https://git.schokokeks.org/derivepassphrase.git/tree/6340b5a541970c9d00ee653926102657028de309 Recent commits feed provided by GitList. Introduce a proper formal type for SSH agent spawn handlers in the test configuration (as a type-checked named tuple). This alone increases readability by removing the tuple indices (magic numbers) from the code. Also use this opportunity to introduce a real label and an explicit key for each entry, instead of (ab)using the executable name for these purposes. The executable name is no longer usable as a unique key if the SSH agent behaves differently (with respect to spawning) on different operating systems... as is the case for both PuTTY/Pageant and OpenSSH. https://git.schokokeks.org/derivepassphrase.git/commit/6340b5a541970c9d00ee653926102657028de309 software@the13thletter.info (Marco Ricci) Thu, 25 Dec 2025 12:32:59 +0100 6340b5a541970c9d00ee653926102657028de309 All stubbed agents should either be named `stub_agent` or start with `stub_agent_`. Also, the test suite spawns the "stubbed agent with address and with deterministic DSA support" as "the more complicated stub agent", and the "stubbed agent with extensions" as "the plain stubbed agent". The parametrization keys however suggest otherwise, that the choice is between the "stubbed agent with extensions" and the "base stubbed agent". Fix the keys, and the returned `RunningSSHAgentInfo` structure. (The stubbed agent with extensions is the first agent to support specifying the address to connect to, which the test suite realistically needs to manipulate. The base stubbed agent *is* tested directly, however, for all functionality tests of the family of stubbed agents.) https://git.schokokeks.org/derivepassphrase.git/commit/a05c6007808393daae10e75745c5007246cbde24 software@the13thletter.info (Marco Ricci) Thu, 25 Dec 2025 12:31:13 +0100 a05c6007808393daae10e75745c5007246cbde24 Fix some testing edge cases: - When re-registering existing SSH agent socket provider names, we now explicitly ensure that the set of (automatically determined) names is actually non-empty. - Using mangled `SSH_AUTH_SOCK` environment variables for test purposes requires `SSH_AUTH_SOCK` to actually be set. We supply a default name that is also invalid as a (non-directory) filename. Fix some unclear debugging aids: - Mangling `SSH_AUTH_SOCK` is (anecdotally) better at detecting faulty test setups, relative to the "unset `SSH_AUTH_SOCK`" entry (because failures in the latter tend to be silent). So, reorder the parametrizations to prioritize the former one over the latter one. - The SSH agent socket provider system was printing distribution names without checking for `None` distributions. - The `spawn_ssh_agent` fixture was printing exception messages directly, without the exception name, or the concrete parametrization. We now special-case `KeyError` instances (but not subclass instances). Fix other phrasings and formattings: - The skip message for SSH agents excluded via the `PERMITTED_AGENTS` environment variable was not a sentence, and just speaking of "agents", not "SSH agents". https://git.schokokeks.org/derivepassphrase.git/commit/695ca1e5dab18a14c2fbe6d3218b571183f8b08e software@the13thletter.info (Marco Ricci) Thu, 25 Dec 2025 11:34:27 +0100 695ca1e5dab18a14c2fbe6d3218b571183f8b08e https://git.schokokeks.org/derivepassphrase.git/commit/8b57ef157052400d4642f2f878315ba1fde6f483 software@the13thletter.info (Marco Ricci) Wed, 24 Dec 2025 10:37:29 +0100 8b57ef157052400d4642f2f878315ba1fde6f483 Using the `ctypes` module, call into The Annoying OS's system libraries and bind the functions necessary to create, read from/write to, and close handles to existing Windows named pipes. We also bind the functions necessary to compute the pipe name for PuTTY/Pageant, and provide convenience functions to connect to PuTTY/Pageant and to OpenSSH, the de facto main SSH implementations on The Annoying OS. One major design question remains: how to discover the (named pipe address for) the SSH agent to use? Tempting options are using `SSH_AUTH_SOCK` again (whether literally or with special notation), and listing the preferred agent addresses in the user configuration file. For certain "well-known" addresses such as PuTTY/Pageant or OpenSSH, we provide specific SSH agent socket provider registry entries that attempt to connect to the respective agent. Other applications could easily register a custom provider that respects their configuration if the final socket (address) depends on external configuration. It is thus not clear to me if the system needs to be more flexible than it currently is, e.g., if the SSH agent socket provider needs to accept arguments that further configure the address or the connection options to the socket or named pipe. This commit contains no specific test code for this functionality; we leave this to follow-up commits. We provide three SSH agent socket providers, two of which have hardcoded addresses (for PuTTY/Pageant and OpenSSH, respectively). For ease of integration with the existing test suite, *as a temporary measure*, the third provider attempts to use `SSH_AUTH_SOCK` directly as the named pipe's name (which will fail unless specifically prepared). Since many of the symbols are undefined on other operating systems, and because the `ctypes` library relies on dynamically generated attributes and is thus mostly invisible to static analysis tools, much of the code needs type checking exemptions and extraneous explicit (C) casts at the Python level. Additionally, because our stub functions use the same CamelCase naming as The Annoying OS's official documentation does, much of the code also needs linting exceptions for the naming policy. https://git.schokokeks.org/derivepassphrase.git/commit/d675b049fd32c5a652f73467f9462f45ddb1ec89 software@the13thletter.info (Marco Ricci) Wed, 17 Dec 2025 14:14:03 +0100 d675b049fd32c5a652f73467f9462f45ddb1ec89 The formal name for the named pipe facility on The Annoying OS is "Windows named pipe", and this is the name other developers will expect. Thus, for reasons of clarity, we now strictly refer to them as such, i.e., refer to them as "Windows named pipes" and not "The Annoying OS named pipes". Old names still using the "Annoying OS named pipe" moniker have been adapted accordingly; in particular, this includes the former `WarnMsgTemplate.NO_ANNOYING_OS_NAMED_PIPES` symbol. By a similar token, the machine-local network socket mechanism on POSIX systems is formally called "UNIX domain sockets". For reasons of clarity, we now refer to them as such, and not by their C constant name `AF_UNIX` (or "AfUnix", or similar). Old names have been adapted accordingly; in particular, this includes the former `WarnMsgTemplate.NO_AF_UNIX` symbol. https://git.schokokeks.org/derivepassphrase.git/commit/2e65c0e60b06a7608aa1d9110eca09683f6cc46e software@the13thletter.info (Marco Ricci) Wed, 17 Dec 2025 14:04:14 +0100 2e65c0e60b06a7608aa1d9110eca09683f6cc46e * fix-key_to_phrase-missing-callback: Add changelog entry for the `key_to_phrase` missing callback argument fix Add missing `warning_callback` argument to `key_to_phrase` call https://git.schokokeks.org/derivepassphrase.git/commit/4880384a6daf204c5e36dc9467129602099de982 software@the13thletter.info (Marco Ricci) Sat, 13 Dec 2025 15:57:40 +0100 4880384a6daf204c5e36dc9467129602099de982 https://git.schokokeks.org/derivepassphrase.git/commit/eeaf964acf1c64649c26b0a1b46f422d90a7025d software@the13thletter.info (Marco Ricci) Sat, 13 Dec 2025 15:56:49 +0100 eeaf964acf1c64649c26b0a1b46f422d90a7025d The callback parameters in `cli_helpers.key_to_phrase` for handling warning and error messages are now mandatory to specify. All calls in production code and in test code(!) now explicitly handle warnings and errors. Since changing `cli_helpers.key_to_phrase` in 2413d9dc10ede315c295ab7520a19b21d597a668 to support exception groups, the function takes additional callback parameters to do its warning and error handling/reporting. For compatibility reasons, the signature included default values which suppressed warning messages and exited the process on error messages. However, these default values made it too easy to *forget* proper handling of warning and error messages in the new implementation. In particular, two call sites in production code, just several lines apart, had differing warning handling, and the test suite had two major areas where warning handling was completely absent, relying on the "suppressed warning messages" default. All these behaviors were unwanted and wrong, but difficult to spot, because the test code too was wrong. By making the error and warning handling callbacks mandatory to specify and removing the implicit suppression behavior, inadvertent suppression of warning and error messages becomes much more difficult. To further ensure this doesn't happen again accidentally, the tests now also assert that certain expected warning messages are emitted, i.e., that the callback is actually exercised. https://git.schokokeks.org/derivepassphrase.git/commit/79d06d839d033c327f58b965f7413ee151324886 software@the13thletter.info (Marco Ricci) Sat, 13 Dec 2025 15:47:45 +0100 79d06d839d033c327f58b965f7413ee151324886 * modularize-and-refactor-test-machinery: (40 commits) Move the tests for the stubbed SSH agent socket to the machinery tests Add module docstrings for the tests hierarchy. Add a changelog entry for the test suite refactoring Format and lint all files Fix type errors due to click 8.2.0 Fix typing of the dummy vault configuration settings in the constructor Add CPython 3.14 to the list of test environments Fix more broken tests on The Annoying OS Fix broken links in the documentation caused by renaming or splitting modules Split the basic command-line tests, again Fix missing documentation in the test suite Fix some documentation issues with the heavy-duty command-line inteface tests Refactor the heavy-duty command-line interface tests Refactor the "all CLIs" command-line interface tests Refactor the basic command-line interface tests Fix miscellaneous imports, types and hyperlinks in the CLI machinery and tests Refactor the testing machinery tests Refactor the SSH agent tests Refactor the `exporter` tests Refactor the `vault` and `sequin` tests ... https://git.schokokeks.org/derivepassphrase.git/commit/f3e8f02ae7ead012f3054d0cfb8d7450ee6c8728 software@the13thletter.info (Marco Ricci) Sun, 30 Nov 2025 15:06:57 +0100 f3e8f02ae7ead012f3054d0cfb8d7450ee6c8728