https://git.schokokeks.org/derivepassphrase.git/tree/868aecb5e6e26bfeb489078446b1a97e698b27e5 Recent commits feed provided by GitList. Pageant is a good *fallback* native socket provider, but a bad *preferred* native socket provider, because the address is not configurable. Using `ssh_auth_sock_on_the_annoying_os` as the preferred native socker provider instead allows the user to easily change the agent to talk to by switching out environment variables. https://git.schokokeks.org/derivepassphrase.git/commit/868aecb5e6e26bfeb489078446b1a97e698b27e5 software@the13thletter.info (Marco Ricci) Sun, 18 Jan 2026 14:14:04 +0100 868aecb5e6e26bfeb489078446b1a97e698b27e5 Give heavy-duty tests that involve spawning processes less extensive example counts, because spawning processes is expensive (especially on The Annoying OS), and because Python 3.14+ is defaulting to slow-but-safe process spawning machinery that make these costs much more visible than before. Specifically, we introduce new hypothesis machinery for calculating a good `max_example` count for state machines that involve spawning processes on each state transition. There is currently only one such state machine: `FakeConfigurationMutexStateMachine` from the CLI heavy-duty tests. The example count `n'` for state machines is then `sqrt(10 * n)`, where `n` is the example count for other test types. For the "dev", "default" and "intense" profiles (`n = 10`, `100` and `1000`, respectively), this translates to `n' = 10`, `31` and `100`, respectively. In particular, at "dev" they are identical, and at "intense", state machines have "default" behavior. In preparation for this commit, we noticed that the hypothesis settings profiles were not necessarily defined when the state machines query the settings. Accordingly, we moved the settings profiles setup into the `tests.machinery.hypothesis` package, made it idempotent, and ensured it would be called before accessing the profiles. https://git.schokokeks.org/derivepassphrase.git/commit/644314273a14781b720c5d8434f1db38c2819007 software@the13thletter.info (Marco Ricci) Sat, 17 Jan 2026 19:40:14 +0100 644314273a14781b720c5d8434f1db38c2819007 Parallelize the test suite via the "loadgroup" scheduler, instead of the "worksteal" scheduler. There is currently only one `xtest_group` marker value, so effectively, the scheduler schedules the *marked* tests all to the same worker, and the others in whatever manner. We can thus rely on the marked tests executing serially, and do not need locks to protect them (or their fixture calls) from concurrent access. This eliminates "locking implementations" as both a source of errors and as another group of code that needs debugging, testing, and coverage. (Which was, unfortunately, our experience with the `filelock` package we used to protect non-isolated SSH agents on The Annoying OS during fixture setup and teardown.) As a bonus, because the "loadgroup" scheduler lazily assigns work items as other items are completed, the performance is similar to the "worksteal" scheduler it is replacing. https://git.schokokeks.org/derivepassphrase.git/commit/f31b9a94ba8b10a3c5bc38fb0971bebaa2bc9d60 software@the13thletter.info (Marco Ricci) Sat, 17 Jan 2026 19:00:49 +0100 f31b9a94ba8b10a3c5bc38fb0971bebaa2bc9d60 Some of the missing exclusions are typos. Others are accidental omissions due to writing the code for one platform (POSIX-ish systems) without actually *testing* on that platform, because the main logic is geared towards a different platform (here, The Annoying OS) and was developed there. This especially concerns code that is designed to never be called and which immediately throws an exception upon being called: it is easy to forget the coverage exclusion if the corresponding code path is never actually run. Finally, other exclusions and code refactorings are due to the fact that the static type checking interface for `ctypes` (i.e., the typing stubs from the `typeshed` project) is vastly different for different operating systems. So, type checking code on POSIX-ish systems that uses `ctypes` for The Annoying OS's facilities causes the type checker to complain about *a lot* of undefined symbols that `ctypes` supposedly does not expose. For some commonly-used symbols with many call sites, it is worth defining a dual wrapper/stub function (wrapper for supported OSes, stub for others) to both silence the type checker's complaints about "undefined symbols" and to not sacrifice too much readability. (While the type checker supports branching on the current OS, this drastically increases the number of branches to cover, or alternatively, the number of coverage branch exceptions/exclusions to mark up. We would be trading type checking exclusions for coverage branch exclusions, gaining nothing.) Finally finally, because The Annoying OS uses a very incompatible naming scheme in its standard library, we need many linting exceptions for variable, function and function argument naming. https://git.schokokeks.org/derivepassphrase.git/commit/be6907ee4ee129cd1af0603149c5edad27dcede8 software@the13thletter.info (Marco Ricci) Sun, 04 Jan 2026 22:40:37 +0100 be6907ee4ee129cd1af0603149c5edad27dcede8 If the `executable` passed to the `spawn_named_agent` function is `None`, we now correctly locate the agent in `PATH` using its default name, for all our SSH agent spawning functions. This was advertised to work this way when we introduced SSH agent interfacing functions in the test suite in 3f4b4b35841b8247d1d32fd7f671ad7a0a19d167 and updated the `spawn_named_agent` signature to match in 6340b5a541970c9d00ee653926102657028de309, but was never actually implemented, until now. Prior to 6340b5a541970c9d00ee653926102657028de309, the `executable` argument to `spawn_named_agent` was both a registry key and the basename of the executable to call, to be located in `PATH`. In that scheme, a `None` value meant that there was no external executable to spawn, so the agent-specific spawning functions would return a failure code. In 6340b5a541970c9d00ee653926102657028de309, the interpretation was changed to an "override" path: a string value for `executable` meant "use this path for the executable", a `None` value meant "use the default name, and locate the executable in `PATH`". But the corresponding *logic* for the `None` value case, i.e., searching `PATH`, was never actually implemented. Because none of the standard agent spawning/interfacing function definitions made use of this override mechanism, all SSH agent spawning functions were silently breaking, flatly claiming that the agents were not available even though they actually might have been. Furthermore, because this code refactoring was developed on The Annoying OS, where all current SSH agents are interfaced, not spawned, this failure went completely unnoticed. Now, while double-checking that the new Annoying-OS-specific code also works on POSIX, this misbehavior of the SSH agent spawning logic became apparent again, because on POSIX we *do* have agents that are spawned, not merely interfaced. So reintroduce the logic to locate the (default) executable if the path is not overriden. https://git.schokokeks.org/derivepassphrase.git/commit/05b62672b22853f7c747122b57e45a8a134e9e1a software@the13thletter.info (Marco Ricci) Sun, 04 Jan 2026 22:06:26 +0100 05b62672b22853f7c747122b57e45a8a134e9e1a (... or, as the rest of the world calls it: non-blocking I/O.) We previously avoided using the overlapped I/O interface, for multiple reasons: - It requires C structs which are not already natively wrapped by `ctypes` on The Annoying OS, and are fairly verbose to implement manually. - The notification that the I/O operation has completed requires further types and functions to be wrapped. - The C structs are documented reasonably well, but the bit flags used in this interface are sometimes only given by name, not by value, and thus need to be looked up in actual pre-existing code. However, Pageant also internally uses overlapped I/O, and the behavior observed in 5bcd2c39308880309286a2243e3795833817d1a5 may be due to a mismatch between the I/O channel we see (non-overlapped) and the channel Pageant sees (overlapped). So, for consistency and compatibility, we also use the overlapped I/O interface. https://git.schokokeks.org/derivepassphrase.git/commit/a094d1c97e9516f9ea2035c909991ffd26bb7a50 software@the13thletter.info (Marco Ricci) Sun, 28 Dec 2025 18:53:33 +0100 a094d1c97e9516f9ea2035c909991ffd26bb7a50 The fallback implementation for systems other than The Annoying OS was incomplete. https://git.schokokeks.org/derivepassphrase.git/commit/ec79f73d4234bb94bdfe9fc52ede11a7066c868e software@the13thletter.info (Marco Ricci) Sun, 28 Dec 2025 18:47:21 +0100 ec79f73d4234bb94bdfe9fc52ede11a7066c868e In the `WindowsNamedPipeHandle` constructor, if connecting the named pipe fails with the Windows error 231 (`ERROR_PIPE_BUSY`), retry the operation. (For expected future compatibility, we treat `BlockingIOError` the same way.) This behavior roughly corresponds to how system calls on POSIX should usually be retried if they return with `EINTR`. https://git.schokokeks.org/derivepassphrase.git/commit/0a3017756fcdc4e7959bfee4a5ea6268ef587d88 software@the13thletter.info (Marco Ricci) Sun, 28 Dec 2025 12:05:37 +0100 0a3017756fcdc4e7959bfee4a5ea6268ef587d88 Let any OSError that occurs when opening the named pipe bubble to the top of the test fixture, instead of suppressing it and indicating that the named pipe is unavailable. At the top level, the test fixture can then incorporate the error text into the failure or skip message (which would otherwise be invisible if suppressed further down). https://git.schokokeks.org/derivepassphrase.git/commit/2b5f666c4181f5bf899f3b1712febc2a627ea161 software@the13thletter.info (Marco Ricci) Sat, 27 Dec 2025 18:52:29 +0100 2b5f666c4181f5bf899f3b1712febc2a627ea161 In particular, pay consideration to interfaced agents, not just spawned ones. https://git.schokokeks.org/derivepassphrase.git/commit/ae7169521ae86366c151d34b8ab6cba4855241be software@the13thletter.info (Marco Ricci) Sat, 27 Dec 2025 18:42:06 +0100 ae7169521ae86366c151d34b8ab6cba4855241be