Recent commits to derivepassphrase.git (4bfe78dfbae036695c68fbe80bb060c926a80d1c)

Split the "test key loading" fixture function

2025-12-27T15:09:33+01:00

Extract the `_prepare_payload` and the `_load_keys_optimistically`
helper functions from the `ssh_agent_client_with_test_keys_loaded`
fixture function.

The `_load_keys_optimistically` helper function needs further
refactoring into a per-key function, not a per-keyset function; to be
added in a following commit.
</pre>

Prepare the splitting of the "test key loading" fixture function

2025-12-27T14:57:17+01:00

The `ssh_agent_client_with_test_keys_loaded` fixture function is due to
be split, moving the upload bits and the `prepare_payload` function to
new top-level helper functions.  Rename the `prepare_payload` function,
and add parameter definitions so that the extracted functions will make
immediate sense.
</pre>

Add debugging attributes to `ssh_agent.TrailingDataError`

2025-12-27T14:43:35+01:00

The old implementation did not record *which* trailing data we were
seeing, on the grounds that well-behaved SSH agents would not send any
trailing data anyway (i.e., that this error condition was a failsafe).
However, while implementing Windows named pipe support, I observed
Pageant sporadically returning malformed responses that trigger this
error.  Without actually recording the trailing data, it is hard to
understand whether this is Pageant's fault (unlikely) or ours (more
likely), and specifically, whether we're implementing the protocol
incorrectly (unlikely), or rather the communication channel (much more
likely).  So the `TrailingDataError` class now optionally records the
actual raw response and the trailing data portion that caused the error,
to aid debugging.
</pre>

Reparametrize the `socketprovider.SocketProvider.register` decorator

2025-12-26T12:25:39+01:00

Use parametric types to allow better introspection into decorated
classes.
</pre>

Update the documentation on SSH agent support on Windows

2025-12-25T23:37:49+01:00

The how-to "How to set up derivepassphrase vault with an SSH key" and
the reference documentation "Prerequisites for using derivepassphrase
vault with an SSH key" include new sections on Pageant and OpenSSH on
Windows.  For the latter, the "prerequisites" document also includes
information on the deficiencies of the Windows port of OpenSSH, i.e.,
that the connection is aborted upon receiving unsupported requests (in
violation of the communication protocol) and that the port lacks the
features which normally distinguish OpenSSH from Pageant.

We also expand the section on GnuPG's OpenSSH emulation on Windows in
the "prerequisites" document: that the mode is untested because the
documentation is wrong, and that we're now waiting for feedback from the
GnuPG developers.
</pre>

Reformat some documentation to one-sentence-per-line

2025-12-25T16:51:03+01:00

</pre>

Use relative imports in conftest.py

2025-12-25T16:25:15+01:00

</pre>

Sanity-test the returned agent client with loaded test keys

2025-12-25T14:44:46+01:00

Add sanity checks for the constructed agent client with optimistically
loaded test keys.  The docstring asserts that the test fixture will skip
if no keys can be loaded, but that wasn't the case.  Furthermore, while
there is little point in sanity testing the client when it is first
received (from a different fixture, which does its own sanity checks),
it makes sense to sanity-test the client *after* attempting to load all
those test keys into the agent, because certain misbehaved agents
terminate upon encountering unsupported key formats (see inline
commentary), rendering the client non-functional.

However, do not check whether the stubbed test agent can load the test
keys.  The stubbed test agent accesses the test keys directly, and only
the test keys; whether the "load keys" operation succeeds or not is
completely irrelevant.  There is also little point in actually
implementing the load operation: it is just more code that needs
coverage, and dedicated tests.
</pre>

Introduce SSH agent interfacing on The Annoying OS in the test suite

2025-12-25T14:33:08+01:00

Introduce SSH agent spawning functions that interface with running SSH
agents on The Annoying OS.  Also officially activate interfacing with
the system SSH agent on The Annoying OS, now that there are working SSH
agent socket providers on The Annoying OS that do not require UNIX
domain socket support.  Because the socket provider registry drastically
changed shape since d675b049fd32c5a652f73467f9462f45ddb1ec89, also
update the tests referencing registry entries to use the correct
non-alias base entry, if needed.

The two most common agents on The Annoying OS, PuTTY/Pageant and OpenSSH
on Windows, do not support session- or subshell-scoped spawning as they
do on UNIX.  So technically, these new "spawning" functions are actually
"interfacing" functions.  Introduce a matching type
`SSHAgentInterfaceFunc` for these functions, as aluded to in a previous
commit.  Because the type does not return a process object, consumers of
`SSHAgentSpawnFunc | SSHAgentInterfaceFunc` need to be adapted
accordingly, leading to a couple of code changes.
</pre>

Move the dependent SSH agent spawn handler table closer to the original one

2025-12-25T14:13:42+01:00

In the testing machinery, move the "SSH agent spawn handler params"
table, closer to the "SSH agent spawn handlers" table.  The former is
used as a parametrization set for some pytest fixtures, and is further
filtered by both environment variables as well as pytest marks.  Keeping
these two tables closer together makes it easier to debug the SSH agent
spawning machinery.
</pre>