https://git.schokokeks.org/derivepassphrase.git/tree/3eabf0cd303c0e2e83a61a7c7835ee66b7fb5acfRecent commits to derivepassphrase.git (3eabf0cd303c0e2e83a61a7c7835ee66b7fb5acf)2024-10-08T11:43:10+02:00tag:gitlist.org,2012:commit/3eabf0cd303c0e2e83a61a7c7835ee66b7fb5acfCentralize settings for hypothesis deadline management2024-10-08T11:43:10+02:00Marco Riccisoftware@the13thletter.info
<pre>Our unit tests run in multiple, very different environments, which leads
to drastically different execution times, up to a slowdown factor of
roughly 40 (test coverage, "timid" Python tracer). The `hypothesis`
library however runs timing checks on each of its tests, indepedent of
the available processing power and coverage instrumentation. As
a result, some benign tests time out under these circumstances
regardless.
In the past, I've raised their execution deadline in an ad-hoc manner
whenever this happens (or fixed the tests, if they weren't so benign).
But instead of littering the test suite with one-time adjustments of
deadlines, a more sensible approach is to use a test decorator that
ensures a common extended deadline for tests that need it, only if they
need it (i.e. run under coverage). So do that. (Sadly, because of how
the settings decorator works, this must be applied function-wise, and
cannot be stacked with other settings decorators.)
Finally, if this deadline extension still doesn't help, then this
usually means we are generating huge or expensive-to-evaluate inputs.
So limit the size of some of the inputs (string length, recursion depth,
size of passphrases to derive) to keep execution times better
constrained.
</pre>
tag:gitlist.org,2012:commit/63053f40ef9487c6ede43eb863bbd9abe578e258Add changelog entry for key/phrase and falsy behavior changes2024-10-08T10:04:11+02:00Marco Riccisoftware@the13thletter.info
<pre>Document the changes in 7d2f2b1bda31ead428d3c009772aaf3d2261d60c and
798ddc103c6c03835394733aeca128b970aacd06 in the changelog.
</pre>
tag:gitlist.org,2012:commit/7d2f2b1bda31ead428d3c009772aaf3d2261d60cAlign behavior with vault concerning falsy values in config2024-10-08T09:32:00+02:00Marco Riccisoftware@the13thletter.info
<pre>The original vault(1) sometimes checks only for falsy values (in the
JavaScript sense) for its configuration settings. `derivepassphrase`
however uses strict type and value checks, and rejects falsy values of
the wrong type. This behavior is a visible deviation from vault(1), and
shall thus be removed.
A new function, `_types.clean_up_falsy_vault_config_values`, normalizes
falsy values in a vault configuration to their correct types, in-place.
Running this on a potential vault configuration and then calling
`_types.is_vault_config` should return the same validity results as
vault(1) does.
The new handling of falsy values invalidates most of the tests for
validation errors, as `None`/`null` was a common way to generate an
invalid setting. Instead, keep a master list of vault configurations
that is used (perhaps filtered first) for all validation tests, and test
the handling of falsy values by generating vault configurations with
falsy value replacements from the master list (a custom `hypothesis`
strategy).
On that note, the existing `_types.validate_vault_config` has proved
rather difficult to keep at 100% coverage with the new example vault
configurations, because some of the error conditions are triggered
elsewhere. Accordingly, instead of treating global and service-specific
settings separately and quasi-duplicating all validation checks, unify
them into a queue of settings dicts to check, only mildly adjusting for
the very few differing keys between them.
GitHub: Closes #17.
</pre>
tag:gitlist.org,2012:commit/798ddc103c6c03835394733aeca128b970aacd06Align behavior with vault concerning key and phrase in config2024-10-05T23:30:07+02:00Marco Riccisoftware@the13thletter.info
<pre>When both a key and a passphrase are specified in the vault
configuration, vault(1) would unconditionally use the key, *unless* the
command-line overrides this choice. `derivepassphrase` however always
gave preference to the most "specific" configuration, and would error
out if both key and passphrase were specified at the same specificity.
While arguably more intuitive, this behavior is a visible deviation from
vault(1), and shall thus be removed.
Besides two instances of the `test_200_is_vault_config` in
`tests.test_derivepassphrase_types`, this also flips the result of
`test_205_service_phrase_if_key_in_global_config` in
`tests.test_derivepassphrase_cli`. Because that flipped version needs
extra mocking infrastructure – the `sign` function – and because that
mock function already exists in another test (but local to that test),
promote that mock function to global and shift it into the top-level
`tests` module.
Since we had to update the imports in `tests` anyway, we also purged
`dpp.vault...` references in `tests.test_derivepassphrase_cli` in favor
of `vault...`.
</pre>
tag:gitlist.org,2012:commit/59082d1f81b629c4be67bdcce2977db289d7c3afTell MkDocs to ignore scriv's changelog snippets2024-10-04T10:55:32+02:00Marco Riccisoftware@the13thletter.info
<pre>The master changelog file is included, of course, but we don't want
MkDocs to bother with the single snippets (rendering them, generating
warnings that they're not part of the navigation tree, etc.).
</pre>
tag:gitlist.org,2012:commit/b0d6fe8ee3208a5c123e546aa931ce06306ad8f6Update required Python version in the README2024-10-03T13:40:52+02:00Marco Riccisoftware@the13thletter.info
<pre>This was forgotten while adding Python 3.9 support.
</pre>
tag:gitlist.org,2012:commit/7bd5c68e2b3448a44f2b0faeb3025e9974ed3fb6Relax hypothesis deadline for another slow-ish test2024-10-03T13:30:36+02:00Marco Riccisoftware@the13thletter.info
<pre>The vault settings validation test keeps timing out on my older
hardware, when running without the C tracer and at moderate power saving
settings. I can only presume it would time out similarly on even
lower-powered hardware, such as a Raspberry Pi.
</pre>
tag:gitlist.org,2012:commit/ba27276a76a263a2d866bc55eca012f927c34877Merge topic branch 'issue15-graceful-af_unix-degredation' into master2024-10-02T20:35:24+02:00Marco Riccisoftware@the13thletter.info
<pre>* t/issue15-graceful-af_unix-degredation:
Fail gracefully if UNIX domain socket support is unavailable
GitHub: Closes #15.
</pre>
tag:gitlist.org,2012:commit/27f9bd183d7b124ddf137b536d1063dd64db3c66Fail gracefully if UNIX domain socket support is unavailable2024-10-02T19:26:30+02:00Marco Riccisoftware@the13thletter.info
<pre>To talk to the SSH agent, we currently require UNIX domain socket
support, but not every Python on every system supports this (notably:
Windows). If we detect such missing support, fail gracefully and with
a useful error message, instead of a technical reason such as
`AttributeError`.
Besides the new failure modes that API consumers will need to handle,
this results in one more observable change: socket objects passed to the
`SSHAgentClient` constructor are now required to be already connected.
The constructor will no longer prepare sockets it didn't create itself
in any way.
This new failure behavior also has consequences for the tests, which so
far have naively assumed UNIX semantics and UNIX domain socket support.
So change the testing machinery to automatically skip any test that
involves constructing a custom SSH agent client *and* expecting that
step to go well. Furthermore, since the "no support" constellation can
be reasonably well simulated even on systems that *do* have UNIX domain
socket support (via pytest's monkeypatching fixture), include explicit
tests on the API and the CLI level for the "no support" constellation,
in any case.
</pre>
tag:gitlist.org,2012:commit/2511d75900a3fddc676ede50f9b5310a6dae8b97Merge topic branch 'support-py39' into master2024-10-02T09:32:06+02:00Marco Riccisoftware@the13thletter.info
<pre>* t/support-py39:
Add changelog entry for Python 3.9 support
Add support for Python 3.9
Accomodate known slow tests in hypothesis deadline
Fix awkward parametrization declaration for SSH agent client tests
</pre>