Recent commits to derivepassphrase.git (4bfbfa3c9eb2e4a82707289da46fa3665aa24283)

Add small fixes to changelog, docstrings and variable names

2024-12-25T17:15:23+01:00

</pre>

Instruct `coverage` to record the test function for each covered line

2024-12-21T01:02:34+01:00

Enable the standard dynamic context setting `test_function` for
`coverage`.  This is immensely helpful for debugging whether and which
tests trigger or don't trigger a certain branch of code in
a multi-branch block (`if`/`elif`/`else`, `match`/`case` blocks,
dispatch tables, etc.).
</pre>

Fix formatting, some coverage pragmas and some linting rules in tests

2024-12-21T00:57:49+01:00

Aside from formatting fixes, disable the E501/line-too-long and
C419/unnecessary-comprehension-in-call linting rules in tests, where
they hinder debuggability of the tests.  (See embedded comments for full
rationale.)  Furthermore, make `coverage` recognize `@overload` lines
automatically as lines that should not be included in coverage, like
`assert False` and friends.
</pre>

Support exporting the `vault` configuration as a POSIX shell script

2024-12-21T00:23:33+01:00

When exporting `vault` configurations via `--export`, a new option
`--export-as=FORMAT` allows selecting the export format (defaulting to
`json`).  Setting `FORMAT` as `sh` selects the new POSIX shell script
export format, which yields a sh(1)-compatible script to reimport the
existing configuration as a series of calls to the `derivepassphrase`
command.

Because the output is very regular, the test suite also includes an
interpreter specifically for the sh(1) subset emitted during an `sh`
export, on top of the usual adaptations to existing tests for the new
functionality.
</pre>

Allow unsetting settings when configuring `vault`

2024-12-20T17:00:48+01:00

When configuring a `vault` service, or the global settings, a new
configuration option `--unset FIELD` will unset the specified `FIELD`
from the service or global settings prior to and addition to applying
the requested settings changes.  This way, the user can update all
settings on the command-line (except for the "notes") without manually
editing and reimporting a configuration export.  (It is permissible to
only unset settings, without applying any other configuration changes.)
</pre>

Rework `ConfigManagementStateMachine` rules for higher data generation success rates

2024-12-20T15:06:20+01:00

Lower the failure/retry rate for data generation by moving all data
generation into initialization rules and by removing data restrictions
on rule inputs as far as possible, turning the rule effectively into
a no-op if necessary.

The only currently remaining operation with notable retry rate is the
top-level rule selection.
</pre>

Fix empty key handling in `vault` config, and harmonize warning text

2024-12-20T11:39:45+01:00

Correctly handle empty `key` settings in the `vault` configuration: if
at the global level, it is equivalent to eliding the setting, but at the
service level, it explicitly disables key usage (even if a global key is
set).  This implies that both cases need different cleanup steps.

Harmonize the warning message for ineffective passphrases for services:
always include the affected service name.

If during configuration import we find a key shadowing a passphrase,
issue the same ineffective passphrase warning as would happen during
interactive configuration or interactive use.

(The tests need minor modifications and reparametrization to continue to
cover all warning cases.)
</pre>

Rewrite incompatible option checking for more readability

2024-12-19T15:47:42+01:00

</pre>

Document handling of file objects internally in CLI

2024-12-19T15:27:08+01:00

The type hints for `click.open_file` are so broad that our file objects,
intended to be typed as `typing.TextIO`, end up getting typed as
`typing.TextIO | typing.IO[typing.Any]` instead.  Fix this by casting,
explicitly, one level higher.  Also document why no further checks for
readability or writablility are actually performed.
</pre>

Fix hypothesis settings for uninstrumented runs

2024-12-19T15:18:58+01:00

The state machine tests appear to have such slow data generation that
they trigger `hypothesis` health check errors even in uninstrumented
runs (i.e. without a trace function running).
</pre>