https://git.schokokeks.org/derivepassphrase.git/tree/0d071d0ac2663006f7c5dff2f337e3e91d636fd4 Recent commits feed provided by GitList. The SSH agent socket provider, by contract, must raise `NotImplementedError` (or a subclass) if and only if the socket can never be successfully constructed, on principle. Conversely, if the socket provider raises any other kind of error, then the socket *could* be constructed on this system, principally. In the specific case of Windows named pipes whose address is named by the `SSH_AUTH_SOCK` environment variable, it is a programming error to first check the environment variable value, allowing `KeyError` or `ValueError` to bubble through to the caller, and only afterwards during construction of the named pipe realize that there is no support. https://git.schokokeks.org/derivepassphrase.git/commit/0d071d0ac2663006f7c5dff2f337e3e91d636fd4 software@the13thletter.info (Marco Ricci) Sun, 18 Jan 2026 15:42:53 +0100 0d071d0ac2663006f7c5dff2f337e3e91d636fd4 https://git.schokokeks.org/derivepassphrase.git/commit/561a479916d0cea8312ce0aee02889bd5297107f software@the13thletter.info (Marco Ricci) Sun, 18 Jan 2026 14:38:27 +0100 561a479916d0cea8312ce0aee02889bd5297107f When registering auto-detected new socket providers, registration should fail if two different providers try to register the same alias. The test suite originally contained a test case for this, but it used the "posix" and "the_annoying_os" names as base names, which were changed to aliases in 41029a5e6ef04a9870dcaf044b54a26af94260ab. Thus, the test *actually* attempted to register something that was previously an alias as a new base name. This was also an error (still is), and it used the same error message, so the test continued to pass. But it was then exercising a different code branch, and thus the original code branch was effectively lacking a dedicated test. We fix this by resolving the now-aliased entry to its actual base name. https://git.schokokeks.org/derivepassphrase.git/commit/5ade48e3fcfe03b9fdb2651e80a08a9360ccbc0c software@the13thletter.info (Marco Ricci) Sun, 18 Jan 2026 14:25:44 +0100 5ade48e3fcfe03b9fdb2651e80a08a9360ccbc0c Set the coverage settings to record relative paths, instead of absolute ones, so that when combining coverage files from different OSes, the paths merge cleanly. https://git.schokokeks.org/derivepassphrase.git/commit/f1653ee4bd35f594c1dadc54d7413c7a5233db5d software@the13thletter.info (Marco Ricci) Sun, 18 Jan 2026 14:23:57 +0100 f1653ee4bd35f594c1dadc54d7413c7a5233db5d Pageant is a good *fallback* native socket provider, but a bad *preferred* native socket provider, because the address is not configurable. Using `ssh_auth_sock_on_the_annoying_os` as the preferred native socker provider instead allows the user to easily change the agent to talk to by switching out environment variables. https://git.schokokeks.org/derivepassphrase.git/commit/7a5b6f099399315c35113a963906077788d8fd36 software@the13thletter.info (Marco Ricci) Sun, 18 Jan 2026 14:14:04 +0100 7a5b6f099399315c35113a963906077788d8fd36 Give heavy-duty tests that involve spawning processes less extensive example counts, because spawning processes is expensive (especially on The Annoying OS), and because Python 3.14+ is defaulting to slow-but-safe process spawning machinery that make these costs much more visible than before. Specifically, we introduce new hypothesis machinery for calculating a good `max_example` count for state machines that involve spawning processes on each state transition. There is currently only one such state machine: `FakeConfigurationMutexStateMachine` from the CLI heavy-duty tests. The example count `n'` for state machines is then `sqrt(10 * n)`, where `n` is the example count for other test types. For the "dev", "default" and "intense" profiles (`n = 10`, `100` and `1000`, respectively), this translates to `n' = 10`, `31` and `100`, respectively. In particular, at "dev" they are identical, and at "intense", state machines have "default" behavior. In preparation for this commit, we noticed that the hypothesis settings profiles were not necessarily defined when the state machines query the settings. Accordingly, we moved the settings profiles setup into the `tests.machinery.hypothesis` package, made it idempotent, and ensured it would be called before accessing the profiles. https://git.schokokeks.org/derivepassphrase.git/commit/d89c86a3394b8711b555725cda8031ba15fddd99 software@the13thletter.info (Marco Ricci) Sat, 17 Jan 2026 19:40:14 +0100 d89c86a3394b8711b555725cda8031ba15fddd99 Parallelize the test suite via the "loadgroup" scheduler, instead of the "worksteal" scheduler. There is currently only one `xtest_group` marker value, so effectively, the scheduler schedules the *marked* tests all to the same worker, and the others in whatever manner. We can thus rely on the marked tests executing serially, and do not need locks to protect them (or their fixture calls) from concurrent access. This eliminates "locking implementations" as both a source of errors and as another group of code that needs debugging, testing, and coverage. (Which was, unfortunately, our experience with the `filelock` package we used to protect non-isolated SSH agents on The Annoying OS during fixture setup and teardown.) As a bonus, because the "loadgroup" scheduler lazily assigns work items as other items are completed, the performance is similar to the "worksteal" scheduler it is replacing. https://git.schokokeks.org/derivepassphrase.git/commit/3cf1d6dcec03d2e186c6f77230e2157c9c76c48d software@the13thletter.info (Marco Ricci) Sat, 17 Jan 2026 19:00:49 +0100 3cf1d6dcec03d2e186c6f77230e2157c9c76c48d Some of the missing exclusions are typos. Others are accidental omissions due to writing the code for one platform (POSIX-ish systems) without actually *testing* on that platform, because the main logic is geared towards a different platform (here, The Annoying OS) and was developed there. This especially concerns code that is designed to never be called and which immediately throws an exception upon being called: it is easy to forget the coverage exclusion if the corresponding code path is never actually run. Finally, other exclusions and code refactorings are due to the fact that the static type checking interface for `ctypes` (i.e., the typing stubs from the `typeshed` project) is vastly different for different operating systems. So, type checking code on POSIX-ish systems that uses `ctypes` for The Annoying OS's facilities causes the type checker to complain about *a lot* of undefined symbols that `ctypes` supposedly does not expose. For some commonly-used symbols with many call sites, it is worth defining a dual wrapper/stub function (wrapper for supported OSes, stub for others) to both silence the type checker's complaints about "undefined symbols" and to not sacrifice too much readability. (While the type checker supports branching on the current OS, this drastically increases the number of branches to cover, or alternatively, the number of coverage branch exceptions/exclusions to mark up. We would be trading type checking exclusions for coverage branch exclusions, gaining nothing.) Finally finally, because The Annoying OS uses a very incompatible naming scheme in its standard library, we need many linting exceptions for variable, function and function argument naming. https://git.schokokeks.org/derivepassphrase.git/commit/dcfe53e7de00532eb56cfea5b429b91ff97dac32 software@the13thletter.info (Marco Ricci) Sun, 04 Jan 2026 22:40:37 +0100 dcfe53e7de00532eb56cfea5b429b91ff97dac32 If the `executable` passed to the `spawn_named_agent` function is `None`, we now correctly locate the agent in `PATH` using its default name, for all our SSH agent spawning functions. This was advertised to work this way when we introduced SSH agent interfacing functions in the test suite in 41029a5e6ef04a9870dcaf044b54a26af94260ab and updated the `spawn_named_agent` signature to match in 6340b5a541970c9d00ee653926102657028de309, but was never actually implemented, until now. Prior to 6340b5a541970c9d00ee653926102657028de309, the `executable` argument to `spawn_named_agent` was both a registry key and the basename of the executable to call, to be located in `PATH`. In that scheme, a `None` value meant that there was no external executable to spawn, so the agent-specific spawning functions would return a failure code. In 6340b5a541970c9d00ee653926102657028de309, the interpretation was changed to an "override" path: a string value for `executable` meant "use this path for the executable", a `None` value meant "use the default name, and locate the executable in `PATH`". But the corresponding *logic* for the `None` value case, i.e., searching `PATH`, was never actually implemented. Because none of the standard agent spawning/interfacing function definitions made use of this override mechanism, all SSH agent spawning functions were silently breaking, flatly claiming that the agents were not available even though they actually might have been. Furthermore, because this code refactoring was developed on The Annoying OS, where all current SSH agents are interfaced, not spawned, this failure went completely unnoticed. Now, while double-checking that the new Annoying-OS-specific code also works on POSIX, this misbehavior of the SSH agent spawning logic became apparent again, because on POSIX we *do* have agents that are spawned, not merely interfaced. So reintroduce the logic to locate the (default) executable if the path is not overriden. https://git.schokokeks.org/derivepassphrase.git/commit/acf65003ef9c94345cb56a65f96d0e3cd427a62c software@the13thletter.info (Marco Ricci) Sun, 04 Jan 2026 22:06:26 +0100 acf65003ef9c94345cb56a65f96d0e3cd427a62c https://git.schokokeks.org/derivepassphrase.git/commit/58bf123a7361c367d7aff10a9ad15abfe3284d27 software@the13thletter.info (Marco Ricci) Sun, 28 Dec 2025 18:53:33 +0100 58bf123a7361c367d7aff10a9ad15abfe3284d27