https://git.schokokeks.org/derivepassphrase.git/tree/9207fef5eb8663a3246f18239c9b648fbdd3a090 Recent commits feed provided by GitList. Mark some tests as needing the ability to construct a second SSH agent client (on the same socket address) while another one is still connected. This works with most agents, except `gpg-agent` on The Annoying OS when masquerading as OpenSSH's `ssh-agent`. Presumably, `gpg-agent` handles the requests with a single thread, non-multiplexed, and so blocks all other agent clients from progressing. The symptoms are blocking during the connect call, then failing with "socket address not found" immediately once the other client closes its connection. We address the affected tests by monkeypatching the `ssh_agent.SSHAgentClient.ensure_agent_subcontext` context manager – the main way `derivepassphrase` internally interacts with the SSH agent – to return a singleton agent: the agent provided to the test function (via a fixture). We implement this as a machinery function to set up the environment explicitly, because this functionality hard to set up usefully as a test fixture: it interferes with testing SSH agent client constructor failures, and *those* are sometimes implemented as single `pytest.param`s of a common test function, but the test function cannot dynamically adapt the set of applicable fixtures to the specific parametrization. While specifically designed for use with `gpg-agent` on The Annoying OS, the interface is general in nature, and can be used with any declared SSH agent (except the fake agents). Since this internally works similarly to the "permitted SSH agents" feature of the test suite, we generalize the latter slightly to allow implementing the former. https://git.schokokeks.org/derivepassphrase.git/commit/9207fef5eb8663a3246f18239c9b648fbdd3a090 software@the13thletter.info (Marco Ricci) Sun, 01 Feb 2026 20:38:39 +0100 9207fef5eb8663a3246f18239c9b648fbdd3a090 https://git.schokokeks.org/derivepassphrase.git/commit/9d4a186f43ffb9dba80980ed38febd3859ff5b78 software@the13thletter.info (Marco Ricci) Wed, 28 Jan 2026 20:48:27 +0100 9d4a186f43ffb9dba80980ed38febd3859ff5b78 In the output of `derivepassphrase vault --version`, output the list of supported and the list of unavailable SSH agent socket providers. Report all aliases as well. We intend to reuse the names later on in the user configuration file, so it is important to expose them somewhere. To determine whether an entry key is a base name or an alias, we build a topological sorting over the entry keys, using tools from the standard library introduced in Python 3.9. (Older Python versions could be retrofitted with a backport, if need be.) Open problem: The topological sorter checks for cycles, but there is otherwise no deeper error checking yet. In particular, these entry keys may be supplied by a malicious third party, but there are no sanitization checks yet for terminal sequences or similar when outputting the key during the `--version` call. How to handle this? https://git.schokokeks.org/derivepassphrase.git/commit/598c2ba6e3c4a162236535d613a6b6ec1c8b1dcc software@the13thletter.info (Marco Ricci) Sat, 24 Jan 2026 23:50:57 +0100 598c2ba6e3c4a162236535d613a6b6ec1c8b1dcc Whenever a list of feature items is given during `--version`, such as "Supported subcommands", support adding a list of aliases to that item (provided there is no line break in between, the aliases are marked as such, and neither contain nested aliases nor parentheses). Document this format somewhat more explicitly in `tests.test_derivepassphrase_cli.test_all_cli.parse_version_output`, and provide a more explicit reference parser/tokenizer as well. That said, the format is restricted enough to allow other parsers to somewhat easily be written manually, or via a parser generator. Though this could principally be used for the subcommands case (as also used in the test cases for this functionality), the real beneficiary is a piece of code I intend to commit next. https://git.schokokeks.org/derivepassphrase.git/commit/13f516c49b2cfabcaff8384f91d14e9d6c148646 software@the13thletter.info (Marco Ricci) Sat, 24 Jan 2026 23:47:54 +0100 13f516c49b2cfabcaff8384f91d14e9d6c148646 This eliminates typos once and for all. It also makes it really easy to distinguish third-party socket providers from first-party ones, as the enum cannot be amended later. Finally, it centralizes the knowledge for testing whether the socket provider is functional directly to the enum, similar to the other version info "feature items". (In fact, the "master SSH key" vault feature (`Features.SSH_KEY`) can now delegate the feature support check to the socket provider name enum.) https://git.schokokeks.org/derivepassphrase.git/commit/640fb5cba54e3f63a776f93cf14425237b5ff621 software@the13thletter.info (Marco Ricci) Sat, 24 Jan 2026 22:59:24 +0100 640fb5cba54e3f63a776f93cf14425237b5ff621 https://git.schokokeks.org/derivepassphrase.git/commit/0a81704eabd281f1b550bbaf5424feded03deeb2 software@the13thletter.info (Marco Ricci) Sat, 24 Jan 2026 22:18:05 +0100 0a81704eabd281f1b550bbaf5424feded03deeb2 We expect the names to be user-facing soon, as part of the configuration, choosing which SSH agent socket provider to use. To that end, the "The Annoying OS" moniker is a hindrance: nobody is likely to understand it at a first glance (particularly non-programmers), and conversely, users looking for configuration options pertaining to Microsoft Windows will likely miss that socket providers containing the `the_annoying_os` label are relevant to their query. Insisting on the moniker thus does our users a huge (and completely avoidable) disservice. So, in the interest of clarity, rename the `the_annoying_os` label parts to `windows`. Since this makes some labels completely redundant, and since the test suite is strongly fixated on the default label names, use this opportunity to clean up the registry and the test suite machinery that needs mock registries. https://git.schokokeks.org/derivepassphrase.git/commit/c641e8ae46619f58aa85c3e5815a8a12cbedaf1a software@the13thletter.info (Marco Ricci) Sat, 24 Jan 2026 21:55:29 +0100 c641e8ae46619f58aa85c3e5815a8a12cbedaf1a https://git.schokokeks.org/derivepassphrase.git/commit/eaa925389b8dbe644823fe77116a1edf844870f5 software@the13thletter.info (Marco Ricci) Wed, 21 Jan 2026 22:55:28 +0100 eaa925389b8dbe644823fe77116a1edf844870f5 Generally, if we have an abstract socket connected to an SSH agent, then this is sufficient for us to construct a client based on the socket, and interact with the agent as needed. However, in the CLI tests, there are situations where we are orchestrating the whole `derivepassphrase` application, and the application must connect to the agent itself. For these situations, we need to set up the necessary configuration to pass the agent's socket address to `derivepassphrase`. For agents merely interfaced in the test suite, we were not doing such a setup, causing orchestrated `derivepassphrase` application instances to believe there was no agent to connect to. Fix this by (a) exposing the socket address on the socket object, internal to the spawning/interfacing function, and (b) let interfacing functions return a pair of socket and socket address, not just the socket. (We intend to keep the interface for actually obtaining the address private to each interfacing function, because not all socket objects can easily be retrofitted with extra methods to query the socket address.) (As a side effect, give the socket providers on The Annoying OS more specific typing, so that the type checker can verify that the interfacing functions are accessing the correct attributes and methods for obtaining the socket address.) https://git.schokokeks.org/derivepassphrase.git/commit/0393fa2adc5818edd9b9f99eb9bc308eb8cd066e software@the13thletter.info (Marco Ricci) Sun, 18 Jan 2026 17:35:34 +0100 0393fa2adc5818edd9b9f99eb9bc308eb8cd066e Some tests require a wrong SSH_AUTH_SOCK value where no SSH agent can be listening, but which is nonetheless syntactically valid. Since Windows named pipes have a specific address format, syntactically valid but wrong values look different on The Annoying OS than they look on POSIX. So fill in wrong values OS-specifically, not generally: on POSIX, we use what is clearly a directory, and on The Annoying OS, we use the common pipe name prefix (which is also a directory). https://git.schokokeks.org/derivepassphrase.git/commit/6941e00680b380839a5b2c05783a8240ac5b77c1 software@the13thletter.info (Marco Ricci) Sun, 18 Jan 2026 16:37:36 +0100 6941e00680b380839a5b2c05783a8240ac5b77c1