Recent commits to derivepassphrase.git (2ab74a949c7943354c68c198210997ace4d9674e)

Work around non-reentrant SSH agent sockets/clients

2026-02-01T20:38:39+01:00

Mark some tests as needing the ability to construct a second SSH agent
client (on the same socket address) while another one is still
connected.  This works with most agents, except `gpg-agent` on The
Annoying OS when masquerading as OpenSSH's `ssh-agent`.  Presumably,
`gpg-agent` handles the requests with a single thread, non-multiplexed,
and so blocks all other agent clients from progressing.  The symptoms
are blocking during the connect call, then failing with "socket address
not found" immediately once the other client closes its connection.

We address the affected tests by monkeypatching the
`ssh_agent.SSHAgentClient.ensure_agent_subcontext` context manager – the
main way `derivepassphrase` internally interacts with the SSH agent – to
return a singleton agent: the agent provided to the test function (via
a fixture).  We implement this as a machinery function to set up the
environment explicitly, because this functionality hard to set up
usefully as a test fixture: it interferes with testing SSH agent client
constructor failures, and *those* are sometimes implemented as single
`pytest.param`s of a common test function, but the test function cannot
dynamically adapt the set of applicable fixtures to the specific
parametrization.

While specifically designed for use with `gpg-agent` on The Annoying OS,
the interface is general in nature, and can be used with any declared
SSH agent (except the fake agents).  Since this internally works
similarly to the "permitted SSH agents" feature of the test suite, we
generalize the latter slightly to allow implementing the former.
</pre>

Add more coverage exclusion, with commentary

2026-01-28T20:48:27+01:00

</pre>

Report SSH agent socket providers in `--version` output

2026-01-24T23:50:57+01:00

In the output of `derivepassphrase vault --version`, output the list of
supported and the list of unavailable SSH agent socket providers.
Report all aliases as well.  We intend to reuse the names later on in
the user configuration file, so it is important to expose them
somewhere.

To determine whether an entry key is a base name or an alias, we build
a topological sorting over the entry keys, using tools from the standard
library introduced in Python 3.9.  (Older Python versions could be
retrofitted with a backport, if need be.)

Open problem: The topological sorter checks for cycles, but there is
otherwise no deeper error checking yet.  In particular, these entry keys
may be supplied by a malicious third party, but there are no
sanitization checks yet for terminal sequences or similar when
outputting the key during the `--version` call.  How to handle this?
</pre>

Support aliases in `--version` output (item feature lists)

2026-01-24T23:47:54+01:00

Whenever a list of feature items is given during `--version`, such as
"Supported subcommands", support adding a list of aliases to that item
(provided there is no line break in between, the aliases are marked as
such, and neither contain nested aliases nor parentheses).

Document this format somewhat more explicitly in
`tests.test_derivepassphrase_cli.test_all_cli.parse_version_output`, and
provide a more explicit reference parser/tokenizer as well.  That said,
the format is restricted enough to allow other parsers to somewhat
easily be written manually, or via a parser generator.

Though this could principally be used for the subcommands case (as also
used in the test cases for this functionality), the real beneficiary is
a piece of code I intend to commit next.
</pre>

Turn the built in SSH agent socket provider names into an enum

2026-01-24T22:59:24+01:00

This eliminates typos once and for all.  It also makes it really easy to
distinguish third-party socket providers from first-party ones, as the
enum cannot be amended later.  Finally, it centralizes the knowledge for
testing whether the socket provider is functional directly to the enum,
similar to the other version info "feature items".

(In fact, the "master SSH key" vault feature (`Features.SSH_KEY`) can
now delegate the feature support check to the socket provider name
enum.)
</pre>

Fix coverage slipups in SSH agent socket provider implementations

2026-01-24T22:18:05+01:00

</pre>

Rename the socket providers on Windows/The Annoying OS

2026-01-24T21:55:29+01:00

We expect the names to be user-facing soon, as part of the
configuration, choosing which SSH agent socket provider to use.  To that
end, the "The Annoying OS" moniker is a hindrance: nobody is likely to
understand it at a first glance (particularly non-programmers), and
conversely, users looking for configuration options pertaining to
Microsoft Windows will likely miss that socket providers containing the
`the_annoying_os` label are relevant to their query.

Insisting on the moniker thus does our users a huge (and completely
avoidable) disservice.  So, in the interest of clarity, rename the
`the_annoying_os` label parts to `windows`.

Since this makes some labels completely redundant, and since the test
suite is strongly fixated on the default label names, use this
opportunity to clean up the registry and the test suite machinery that
needs mock registries.
</pre>

Rework the documentation concerning SSH agent use

2026-01-21T22:55:28+01:00

</pre>

For interfaced SSH agents in the tests, set SSH_AUTH_SOCK manually

2026-01-18T17:35:34+01:00

Generally, if we have an abstract socket connected to an SSH agent, then
this is sufficient for us to construct a client based on the socket,
and interact with the agent as needed.

However, in the CLI tests, there are situations where we are
orchestrating the whole `derivepassphrase` application, and the
application must connect to the agent itself.  For these situations, we
need to set up the necessary configuration to pass the agent's socket
address to `derivepassphrase`.  For agents merely interfaced in the test
suite, we were not doing such a setup, causing orchestrated
`derivepassphrase` application instances to believe there was no agent
to connect to.

Fix this by (a) exposing the socket address on the socket object,
internal to the spawning/interfacing function, and (b) let interfacing
functions return a pair of socket and socket address, not just the
socket.  (We intend to keep the interface for actually obtaining the
address private to each interfacing function, because not all socket
objects can easily be retrofitted with extra methods to query the socket
address.)

(As a side effect, give the socket providers on The Annoying OS more
specific typing, so that the type checker can verify that the
interfacing functions are accessing the correct attributes and methods
for obtaining the socket address.)
</pre>

Use the "correct" wrong SSH_AUTH_SOCK value

2026-01-18T16:37:36+01:00

Some tests require a wrong SSH_AUTH_SOCK value where no SSH agent can be
listening, but which is nonetheless syntactically valid.  Since Windows
named pipes have a specific address format, syntactically valid but
wrong values look different on The Annoying OS than they look on POSIX.
So fill in wrong values OS-specifically, not generally: on POSIX, we use
what is clearly a directory, and on The Annoying OS, we use the common
pipe name prefix (which is also a directory).
</pre>