoggingContextManager):
330	330	return ret
331	331
332	332
333		-P = ParamSpec('P')
334		-R = TypeVar('R')
	333	+P = ParamSpec("P")
	334	+R = TypeVar("R")
335	335
336	336
337	337	def adjust_logging_level(
...	...	@@ -375,9 +375,9 @@ class OptionGroupOption(click.Option):
375	375
376	376	"""
377	377
378		- option_group_name: object = ''
	378	+ option_group_name: object = ""
379	379	""""""
380		- epilog: object = ''
	380	+ epilog: object = ""
381	381	""""""
382	382
383	383	def __init__(self, args: Any, *kwargs: Any) -> None: # noqa: ANN401
...	...	@@ -390,7 +390,7 @@ class OptionGroupOption(click.Option):
390	390	# help text from the constructor arguments and re-adding it,
391	391	# unprocessed, after constructor finishes.
392	392	unset = object()
393		- help = kwargs.pop('help', unset) # noqa: A001
	393	+ help = kwargs.pop("help", unset) # noqa: A001
394	394	super().__init__(args, *kwargs)
395	395	if help is not unset: # pragma: no branch
396	396	self.help = help
...	...	@@ -458,7 +458,7 @@ class CommandWithHelpGroups(click.Command):
458	458	@staticmethod
459	459	def _text(text: object, /) -> str:
460	460	if isinstance(text, (list, tuple)):
461		- return '\n\n'.join(str(x) for x in text)
	461	+ return "\n\n".join(str(x) for x in text)
462	462	return str(text)
463	463
464	464	# This method is based on click 8.1; see the comment above the class
...	...	@@ -542,7 +542,7 @@ class CommandWithHelpGroups(click.Command):
542	542	self._text(self.help), limit
543	543	)
544	544	else: # pragma: no cover [external-api]
545		- text = ''
	545	+ text = ""
546	546	if self.deprecated: # pragma: no cover [external-api]
547	547	# Modification against click 8.1: The translated string is
548	548	# looked up in the derivepassphrase message domain, not the
...	...	@@ -574,9 +574,9 @@ class CommandWithHelpGroups(click.Command):
574	574	# Used to implement translatable strings, as objects that
575	575	# stringify to the translation.
576	576	text = (
577		- inspect.cleandoc(self._text(self.help).partition('\f')[0])
	577	+ inspect.cleandoc(self._text(self.help).partition("\f")[0])
578	578	if self.help is not None
579		- else ''
	579	+ else ""
580	580	)
581	581	if self.deprecated: # pragma: no cover [external-api]
582	582	# Modification against click 8.1: The translated string is
...	...	@@ -623,7 +623,7 @@ class CommandWithHelpGroups(click.Command):
623	623	The formatter for the `--help` listing.
624	624
625	625	"""
626		- default_group_name = ''
	626	+ default_group_name = ""
627	627	help_records: dict[str, list[tuple[str, str]]] = {}
628	628	epilogs: dict[str, str] = {}
629	629	params = self.params[:]
...	...	@@ -656,7 +656,7 @@ class CommandWithHelpGroups(click.Command):
656	656	for group_name, records in help_records.items():
657	657	with formatter.section(group_name):
658	658	formatter.write_dl(records)
659		- epilog = inspect.cleandoc(epilogs.get(group_name, ''))
	659	+ epilog = inspect.cleandoc(epilogs.get(group_name, ""))
660	660	if epilog:
661	661	formatter.write_paragraph()
662	662	with formatter.indentation():
...	...	@@ -697,7 +697,7 @@ class CommandWithHelpGroups(click.Command):
697	697	limit = formatter.width - 6 - len(longest_command)
698	698	rows: list[tuple[str, str]] = []
699	699	for subcommand, cmd in commands:
700		- help_str = self._text(cmd.get_short_help_str(limit) or '')
	700	+ help_str = self._text(cmd.get_short_help_str(limit) or "")
701	701	rows.append((subcommand, help_str))
702	702	if rows: # pragma: no branch
703	703	commands_label = self._text(
...	...	@@ -822,20 +822,20 @@ class DefaultToVaultGroup(CommandWithHelpGroups, click.Group):
822	822	#
823	823	# END modifications for derivepassphrase
824	824	####
825		- if cmd_name.startswith('-'):
	825	+ if cmd_name.startswith("-"):
826	826	self.parse_args(ctx, ctx.args)
827	827	####
828	828	# BEGIN modifications for derivepassphrase
829	829	#
830	830	# Instead of calling ctx.fail here, default to "vault", and
831	831	# issue a deprecation warning.
832		- deprecation = logging.getLogger(f'{PROG_NAME}.deprecation')
	832	+ deprecation = logging.getLogger(f"{PROG_NAME}.deprecation")
833	833	deprecation.warning(
834	834	_msg.TranslatedString(
835	835	_msg.WarnMsgTemplate.V10_SUBCOMMAND_REQUIRED
836	836	)
837	837	)
838		- cmd_name = 'vault'
	838	+ cmd_name = "vault"
839	839	cmd = self.get_command(ctx, cmd_name)
840	840	assert cmd is not None, 'Mandatory subcommand "vault" missing!'
841	841	args = [cmd_name, *args]
...	...	@@ -984,15 +984,15 @@ def common_version_output(
984	984	del param, value
985	985	major_dependencies: list[str] = []
986	986	try:
987		- cryptography_version = importlib.metadata.version('cryptography')
	987	+ cryptography_version = importlib.metadata.version("cryptography")
988	988	except ModuleNotFoundError:
989	989	pass
990	990	else:
991		- major_dependencies.append(f'cryptography {cryptography_version}')
992		- major_dependencies.append(f'click {importlib.metadata.version("click")}')
	991	+ major_dependencies.append(f"cryptography {cryptography_version}")
	992	+ major_dependencies.append(f"click {importlib.metadata.version('click')}")
993	993
994	994	click.echo(
995		- ' '.join([
	995	+ " ".join([
996	996	click.style(PROG_NAME, bold=True),
997	997	VERSION,
998	998	]),
...	...	@@ -1022,26 +1022,26 @@ def print_version_info_types(
1022	1022	formatted_item_list_pieces: list[str] = []
1023	1023	n = len(item_list)
1024	1024	for i, item in enumerate(item_list, start=1):
1025		- space = ' '
1026		- punctuation = '.' if i == n else ','
	1025	+ space = " "
	1026	+ punctuation = "." if i == n else ","
1027	1027	if (
1028	1028	current_length + len(space) + len(item) + len(punctuation)
1029	1029	<= VERSION_OUTPUT_WRAPPING_WIDTH
1030	1030	):
1031	1031	current_length += len(space) + len(item) + len(punctuation)
1032		- piece = f'{space}{item}{punctuation}'
	1032	+ piece = f"{space}{item}{punctuation}"
1033	1033	else:
1034		- space = ' '
	1034	+ space = " "
1035	1035	current_length = len(space) + len(item) + len(punctuation)
1036		- piece = f'\n{space}{item}{punctuation}'
	1036	+ piece = f"\n{space}{item}{punctuation}"
1037	1037	formatted_item_list_pieces.append(piece)
1038	1038	click.echo(
1039		- ''.join([
	1039	+ "".join([
1040	1040	click.style(
1041	1041	str(_msg.TranslatedString(message_label)),
1042	1042	bold=True,
1043	1043	),
1044		- ''.join(formatted_item_list_pieces),
	1044	+ "".join(formatted_item_list_pieces),
1045	1045	]),
1046	1046	color=ctx.color,
1047	1047	)
...	...	@@ -1159,7 +1159,7 @@ def version_option(
1159	1159	],
1160	1160	) -> Callable[[Callable[P, R]], Callable[P, R]]:
1161	1161	return click.option(
1162		- '--version',
	1162	+ "--version",
1163	1163	is_flag=True,
1164	1164	is_eager=True,
1165	1165	expose_value=False,
...	...	@@ -1170,14 +1170,14 @@ def version_option(
1170	1170
1171	1171
1172	1172	color_forcing_pseudo_option = click.option(
1173		- '--_pseudo-option-color-forcing',
1174		- '_color_forcing',
	1173	+ "--_pseudo-option-color-forcing",
	1174	+ "_color_forcing",
1175	1175	is_flag=True,
1176	1176	is_eager=True,
1177	1177	expose_value=False,
1178	1178	hidden=True,
1179	1179	callback=color_forcing_callback,
1180		- help='(pseudo-option)',
	1180	+ help="(pseudo-option)",
1181	1181	)
1182	1182
1183	1183
...	...	@@ -1228,12 +1228,12 @@ class LoggingOption(OptionGroupOption):
1228	1228	"""Logging options for the CLI."""
1229	1229
1230	1230	option_group_name = _msg.TranslatedString(_msg.Label.LOGGING_LABEL)
1231		- epilog = ''
	1231	+ epilog = ""
1232	1232
1233	1233
1234	1234	debug_option = click.option(
1235		- '--debug',
1236		- 'logging_level',
	1235	+ "--debug",
	1236	+ "logging_level",
1237	1237	is_flag=True,
1238	1238	flag_value=logging.DEBUG,
1239	1239	expose_value=False,
...	...	@@ -1242,9 +1242,9 @@ debug_option = click.option(
1242	1242	cls=LoggingOption,
1243	1243	)
1244	1244	verbose_option = click.option(
1245		- '-v',
1246		- '--verbose',
1247		- 'logging_level',
	1245	+ "-v",
	1246	+ "--verbose",
	1247	+ "logging_level",
1248	1248	is_flag=True,
1249	1249	flag_value=logging.INFO,
1250	1250	expose_value=False,
...	...	@@ -1253,9 +1253,9 @@ verbose_option = click.option(
1253	1253	cls=LoggingOption,
1254	1254	)
1255	1255	quiet_option = click.option(
1256		- '-q',
1257		- '--quiet',
1258		- 'logging_level',
	1256	+ "-q",
	1257	+ "--quiet",
	1258	+ "logging_level",
1259	1259	is_flag=True,
1260	1260	flag_value=logging.ERROR,
1261	1261	expose_value=False,
...	...	@@ -1324,9 +1324,9 @@ class ZshComplete(click.shell_completion.ZshComplete):
1324	1324	non-degenerate.
1325	1325
1326	1326	"""
1327		- help_ = item.help or '_'
1328		- value = item.value.replace(':', r'\:' if help_ != '_' else ':')
1329		- return f'{item.type}\n{value}\n{help_}'
	1327	+ help_ = item.help or "_"
	1328	+ value = item.value.replace(":", r"\:" if help_ != "_" else ":")
	1329	+ return f"{item.type}\n{value}\n{help_}"
1330	1330
1331	1331
1332	1332	# Our ZshComplete class depends crucially on the exact shape of the Zsh

...	...	@@ -36,11 +36,11 @@ if TYPE_CHECKING:
36	36	)
37	37
38	38	__all__ = (
39		- 'SSH_AGENT',
40		- 'SSH_AGENTC',
41		- 'SSHKeyCommentPair',
42		- 'VaultConfig',
43		- 'is_vault_config',
	39	+ "SSH_AGENT",
	40	+ "SSH_AGENTC",
	41	+ "SSHKeyCommentPair",
	42	+ "VaultConfig",
	43	+ "is_vault_config",
44	44	)
45	45
46	46
...	...	@@ -49,7 +49,7 @@ class _Omitted:
49	49	return False
50	50
51	51	def __repr__(self) -> str:
52		- return '...'
	52	+ return "..."
53	53
54	54
55	55	class VaultConfigGlobalSettings(TypedDict, total=False):
...	...	@@ -95,7 +95,7 @@ class VaultConfigGlobalSettings(TypedDict, total=False):
95	95	phrase: NotRequired[str]
96	96	""""""
97	97	unicode_normalization_form: NotRequired[
98		- Literal['NFC', 'NFD', 'NFKC', 'NFKD']
	98	+ Literal["NFC", "NFD", "NFKC", "NFKD"]
99	99	]
100	100	""""""
101	101	length: NotRequired[int]
...	...	@@ -153,8 +153,8 @@ class VaultConfigServicesSettings(VaultConfigGlobalSettings, total=False):
153	153
154	154
155	155	_VaultConfig = TypedDict(
156		- '_VaultConfig',
157		- {'global': NotRequired[VaultConfigGlobalSettings]},
	156	+ "_VaultConfig",
	157	+ {"global": NotRequired[VaultConfigGlobalSettings]},
158	158	total=False,
159	159	)
160	160
...	...	@@ -193,15 +193,15 @@ def json_path(path: Sequence[str \| int], /) -> str:
193	193	JSON value.
194	194
195	195	Examples:
196		- >>> json_path(['global', 'phrase'])
	196	+ >>> json_path(["global", "phrase"])
197	197	'$.global.phrase'
198		- >>> json_path(['services', 'service name with spaces', 'length'])
	198	+ >>> json_path(["services", "service name with spaces", "length"])
199	199	'$.services["service name with spaces"].length'
200		- >>> json_path(['services', 'special\u000acharacters', 'notes'])
	200	+ >>> json_path(["services", "special\u000acharacters", "notes"])
201	201	'$.services["special\\ncharacters"].notes'
202		- >>> print(json_path(['services', 'special\u000acharacters', 'notes']))
	202	+ >>> print(json_path(["services", "special\u000acharacters", "notes"]))
203	203	$.services["special\ncharacters"].notes
204		- >>> json_path(['custom_array', 2, 0])
	204	+ >>> json_path(["custom_array", 2, 0])
205	205	'$.custom_array[2][0]'
206	206
207	207	"""
...	...	@@ -210,7 +210,7 @@ def json_path(path: Sequence[str \| int], /) -> str:
210	210	initial = (
211	211	frozenset(string.ascii_lowercase)
212	212	\| frozenset(string.ascii_uppercase)
213		- \| frozenset('_')
	213	+ \| frozenset("_")
214	214	)
215	215	chars = initial \| frozenset(string.digits)
216	216	return not (
...	...	@@ -220,15 +220,15 @@ def json_path(path: Sequence[str \| int], /) -> str:
220	220	and x[:1] in initial
221	221	)
222	222
223		- chunks = ['$']
	223	+ chunks = ["$"]
224	224	chunks.extend(
225		- f'[{json.dumps(x)}]' if needs_longhand(x) else f'.{x}' for x in path
	225	+ f"[{json.dumps(x)}]" if needs_longhand(x) else f".{x}" for x in path
226	226	)
227		- return ''.join(chunks)
	227	+ return "".join(chunks)
228	228
229	229
230	230	class _VaultConfigValidator:
231		- INVALID_CONFIG_ERROR = 'vault config is invalid'
	231	+ INVALID_CONFIG_ERROR = "vault config is invalid"
232	232
233	233	def __init__(self, maybe_config: Any) -> None: # noqa: ANN401
234	234	self.maybe_config = maybe_config
...	...	@@ -242,86 +242,86 @@ class _VaultConfigValidator:
242	242	def walk_subconfigs(
243	243	self,
244	244	) -> Iterator[tuple[tuple[str] \| tuple[str, str], str, Any]]:
245		- obj = cast('dict[str, dict[str, Any]]', self.maybe_config)
246		- if isinstance(obj.get('global', False), dict):
247		- for k, v in list(obj['global'].items()):
248		- yield ('global',), k, v
249		- for sv_name, sv_obj in list(obj['services'].items()):
	245	+ obj = cast("dict[str, dict[str, Any]]", self.maybe_config)
	246	+ if isinstance(obj.get("global", False), dict):
	247	+ for k, v in list(obj["global"].items()):
	248	+ yield ("global",), k, v
	249	+ for sv_name, sv_obj in list(obj["services"].items()):
250	250	for k, v in list(sv_obj.items()):
251		- yield ('services', sv_name), k, v
	251	+ yield ("services", sv_name), k, v
252	252
253	253	def validate( # noqa: C901,PLR0912
254	254	self,
255	255	*,
256	256	allow_unknown_settings: bool = False,
257	257	) -> None:
258		- err_obj_not_a_dict = 'vault config is not a dict'
	258	+ err_obj_not_a_dict = "vault config is not a dict"
259	259	err_non_str_service_name = (
260		- 'vault config contains non-string service name {sv_name!r}'
	260	+ "vault config contains non-string service name {sv_name!r}"
261	261	)
262		- err_not_a_dict = 'vault config entry {json_path_str} is not a dict'
263		- err_not_a_string = 'vault config entry {json_path_str} is not a string'
264		- err_not_an_int = 'vault config entry {json_path_str} is not an integer'
	262	+ err_not_a_dict = "vault config entry {json_path_str} is not a dict"
	263	+ err_not_a_string = "vault config entry {json_path_str} is not a string"
	264	+ err_not_an_int = "vault config entry {json_path_str} is not an integer"
265	265	err_unknown_setting = (
266		- 'vault config entry {json_path_str} uses unknown setting {key!r}'
	266	+ "vault config entry {json_path_str} uses unknown setting {key!r}"
267	267	)
268		- err_bad_number0 = 'vault config entry {json_path_str} is negative'
269		- err_bad_number1 = 'vault config entry {json_path_str} is not positive'
	268	+ err_bad_number0 = "vault config entry {json_path_str} is negative"
	269	+ err_bad_number1 = "vault config entry {json_path_str} is not positive"
270	270
271	271	kwargs: dict[str, Any] = {
272		- 'allow_unknown_settings': allow_unknown_settings,
	272	+ "allow_unknown_settings": allow_unknown_settings,
273	273	}
274	274	if not isinstance(self.maybe_config, dict):
275	275	raise TypeError(err_obj_not_a_dict.format(**kwargs))
276		- if 'global' in self.maybe_config:
277		- o_global = self.maybe_config['global']
	276	+ if "global" in self.maybe_config:
	277	+ o_global = self.maybe_config["global"]
278	278	if not isinstance(o_global, dict):
279		- kwargs['json_path_str'] = json_path(['global'])
	279	+ kwargs["json_path_str"] = json_path(["global"])
280	280	raise TypeError(err_not_a_dict.format(**kwargs))
281		- if not isinstance(self.maybe_config.get('services'), dict):
282		- kwargs['json_path_str'] = json_path(['services'])
	281	+ if not isinstance(self.maybe_config.get("services"), dict):
	282	+ kwargs["json_path_str"] = json_path(["services"])
283	283	raise TypeError(err_not_a_dict.format(**kwargs))
284		- for sv_name, service in self.maybe_config['services'].items():
	284	+ for sv_name, service in self.maybe_config["services"].items():
285	285	if not isinstance(sv_name, str):
286		- kwargs['sv_name'] = sv_name
	286	+ kwargs["sv_name"] = sv_name
287	287	raise TypeError(err_non_str_service_name.format(**kwargs))
288	288	if not isinstance(service, dict):
289		- kwargs['json_path_str'] = json_path(['services', sv_name])
	289	+ kwargs["json_path_str"] = json_path(["services", sv_name])
290	290	raise TypeError(err_not_a_dict.format(**kwargs))
291	291	for path, key, value in self.walk_subconfigs():
292		- kwargs['path'] = path
293		- kwargs['key'] = key
294		- kwargs['value'] = value
295		- kwargs['json_path_str'] = json_path([*path, key])
	292	+ kwargs["path"] = path
	293	+ kwargs["key"] = key
	294	+ kwargs["value"] = value
	295	+ kwargs["json_path_str"] = json_path([*path, key])
296	296	# TODO(the-13th-letter): Rewrite using structural pattern
297	297	# matching.
298	298	# https://the13thletter.info/derivepassphrase/latest/pycompatibility/#after-eol-py3.9
299		- if key in {'key', 'phrase'}:
	299	+ if key in {"key", "phrase"}:
300	300	if not isinstance(value, str):
301	301	raise TypeError(err_not_a_string.format(**kwargs))
302		- elif key == 'unicode_normalization_form' and path == ('global',):
	302	+ elif key == "unicode_normalization_form" and path == ("global",):
303	303	if not isinstance(value, str):
304	304	raise TypeError(err_not_a_string.format(**kwargs))
305	305	if not allow_unknown_settings:
306	306	raise ValueError(err_unknown_setting.format(**kwargs))
307		- elif key == 'notes' and path != ('global',):
	307	+ elif key == "notes" and path != ("global",):
308	308	if not isinstance(value, str):
309	309	raise TypeError(err_not_a_string.format(**kwargs))
310	310	elif key in {
311		- 'length',
312		- 'repeat',
313		- 'lower',
314		- 'upper',
315		- 'number',
316		- 'space',
317		- 'dash',
318		- 'symbol',
	311	+ "length",
	312	+ "repeat",
	313	+ "lower",
	314	+ "upper",
	315	+ "number",
	316	+ "space",
	317	+ "dash",
	318	+ "symbol",
319	319	}:
320	320	if not isinstance(value, int):
321	321	raise TypeError(err_not_an_int.format(**kwargs))
322		- if key == 'length' and value < 1:
	322	+ if key == "length" and value < 1:
323	323	raise ValueError(err_bad_number1.format(**kwargs))
324		- if key != 'length' and value < 0:
	324	+ if key != "length" and value < 0:
325	325	raise ValueError(err_bad_number0.format(**kwargs))
326	326	elif not allow_unknown_settings:
327	327	raise ValueError(err_unknown_setting.format(**kwargs))
...	...	@@ -330,19 +330,19 @@ class _VaultConfigValidator:
330	330	obj = self.maybe_config
331	331	if (
332	332	not isinstance(obj, dict)
333		- or 'services' not in obj
334		- or not isinstance(obj['services'], dict)
	333	+ or "services" not in obj
	334	+ or not isinstance(obj["services"], dict)
335	335	):
336	336	raise ValueError(
337	337	self.INVALID_CONFIG_ERROR
338	338	) # pragma: no cover [failsafe]
339		- if 'global' in obj and not isinstance(obj['global'], dict):
	339	+ if "global" in obj and not isinstance(obj["global"], dict):
340	340	raise ValueError(
341	341	self.INVALID_CONFIG_ERROR
342	342	) # pragma: no cover [failsafe]
343	343	if not all(
344	344	isinstance(service_obj, dict)
345		- for service_obj in obj['services'].values()
	345	+ for service_obj in obj["services"].values()
346	346	):
347	347	raise ValueError(
348	348	self.INVALID_CONFIG_ERROR
...	...	@@ -357,60 +357,60 @@ class _VaultConfigValidator:
357	357	)
358	358
359	359	def falsy_but_not_string(value: Any) -> bool: # noqa: ANN401
360		- return not js_truthiness(value) and value != '' # noqa: PLC1901
	360	+ return not js_truthiness(value) and value != "" # noqa: PLC1901
361	361
362	362	for path, key, value in self.walk_subconfigs():
363	363	service_obj = self.traverse_path(path)
364	364	# TODO(the-13th-letter): Rewrite using structural pattern
365	365	# matching.
366	366	# https://the13thletter.info/derivepassphrase/latest/pycompatibility/#after-eol-py3.9
367		- if key == 'phrase' and falsy_but_not_string(value):
	367	+ if key == "phrase" and falsy_but_not_string(value):
368	368	yield CleanupStep(
369		- (*path, key), service_obj[key], 'replace', ''
	369	+ (*path, key), service_obj[key], "replace", ""
370	370	)
371		- service_obj[key] = ''
372		- elif key == 'notes' and falsy(value):
	371	+ service_obj[key] = ""
	372	+ elif key == "notes" and falsy(value):
373	373	yield CleanupStep(
374		- (*path, key), service_obj[key], 'remove', None
	374	+ (*path, key), service_obj[key], "remove", None
375	375	)
376	376	service_obj.pop(key)
377		- elif key == 'key' and falsy(value):
378		- if path == ('global',):
	377	+ elif key == "key" and falsy(value):
	378	+ if path == ("global",):
379	379	yield CleanupStep(
380		- (*path, key), service_obj[key], 'remove', None
	380	+ (*path, key), service_obj[key], "remove", None
381	381	)
382	382	service_obj.pop(key)
383	383	else:
384	384	yield CleanupStep(
385		- (*path, key), service_obj[key], 'replace', ''
	385	+ (*path, key), service_obj[key], "replace", ""
386	386	)
387		- service_obj[key] = ''
388		- elif key == 'length' and falsy(value):
	387	+ service_obj[key] = ""
	388	+ elif key == "length" and falsy(value):
389	389	yield CleanupStep(
390		- (*path, key), service_obj[key], 'replace', 20
	390	+ (*path, key), service_obj[key], "replace", 20
391	391	)
392	392	service_obj[key] = 20
393		- elif key == 'repeat' and falsy_but_not_zero(value):
394		- yield CleanupStep((*path, key), service_obj[key], 'replace', 0)
	393	+ elif key == "repeat" and falsy_but_not_zero(value):
	394	+ yield CleanupStep((*path, key), service_obj[key], "replace", 0)
395	395	service_obj[key] = 0
396	396	elif key in {
397		- 'lower',
398		- 'upper',
399		- 'number',
400		- 'space',
401		- 'dash',
402		- 'symbol',
	397	+ "lower",
	398	+ "upper",
	399	+ "number",
	400	+ "space",
	401	+ "dash",
	402	+ "symbol",
403	403	} and falsy_but_not_zero(value):
404	404	yield CleanupStep(
405		- (*path, key), service_obj[key], 'remove', None
	405	+ (*path, key), service_obj[key], "remove", None
406	406	)
407	407	service_obj.pop(key)
408	408
409	409
410	410	@overload
411	411	@deprecated(
412		- 'allow_derivepassphrase_extensions argument is deprecated since v0.4.0, '
413		- 'to be removed in v1.0: no extensions are defined'
	412	+ "allow_derivepassphrase_extensions argument is deprecated since v0.4.0, "
	413	+ "to be removed in v1.0: no extensions are defined"
414	414	)
415	415	def validate_vault_config(
416	416	obj: Any, # noqa: ANN401
...	...	@@ -496,7 +496,7 @@ def is_vault_config(obj: Any) -> TypeIs[VaultConfig]: # noqa: ANN401
496	496	allow_unknown_settings=True,
497	497	)
498	498	except (TypeError, ValueError) as exc:
499		- if 'vault config ' not in str(exc): # pragma: no cover [failsafe]
	499	+ if "vault config " not in str(exc): # pragma: no cover [failsafe]
500	500	raise
501	501	return False
502	502	return True
...	...	@@ -532,7 +532,7 @@ def js_truthiness(value: Any, /) -> bool: # noqa: ANN401
532	532
533	533	""" # noqa: RUF002
534	534	try:
535		- if value in {None, False, 0, 0.0, ''}: # noqa: B033
	535	+ if value in {None, False, 0, 0.0, ""}: # noqa: B033
536	536	return False
537	537	except TypeError:
538	538	# All falsy values are hashable, so this can't be falsy.
...	...	@@ -561,7 +561,7 @@ class CleanupStep(NamedTuple):
561	561	""""""
562	562	old_value: Any
563	563	""""""
564		- action: Literal['replace', 'remove']
	564	+ action: Literal["replace", "remove"]
565	565	""""""
566	566	new_value: Any
567	567	""""""
...	...	@@ -605,7 +605,7 @@ def clean_up_falsy_vault_config_values(
605	605
606	606	# TODO(the-13th-letter): Use type variables local to each class.
607	607	# https://the13thletter.info/derivepassphrase/latest/pycompatibility/#after-eol-py3.11
608		-T_Buffer = TypeVar('T_Buffer', bound=Buffer)
	608	+T_Buffer = TypeVar("T_Buffer", bound=Buffer)
609	609	"""
610	610	A [`TypeVar`][] for classes implementing the [`Buffer`][] interface.
611	611
...	...	@@ -805,7 +805,7 @@ class PEP508Extra(str, enum.Enum):
805	805
806	806	"""
807	807
808		- EXPORT = 'export'
	808	+ EXPORT = "export"
809	809	""""""
810	810
811	811	@_feature_test_function
...	...	@@ -814,7 +814,7 @@ class PEP508Extra(str, enum.Enum):
814	814	"""Return true if [`PEP508Extra.EXPORT`][] is currently supported."""
815	815	import importlib.util # noqa: PLC0415
816	816
817		- return importlib.util.find_spec('cryptography') is not None
	817	+ return importlib.util.find_spec("cryptography") is not None
818	818
819	819	def test(self, _args: Any, *_kwargs: Any) -> bool: # noqa: ANN401
820	820	"""Return true if this extra is enabled."""
...	...	@@ -840,7 +840,7 @@ class Feature(str, enum.Enum):
840	840
841	841	"""
842	842
843		- SSH_KEY = 'master SSH key'
	843	+ SSH_KEY = "master SSH key"
844	844	""""""
845	845
846	846	@_feature_test_function
...	...	@@ -896,7 +896,7 @@ class DerivationScheme(str, enum.Enum):
896	896
897	897	"""
898	898
899		- VAULT = 'vault'
	899	+ VAULT = "vault"
900	900	""""""
901	901
902	902	def test(self, _args: Any, *_kwargs: Any) -> bool: # noqa: ANN401
...	...	@@ -923,7 +923,7 @@ class ForeignConfigurationFormat(str, enum.Enum):
923	923
924	924	"""
925	925
926		- VAULT_STOREROOM = 'vault storeroom'
	926	+ VAULT_STOREROOM = "vault storeroom"
927	927	""""""
928	928
929	929	@_feature_test_function
...	...	@@ -934,9 +934,9 @@ class ForeignConfigurationFormat(str, enum.Enum):
934	934
935	935	return not storeroom.STUBBED
936	936
937		- VAULT_V02 = 'vault v0.2'
	937	+ VAULT_V02 = "vault v0.2"
938	938	""""""
939		- VAULT_V03 = 'vault v0.3'
	939	+ VAULT_V03 = "vault v0.3"
940	940	""""""
941	941
942	942	@_feature_test_function
...	...	@@ -971,7 +971,7 @@ class ExportSubcommand(str, enum.Enum):
971	971
972	972	"""
973	973
974		- VAULT = 'vault'
	974	+ VAULT = "vault"
975	975	""""""
976	976
977	977	def test(self, _args: Any, *_kwargs: Any) -> bool: # noqa: ANN401
...	...	@@ -993,9 +993,9 @@ class Subcommand(str, enum.Enum):
993	993
994	994	"""
995	995
996		- EXPORT = 'export'
	996	+ EXPORT = "export"
997	997	""""""
998		- VAULT = 'vault'
	998	+ VAULT = "vault"
999	999	""""""
1000	1000
1001	1001	def test(self, _args: Any, *_kwargs: Any) -> bool: # noqa: ANN401
...	...	@@ -1033,7 +1033,7 @@ class SSHAgentSocket(Protocol):
1033	1033	def recv(self, data: int, flags: int = 0, /) -> bytes: ...
1034	1034
1035	1035
1036		-SSHAgentSocketProvider: TypeAlias = 'Callable[[], SSHAgentSocket]'
	1036	+SSHAgentSocketProvider: TypeAlias = "Callable[[], SSHAgentSocket]"
1037	1037	"""A callable that provides an SSH agent socket."""
1038	1038
1039	1039

...	...	@@ -21,7 +21,7 @@ __all__ = ()
21	21
22	22
23	23	INVALID_VAULT_NATIVE_CONFIGURATION_FORMAT = (
24		- 'Invalid vault native configuration format: {fmt!r}'
	24	+ "Invalid vault native configuration format: {fmt!r}"
25	25	)
26	26
27	27
...	...	@@ -39,11 +39,11 @@ class NotAVaultConfigError(ValueError):
39	39	def __str__(self) -> str: # pragma: no cover [failsafe]
40	40	"""""" # noqa: D419
41	41	formatted_format = (
42		- f'vault {self.format} configuration'
	42	+ f"vault {self.format} configuration"
43	43	if self.format
44		- else 'vault configuration'
	44	+ else "vault configuration"
45	45	)
46		- return f'Not a {formatted_format}: {self.path!r}'
	46	+ return f"Not a {formatted_format}: {self.path!r}"
47	47
48	48
49	49	def get_vault_key() -> bytes:
...	...	@@ -66,22 +66,22 @@ def get_vault_key() -> bytes:
66	66	"""
67	67
68	68	def getenv_environb(env_var: str) -> bytes: # pragma: no cover [external]
69		- return os.environb.get(env_var.encode('UTF-8'), b'') # type: ignore[attr-defined]
	69	+ return os.environb.get(env_var.encode("UTF-8"), b"") # type: ignore[attr-defined]
70	70
71	71	def getenv_environ(env_var: str) -> bytes: # pragma: no cover [external]
72		- return os.environ.get(env_var, '').encode('UTF-8')
	72	+ return os.environ.get(env_var, "").encode("UTF-8")
73	73
74	74	getenv: Callable[[str], bytes] = (
75	75	getenv_environb if os.supports_bytes_environ else getenv_environ
76	76	)
77	77	username = (
78		- getenv('VAULT_KEY')
79		- or getenv('LOGNAME')
80		- or getenv('USER')
81		- or getenv('USERNAME')
	78	+ getenv("VAULT_KEY")
	79	+ or getenv("LOGNAME")
	80	+ or getenv("USER")
	81	+ or getenv("USERNAME")
82	82	)
83	83	if not username:
84		- env_var = 'VAULT_KEY'
	84	+ env_var = "VAULT_KEY"
85	85	raise KeyError(env_var)
86	86	return username
87	87
...	...	@@ -104,7 +104,7 @@ def get_vault_path() -> pathlib.Path:
104	104
105	105	"""
106	106	return pathlib.Path(
107		- '~', os.environ.get('VAULT_PATH', '.vault')
	107	+ "~", os.environ.get("VAULT_PATH", ".vault")
108	108	).expanduser()
109	109
110	110
...	...	@@ -181,10 +181,10 @@ def register_export_vault_config_data_handler(
181	181	*names: str,
182	182	) -> Callable[[ExportVaultConfigDataFunction], ExportVaultConfigDataFunction]:
183	183	if not names:
184		- msg = 'No names given to export_data handler registry'
	184	+ msg = "No names given to export_data handler registry"
185	185	raise ValueError(msg)
186		- if '' in names:
187		- msg = 'Cannot register export_data handler under an empty name'
	186	+ if "" in names:
	187	+ msg = "Cannot register export_data handler under an empty name"
188	188	raise ValueError(msg)
189	189
190	190	def wrapper(
...	...	@@ -192,7 +192,7 @@ def register_export_vault_config_data_handler(
192	192	) -> ExportVaultConfigDataFunction:
193	193	for name in names:
194	194	if name in _export_vault_config_data_registry:
195		- msg = f'export_data handler already registered: {name!r}'
	195	+ msg = f"export_data handler already registered: {name!r}"
196	196	raise ValueError(msg)
197	197	_export_vault_config_data_registry[name] = f
198	198	return f
...	...	@@ -214,8 +214,8 @@ def find_vault_config_data_handlers() -> None:
214	214	# imports. The modules themselves contain function definitions that
215	215	# register themselves automatically with
216	216	# `_export_vault_config_data_registry`.
217		- importlib.import_module('derivepassphrase.exporter.storeroom')
218		- importlib.import_module('derivepassphrase.exporter.vault_native')
	217	+ importlib.import_module("derivepassphrase.exporter.storeroom")
	218	+ importlib.import_module("derivepassphrase.exporter.vault_native")
219	219
220	220
221	221	def export_vault_config_data(

...	...	@@ -50,7 +50,7 @@ if TYPE_CHECKING:
50	50	STUBBED = False
51	51	else:
52	52	try:
53		- importlib.import_module('cryptography')
	53	+ importlib.import_module("cryptography")
54	54	except ModuleNotFoundError as exc:
55	55
56	56	class _DummyModule:
...	...	@@ -78,24 +78,24 @@ else:
78	78
79	79	STUBBED = False
80	80
81		-STOREROOM_MASTER_KEYS_UUID = b'35b7c7ed-f71e-4adf-9051-02fb0f1e0e17'
82		-VAULT_CIPHER_UUID = b'73e69e8a-cb05-4b50-9f42-59d76a511299'
	81	+STOREROOM_MASTER_KEYS_UUID = b"35b7c7ed-f71e-4adf-9051-02fb0f1e0e17"
	82	+VAULT_CIPHER_UUID = b"73e69e8a-cb05-4b50-9f42-59d76a511299"
83	83	IV_SIZE = 16
84	84	KEY_SIZE = MAC_SIZE = 32
85	85	ENCRYPTED_KEYPAIR_SIZE = 128
86	86	VERSION_SIZE = 1
87	87
88		-__all__ = ('export_storeroom_data',)
	88	+__all__ = ("export_storeroom_data",)
89	89
90	90	logger = logging.getLogger(__name__)
91	91
92	92
93		-@exporter.register_export_vault_config_data_handler('storeroom')
	93	+@exporter.register_export_vault_config_data_handler("storeroom")
94	94	def export_storeroom_data( # noqa: C901,D417,PLR0912,PLR0914,PLR0915
95	95	path: str \| bytes \| os.PathLike \| None = None,
96	96	key: str \| Buffer \| None = None,
97	97	*,
98		- format: str = 'storeroom', # noqa: A002
	98	+ format: str = "storeroom", # noqa: A002
99	99	) -> dict[str, Any]:
100	100	"""Export the full configuration stored in the storeroom.
101	101
...	...	@@ -108,39 +108,39 @@ def export_storeroom_data( # noqa: C901,D417,PLR0912,PLR0914,PLR0915
108	108
109	109	""" # noqa: DOC201,DOC501
110	110	# Trigger import errors if necessary.
111		- importlib.import_module('cryptography')
	111	+ importlib.import_module("cryptography")
112	112	if path is None:
113	113	path = exporter.get_vault_path()
114	114	else:
115	115	path = pathlib.Path(os.fsdecode(path))
116	116	if key is None:
117	117	key = exporter.get_vault_key()
118		- if format != 'storeroom': # pragma: no cover [failsafe]
	118	+ if format != "storeroom": # pragma: no cover [failsafe]
119	119	msg = exporter.INVALID_VAULT_NATIVE_CONFIGURATION_FORMAT.format(
120	120	fmt=format
121	121	)
122	122	raise ValueError(msg)
123	123	try:
124		- master_keys_file = pathlib.Path(path, '.keys').open( # noqa: SIM115
125		- encoding='utf-8',
	124	+ master_keys_file = pathlib.Path(path, ".keys").open( # noqa: SIM115
	125	+ encoding="utf-8",
126	126	)
127	127	except FileNotFoundError as exc:
128		- raise exporter.NotAVaultConfigError(path, format='storeroom') from exc
	128	+ raise exporter.NotAVaultConfigError(path, format="storeroom") from exc
129	129	with master_keys_file:
130	130	header = json.loads(master_keys_file.readline())
131		- if header != {'version': 1}:
132		- msg = 'bad or unsupported keys version header'
	131	+ if header != {"version": 1}:
	132	+ msg = "bad or unsupported keys version header"
133	133	raise RuntimeError(msg)
134	134	raw_keys_data = base64.standard_b64decode(master_keys_file.readline())
135	135	encrypted_keys_params, encrypted_keys = struct.unpack(
136		- f'B {len(raw_keys_data) - 1}s', raw_keys_data
	136	+ f"B {len(raw_keys_data) - 1}s", raw_keys_data
137	137	)
138	138	if master_keys_file.read():
139		- msg = 'trailing data; cannot make sense of .keys file'
	139	+ msg = "trailing data; cannot make sense of .keys file"
140	140	raise RuntimeError(msg)
141	141	encrypted_keys_version = encrypted_keys_params >> 4
142	142	if encrypted_keys_version != 1:
143		- msg = f'cannot handle version {encrypted_keys_version} encrypted keys'
	143	+ msg = f"cannot handle version {encrypted_keys_version} encrypted keys"
144	144	raise RuntimeError(msg)
145	145	logger.info(
146	146	_msg.TranslatedString(_msg.InfoMsgTemplate.PARSING_MASTER_KEYS_DATA)
...	...	@@ -151,7 +151,7 @@ def export_storeroom_data( # noqa: C901,D417,PLR0912,PLR0914,PLR0915
151	151
152	152	config_structure: dict[str, Any] = {}
153	153	json_contents: dict[str, bytes] = {}
154		- valid_hashdirs = list(path.glob('[01][0-9a-f]'))
	154	+ valid_hashdirs = list(path.glob("[01][0-9a-f]"))
155	155	for file in valid_hashdirs:
156	156	logger.info(
157	157	_msg.TranslatedString(
...	...	@@ -178,12 +178,12 @@ def export_storeroom_data( # noqa: C901,D417,PLR0912,PLR0914,PLR0915
178	178	_msg.TranslatedString(_msg.InfoMsgTemplate.ASSEMBLING_CONFIG_STRUCTURE)
179	179	)
180	180	for item_path, json_content in sorted(json_contents.items()):
181		- if item_path.endswith('/'):
	181	+ if item_path.endswith("/"):
182	182	logger.debug(
183	183	_msg.TranslatedString(
184	184	_msg.DebugMsgTemplate.POSTPONING_DIRECTORY_CONTENTS_CHECK,
185	185	path=item_path,
186		- contents=json_content.decode('utf-8'),
	186	+ contents=json_content.decode("utf-8"),
187	187	)
188	188	)
189	189	json_payload = json.loads(json_content)
...	...	@@ -191,8 +191,8 @@ def export_storeroom_data( # noqa: C901,D417,PLR0912,PLR0914,PLR0915
191	191	not isinstance(x, str) for x in json_payload
192	192	):
193	193	msg = (
194		- f'Directory index is not actually an index: '
195		- f'{json_content!r}'
	194	+ f"Directory index is not actually an index: "
	195	+ f"{json_content!r}"
196	196	)
197	197	raise RuntimeError(msg)
198	198	dirs_to_check[item_path] = json_payload
...	...	@@ -202,13 +202,13 @@ def export_storeroom_data( # noqa: C901,D417,PLR0912,PLR0914,PLR0915
202	202	path=item_path,
203	203	),
204	204	)
205		- _store(config_structure, item_path, b'{}')
	205	+ _store(config_structure, item_path, b"{}")
206	206	else:
207	207	logger.debug(
208	208	_msg.TranslatedString(
209	209	_msg.DebugMsgTemplate.SETTING_CONFIG_STRUCTURE_CONTENTS,
210	210	path=item_path,
211		- value=json_content.decode('utf-8'),
	211	+ value=json_content.decode("utf-8"),
212	212	),
213	213	)
214	214	_store(config_structure, item_path, json_content)
...	...	@@ -219,9 +219,9 @@ def export_storeroom_data( # noqa: C901,D417,PLR0912,PLR0914,PLR0915
219	219	)
220	220	# Sorted order is important; see `maybe_obj` below.
221	221	for dir_, namelist_ in sorted(dirs_to_check.items()):
222		- namelist = [x.rstrip('/') for x in namelist_]
	222	+ namelist = [x.rstrip("/") for x in namelist_]
223	223	obj: dict[Any, Any] = config_structure
224		- for part in dir_.split('/'):
	224	+ for part in dir_.split("/"):
225	225	if part:
226	226	# Because we iterate paths in sorted order, parent
227	227	# directories are encountered before child directories.
...	...	@@ -232,11 +232,11 @@ def export_storeroom_data( # noqa: C901,D417,PLR0912,PLR0914,PLR0915
232	232	# this, so we need to use assertions anyway.
233	233	maybe_obj = obj.get(part)
234	234	assert isinstance(maybe_obj, dict), (
235		- f'Cannot traverse storage path {dir_!r}'
	235	+ f"Cannot traverse storage path {dir_!r}"
236	236	)
237	237	obj = maybe_obj
238	238	if set(obj.keys()) != set(namelist):
239		- msg = f'Object key mismatch for path {dir_!r}'
	239	+ msg = f"Object key mismatch for path {dir_!r}"
240	240	raise RuntimeError(msg)
241	241	logger.debug(
242	242	_msg.TranslatedString(
...	...	@@ -249,7 +249,7 @@ def export_storeroom_data( # noqa: C901,D417,PLR0912,PLR0914,PLR0915
249	249
250	250
251	251	def _h(bs: Buffer) -> str:
252		- return '<{}>'.format(memoryview(bs).hex(' '))
	252	+ return "<{}>".format(memoryview(bs).hex(" "))
253	253
254	254
255	255	def _derive_master_keys_keys(
...	...	@@ -284,7 +284,7 @@ def _derive_master_keys_keys(
284	284
285	285	"""
286	286	if isinstance(password, str):
287		- password = password.encode('ASCII')
	287	+ password = password.encode("ASCII")
288	288	master_keys_keys_blob = pbkdf2.PBKDF2HMAC(
289	289	algorithm=hashes.SHA1(),
290	290	length=2 * KEY_SIZE,
...	...	@@ -292,7 +292,7 @@ def _derive_master_keys_keys(
292	292	iterations=iterations,
293	293	).derive(bytes(password))
294	294	encryption_key, signing_key = struct.unpack(
295		- f'{KEY_SIZE}s {KEY_SIZE}s', master_keys_keys_blob
	295	+ f"{KEY_SIZE}s {KEY_SIZE}s", master_keys_keys_blob
296	296	)
297	297	logger.debug(
298	298	_msg.TranslatedString(
...	...	@@ -300,7 +300,7 @@ def _derive_master_keys_keys(
300	300	enc_key=_h(encryption_key),
301	301	sign_key=_h(signing_key),
302	302	pw_bytes=_h(password),
303		- algorithm='SHA256',
	303	+ algorithm="SHA256",
304	304	length=64,
305	305	salt=STOREROOM_MASTER_KEYS_UUID,
306	306	iterations=iterations,
...	...	@@ -362,10 +362,10 @@ def _decrypt_master_keys_data(
362	362	removal.
363	363
364	364	"""
365		- data = memoryview(data).toreadonly().cast('c')
	365	+ data = memoryview(data).toreadonly().cast("c")
366	366	keys = keys.toreadonly()
367	367	ciphertext, claimed_mac = struct.unpack(
368		- f'{len(data) - MAC_SIZE}s {MAC_SIZE}s', data
	368	+ f"{len(data) - MAC_SIZE}s {MAC_SIZE}s", data
369	369	)
370	370	actual_mac = hmac.HMAC(keys.signing_key, hashes.SHA256())
371	371	actual_mac.update(ciphertext)
...	...	@@ -382,7 +382,7 @@ def _decrypt_master_keys_data(
382	382
383	383	try:
384	384	iv, payload = struct.unpack(
385		- f'{IV_SIZE}s {len(ciphertext) - IV_SIZE}s', ciphertext
	385	+ f"{IV_SIZE}s {len(ciphertext) - IV_SIZE}s", ciphertext
386	386	)
387	387	decryptor = ciphers.Cipher(
388	388	algorithms.AES256(keys.encryption_key), modes.CBC(iv)
...	...	@@ -395,10 +395,10 @@ def _decrypt_master_keys_data(
395	395	plaintext.extend(unpadder.update(padded_plaintext))
396	396	plaintext.extend(unpadder.finalize())
397	397	hashing_key, encryption_key, signing_key = struct.unpack(
398		- f'{KEY_SIZE}s {KEY_SIZE}s {KEY_SIZE}s', plaintext
	398	+ f"{KEY_SIZE}s {KEY_SIZE}s {KEY_SIZE}s", plaintext
399	399	)
400	400	except (ValueError, struct.error) as exc:
401		- msg = 'Invalid encrypted master keys payload'
	401	+ msg = "Invalid encrypted master keys payload"
402	402	raise ValueError(msg) from exc
403	403	return _types.StoreroomMasterKeys(
404	404	hashing_key=hashing_key,
...	...	@@ -455,10 +455,10 @@ def _decrypt_session_keys(
455	455	removal.
456	456
457	457	"""
458		- data = memoryview(data).toreadonly().cast('c')
	458	+ data = memoryview(data).toreadonly().cast("c")
459	459	master_keys = master_keys.toreadonly()
460	460	ciphertext, claimed_mac = struct.unpack(
461		- f'{len(data) - MAC_SIZE}s {MAC_SIZE}s', data
	461	+ f"{len(data) - MAC_SIZE}s {MAC_SIZE}s", data
462	462	)
463	463	actual_mac = hmac.HMAC(master_keys.signing_key, hashes.SHA256())
464	464	actual_mac.update(ciphertext)
...	...	@@ -475,7 +475,7 @@ def _decrypt_session_keys(
475	475
476	476	try:
477	477	iv, payload = struct.unpack(
478		- f'{IV_SIZE}s {len(ciphertext) - IV_SIZE}s', ciphertext
	478	+ f"{IV_SIZE}s {len(ciphertext) - IV_SIZE}s", ciphertext
479	479	)
480	480	decryptor = ciphers.Cipher(
481	481	algorithms.AES256(master_keys.encryption_key), modes.CBC(iv)
...	...	@@ -488,10 +488,10 @@ def _decrypt_session_keys(
488	488	plaintext.extend(unpadder.update(padded_plaintext))
489	489	plaintext.extend(unpadder.finalize())
490	490	session_encryption_key, session_signing_key = struct.unpack(
491		- f'{KEY_SIZE}s {KEY_SIZE}s', plaintext
	491	+ f"{KEY_SIZE}s {KEY_SIZE}s", plaintext
492	492	)
493	493	except (ValueError, struct.error) as exc:
494		- msg = 'Invalid encrypted session keys payload'
	494	+ msg = "Invalid encrypted session keys payload"
495	495	raise ValueError(msg) from exc
496	496
497	497	session_keys = _types.StoreroomKeyPair(
...	...	@@ -507,10 +507,10 @@ def _decrypt_session_keys(
507	507	ciphertext=_h(payload),
508	508	plaintext=_h(plaintext),
509	509	code=_msg.TranslatedString(
510		- 'StoreroomKeyPair(encryption_key=bytes.fromhex({enc_key!r}), '
511		- 'signing_key=bytes.fromhex({sign_key!r}))',
512		- enc_key=session_keys.encryption_key.hex(' '),
513		- sign_key=session_keys.signing_key.hex(' '),
	510	+ "StoreroomKeyPair(encryption_key=bytes.fromhex({enc_key!r}), "
	511	+ "signing_key=bytes.fromhex({sign_key!r}))",
	512	+ enc_key=session_keys.encryption_key.hex(" "),
	513	+ sign_key=session_keys.signing_key.hex(" "),
514	514	),
515	515	),
516	516	)
...	...	@@ -562,10 +562,10 @@ def _decrypt_contents(
562	562	removal.
563	563
564	564	"""
565		- data = memoryview(data).toreadonly().cast('c')
	565	+ data = memoryview(data).toreadonly().cast("c")
566	566	session_keys = session_keys.toreadonly()
567	567	ciphertext, claimed_mac = struct.unpack(
568		- f'{len(data) - MAC_SIZE}s {MAC_SIZE}s', data
	568	+ f"{len(data) - MAC_SIZE}s {MAC_SIZE}s", data
569	569	)
570	570	actual_mac = hmac.HMAC(session_keys.signing_key, hashes.SHA256())
571	571	actual_mac.update(ciphertext)
...	...	@@ -581,7 +581,7 @@ def _decrypt_contents(
581	581	actual_mac.verify(claimed_mac)
582	582
583	583	iv, payload = struct.unpack(
584		- f'{IV_SIZE}s {len(ciphertext) - IV_SIZE}s', ciphertext
	584	+ f"{IV_SIZE}s {len(ciphertext) - IV_SIZE}s", ciphertext
585	585	)
586	586	decryptor = ciphers.Cipher(
587	587	algorithms.AES256(session_keys.encryption_key), modes.CBC(iv)
...	...	@@ -638,7 +638,7 @@ def _decrypt_bucket_item(
638	638	removal.
639	639
640	640	"""
641		- bucket_item = memoryview(bucket_item).toreadonly().cast('c')
	641	+ bucket_item = memoryview(bucket_item).toreadonly().cast("c")
642	642	master_keys = master_keys.toreadonly()
643	643	logger.debug(
644	644	_msg.TranslatedString(
...	...	@@ -650,13 +650,13 @@ def _decrypt_bucket_item(
650	650	)
651	651	data_version, encrypted_session_keys, data_contents = struct.unpack(
652	652	(
653		- f'B {ENCRYPTED_KEYPAIR_SIZE}s '
654		- f'{len(bucket_item) - 1 - ENCRYPTED_KEYPAIR_SIZE}s'
	653	+ f"B {ENCRYPTED_KEYPAIR_SIZE}s "
	654	+ f"{len(bucket_item) - 1 - ENCRYPTED_KEYPAIR_SIZE}s"
655	655	),
656	656	bucket_item,
657	657	)
658	658	if data_version != 1:
659		- msg = f'Cannot handle version {data_version} encrypted data'
	659	+ msg = f"Cannot handle version {data_version} encrypted data"
660	660	raise ValueError(msg)
661	661	session_keys = _decrypt_session_keys(encrypted_session_keys, master_keys)
662	662	return _decrypt_contents(data_contents, session_keys)
...	...	@@ -666,7 +666,7 @@ def _decrypt_bucket_file(
666	666	filename: str \| bytes \| os.PathLike,
667	667	master_keys: _types.StoreroomMasterKeys,
668	668	*,
669		- root_dir: str \| bytes \| os.PathLike = '.',
	669	+ root_dir: str \| bytes \| os.PathLike = ".",
670	670	) -> Iterator[Buffer]:
671	671	"""Decrypt a complete bucket.
672	672
...	...	@@ -701,15 +701,15 @@ def _decrypt_bucket_file(
701	701	master_keys = master_keys.toreadonly()
702	702	root_dir = pathlib.Path(os.fsdecode(root_dir))
703	703	filename = pathlib.Path(os.fsdecode(filename))
704		- with (root_dir / filename).open('rb') as bucket_file:
	704	+ with (root_dir / filename).open("rb") as bucket_file:
705	705	header_line = bucket_file.readline()
706	706	try:
707	707	header = json.loads(header_line)
708	708	except ValueError as exc:
709		- msg = f'Invalid bucket file: {filename}'
	709	+ msg = f"Invalid bucket file: {filename}"
710	710	raise ValueError(msg) from exc
711		- if header != {'version': 1}:
712		- msg = f'Invalid bucket file: {filename}'
	711	+ if header != {"version": 1}:
	712	+ msg = f"Invalid bucket file: {filename}"
713	713	raise ValueError(msg) from None
714	714	for line in bucket_file:
715	715	yield _decrypt_bucket_item(
...	...	@@ -740,14 +740,14 @@ def _store(config: dict[str, Any], path: str, json_contents: bytes) -> None:
740	740
741	741	"""
742	742	contents = json.loads(json_contents)
743		- path_parts = [part for part in path.split('/') if part]
	743	+ path_parts = [part for part in path.split("/") if part]
744	744	for part in path_parts[:-1]:
745	745	config = config.setdefault(part, {})
746	746	if path_parts:
747	747	config[path_parts[-1]] = contents
748	748
749	749
750		-if __name__ == '__main__':
751		- logging.basicConfig(level=('DEBUG' if os.getenv('DEBUG') else 'WARNING'))
752		- config_structure = export_storeroom_data(format='storeroom')
	750	+if __name__ == "__main__":
	751	+ logging.basicConfig(level=("DEBUG" if os.getenv("DEBUG") else "WARNING"))
	752	+ config_structure = export_storeroom_data(format="storeroom")
753	753	print(json.dumps(config_structure, indent=2, sort_keys=True)) # noqa: T201

...	...	@@ -54,7 +54,7 @@ if TYPE_CHECKING:
54	54	STUBBED = False
55	55	else:
56	56	try:
57		- importlib.import_module('cryptography')
	57	+ importlib.import_module("cryptography")
58	58	except ModuleNotFoundError as exc:
59	59
60	60	class _DummyModule:
...	...	@@ -85,12 +85,12 @@ else:
85	85
86	86	STUBBED = False
87	87
88		-__all__ = ('export_vault_native_data',)
	88	+__all__ = ("export_vault_native_data",)
89	89
90	90	logger = logging.getLogger(__name__)
91	91
92	92
93		-@exporter.register_export_vault_config_data_handler('v0.2', 'v0.3')
	93	+@exporter.register_export_vault_config_data_handler("v0.2", "v0.3")
94	94	def export_vault_native_data( # noqa: D417
95	95	path: str \| bytes \| os.PathLike \| None = None,
96	96	key: str \| Buffer \| None = None,
...	...	@@ -108,18 +108,18 @@ def export_vault_native_data( # noqa: D417
108	108
109	109	""" # noqa: DOC201,DOC501
110	110	# Trigger import errors if necessary.
111		- importlib.import_module('cryptography')
	111	+ importlib.import_module("cryptography")
112	112	if path is None:
113	113	path = exporter.get_vault_path()
114	114	else:
115	115	path = pathlib.Path(os.fsdecode(path))
116		- with path.open('rb') as infile:
	116	+ with path.open("rb") as infile:
117	117	contents = base64.standard_b64decode(infile.read())
118	118	if key is None:
119	119	key = exporter.get_vault_key()
120	120	parser_class: type[VaultNativeConfigParser] \| None = {
121		- 'v0.2': VaultNativeV02ConfigParser,
122		- 'v0.3': VaultNativeV03ConfigParser,
	121	+ "v0.2": VaultNativeV02ConfigParser,
	122	+ "v0.3": VaultNativeV03ConfigParser,
123	123	}.get(format)
124	124	if parser_class is None: # pragma: no cover [failsafe]
125	125	msg = exporter.INVALID_VAULT_NATIVE_CONFIGURATION_FORMAT.format(
...	...	@@ -133,7 +133,7 @@ def export_vault_native_data( # noqa: D417
133	133
134	134
135	135	def _h(bs: Buffer) -> str:
136		- return '<{}>'.format(memoryview(bs).hex(' '))
	136	+ return "<{}>".format(memoryview(bs).hex(" "))
137	137
138	138
139	139	class VaultNativeConfigParser(abc.ABC):
...	...	@@ -175,20 +175,20 @@ class VaultNativeConfigParser(abc.ABC):
175	175
176	176	"""
177	177	if not password:
178		- msg = 'Password must not be empty'
	178	+ msg = "Password must not be empty"
179	179	raise ValueError(msg)
180	180	self._consistency_lock = threading.RLock()
181	181	self._contents = bytes(contents)
182	182	self._iv_size = 0
183	183	self._mac_size = 0
184		- self._encryption_key = b''
	184	+ self._encryption_key = b""
185	185	self._encryption_key_size = 0
186		- self._signing_key = b''
	186	+ self._signing_key = b""
187	187	self._signing_key_size = 0
188		- self._message = b''
189		- self._message_tag = b''
190		- self._iv = b''
191		- self._payload = b''
	188	+ self._message = b""
	189	+ self._message_tag = b""
	190	+ self._iv = b""
	191	+ self._payload = b""
192	192	self._password = password
193	193	self._sentinel: object = object()
194	194	self._data: Any = self._sentinel
...	...	@@ -247,14 +247,14 @@ class VaultNativeConfigParser(abc.ABC):
247	247
248	248	"""
249	249	if isinstance(password, str):
250		- password = password.encode('utf-8')
	250	+ password = password.encode("utf-8")
251	251	raw_key = pbkdf2.PBKDF2HMAC(
252	252	algorithm=hashes.SHA1(),
253	253	length=key_size // 2,
254	254	salt=vault.Vault.UUID,
255	255	iterations=iterations,
256	256	).derive(bytes(password))
257		- result_key = raw_key.hex().lower().encode('ASCII')
	257	+ result_key = raw_key.hex().lower().encode("ASCII")
258	258	logger.debug(
259	259	_msg.TranslatedString(
260	260	_msg.DebugMsgTemplate.VAULT_NATIVE_PBKDF2_CALL,
...	...	@@ -262,9 +262,9 @@ class VaultNativeConfigParser(abc.ABC):
262	262	salt=vault.Vault.UUID,
263	263	iterations=iterations,
264	264	key_size=key_size // 2,
265		- algorithm='sha1',
	265	+ algorithm="sha1",
266	266	raw_result=raw_key,
267		- result_key=result_key.decode('ASCII'),
	267	+ result_key=result_key.decode("ASCII"),
268	268	),
269	269	)
270	270	return result_key
...	...	@@ -295,7 +295,7 @@ class VaultNativeConfigParser(abc.ABC):
295	295	mac_size = self._mac_size
296	296
297	297	if len(contents) < iv_size + 16 + mac_size:
298		- msg = 'Invalid vault configuration file: file is truncated'
	298	+ msg = "Invalid vault configuration file: file is truncated"
299	299	raise ValueError(msg)
300	300
301	301	cutpos1 = len(contents) - mac_size
...	...	@@ -333,10 +333,10 @@ class VaultNativeConfigParser(abc.ABC):
333	333	with self._consistency_lock:
334	334	self._generate_keys()
335	335	assert len(self._encryption_key) == self._encryption_key_size, (
336		- 'Derived encryption key is invalid'
	336	+ "Derived encryption key is invalid"
337	337	)
338	338	assert len(self._signing_key) == self._signing_key_size, (
339		- 'Derived signing key is invalid'
	339	+ "Derived signing key is invalid"
340	340	)
341	341
342	342	@abc.abstractmethod
...	...	@@ -384,7 +384,7 @@ class VaultNativeConfigParser(abc.ABC):
384	384	try:
385	385	mac.verify(mac_expected)
386	386	except crypt_exceptions.InvalidSignature:
387		- msg = 'File does not contain a valid signature'
	387	+ msg = "File does not contain a valid signature"
388	388	raise ValueError(msg) from None
389	389
390	390	@abc.abstractmethod
...	...	@@ -513,7 +513,7 @@ class VaultNativeV03ConfigParser(VaultNativeConfigParser):
513	513	This includes hexadecimal encoding of the message payload.
514	514
515	515	"""
516		- return self._message.hex().lower().encode('ASCII')
	516	+ return self._message.hex().lower().encode("ASCII")
517	517
518	518	def _make_decryptor(self) -> ciphers.CipherContext:
519	519	"""Return the cipher context object used for decryption.
...	...	@@ -575,7 +575,7 @@ class VaultNativeV02ConfigParser(VaultNativeConfigParser):
575	575	super()._parse_contents()
576	576	payload = self._payload = base64.standard_b64decode(self._payload)
577	577	message_tag = self._message_tag = bytes.fromhex(
578		- self._message_tag.decode('ASCII')
	578	+ self._message_tag.decode("ASCII")
579	579	)
580	580	logger.debug(
581	581	_msg.TranslatedString(
...	...	@@ -647,7 +647,7 @@ class VaultNativeV02ConfigParser(VaultNativeConfigParser):
647	647	value (if any):
648	648
649	649	~~~~ python
650		- data = block_input = b''.join([previous_block, input_string, salt])
	650	+ data = block_input = b"".join([previous_block, input_string, salt])
651	651	for i in range(iteration_count):
652	652	data = message_digest(data)
653	653	block = data
...	...	@@ -683,8 +683,8 @@ class VaultNativeV02ConfigParser(VaultNativeConfigParser):
683	683	"""
684	684	total_size = key_size + iv_size
685	685	buffer = bytearray()
686		- last_block = b''
687		- salt = b''
	686	+ last_block = b""
	687	+ salt = b""
688	688	logger.debug(
689	689	_msg.TranslatedString(
690	690	_msg.DebugMsgTemplate.VAULT_NATIVE_EVP_BYTESTOKEY_INIT,
...	...	@@ -699,7 +699,7 @@ class VaultNativeV02ConfigParser(VaultNativeConfigParser):
699	699	while len(buffer) < total_size:
700	700	with warnings.catch_warnings():
701	701	warnings.simplefilter(
702		- 'ignore', crypt_utils.CryptographyDeprecationWarning
	702	+ "ignore", crypt_utils.CryptographyDeprecationWarning
703	703	)
704	704	block = hashes.Hash(hashes.MD5())
705	705	block.update(last_block)
...	...	@@ -753,11 +753,11 @@ class VaultNativeV02ConfigParser(VaultNativeConfigParser):
753	753	).decryptor()
754	754
755	755
756		-if __name__ == '__main__':
	756	+if __name__ == "__main__":
757	757	import os
758	758
759		- logging.basicConfig(level=('DEBUG' if os.getenv('DEBUG') else 'WARNING'))
760		- with exporter.get_vault_path().open('rb') as infile:
	759	+ logging.basicConfig(level=("DEBUG" if os.getenv("DEBUG") else "WARNING"))
	760	+ with exporter.get_vault_path().open("rb") as infile:
761	761	contents = base64.standard_b64decode(infile.read())
762	762	password = exporter.get_vault_key()
763	763	try:

...	...	@@ -31,7 +31,7 @@ from typing_extensions import assert_type
31	31	if TYPE_CHECKING:
32	32	from collections.abc import Iterator, Sequence
33	33
34		-__all__ = ('Sequin', 'SequinExhaustedError')
	34	+__all__ = ("Sequin", "SequinExhaustedError")
35	35
36	36
37	37	class Sequin:
...	...	@@ -85,7 +85,7 @@ class Sequin:
85	85	range.
86	86
87	87	"""
88		- msg = 'sequence item out of range'
	88	+ msg = "sequence item out of range"
89	89
90	90	def uint8_to_bits(value: int) -> Iterator[int]:
91	91	"""Yield individual bits of an 8-bit number, MSB first."""
...	...	@@ -94,7 +94,7 @@ class Sequin:
94	94
95	95	if isinstance(sequence, str):
96	96	try:
97		- sequence = tuple(sequence.encode('iso-8859-1'))
	97	+ sequence = tuple(sequence.encode("iso-8859-1"))
98	98	except UnicodeError as e:
99	99	raise ValueError(msg) from e
100	100	else:
...	...	@@ -204,7 +204,7 @@ class Sequin:
204	204
205	205	""" # noqa: DOC501
206	206	if base < 2: # noqa: PLR2004
207		- msg = f'invalid base: {base!r}'
	207	+ msg = f"invalid base: {base!r}"
208	208	raise ValueError(msg)
209	209	ret = 0
210	210	allowed_range = range(base)
...	...	@@ -213,10 +213,10 @@ class Sequin:
213	213	i2 = (n - 1) - i
214	214	x = digits[i]
215	215	if not isinstance(x, int):
216		- msg = f'not an integer: {x!r}'
	216	+ msg = f"not an integer: {x!r}"
217	217	raise TypeError(msg)
218	218	if x not in allowed_range:
219		- msg = f'invalid base {base!r} digit: {x!r}'
	219	+ msg = f"invalid base {base!r} digit: {x!r}"
220	220	raise ValueError(msg)
221	221	ret += (base*i2) x
222	222	return ret
...	...	@@ -355,10 +355,10 @@ class Sequin:
355	355
356	356	"""
357	357	if n < 1:
358		- msg = 'invalid target range'
	358	+ msg = "invalid target range"
359	359	raise ValueError(msg)
360	360	if base < 2: # noqa: PLR2004
361		- msg = f'invalid base: {base!r}'
	361	+ msg = f"invalid base: {base!r}"
362	362	raise ValueError(msg)
363	363	# p = base ** k, where k is the smallest integer such that
364	364	# p >= n. We determine p and k inductively.
...	...	@@ -413,4 +413,4 @@ class SequinExhaustedError(Exception):
413	413	"""
414	414
415	415	def __init__(self) -> None: # noqa: D107
416		- super().__init__('Sequin is exhausted')
	416	+ super().__init__("Sequin is exhausted")

...	...	@@ -26,7 +26,7 @@ if TYPE_CHECKING:
26	26
27	27	from typing_extensions import Buffer
28	28
29		-__all__ = ('SSHAgentClient',)
	29	+__all__ = ("SSHAgentClient",)
30	30
31	31	# In SSH bytestrings, the "length" of the byte string is stored as
32	32	# a 4-byte/32-bit unsigned integer at the beginning.
...	...	@@ -37,7 +37,7 @@ class TrailingDataError(RuntimeError):
37	37	"""The result contained trailing data."""
38	38
39	39	def __init__(self) -> None:
40		- super().__init__('Overlong response from SSH agent')
	40	+ super().__init__("Overlong response from SSH agent")
41	41
42	42
43	43	class SSHAgentFailedError(RuntimeError):
...	...	@@ -48,19 +48,19 @@ class SSHAgentFailedError(RuntimeError):
48	48	# https://the13thletter.info/derivepassphrase/latest/pycompatibility/#after-eol-py3.9
49	49	if self.args == ( # pragma: no branch
50	50	_types.SSH_AGENT.FAILURE.value,
51		- b'',
	51	+ b"",
52	52	):
53		- return 'The SSH agent failed to complete the request'
	53	+ return "The SSH agent failed to complete the request"
54	54	elif self.args[1]: # noqa: RET505 # pragma: no cover [failsafe]
55	55	code = self.args[0]
56		- msg = self.args[1].decode('utf-8', 'surrogateescape')
57		- return f'[Code {code:d}] {msg:s}'
	56	+ msg = self.args[1].decode("utf-8", "surrogateescape")
	57	+ return f"[Code {code:d}] {msg:s}"
58	58	else: # pragma: no cover [failsafe]
59	59	return repr(self)
60	60
61	61	def __repr__(self) -> str: # pragma: no cover [debug]
62	62	"""""" # noqa: D419
63		- return f'{self.__class__.__name__}{self.args!r}'
	63	+ return f"{self.__class__.__name__}{self.args!r}"
64	64
65	65
66	66	class SSHAgentClient:
...	...	@@ -80,7 +80,7 @@ class SSHAgentClient:
80	80	"""
81	81
82	82	_connection: _types.SSHAgentSocket
83		- SOCKET_PROVIDERS: ClassVar = ('native',)
	83	+ SOCKET_PROVIDERS: ClassVar = ("native",)
84	84	"""
85	85	The default list of SSH agent socket providers.
86	86	"""
...	...	@@ -156,7 +156,7 @@ class SSHAgentClient:
156	156	else:
157	157	break
158	158	else:
159		- msg = 'No supported SSH agent socket provider found.'
	159	+ msg = "No supported SSH agent socket provider found."
160	160	raise (
161	161	ExceptionGroup(msg, excs)
162	162	if excs
...	...	@@ -166,7 +166,7 @@ class SSHAgentClient:
166	166	self._connection = socket
167	167	else: # pragma: no cover [failsafe]
168	168	assert_type(socket, Never)
169		- msg = f'invalid socket object: {socket!r}'
	169	+ msg = f"invalid socket object: {socket!r}"
170	170	raise TypeError(msg)
171	171
172	172	def __enter__(self) -> Self:
...	...	@@ -221,7 +221,7 @@ class SSHAgentClient:
221	221	b'\x01\x00\x00\x00'
222	222
223	223	"""
224		- return int.to_bytes(num, 4, 'big', signed=False)
	224	+ return int.to_bytes(num, 4, "big", signed=False)
225	225
226	226	@classmethod
227	227	def string(cls, payload: Buffer, /) -> bytes:
...	...	@@ -235,14 +235,14 @@ class SSHAgentClient:
235	235	as a bytes object.
236	236
237	237	Examples:
238		- >>> SSHAgentClient.string(b'ssh-rsa')
	238	+ >>> SSHAgentClient.string(b"ssh-rsa")
239	239	b'\x00\x00\x00\x07ssh-rsa'
240	240
241	241	""" # noqa: DOC501
242	242	try:
243	243	payload = memoryview(payload)
244	244	except TypeError as e:
245		- msg = 'invalid payload type'
	245	+ msg = "invalid payload type"
246	246	raise TypeError(msg) from e
247	247	ret = bytearray()
248	248	ret.extend(cls.uint32(len(payload)))
...	...	@@ -264,17 +264,17 @@ class SSHAgentClient:
264	264	The byte string is not an SSH string.
265	265
266	266	Examples:
267		- >>> SSHAgentClient.unstring(b'\x00\x00\x00\x07ssh-rsa')
	267	+ >>> SSHAgentClient.unstring(b"\x00\x00\x00\x07ssh-rsa")
268	268	b'ssh-rsa'
269		- >>> SSHAgentClient.unstring(SSHAgentClient.string(b'ssh-ed25519'))
	269	+ >>> SSHAgentClient.unstring(SSHAgentClient.string(b"ssh-ed25519"))
270	270	b'ssh-ed25519'
271	271
272	272	"""
273	273	bytestring = memoryview(bytestring)
274	274	n = len(bytestring)
275		- msg = 'malformed SSH byte string'
	275	+ msg = "malformed SSH byte string"
276	276	if n < HEAD_LEN or n != HEAD_LEN + int.from_bytes(
277		- bytestring[:HEAD_LEN], 'big', signed=False
	277	+ bytestring[:HEAD_LEN], "big", signed=False
278	278	):
279	279	raise ValueError(msg)
280	280	return bytes(bytestring[HEAD_LEN:])
...	...	@@ -299,21 +299,21 @@ class SSHAgentClient:
299	299
300	300	Examples:
301	301	>>> SSHAgentClient.unstring_prefix(
302		- ... b'\x00\x00\x00\x07ssh-rsa____trailing data'
	302	+ ... b"\x00\x00\x00\x07ssh-rsa____trailing data"
303	303	... )
304	304	(b'ssh-rsa', b'____trailing data')
305	305	>>> SSHAgentClient.unstring_prefix(
306		- ... SSHAgentClient.string(b'ssh-ed25519')
	306	+ ... SSHAgentClient.string(b"ssh-ed25519")
307	307	... )
308	308	(b'ssh-ed25519', b'')
309	309
310	310	"""
311	311	bytestring = memoryview(bytestring).toreadonly()
312	312	n = len(bytestring)
313		- msg = 'malformed SSH byte string'
	313	+ msg = "malformed SSH byte string"
314	314	if n < HEAD_LEN:
315	315	raise ValueError(msg)
316		- m = int.from_bytes(bytestring[:HEAD_LEN], 'big', signed=False)
	316	+ m = int.from_bytes(bytestring[:HEAD_LEN], "big", signed=False)
317	317	if m + HEAD_LEN > n:
318	318	raise ValueError(msg)
319	319	return (
...	...	@@ -380,7 +380,7 @@ class SSHAgentClient:
380	380	yield client
381	381	else: # pragma: no cover [failsafe]
382	382	assert_type(conn, Never)
383		- msg = f'invalid connection hint: {conn!r}'
	383	+ msg = f"invalid connection hint: {conn!r}"
384	384	raise TypeError(msg)
385	385
386	386	def _agent_is_pageant(self) -> bool:
...	...	@@ -391,7 +391,7 @@ class SSHAgentClient:
391	391
392	392	"""
393	393	return (
394		- b'list-extended@putty.projects.tartarus.org'
	394	+ b"list-extended@putty.projects.tartarus.org"
395	395	in self.query_extensions()
396	396	)
397	397
...	...	@@ -416,7 +416,7 @@ class SSHAgentClient:
416	416
417	417	""" # noqa: E501
418	418	known_good_agents = {
419		- 'Pageant': self._agent_is_pageant,
	419	+ "Pageant": self._agent_is_pageant,
420	420	}
421	421	return any( # pragma: no branch
422	422	v() for v in known_good_agents.values()
...	...	@@ -515,12 +515,12 @@ class SSHAgentClient:
515	515	self._connection.sendall(self.string(request_message))
516	516	chunk = self._connection.recv(HEAD_LEN)
517	517	if len(chunk) < HEAD_LEN:
518		- msg = 'cannot read response length'
	518	+ msg = "cannot read response length"
519	519	raise EOFError(msg)
520		- response_length = int.from_bytes(chunk, 'big', signed=False)
	520	+ response_length = int.from_bytes(chunk, "big", signed=False)
521	521	response = self._connection.recv(response_length)
522	522	if len(response) < response_length:
523		- msg = 'truncated response from SSH agent'
	523	+ msg = "truncated response from SSH agent"
524	524	raise EOFError(msg)
525	525	if not response_code: # pragma: no cover [failsafe]
526	526	return response[0], response[1:]
...	...	@@ -547,30 +547,30 @@ class SSHAgentClient:
547	547	"""
548	548	response = self.request(
549	549	_types.SSH_AGENTC.REQUEST_IDENTITIES.value,
550		- b'',
	550	+ b"",
551	551	response_code=_types.SSH_AGENT.IDENTITIES_ANSWER,
552	552	)
553	553	response_stream = collections.deque(response)
554	554
555	555	def shift(num: int) -> bytes:
556		- buf = collections.deque(b'')
	556	+ buf = collections.deque(b"")
557	557	for _ in range(num):
558	558	try:
559	559	val = response_stream.popleft()
560	560	except IndexError:
561	561	response_stream.extendleft(reversed(buf))
562		- msg = 'truncated response from SSH agent'
	562	+ msg = "truncated response from SSH agent"
563	563	raise EOFError(msg) from None
564	564	buf.append(val)
565	565	return bytes(buf)
566	566
567		- key_count = int.from_bytes(shift(4), 'big')
	567	+ key_count = int.from_bytes(shift(4), "big")
568	568	keys: collections.deque[_types.SSHKeyCommentPair]
569	569	keys = collections.deque()
570	570	for _ in range(key_count):
571		- key_size = int.from_bytes(shift(4), 'big')
	571	+ key_size = int.from_bytes(shift(4), "big")
572	572	key = shift(key_size)
573		- comment_size = int.from_bytes(shift(4), 'big')
	573	+ comment_size = int.from_bytes(shift(4), "big")
574	574	comment = shift(comment_size)
575	575	# Both `key` and `comment` are not wrapped as SSH strings.
576	576	keys.append(_types.SSHKeyCommentPair(key, comment))
...	...	@@ -629,7 +629,7 @@ class SSHAgentClient:
629	629	if check_if_key_loaded:
630	630	loaded_keys = frozenset({pair.key for pair in self.list_keys()})
631	631	if bytes(key) not in loaded_keys:
632		- msg = 'target SSH key not loaded into agent'
	632	+ msg = "target SSH key not loaded into agent"
633	633	raise KeyError(msg)
634	634	request_data = bytearray(self.string(key))
635	635	request_data.extend(self.string(payload))
...	...	@@ -671,7 +671,7 @@ class SSHAgentClient:
671	671	try:
672	672	response_data = self.request(
673	673	_types.SSH_AGENTC.EXTENSION,
674		- self.string(b'query'),
	674	+ self.string(b"query"),
675	675	response_code={
676	676	_types.SSH_AGENT.EXTENSION_RESPONSE,
677	677	_types.SSH_AGENT.SUCCESS,
...	...	@@ -682,13 +682,13 @@ class SSHAgentClient:
682	682	# This isn't necessarily true, e.g. for OpenSSH's ssh-agent.
683	683	return frozenset()
684	684	extensions: set[bytes] = set()
685		- msg = 'Malformed response from SSH agent'
686		- msg2 = 'Extension response message does not match request'
	685	+ msg = "Malformed response from SSH agent"
	686	+ msg2 = "Extension response message does not match request"
687	687	try:
688	688	query, response_data = self.unstring_prefix(response_data)
689	689	except ValueError as e:
690	690	raise RuntimeError(msg) from e
691		- if bytes(query) != b'query':
	691	+ if bytes(query) != b"query":
692	692	raise RuntimeError(msg2)
693	693	while response_data:
694	694	try:

...	...	@@ -17,7 +17,7 @@ if TYPE_CHECKING:
17	17
18	18	from derivepassphrase import _types
19	19
20		-__all__ = ('SocketProvider',)
	20	+__all__ = ("SocketProvider",)
21	21
22	22
23	23	class NoSuchProviderError(KeyError):
...	...	@@ -64,15 +64,15 @@ class SocketProvider:
64	64	agent.
65	65
66	66	"""
67		- if not hasattr(socket, 'AF_UNIX'):
68		- msg = 'This Python version does not support UNIX domain sockets.'
	67	+ if not hasattr(socket, "AF_UNIX"):
	68	+ msg = "This Python version does not support UNIX domain sockets."
69	69	raise AfUnixNotAvailableError(msg)
70	70	else: # noqa: RET506 # pragma: unless posix no cover
71	71	sock = socket.socket(family=socket.AF_UNIX)
72		- if 'SSH_AUTH_SOCK' not in os.environ:
73		- msg = 'SSH_AUTH_SOCK environment variable'
	72	+ if "SSH_AUTH_SOCK" not in os.environ:
	73	+ msg = "SSH_AUTH_SOCK environment variable"
74	74	raise KeyError(msg)
75		- ssh_auth_sock = os.environ['SSH_AUTH_SOCK']
	75	+ ssh_auth_sock = os.environ["SSH_AUTH_SOCK"]
76	76	sock.settimeout(timeout)
77	77	sock.connect(ssh_auth_sock)
78	78	return sock
...	...	@@ -98,13 +98,13 @@ class SocketProvider:
98	98	[windows-ssh-agent-support]: https://the13thletter.info/derivepassphrase/0.x/wishlist/windows-ssh-agent-support/
99	99
100	100	"""
101		- if not hasattr(ctypes, 'WinDLL'):
102		- msg = 'This Python version does not support Windows named pipes.'
	101	+ if not hasattr(ctypes, "WinDLL"):
	102	+ msg = "This Python version does not support Windows named pipes."
103	103	raise TheAnnoyingOsNamedPipesNotAvailableError(msg)
104	104	else: # noqa: RET506 # pragma: unless the-annoying-os no cover
105	105	msg = (
106		- 'Communicating with Pageant or OpenSSH on Windows '
107		- 'is not implemented yet.'
	106	+ "Communicating with Pageant or OpenSSH on Windows "
	107	+ "is not implemented yet."
108	108	)
109	109	raise NotImplementedError(msg)
110	110
...	...	@@ -194,8 +194,8 @@ class SocketProvider:
194	194	cls.registry[alias] = f if alias == name else name
195	195	elif existing != f:
196	196	msg = (
197		- f'The SSH agent socket provider {alias!r} '
198		- f'is already registered.'
	197	+ f"The SSH agent socket provider {alias!r} "
	198	+ f"is already registered."
199	199	)
200	200	raise ValueError(msg)
201	201	return f
...	...	@@ -251,13 +251,13 @@ class SocketProvider:
251	251	ret = cls.lookup(provider)
252	252	if ret is None:
253	253	msg = (
254		- f'The {ret!r} socket provider is not functional on or '
255		- 'not applicable to this derivepassphrase installation.'
	254	+ f"The {ret!r} socket provider is not functional on or "
	255	+ "not applicable to this derivepassphrase installation."
256	256	)
257	257	raise NotImplementedError(msg)
258	258	return ret
259	259
260		- ENTRY_POINT_GROUP_NAME = 'derivepassphrase.ssh_agent_socket_providers'
	260	+ ENTRY_POINT_GROUP_NAME = "derivepassphrase.ssh_agent_socket_providers"
261	261	"""
262	262	The group name under which [entry
263	263	points][importlib.metadata.entry_points] for the SSH agent socket
...	...	@@ -292,42 +292,42 @@ class SocketProvider:
292	292	group=cls.ENTRY_POINT_GROUP_NAME
293	293	):
294	294	provider_entry = cast(
295		- '_types.SSHAgentSocketProviderEntry', entry_point.load()
	295	+ "_types.SSHAgentSocketProviderEntry", entry_point.load()
296	296	)
297	297	key = provider_entry.key
298	298	value = entry_point.value
299	299	dist = (
300	300	entry_point.dist.name # type: ignore[union-attr]
301		- if getattr(entry_point, 'dist', None) is not None
	301	+ if getattr(entry_point, "dist", None) is not None
302	302	else None
303	303	)
304		- origin = origins.get(key, 'derivepassphrase')
	304	+ origin = origins.get(key, "derivepassphrase")
305	305	if not callable(provider_entry.provider):
306	306	msg = (
307		- f'Not an SSHAgentSocketProvider: '
308		- f'{dist = }, {cls.ENTRY_POINT_GROUP_NAME = }, '
309		- f'{value = }, {provider_entry = }'
	307	+ f"Not an SSHAgentSocketProvider: "
	308	+ f"{dist = }, {cls.ENTRY_POINT_GROUP_NAME = }, "
	309	+ f"{value = }, {provider_entry = }"
310	310	)
311	311	raise AssertionError(msg) # noqa: TRY004
312	312	if key in entries:
313	313	if entries[key] != provider_entry.provider:
314	314	msg = (
315		- f'Name clash in SSH agent socket providers '
316		- f'for entry {key!r}, both by {dist!r} '
317		- f'and by {origin!r}'
	315	+ f"Name clash in SSH agent socket providers "
	316	+ f"for entry {key!r}, both by {dist!r} "
	317	+ f"and by {origin!r}"
318	318	)
319	319	raise AssertionError(msg)
320	320	else:
321	321	entries[key] = provider_entry.provider
322	322	origins[key] = dist
323	323	for alias in provider_entry.aliases:
324		- alias_origin = origins.get(alias, 'derivepassphrase')
	324	+ alias_origin = origins.get(alias, "derivepassphrase")
325	325	if alias in entries:
326	326	if entries[alias] != key:
327	327	msg = (
328		- f'Name clash in SSH agent socket providers '
329		- f'for entry {alias!r}, both by {dist!r} '
330		- f'and by {alias_origin!r}'
	328	+ f"Name clash in SSH agent socket providers "
	329	+ f"for entry {alias!r}, both by {dist!r} "
	330	+ f"and by {alias_origin!r}"
331	331	)
332	332	raise AssertionError(msg)
333	333	else:
...	...	@@ -337,21 +337,21 @@ class SocketProvider:
337	337
338	338
339	339	SocketProvider.registry.update({
340		- 'posix': SocketProvider.unix_domain_ssh_auth_sock,
341		- 'the_annoying_os': SocketProvider.the_annoying_os_named_pipes,
	340	+ "posix": SocketProvider.unix_domain_ssh_auth_sock,
	341	+ "the_annoying_os": SocketProvider.the_annoying_os_named_pipes,
342	342	# known instances
343		- 'stub_agent': None,
344		- 'stub_with_address': None,
345		- 'stub_with_address_and_deterministic_dsa': None,
	343	+ "stub_agent": None,
	344	+ "stub_with_address": None,
	345	+ "stub_with_address_and_deterministic_dsa": None,
346	346	# aliases
347		- 'native': 'the_annoying_os' if os.name == 'nt' else 'posix',
348		- 'unix_domain': 'posix',
349		- 'ssh_auth_sock': 'posix',
350		- 'the_annoying_os_named_pipe': 'the_annoying_os',
351		- 'pageant_on_the_annoying_os': 'the_annoying_os',
352		- 'openssh_on_the_annoying_os': 'the_annoying_os',
353		- 'windows': 'the_annoying_os',
354		- 'windows_named_pipe': 'the_annoying_os',
355		- 'pageant_on_windows': 'the_annoying_os',
356		- 'openssh_on_windows': 'the_annoying_os',
	347	+ "native": "the_annoying_os" if os.name == "nt" else "posix",
	348	+ "unix_domain": "posix",
	349	+ "ssh_auth_sock": "posix",
	350	+ "the_annoying_os_named_pipe": "the_annoying_os",
	351	+ "pageant_on_the_annoying_os": "the_annoying_os",
	352	+ "openssh_on_the_annoying_os": "the_annoying_os",
	353	+ "windows": "the_annoying_os",
	354	+ "windows_named_pipe": "the_annoying_os",
	355	+ "pageant_on_windows": "the_annoying_os",
	356	+ "openssh_on_windows": "the_annoying_os",
357	357	})

...	...	@@ -46,49 +46,49 @@ class Vault:
46	46
47	47	"""
48	48
49		- UUID: Final = b'e87eb0f4-34cb-46b9-93ad-766c5ab063e7'
	49	+ UUID: Final = b"e87eb0f4-34cb-46b9-93ad-766c5ab063e7"
50	50	"""A tag used by vault in the bit stream generation."""
51	51	CHARSETS: Final = types.MappingProxyType(
52	52	collections.OrderedDict([
53		- ('lower', b'abcdefghijklmnopqrstuvwxyz'),
54		- ('upper', b'ABCDEFGHIJKLMNOPQRSTUVWXYZ'),
	53	+ ("lower", b"abcdefghijklmnopqrstuvwxyz"),
	54	+ ("upper", b"ABCDEFGHIJKLMNOPQRSTUVWXYZ"),
55	55	(
56		- 'alpha',
	56	+ "alpha",
57	57	(
58	58	# CHARSETS['lower']
59		- b'abcdefghijklmnopqrstuvwxyz'
	59	+ b"abcdefghijklmnopqrstuvwxyz"
60	60	# CHARSETS['upper']
61		- b'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
	61	+ b"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
62	62	),
63	63	),
64		- ('number', b'0123456789'),
	64	+ ("number", b"0123456789"),
65	65	(
66		- 'alphanum',
	66	+ "alphanum",
67	67	(
68	68	# CHARSETS['lower']
69		- b'abcdefghijklmnopqrstuvwxyz'
	69	+ b"abcdefghijklmnopqrstuvwxyz"
70	70	# CHARSETS['upper']
71		- b'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
	71	+ b"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
72	72	# CHARSETS['number']
73		- b'0123456789'
	73	+ b"0123456789"
74	74	),
75	75	),
76		- ('space', b' '),
77		- ('dash', b'-_'),
78		- ('symbol', b'!"#$%&\'()*+,./:;<=>?@[\\]^{\|}~-_'),
	76	+ ("space", b" "),
	77	+ ("dash", b"-_"),
	78	+ ("symbol", b"!\"#$%&'()*+,./:;<=>?@[\\]^{\|}~-_"),
79	79	(
80		- 'all',
	80	+ "all",
81	81	(
82	82	# CHARSETS['lower']
83		- b'abcdefghijklmnopqrstuvwxyz'
	83	+ b"abcdefghijklmnopqrstuvwxyz"
84	84	# CHARSETS['upper']
85		- b'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
	85	+ b"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
86	86	# CHARSETS['number']
87		- b'0123456789'
	87	+ b"0123456789"
88	88	# CHARSETS['space']
89		- b' '
	89	+ b" "
90	90	# CHARSETS['symbol']
91		- b'!"#$%&\'()*+,./:;<=>?@[\\]^{\|}~-_'
	91	+ b"!\"#$%&'()*+,./:;<=>?@[\\]^{\|}~-_"
92	92	),
93	93	),
94	94	])
...	...	@@ -103,7 +103,7 @@ class Vault:
103	103	def __init__( # noqa: PLR0913
104	104	self,
105	105	*,
106		- phrase: Buffer \| str = b'',
	106	+ phrase: Buffer \| str = b"",
107	107	length: int = 20,
108	108	repeat: int = 0,
109	109	lower: int \| None = None,
...	...	@@ -158,7 +158,7 @@ class Vault:
158	158	self._phrase = self._get_binary_string(phrase)
159	159	self._length = length
160	160	self._repeat = repeat
161		- self._allowed = bytearray(self.CHARSETS['all'])
	161	+ self._allowed = bytearray(self.CHARSETS["all"])
162	162	self._required: list[bytes] = []
163	163
164	164	def subtract_or_require(
...	...	@@ -172,17 +172,17 @@ class Vault:
172	172	for _ in range(count):
173	173	self._required.append(characters)
174	174
175		- subtract_or_require(lower, self.CHARSETS['lower'])
176		- subtract_or_require(upper, self.CHARSETS['upper'])
177		- subtract_or_require(number, self.CHARSETS['number'])
178		- subtract_or_require(space, self.CHARSETS['space'])
179		- subtract_or_require(dash, self.CHARSETS['dash'])
180		- subtract_or_require(symbol, self.CHARSETS['symbol'])
	175	+ subtract_or_require(lower, self.CHARSETS["lower"])
	176	+ subtract_or_require(upper, self.CHARSETS["upper"])
	177	+ subtract_or_require(number, self.CHARSETS["number"])
	178	+ subtract_or_require(space, self.CHARSETS["space"])
	179	+ subtract_or_require(dash, self.CHARSETS["dash"])
	180	+ subtract_or_require(symbol, self.CHARSETS["symbol"])
181	181	if len(self._required) > self._length:
182		- msg = 'requested passphrase length too short'
	182	+ msg = "requested passphrase length too short"
183	183	raise ValueError(msg)
184	184	if not self._allowed:
185		- msg = 'no allowed characters left'
	185	+ msg = "no allowed characters left"
186	186	raise ValueError(msg)
187	187	for _ in range(len(self._required), self._length):
188	188	self._required.append(bytes(self._allowed))
...	...	@@ -210,7 +210,7 @@ class Vault:
210	210	"""
211	211	factors: list[int] = []
212	212	if not self._required or any(not x for x in self._required):
213		- return float('-inf')
	213	+ return float("-inf")
214	214	for i, charset in enumerate(self._required):
215	215	factors.extend([i + 1, len(charset)])
216	216	factors.sort()
...	...	@@ -247,10 +247,10 @@ class Vault:
247	247	try:
248	248	safety_factor = float(safety_factor)
249	249	except TypeError as e:
250		- msg = f'invalid safety factor: not a float: {safety_factor!r}'
	250	+ msg = f"invalid safety factor: not a float: {safety_factor!r}"
251	251	raise TypeError(msg) from e
252	252	if not math.isfinite(safety_factor) or safety_factor < 1.0:
253		- msg = f'invalid safety factor {safety_factor!r}'
	253	+ msg = f"invalid safety factor {safety_factor!r}"
254	254	raise ValueError(msg)
255	255	# Ensure the bound is strictly positive.
256	256	entropy_bound = max(1, self._entropy())
...	...	@@ -271,7 +271,7 @@ class Vault:
271	271
272	272	"""
273	273	if isinstance(s, str):
274		- return s.encode('UTF-8')
	274	+ return s.encode("UTF-8")
275	275	return bytes(s)
276	276
277	277	@classmethod
...	...	@@ -323,11 +323,11 @@ class Vault:
323	323	... 0d 08 1f ec f8 73 9b 8c 5f 55 39 16 7c 53 54 2c
324	324	... 1e 52 bb 30 ed 7f 89 e2 2f 69 51 55 d8 9e a6 02
325	325	... ''')
326		- >>> Vault.create_hash(phrase, 'some_service', length=4)
	326	+ >>> Vault.create_hash(phrase, "some_service", length=4)
327	327	b'M\xb1<S'
328		- >>> Vault.create_hash(phrase, b'some_service', length=16)
	328	+ >>> Vault.create_hash(phrase, b"some_service", length=16)
329	329	b'M\xb1<S\x827E\xd1M\xaf\xf8~\xc8n\x10\xcc'
330		- >>> Vault.create_hash(phrase, b'NOSUCHSERVICE', length=16)
	330	+ >>> Vault.create_hash(phrase, b"NOSUCHSERVICE", length=16)
331	331	b'\x1c\xc3\x9c\xd9\xb6\x1a\x99CS\x07\xc41\xf4\x85#s'
332	332
333	333	"""
...	...	@@ -335,7 +335,7 @@ class Vault:
335	335	assert isinstance(phrase, bytes)
336	336	salt = cls._get_binary_string(service) + cls.UUID
337	337	return hashlib.pbkdf2_hmac(
338		- hash_name='sha1',
	338	+ hash_name="sha1",
339	339	password=phrase,
340	340	salt=salt,
341	341	iterations=8,
...	...	@@ -347,7 +347,7 @@ class Vault:
347	347	service_name: Buffer \| str,
348	348	/,
349	349	*,
350		- phrase: Buffer \| str = b'',
	350	+ phrase: Buffer \| str = b"",
351	351	) -> bytes:
352	352	r"""Generate a service passphrase.
353	353
...	...	@@ -369,12 +369,12 @@ class Vault:
369	369	characters, or increase the desired passphrase length.
370	370
371	371	Examples:
372		- >>> phrase = b'She cells C shells bye the sea shoars'
	372	+ >>> phrase = b"She cells C shells bye the sea shoars"
373	373	>>> # Using default options in constructor.
374		- >>> Vault(phrase=phrase).generate(b'google')
	374	+ >>> Vault(phrase=phrase).generate(b"google")
375	375	b': 4TVH#5:aZl8LueOT\\{'
376	376	>>> # Also possible:
377		- >>> Vault().generate(b'google', phrase=phrase)
	377	+ >>> Vault().generate(b"google", phrase=phrase)
378	378	b': 4TVH#5:aZl8LueOT\\{'
379	379
380	380	Conflicting constraints are sometimes only found during
...	...	@@ -393,7 +393,7 @@ class Vault:
393	393	... )
394	394	>>> # ... but here.
395	395	>>> v.generate(
396		- ... '0', phrase=b'\x00'
	396	+ ... "0", phrase=b"\x00"
397	397	... ) # doctest: +IGNORE_EXCEPTION_DETAIL
398	398	Traceback (most recent call last):
399	399	...
...	...	@@ -443,7 +443,7 @@ class Vault:
443	443	pos = seq.generate(len(charset))
444	444	result.extend(charset[pos : pos + 1])
445	445	except ValueError as exc:
446		- msg = 'no allowed characters left'
	446	+ msg = "no allowed characters left"
447	447	raise ValueError(msg) from exc
448	448	except sequin.SequinExhaustedError:
449	449	hash_length *= 2
...	...	@@ -478,25 +478,25 @@ class Vault:
478	478
479	479	"""
480	480	key = bytes(key)
481		- TestFunc: TypeAlias = 'Callable[[bytes \| bytearray], bool]'
	481	+ TestFunc: TypeAlias = "Callable[[bytes \| bytearray], bool]"
482	482	deterministic_signature_types: dict[str, TestFunc]
483	483	deterministic_signature_types = {
484		- 'ssh-ed25519': lambda k: k.startswith(
485		- b'\x00\x00\x00\x0bssh-ed25519'
	484	+ "ssh-ed25519": lambda k: k.startswith(
	485	+ b"\x00\x00\x00\x0bssh-ed25519"
486	486	),
487		- 'ssh-ed448': lambda k: k.startswith(b'\x00\x00\x00\x09ssh-ed448'),
488		- 'ssh-rsa': lambda k: k.startswith(b'\x00\x00\x00\x07ssh-rsa'),
	487	+ "ssh-ed448": lambda k: k.startswith(b"\x00\x00\x00\x09ssh-ed448"),
	488	+ "ssh-rsa": lambda k: k.startswith(b"\x00\x00\x00\x07ssh-rsa"),
489	489	}
490	490	dsa_signature_types = {
491		- 'ssh-dss': lambda k: k.startswith(b'\x00\x00\x00\x07ssh-dss'),
492		- 'ecdsa-sha2-nistp256': lambda k: k.startswith(
493		- b'\x00\x00\x00\x13ecdsa-sha2-nistp256'
	491	+ "ssh-dss": lambda k: k.startswith(b"\x00\x00\x00\x07ssh-dss"),
	492	+ "ecdsa-sha2-nistp256": lambda k: k.startswith(
	493	+ b"\x00\x00\x00\x13ecdsa-sha2-nistp256"
494	494	),
495		- 'ecdsa-sha2-nistp384': lambda k: k.startswith(
496		- b'\x00\x00\x00\x13ecdsa-sha2-nistp384'
	495	+ "ecdsa-sha2-nistp384": lambda k: k.startswith(
	496	+ b"\x00\x00\x00\x13ecdsa-sha2-nistp384"
497	497	),
498		- 'ecdsa-sha2-nistp521': lambda k: k.startswith(
499		- b'\x00\x00\x00\x13ecdsa-sha2-nistp521'
	498	+ "ecdsa-sha2-nistp521": lambda k: k.startswith(
	499	+ b"\x00\x00\x00\x13ecdsa-sha2-nistp521"
500	500	),
501	501	}
502	502	criteria = [
...	...	@@ -595,8 +595,8 @@ class Vault:
595	595	with ssh_agent.SSHAgentClient.ensure_agent_subcontext(conn) as client:
596	596	if not cls.is_suitable_ssh_key(key, client=client):
597	597	msg = (
598		- 'unsuitable SSH key: bad key, or '
599		- 'signature not deterministic under this agent'
	598	+ "unsuitable SSH key: bad key, or "
	599	+ "signature not deterministic under this agent"
600	600	)
601	601	raise ValueError(msg)
602	602	raw_sig = client.sign(key, cls.UUID)
...	...	@@ -679,7 +679,7 @@ class Vault:
679	679	key[i] = byte
680	680	return bytes(key)
681	681	except IndexError:
682		- return h.digest() + b'\x00' * (h.block_size - h.digest_size)
	682	+ return h.digest() + b"\x00" * (h.block_size - h.digest_size)
683	683
684	684	@staticmethod
685	685	def _subtract(
...	...	@@ -710,9 +710,9 @@ class Vault:
710	710	allowed if isinstance(allowed, bytearray) else bytearray(allowed)
711	711	)
712	712	assert_type(allowed, bytearray)
713		- charset = memoryview(charset).toreadonly().cast('c')
714		- assert_type(charset, 'memoryview[bytes]')
715		- msg_dup_characters = 'duplicate characters in set'
	713	+ charset = memoryview(charset).toreadonly().cast("c")
	714	+ assert_type(charset, "memoryview[bytes]")
	715	+ msg_dup_characters = "duplicate characters in set"
716	716	if len(frozenset(allowed)) != len(allowed):
717	717	raise ValueError(msg_dup_characters)
718	718	if len(frozenset(charset)) != len(charset):

...	...	@@ -197,251 +197,251 @@ class VaultTestConfig(NamedTuple):
197	197
198	198
199	199	TEST_CONFIGS: list[VaultTestConfig] = [
200		- VaultTestConfig(None, 'not a dict', None),
201		- VaultTestConfig({}, 'missing required keys', None),
	200	+ VaultTestConfig(None, "not a dict", None),
	201	+ VaultTestConfig({}, "missing required keys", None),
202	202	VaultTestConfig(
203		- {'global': None, 'services': {}}, 'bad config value: global', None
	203	+ {"global": None, "services": {}}, "bad config value: global", None
204	204	),
205	205	VaultTestConfig(
206		- {'global': {'key': 123}, 'services': {}},
207		- 'bad config value: global.key',
	206	+ {"global": {"key": 123}, "services": {}},
	207	+ "bad config value: global.key",
208	208	None,
209	209	),
210	210	VaultTestConfig(
211		- {'global': {'phrase': 'abc', 'key': '...'}, 'services': {}},
212		- '',
	211	+ {"global": {"phrase": "abc", "key": "..."}, "services": {}},
	212	+ "",
213	213	None,
214	214	),
215		- VaultTestConfig({'services': None}, 'bad config value: services', None),
	215	+ VaultTestConfig({"services": None}, "bad config value: services", None),
216	216	VaultTestConfig(
217		- {'services': {'1': {}, 2: {}}}, 'bad config value: services."2"', None
	217	+ {"services": {"1": {}, 2: {}}}, 'bad config value: services."2"', None
218	218	),
219	219	VaultTestConfig(
220		- {'services': {'1': {}, '2': 2}}, 'bad config value: services."2"', None
	220	+ {"services": {"1": {}, "2": 2}}, 'bad config value: services."2"', None
221	221	),
222	222	VaultTestConfig(
223		- {'services': {'sv': {'notes': ['sentinel', 'list']}}},
224		- 'bad config value: services.sv.notes',
	223	+ {"services": {"sv": {"notes": ["sentinel", "list"]}}},
	224	+ "bad config value: services.sv.notes",
225	225	None,
226	226	),
227	227	VaultTestConfig(
228		- {'services': {'sv': {'notes': 'blah blah blah'}}}, '', None
	228	+ {"services": {"sv": {"notes": "blah blah blah"}}}, "", None
229	229	),
230	230	VaultTestConfig(
231		- {'services': {'sv': {'length': '200'}}},
232		- 'bad config value: services.sv.length',
	231	+ {"services": {"sv": {"length": "200"}}},
	232	+ "bad config value: services.sv.length",
233	233	None,
234	234	),
235	235	VaultTestConfig(
236		- {'services': {'sv': {'length': 0.5}}},
237		- 'bad config value: services.sv.length',
	236	+ {"services": {"sv": {"length": 0.5}}},
	237	+ "bad config value: services.sv.length",
238	238	None,
239	239	),
240	240	VaultTestConfig(
241		- {'services': {'sv': {'length': ['sentinel', 'list']}}},
242		- 'bad config value: services.sv.length',
	241	+ {"services": {"sv": {"length": ["sentinel", "list"]}}},
	242	+ "bad config value: services.sv.length",
243	243	None,
244	244	),
245	245	VaultTestConfig(
246		- {'services': {'sv': {'length': -10}}},
247		- 'bad config value: services.sv.length',
	246	+ {"services": {"sv": {"length": -10}}},
	247	+ "bad config value: services.sv.length",
248	248	None,
249	249	),
250	250	VaultTestConfig(
251		- {'services': {'sv': {'lower': '10'}}},
252		- 'bad config value: services.sv.lower',
	251	+ {"services": {"sv": {"lower": "10"}}},
	252	+ "bad config value: services.sv.lower",
253	253	None,
254	254	),
255	255	VaultTestConfig(
256		- {'services': {'sv': {'upper': -10}}},
257		- 'bad config value: services.sv.upper',
	256	+ {"services": {"sv": {"upper": -10}}},
	257	+ "bad config value: services.sv.upper",
258	258	None,
259	259	),
260	260	VaultTestConfig(
261		- {'services': {'sv': {'number': ['sentinel', 'list']}}},
262		- 'bad config value: services.sv.number',
	261	+ {"services": {"sv": {"number": ["sentinel", "list"]}}},
	262	+ "bad config value: services.sv.number",
263	263	None,
264	264	),
265	265	VaultTestConfig(
266	266	{
267		- 'global': {'phrase': 'my secret phrase'},
268		- 'services': {'sv': {'length': 10}},
	267	+ "global": {"phrase": "my secret phrase"},
	268	+ "services": {"sv": {"length": 10}},
269	269	},
270		- '',
	270	+ "",
271	271	None,
272	272	),
273	273	VaultTestConfig(
274		- {'services': {'sv': {'length': 10, 'phrase': '...'}}}, '', None
	274	+ {"services": {"sv": {"length": 10, "phrase": "..."}}}, "", None
275	275	),
276	276	VaultTestConfig(
277		- {'services': {'sv': {'length': 10, 'key': '...'}}}, '', None
	277	+ {"services": {"sv": {"length": 10, "key": "..."}}}, "", None
278	278	),
279	279	VaultTestConfig(
280		- {'services': {'sv': {'upper': 10, 'key': '...'}}}, '', None
	280	+ {"services": {"sv": {"upper": 10, "key": "..."}}}, "", None
281	281	),
282	282	VaultTestConfig(
283		- {'services': {'sv': {'phrase': 'abc', 'key': '...'}}}, '', None
	283	+ {"services": {"sv": {"phrase": "abc", "key": "..."}}}, "", None
284	284	),
285	285	VaultTestConfig(
286	286	{
287		- 'global': {'phrase': 'abc'},
288		- 'services': {'sv': {'phrase': 'abc', 'length': 10}},
	287	+ "global": {"phrase": "abc"},
	288	+ "services": {"sv": {"phrase": "abc", "length": 10}},
289	289	},
290		- '',
	290	+ "",
291	291	None,
292	292	),
293	293	VaultTestConfig(
294	294	{
295		- 'global': {'key': '...'},
296		- 'services': {'sv': {'phrase': 'abc', 'length': 10}},
	295	+ "global": {"key": "..."},
	296	+ "services": {"sv": {"phrase": "abc", "length": 10}},
297	297	},
298		- '',
	298	+ "",
299	299	None,
300	300	),
301	301	VaultTestConfig(
302	302	{
303		- 'global': {'key': '...'},
304		- 'services': {'sv': {'phrase': 'abc', 'key': '...', 'length': 10}},
	303	+ "global": {"key": "..."},
	304	+ "services": {"sv": {"phrase": "abc", "key": "...", "length": 10}},
305	305	},
306		- '',
	306	+ "",
307	307	None,
308	308	),
309	309	VaultTestConfig(
310	310	{
311		- 'global': {'key': '...'},
312		- 'services': {
313		- 'sv1': {'phrase': 'abc', 'length': 10, 'upper': 1},
314		- 'sv2': {'length': 10, 'repeat': 1, 'lower': 1},
	311	+ "global": {"key": "..."},
	312	+ "services": {
	313	+ "sv1": {"phrase": "abc", "length": 10, "upper": 1},
	314	+ "sv2": {"length": 10, "repeat": 1, "lower": 1},
315	315	},
316	316	},
317		- '',
	317	+ "",
318	318	None,
319	319	),
320	320	VaultTestConfig(
321	321	{
322		- 'global': {'key': '...', 'unicode_normalization_form': 'NFC'},
323		- 'services': {
324		- 'sv1': {'phrase': 'abc', 'length': 10, 'upper': 1},
325		- 'sv2': {'length': 10, 'repeat': 1, 'lower': 1},
	322	+ "global": {"key": "...", "unicode_normalization_form": "NFC"},
	323	+ "services": {
	324	+ "sv1": {"phrase": "abc", "length": 10, "upper": 1},
	325	+ "sv2": {"length": 10, "repeat": 1, "lower": 1},
326	326	},
327	327	},
328		- '',
	328	+ "",
329	329	None,
330	330	),
331	331	VaultTestConfig(
332	332	{
333		- 'global': {'key': '...', 'unicode_normalization_form': True},
334		- 'services': {},
	333	+ "global": {"key": "...", "unicode_normalization_form": True},
	334	+ "services": {},
335	335	},
336		- 'bad config value: global.unicode_normalization_form',
	336	+ "bad config value: global.unicode_normalization_form",
337	337	None,
338	338	),
339	339	VaultTestConfig(
340	340	{
341		- 'global': {'key': '...', 'unicode_normalization_form': 'NFC'},
342		- 'services': {
343		- 'sv1': {'phrase': 'abc', 'length': 10, 'upper': 1},
344		- 'sv2': {'length': 10, 'repeat': 1, 'lower': 1},
	341	+ "global": {"key": "...", "unicode_normalization_form": "NFC"},
	342	+ "services": {
	343	+ "sv1": {"phrase": "abc", "length": 10, "upper": 1},
	344	+ "sv2": {"length": 10, "repeat": 1, "lower": 1},
345	345	},
346	346	},
347		- '',
	347	+ "",
348	348	ValidationSettings(True),
349	349	),
350	350	VaultTestConfig(
351	351	{
352		- 'global': {'key': '...', 'unicode_normalization_form': 'NFC'},
353		- 'services': {
354		- 'sv1': {'phrase': 'abc', 'length': 10, 'upper': 1},
355		- 'sv2': {'length': 10, 'repeat': 1, 'lower': 1},
	352	+ "global": {"key": "...", "unicode_normalization_form": "NFC"},
	353	+ "services": {
	354	+ "sv1": {"phrase": "abc", "length": 10, "upper": 1},
	355	+ "sv2": {"length": 10, "repeat": 1, "lower": 1},
356	356	},
357	357	},
358		- 'extension/unknown key: .global.unicode_normalization_form',
	358	+ "extension/unknown key: .global.unicode_normalization_form",
359	359	ValidationSettings(False),
360	360	),
361	361	VaultTestConfig(
362	362	{
363		- 'global': {'key': '...', 'unknown_key': True},
364		- 'services': {
365		- 'sv1': {'phrase': 'abc', 'length': 10, 'upper': 1},
366		- 'sv2': {'length': 10, 'repeat': 1, 'lower': 1},
	363	+ "global": {"key": "...", "unknown_key": True},
	364	+ "services": {
	365	+ "sv1": {"phrase": "abc", "length": 10, "upper": 1},
	366	+ "sv2": {"length": 10, "repeat": 1, "lower": 1},
367	367	},
368	368	},
369		- '',
	369	+ "",
370	370	ValidationSettings(True),
371	371	),
372	372	VaultTestConfig(
373	373	{
374		- 'global': {'key': '...', 'unknown_key': True},
375		- 'services': {
376		- 'sv1': {'phrase': 'abc', 'length': 10, 'upper': 1},
377		- 'sv2': {'length': 10, 'repeat': 1, 'lower': 1},
	374	+ "global": {"key": "...", "unknown_key": True},
	375	+ "services": {
	376	+ "sv1": {"phrase": "abc", "length": 10, "upper": 1},
	377	+ "sv2": {"length": 10, "repeat": 1, "lower": 1},
378	378	},
379	379	},
380		- 'unknown key: .global.unknown_key',
	380	+ "unknown key: .global.unknown_key",
381	381	ValidationSettings(False),
382	382	),
383	383	VaultTestConfig(
384	384	{
385		- 'global': {'key': '...'},
386		- 'services': {
387		- 'sv1': {'phrase': 'abc', 'length': 10, 'upper': 1},
388		- 'sv2': {
389		- 'length': 10,
390		- 'repeat': 1,
391		- 'lower': 1,
392		- 'unknown_key': True,
	385	+ "global": {"key": "..."},
	386	+ "services": {
	387	+ "sv1": {"phrase": "abc", "length": 10, "upper": 1},
	388	+ "sv2": {
	389	+ "length": 10,
	390	+ "repeat": 1,
	391	+ "lower": 1,
	392	+ "unknown_key": True,
393	393	},
394	394	},
395	395	},
396		- 'unknown key: .services.sv2.unknown_key',
	396	+ "unknown key: .services.sv2.unknown_key",
397	397	ValidationSettings(False),
398	398	),
399	399	VaultTestConfig(
400	400	{
401		- 'global': {'key': '...', 'unicode_normalization_form': 'NFC'},
402		- 'services': {
403		- 'sv1': {'phrase': 'abc', 'length': 10, 'upper': 1},
404		- 'sv2': {
405		- 'length': 10,
406		- 'repeat': 1,
407		- 'lower': 1,
408		- 'unknown_key': True,
	401	+ "global": {"key": "...", "unicode_normalization_form": "NFC"},
	402	+ "services": {
	403	+ "sv1": {"phrase": "abc", "length": 10, "upper": 1},
	404	+ "sv2": {
	405	+ "length": 10,
	406	+ "repeat": 1,
	407	+ "lower": 1,
	408	+ "unknown_key": True,
409	409	},
410	410	},
411	411	},
412		- '',
	412	+ "",
413	413	ValidationSettings(True),
414	414	),
415	415	VaultTestConfig(
416	416	{
417		- 'global': {'key': '...', 'unicode_normalization_form': 'NFC'},
418		- 'services': {
419		- 'sv1': {'phrase': 'abc', 'length': 10, 'upper': 1},
420		- 'sv2': {
421		- 'length': 10,
422		- 'repeat': 1,
423		- 'lower': 1,
424		- 'unknown_key': True,
	417	+ "global": {"key": "...", "unicode_normalization_form": "NFC"},
	418	+ "services": {
	419	+ "sv1": {"phrase": "abc", "length": 10, "upper": 1},
	420	+ "sv2": {
	421	+ "length": 10,
	422	+ "repeat": 1,
	423	+ "lower": 1,
	424	+ "unknown_key": True,
425	425	},
426	426	},
427	427	},
428		- '',
	428	+ "",
429	429	ValidationSettings(True),
430	430	),
431	431	VaultTestConfig(
432	432	{
433		- 'global': {'key': '...', 'unicode_normalization_form': 'NFC'},
434		- 'services': {
435		- 'sv1': {'phrase': 'abc', 'length': 10, 'upper': 1},
436		- 'sv2': {
437		- 'length': 10,
438		- 'repeat': 1,
439		- 'lower': 1,
440		- 'unknown_key': True,
	433	+ "global": {"key": "...", "unicode_normalization_form": "NFC"},
	434	+ "services": {
	435	+ "sv1": {"phrase": "abc", "length": 10, "upper": 1},
	436	+ "sv2": {
	437	+ "length": 10,
	438	+ "repeat": 1,
	439	+ "lower": 1,
	440	+ "unknown_key": True,
441	441	},
442	442	},
443	443	},
444		- '',
	444	+ "",
445	445	ValidationSettings(True),
446	446	),
447	447	]
...	...	@@ -497,14 +497,14 @@ def vault_full_service_config(draw: strategies.DrawFn) -> dict[str, int]:
497	497	hypothesis.assume(lower + upper + number + space + symbol > 0)
498	498	hypothesis.assume(repeat >= space)
499	499	return {
500		- 'lower': lower,
501		- 'upper': upper,
502		- 'number': number,
503		- 'space': space,
504		- 'dash': dash,
505		- 'symbol': symbol,
506		- 'repeat': repeat,
507		- 'length': length,
	500	+ "lower": lower,
	501	+ "upper": upper,
	502	+ "number": number,
	503	+ "space": space,
	504	+ "dash": dash,
	505	+ "symbol": symbol,
	506	+ "repeat": repeat,
	507	+ "length": length,
508	508	}
509	509
510	510
...	...	@@ -525,10 +525,10 @@ def is_smudgable_vault_test_config(conf: VaultTestConfig) -> bool:
525	525	config = conf.config
526	526	return bool(
527	527	isinstance(config, dict)
528		- and ('global' not in config or isinstance(config['global'], dict))
529		- and ('services' in config and isinstance(config['services'], dict))
530		- and all(isinstance(x, dict) for x in config['services'].values())
531		- and (config['services'] or config.get('global'))
	528	+ and ("global" not in config or isinstance(config["global"], dict))
	529	+ and ("services" in config and isinstance(config["services"], dict))
	530	+ and all(isinstance(x, dict) for x in config["services"].values())
	531	+ and (config["services"] or config.get("global"))
532	532	)
533	533
534	534
...	...	@@ -557,40 +557,40 @@ def smudged_vault_test_config(
557	557
558	558	"""
559	559
560		- falsy = (None, False, 0, 0.0, '', float('nan'))
561		- falsy_no_str = (None, False, 0, 0.0, float('nan'))
562		- falsy_no_zero = (None, False, '', float('nan'))
	560	+ falsy = (None, False, 0, 0.0, "", float("nan"))
	561	+ falsy_no_str = (None, False, 0, 0.0, float("nan"))
	562	+ falsy_no_zero = (None, False, "", float("nan"))
563	563	conf = draw(config)
564	564	hypothesis.assume(is_smudgable_vault_test_config(conf))
565	565	obj = copy.deepcopy(conf.config)
566		- services: list[dict[str, Any]] = list(obj['services'].values())
567		- if 'global' in obj:
568		- services.append(obj['global'])
	566	+ services: list[dict[str, Any]] = list(obj["services"].values())
	567	+ if "global" in obj:
	568	+ services.append(obj["global"])
569	569	assert all(isinstance(x, dict) for x in services), (
570		- 'is_smudgable_vault_test_config guard failed to '
571		- 'ensure each settings dict is a dict'
	570	+ "is_smudgable_vault_test_config guard failed to "
	571	+ "ensure each settings dict is a dict"
572	572	)
573	573	for service in services:
574		- for key in ('phrase',):
	574	+ for key in ("phrase",):
575	575	value = service.get(key)
576		- if not _types.js_truthiness(value) and value != '':
	576	+ if not _types.js_truthiness(value) and value != "":
577	577	service[key] = draw(strategies.sampled_from(falsy_no_str))
578	578	for key in (
579		- 'notes',
580		- 'key',
581		- 'length',
582		- 'repeat',
	579	+ "notes",
	580	+ "key",
	581	+ "length",
	582	+ "repeat",
583	583	):
584	584	value = service.get(key)
585	585	if not _types.js_truthiness(value):
586	586	service[key] = draw(strategies.sampled_from(falsy))
587	587	for key in (
588		- 'lower',
589		- 'upper',
590		- 'number',
591		- 'space',
592		- 'dash',
593		- 'symbol',
	588	+ "lower",
	589	+ "upper",
	590	+ "number",
	591	+ "space",
	592	+ "dash",
	593	+ "symbol",
594	594	):
595	595	value = service.get(key)
596	596	if not _types.js_truthiness(value) and value != 0:
...	...	@@ -615,13 +615,13 @@ class KnownSSHAgent(str, enum.Enum):
615	615
616	616	"""
617	617
618		- UNKNOWN = '(unknown)'
	618	+ UNKNOWN = "(unknown)"
619	619	""""""
620		- Pageant = 'Pageant'
	620	+ Pageant = "Pageant"
621	621	""""""
622		- OpenSSHAgent = 'OpenSSHAgent'
	622	+ OpenSSHAgent = "OpenSSHAgent"
623	623	""""""
624		- StubbedSSHAgent = 'StubbedSSHAgent'
	624	+ StubbedSSHAgent = "StubbedSSHAgent"
625	625	""""""
626	626
627	627
...	...	@@ -678,14 +678,14 @@ class RunningSSHAgentInfo(NamedTuple):
678	678	def require_external_address(self) -> str: # pragma: no cover
679	679	if not isinstance(self.socket, str):
680	680	pytest.skip(
681		- reason='This test requires a real, externally resolvable '
682		- 'address for the SSH agent socket.'
	681	+ reason="This test requires a real, externally resolvable "
	682	+ "address for the SSH agent socket."
683	683	)
684	684	return self.socket
685	685
686	686
687	687	ALL_KEYS: Mapping[str, SSHTestKey] = {
688		- 'ed25519': SSHTestKey(
	688	+ "ed25519": SSHTestKey(
689	689	private_key=rb"""-----BEGIN OPENSSH PRIVATE KEY-----
690	690	b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
691	691	QyNTUxOQAAACCBeIFoJtYCSF8P/zJIb+TBMIncHGpFBgnpCQ/7whJpdgAAAKDweO7H8Hju
...	...	@@ -731,7 +731,7 @@ idwcakUGCekJD/vCEml2AAAAG3Rlc3Qga2V5IHdpdGhvdXQgcGFzc3BocmFzZQEC
731	731	),
732	732	# Currently only supported by PuTTY (which is deficient in other
733	733	# niceties of the SSH agent and the agent's client).
734		- 'ed448': SSHTestKey(
	734	+ "ed448": SSHTestKey(
735	735	private_key=rb"""-----BEGIN OPENSSH PRIVATE KEY-----
736	736	b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAASgAAAAlz
737	737	c2gtZWQ0NDgAAAA54vZy009Wu8wExjvEb3hqtLz1GO/+d5vmGUbErWQ4AUO9mYLT
...	...	@@ -786,7 +786,7 @@ dGhvdXQgcGFzc3BocmFzZQECAwQFBgcICQ==
786	786	),
787	787	},
788	788	),
789		- 'rsa': SSHTestKey(
	789	+ "rsa": SSHTestKey(
790	790	private_key=rb"""-----BEGIN OPENSSH PRIVATE KEY-----
791	791	b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
792	792	NhAAAAAwEAAQAAAYEAsaHu6Xs4cVsuDSNJlMCqoPVgmDgEviI8TfXmHKqX3JkIqI3LsvV7
...	...	@@ -986,7 +986,7 @@ Bgp6142WnSCQAAABt0ZXN0IGtleSB3aXRob3V0IHBhc3NwaHJhc2UB
986	986	),
987	987	},
988	988	),
989		- 'dsa1024': SSHTestKey(
	989	+ "dsa1024": SSHTestKey(
990	990	private_key=rb"""-----BEGIN OPENSSH PRIVATE KEY-----
991	991	b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABsQAAAAdzc2gtZH
992	992	NzAAAAgQC7KAZXqBGNVLBQPrcMYAoNW54BhD8aIhe7BDWYzJcsaMt72VKSkguZ8+XR7nRa
...	...	@@ -1102,7 +1102,7 @@ u7HfrQhdOiKSa+ZO9AAojbURqrLDRfBJa5dXn2AAAAFQDJHfenj4EJ9WkehpdJatPBlqCW
1102	1102	),
1103	1103	},
1104	1104	),
1105		- 'ecdsa256': SSHTestKey(
	1105	+ "ecdsa256": SSHTestKey(
1106	1106	private_key=rb"""-----BEGIN OPENSSH PRIVATE KEY-----
1107	1107	b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
1108	1108	1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTLbU0zDwsk2Dvp+VYIrsNVf5gWwz2S
...	...	@@ -1173,7 +1173,7 @@ dGhvdXQgcGFzc3BocmFzZQECAwQ=
1173	1173	),
1174	1174	},
1175	1175	),
1176		- 'ecdsa384': SSHTestKey(
	1176	+ "ecdsa384": SSHTestKey(
1177	1177	private_key=rb"""-----BEGIN OPENSSH PRIVATE KEY-----
1178	1178	b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAiAAAABNlY2RzYS
1179	1179	1zaGEyLW5pc3RwMzg0AAAACG5pc3RwMzg0AAAAYQSgkOjkAvq7v5vHuj3KBL4/EAWcn5hZ
...	...	@@ -1254,7 +1254,7 @@ JAu0J3Q+cypZuKQVAAAAMQD5sTy8p+B1cn/DhOmXquui1BcxvASqzzevkBlbQoBa73y04B
1254	1254	),
1255	1255	},
1256