Recent commits to derivepassphrase.git (3cf1d6dcec03d2e186c6f77230e2157c9c76c48d)

Use "loadgroup" scheduling in the test suite runner

2026-01-17T19:00:49+01:00

Parallelize the test suite via the "loadgroup" scheduler, instead of the
"worksteal" scheduler.  There is currently only one `xtest_group` marker
value, so effectively, the scheduler schedules the *marked* tests all to
the same worker, and the others in whatever manner.  We can thus rely on
the marked tests executing serially, and do not need locks to protect
them (or their fixture calls) from concurrent access.

This eliminates "locking implementations" as both a source of errors and
as another group of code that needs debugging, testing, and coverage.
(Which was, unfortunately, our experience with the `filelock` package we
used to protect non-isolated SSH agents on The Annoying OS during
fixture setup and teardown.)

As a bonus, because the "loadgroup" scheduler lazily assigns work items
as other items are completed, the performance is similar to the
"worksteal" scheduler it is replacing.
</pre>

Add more coverage and linting exclusions related to Windows named pipes

2026-01-04T22:40:37+01:00

Some of the missing exclusions are typos.

Others are accidental omissions due to writing the code for one platform
(POSIX-ish systems) without actually *testing* on that platform, because
the main logic is geared towards a different platform (here, The
Annoying OS) and was developed there.  This especially concerns code
that is designed to never be called and which immediately throws an
exception upon being called: it is easy to forget the coverage exclusion
if the corresponding code path is never actually run.

Finally, other exclusions and code refactorings are due to the fact that
the static type checking interface for `ctypes` (i.e., the typing stubs
from the `typeshed` project) is vastly different for different operating
systems.  So, type checking code on POSIX-ish systems that uses `ctypes`
for The Annoying OS's facilities causes the type checker to complain
about *a lot* of undefined symbols that `ctypes` supposedly does not
expose.  For some commonly-used symbols with many call sites, it is
worth defining a dual wrapper/stub function (wrapper for supported OSes,
stub for others) to both silence the type checker's complaints about
"undefined symbols" and to not sacrifice too much readability.

(While the type checker supports branching on the current OS, this
drastically increases the number of branches to cover, or alternatively,
the number of coverage branch exceptions/exclusions to mark up.  We
would be trading type checking exclusions for coverage branch
exclusions, gaining nothing.)

Finally finally, because The Annoying OS uses a very incompatible naming
scheme in its standard library, we need many linting exceptions for
variable, function and function argument naming.
</pre>

Fix SSH agent spawning on POSIX in the test suite

2026-01-04T22:06:26+01:00

If the `executable` passed to the `spawn_named_agent` function is
`None`, we now correctly locate the agent in `PATH` using its default
name, for all our SSH agent spawning functions.  This was advertised to
work this way when we introduced SSH agent interfacing functions in the
test suite in 41029a5e6ef04a9870dcaf044b54a26af94260ab and updated the
`spawn_named_agent` signature to match in
6340b5a541970c9d00ee653926102657028de309, but was never actually
implemented, until now.

Prior to 6340b5a541970c9d00ee653926102657028de309, the `executable`
argument to `spawn_named_agent` was both a registry key and the basename
of the executable to call, to be located in `PATH`.  In that scheme,
a `None` value meant that there was no external executable to spawn, so
the agent-specific spawning functions would return a failure code.  In
6340b5a541970c9d00ee653926102657028de309, the interpretation was changed
to an "override" path: a string value for `executable` meant "use this
path for the executable", a `None` value meant "use the default name,
and locate the executable in `PATH`".  But the corresponding *logic* for
the `None` value case, i.e., searching `PATH`, was never actually
implemented.

Because none of the standard agent spawning/interfacing function
definitions made use of this override mechanism, all SSH agent spawning
functions were silently breaking, flatly claiming that the agents were
not available even though they actually might have been.  Furthermore,
because this code refactoring was developed on The Annoying OS, where
all current SSH agents are interfaced, not spawned, this failure went
completely unnoticed.  Now, while double-checking that the new
Annoying-OS-specific code also works on POSIX, this misbehavior of the
SSH agent spawning logic became apparent again, because on POSIX we *do*
have agents that are spawned, not merely interfaced.

So reintroduce the logic to locate the (default) executable if the path
is not overriden.
</pre>

Use "overlapped I/O" for Windows named pipe communication

2025-12-28T18:53:33+01:00

</pre>

Fix the fallback variant of the Windows named pipe handling code

2025-12-28T18:47:21+01:00

The fallback implementation for systems other than The Annoying OS was
incomplete.
</pre>

Retry connecting to a named pipe if the pipe is busy

2025-12-28T12:05:37+01:00

In the `WindowsNamedPipeHandle` constructor, if connecting the named
pipe fails with the Windows error 231 (`ERROR_PIPE_BUSY`), retry the
operation.  (For expected future compatibility, we treat
`BlockingIOError` the same way.)  This behavior roughly corresponds to
how system calls on POSIX should usually be retried if they return with
`EINTR`.
</pre>

Do not suppress OSError when constructing Windows named pipes in test fixtures

2025-12-27T18:52:29+01:00

Let any OSError that occurs when opening the named pipe bubble to the
top of the test fixture, instead of suppressing it and indicating that
the named pipe is unavailable.  At the top level, the test fixture can
then incorporate the error text into the failure or skip message (which
would otherwise be invisible if suppressed further down).
</pre>

In the test suite, correctly calculate if an SSH agent is isolated

2025-12-27T18:42:06+01:00

In particular, pay consideration to interfaced agents, not just spawned ones.
</pre>

Fix recognition of Pageant in the test fixtures

2025-12-27T18:26:50+01:00

When reacting to failures uploading a test key into an agent, both the
agent type `KnownSSHAgent.UNIXPageant` and the type
`KnownSSHAgent.Pageant` should be treated the same.  However, the
`ssh_agent_client_with_loaded_test_keys` only treated the former agent
type specially.  Now it also treats the latter type the same.
</pre>

Unload loaded test keys in the fixture more efficiently

2025-12-27T17:33:06+01:00

Instead of iterating over all test keys and testing whether the agent is
not isolated and the key is a successfully loaded key, first check
whether the agent is isolated or not, *then* iterate over the
successfully loaded key names and extract the relevant test key from the
test key table.  The efficiency per operation is similar, but the
previous setup always iterated the whole test key table unconditionally,
whereas the new setup only iterates the successfully loaded key name set
(fewer entries than the test key table), and only conditionally.
</pre>