https://git.schokokeks.org/derivepassphrase.git/tree/0166a2edbd9c81df63e2d9fd5c057212d4ce6b45Recent commits to derivepassphrase.git (0166a2edbd9c81df63e2d9fd5c057212d4ce6b45)2026-06-13T18:52:55+02:00tag:gitlist.org,2012:commit/0166a2edbd9c81df63e2d9fd5c057212d4ce6b45Allow testing for mismatched SSH agent communication2026-06-13T18:52:55+02:00Marco Riccisoftware@the13thletter.info
<pre>Generalize the mocked SSH agent machinery for simulating error responses
slightly, so that instead of passing one-to-one request/response pairs,
we pass one-to-many request/list-of-responses pairs. Responses are kept
on a queue, and the machinery asserts that the queue is empty at the end
of the interaction.
This new flexibility is not yet required anywhere, but will be used in
the next commit.
</pre>
tag:gitlist.org,2012:commit/20bcd8f960b0655700905e9f20f807de15809188Work around double-response for "query" extension from ssh-agent (OpenSSH 10.3)2026-06-13T18:52:55+02:00Marco Riccisoftware@the13thletter.info
<pre>Detect and work around `ssh-agent` (OpenSSH 10.3 only) responding twice
when answering a "query" extension request: once with the expected
"extension response" or "success" message, and once with an
unexpected/additional empty "success" message. We detect the extra
empty "success" message in a generic and protocol compliant way, and
re-align request-response-pair boundaries for any future requests. From
the agent's perspective, the work-around does a read-only operation and
should not change any permanent agent state, whether there are extra
empty "success" messages or not.
As written, the work-around tests specifically for output from OpenSSH
10.3, but is otherwise agnostic to the "extension response" message
contents and could be easily adapted to trigger for other content
patterns.
</pre>
tag:gitlist.org,2012:commit/ea78e13123d1ce64bf4e02c624497ae6c37a6b3fSplit SSHAgentClient.request in two2026-06-13T16:04:08+02:00Marco Riccisoftware@the13thletter.info
<pre>Factor out the serialization of the request message and the
deserialization of the response message from `SSHAgentClient.request`
into separate helper methods. `SSHAgentClient.request` now only
contains the management of expected response codes, and the raising of
errors if unexpected response codes are received.
While this refactoring was unnecessary so far – requests and responses
were always paired and aligned – the next piece of code I intend to
commit requires handling unpaired responses, and will use only one of
these helper methods.
</pre>
tag:gitlist.org,2012:commit/57e3b1ed832e865e9f9e8316f930b1beae3714f0Turn the SSH agent protocol message numbers into ints2026-06-13T15:56:18+02:00Marco Riccisoftware@the13thletter.info
<pre>The `SSH_AGENT` and `SSH_AGENTC` types now inherit from `int`, because
SSH agent protocol message numbers are 8-bit unsigned integers. This
cuts down on a lot of (previously necessary) type conversion steps
whenever mixed groups of message numbers were involved (e.g. the
`SSHAgentClient.request` `response_code` argument), or when message
numbers needed to be compared with each other (e.g. tests).
</pre>
tag:gitlist.org,2012:commit/6de63ce9751f3988ebd2255e169a4cc9d584c34fFor SSH agent failures, print the raw response text2026-06-13T07:52:46+02:00Marco Riccisoftware@the13thletter.info
<pre>For SSHAgentFailedError, include the raw response text in the error
message. (Escaped, but not trimmed.) The response text is seldom
textual in nature, and discarding non-printable parts of the text turns
out to be much more of a hindrance than a help when debugging unexpected
agent behavior.
</pre>
tag:gitlist.org,2012:commit/bb91119578d2d7e92ff5cb0f5954939a159871b1Merge topic branch 'windows-named-pipes' into master2026-04-23T19:31:54+02:00Marco Riccisoftware@the13thletter.info
<pre>* windows-named-pipes:
Update the release checklist with PERMITTED_SSH_AGENTS and NON_REENTRANT_SSH_AGENTS
</pre>
tag:gitlist.org,2012:commit/4e8568da9db2b4fa4c6a61b9446088f750acb760Merge topic branch 'documentation-todos' into master2026-04-06T08:47:01+02:00Marco Riccisoftware@the13thletter.info
<pre>* documentation-todos:
Document the choice between multiple master SSH keys/passphrases or not
Document how to deal with regular passphrase rotation/rollover
Document how to deal with "unsupported" special characters in derivepassphrase vault
Document the tradeoffs between a master passphrase and a master SSH key
Clean up future documentation ideas
</pre>
tag:gitlist.org,2012:commit/6117ce9fda3a6ec5d686819b8ee7ca5f32bb0dc3Document the choice between multiple master SSH keys/passphrases or not2026-04-05T22:33:26+02:00Marco Riccisoftware@the13thletter.info
<pre>Like the previous three documents, this one too is very preliminary, but
the main points are all present.
</pre>
tag:gitlist.org,2012:commit/3ebc21dca274dbbde24fd9a24349c87a8881d8eaDocument how to deal with regular passphrase rotation/rollover2026-04-05T21:50:47+02:00Marco Riccisoftware@the13thletter.info
<pre>Once more, the quality is "first draft" level, but the main points are
all present.
</pre>
tag:gitlist.org,2012:commit/8777c7b774c03fa27eb2eadd7f45e6330056a563Document how to deal with "unsupported" special characters in derivepassphrase vault2026-04-05T21:02:18+02:00Marco Riccisoftware@the13thletter.info
<pre>Again, somewhat more of a first sketch than finished documentation, but
the main points are present.
</pre>