https://git.schokokeks.org/derivepassphrase.git/tree/20bcd8f960b0655700905e9f20f807de15809188Recent commits to derivepassphrase.git (20bcd8f960b0655700905e9f20f807de15809188)2026-06-13T18:52:55+02:00tag:gitlist.org,2012:commit/20bcd8f960b0655700905e9f20f807de15809188Work around double-response for "query" extension from ssh-agent (OpenSSH 10.3)2026-06-13T18:52:55+02:00Marco Riccisoftware@the13thletter.info
<pre>Detect and work around `ssh-agent` (OpenSSH 10.3 only) responding twice
when answering a "query" extension request: once with the expected
"extension response" or "success" message, and once with an
unexpected/additional empty "success" message. We detect the extra
empty "success" message in a generic and protocol compliant way, and
re-align request-response-pair boundaries for any future requests. From
the agent's perspective, the work-around does a read-only operation and
should not change any permanent agent state, whether there are extra
empty "success" messages or not.
As written, the work-around tests specifically for output from OpenSSH
10.3, but is otherwise agnostic to the "extension response" message
contents and could be easily adapted to trigger for other content
patterns.
</pre>
tag:gitlist.org,2012:commit/ea78e13123d1ce64bf4e02c624497ae6c37a6b3fSplit SSHAgentClient.request in two2026-06-13T16:04:08+02:00Marco Riccisoftware@the13thletter.info
<pre>Factor out the serialization of the request message and the
deserialization of the response message from `SSHAgentClient.request`
into separate helper methods. `SSHAgentClient.request` now only
contains the management of expected response codes, and the raising of
errors if unexpected response codes are received.
While this refactoring was unnecessary so far – requests and responses
were always paired and aligned – the next piece of code I intend to
commit requires handling unpaired responses, and will use only one of
these helper methods.
</pre>
tag:gitlist.org,2012:commit/57e3b1ed832e865e9f9e8316f930b1beae3714f0Turn the SSH agent protocol message numbers into ints2026-06-13T15:56:18+02:00Marco Riccisoftware@the13thletter.info
<pre>The `SSH_AGENT` and `SSH_AGENTC` types now inherit from `int`, because
SSH agent protocol message numbers are 8-bit unsigned integers. This
cuts down on a lot of (previously necessary) type conversion steps
whenever mixed groups of message numbers were involved (e.g. the
`SSHAgentClient.request` `response_code` argument), or when message
numbers needed to be compared with each other (e.g. tests).
</pre>
tag:gitlist.org,2012:commit/6de63ce9751f3988ebd2255e169a4cc9d584c34fFor SSH agent failures, print the raw response text2026-06-13T07:52:46+02:00Marco Riccisoftware@the13thletter.info
<pre>For SSHAgentFailedError, include the raw response text in the error
message. (Escaped, but not trimmed.) The response text is seldom
textual in nature, and discarding non-printable parts of the text turns
out to be much more of a hindrance than a help when debugging unexpected
agent behavior.
</pre>
tag:gitlist.org,2012:commit/bb91119578d2d7e92ff5cb0f5954939a159871b1Merge topic branch 'windows-named-pipes' into master2026-04-23T19:31:54+02:00Marco Riccisoftware@the13thletter.info
<pre>* windows-named-pipes:
Update the release checklist with PERMITTED_SSH_AGENTS and NON_REENTRANT_SSH_AGENTS
</pre>
tag:gitlist.org,2012:commit/4e8568da9db2b4fa4c6a61b9446088f750acb760Merge topic branch 'documentation-todos' into master2026-04-06T08:47:01+02:00Marco Riccisoftware@the13thletter.info
<pre>* documentation-todos:
Document the choice between multiple master SSH keys/passphrases or not
Document how to deal with regular passphrase rotation/rollover
Document how to deal with "unsupported" special characters in derivepassphrase vault
Document the tradeoffs between a master passphrase and a master SSH key
Clean up future documentation ideas
</pre>
tag:gitlist.org,2012:commit/6117ce9fda3a6ec5d686819b8ee7ca5f32bb0dc3Document the choice between multiple master SSH keys/passphrases or not2026-04-05T22:33:26+02:00Marco Riccisoftware@the13thletter.info
<pre>Like the previous three documents, this one too is very preliminary, but
the main points are all present.
</pre>
tag:gitlist.org,2012:commit/3ebc21dca274dbbde24fd9a24349c87a8881d8eaDocument how to deal with regular passphrase rotation/rollover2026-04-05T21:50:47+02:00Marco Riccisoftware@the13thletter.info
<pre>Once more, the quality is "first draft" level, but the main points are
all present.
</pre>
tag:gitlist.org,2012:commit/8777c7b774c03fa27eb2eadd7f45e6330056a563Document how to deal with "unsupported" special characters in derivepassphrase vault2026-04-05T21:02:18+02:00Marco Riccisoftware@the13thletter.info
<pre>Again, somewhat more of a first sketch than finished documentation, but
the main points are present.
</pre>
tag:gitlist.org,2012:commit/ec5e73f33ca72d5c54884eff021e9b9e0abee121Document the tradeoffs between a master passphrase and a master SSH key2026-04-05T19:19:11+02:00Marco Riccisoftware@the13thletter.info
<pre>This is still somewhat a preliminary version, but all the main points
are already present.
The FAQ "Should I use one master SSH key, or many keys?" will be moved
to a new, future document.
</pre>