https://git.schokokeks.org/derivepassphrase.git/tree/20bcd8f960b0655700905e9f20f807de15809188 Recent commits to derivepassphrase.git (20bcd8f960b0655700905e9f20f807de15809188) 2026-06-13T18:52:55+02:00 tag:gitlist.org,2012:commit/20bcd8f960b0655700905e9f20f807de15809188 Work around double-response for "query" extension from ssh-agent (OpenSSH 10.3) 2026-06-13T18:52:55+02:00 Marco Ricci software@the13thletter.info <pre>Detect and work around `ssh-agent` (OpenSSH 10.3 only) responding twice when answering a "query" extension request: once with the expected "extension response" or "success" message, and once with an unexpected/additional empty "success" message. We detect the extra empty "success" message in a generic and protocol compliant way, and re-align request-response-pair boundaries for any future requests. From the agent's perspective, the work-around does a read-only operation and should not change any permanent agent state, whether there are extra empty "success" messages or not. As written, the work-around tests specifically for output from OpenSSH 10.3, but is otherwise agnostic to the "extension response" message contents and could be easily adapted to trigger for other content patterns. &lt;/pre&gt; tag:gitlist.org,2012:commit/ea78e13123d1ce64bf4e02c624497ae6c37a6b3f Split SSHAgentClient.request in two 2026-06-13T16:04:08+02:00 Marco Ricci software@the13thletter.info <pre>Factor out the serialization of the request message and the deserialization of the response message from `SSHAgentClient.request` into separate helper methods. `SSHAgentClient.request` now only contains the management of expected response codes, and the raising of errors if unexpected response codes are received. While this refactoring was unnecessary so far – requests and responses were always paired and aligned – the next piece of code I intend to commit requires handling unpaired responses, and will use only one of these helper methods. &lt;/pre&gt; tag:gitlist.org,2012:commit/57e3b1ed832e865e9f9e8316f930b1beae3714f0 Turn the SSH agent protocol message numbers into ints 2026-06-13T15:56:18+02:00 Marco Ricci software@the13thletter.info <pre>The `SSH_AGENT` and `SSH_AGENTC` types now inherit from `int`, because SSH agent protocol message numbers are 8-bit unsigned integers. This cuts down on a lot of (previously necessary) type conversion steps whenever mixed groups of message numbers were involved (e.g. the `SSHAgentClient.request` `response_code` argument), or when message numbers needed to be compared with each other (e.g. tests). &lt;/pre&gt; tag:gitlist.org,2012:commit/6de63ce9751f3988ebd2255e169a4cc9d584c34f For SSH agent failures, print the raw response text 2026-06-13T07:52:46+02:00 Marco Ricci software@the13thletter.info <pre>For SSHAgentFailedError, include the raw response text in the error message. (Escaped, but not trimmed.) The response text is seldom textual in nature, and discarding non-printable parts of the text turns out to be much more of a hindrance than a help when debugging unexpected agent behavior. &lt;/pre&gt; tag:gitlist.org,2012:commit/bb91119578d2d7e92ff5cb0f5954939a159871b1 Merge topic branch 'windows-named-pipes' into master 2026-04-23T19:31:54+02:00 Marco Ricci software@the13thletter.info <pre>* windows-named-pipes: Update the release checklist with PERMITTED_SSH_AGENTS and NON_REENTRANT_SSH_AGENTS &lt;/pre&gt; tag:gitlist.org,2012:commit/4e8568da9db2b4fa4c6a61b9446088f750acb760 Merge topic branch 'documentation-todos' into master 2026-04-06T08:47:01+02:00 Marco Ricci software@the13thletter.info <pre>* documentation-todos: Document the choice between multiple master SSH keys/passphrases or not Document how to deal with regular passphrase rotation/rollover Document how to deal with "unsupported" special characters in derivepassphrase vault Document the tradeoffs between a master passphrase and a master SSH key Clean up future documentation ideas &lt;/pre&gt; tag:gitlist.org,2012:commit/6117ce9fda3a6ec5d686819b8ee7ca5f32bb0dc3 Document the choice between multiple master SSH keys/passphrases or not 2026-04-05T22:33:26+02:00 Marco Ricci software@the13thletter.info <pre>Like the previous three documents, this one too is very preliminary, but the main points are all present. &lt;/pre&gt; tag:gitlist.org,2012:commit/3ebc21dca274dbbde24fd9a24349c87a8881d8ea Document how to deal with regular passphrase rotation/rollover 2026-04-05T21:50:47+02:00 Marco Ricci software@the13thletter.info <pre>Once more, the quality is "first draft" level, but the main points are all present. &lt;/pre&gt; tag:gitlist.org,2012:commit/8777c7b774c03fa27eb2eadd7f45e6330056a563 Document how to deal with "unsupported" special characters in derivepassphrase vault 2026-04-05T21:02:18+02:00 Marco Ricci software@the13thletter.info <pre>Again, somewhat more of a first sketch than finished documentation, but the main points are present. &lt;/pre&gt; tag:gitlist.org,2012:commit/ec5e73f33ca72d5c54884eff021e9b9e0abee121 Document the tradeoffs between a master passphrase and a master SSH key 2026-04-05T19:19:11+02:00 Marco Ricci software@the13thletter.info <pre>This is still somewhat a preliminary version, but all the main points are already present. The FAQ "Should I use one master SSH key, or many keys?" will be moved to a new, future document. &lt;/pre&gt;