https://git.schokokeks.org/derivepassphrase.git/tree/9a57adad751024ff6d3c98ef2050b26a73f0e30f Recent commits feed provided by GitList. Includes the "master password" or "spectre" derivation scheme and some tool functionality I've originally implemented as wrapper scripts around `vault` (load SSH key, decrypt notes, generate TOTPs from config in notes, and auto-run/wait for runit services). Also includes the two how-tos (supported/unsupported special characters, passphrase rotation) from the basic setup (passphrase) tutorial, FAQs for the misnamed `--repeat` option and the SSH agent on Windows, and new helper subcommands for making the previous two how-tos less painful. On that note, this TODO list no longer deals solely with future documentation, and so needs to be retitled and to recategorize its contents. https://git.schokokeks.org/derivepassphrase.git/commit/9a57adad751024ff6d3c98ef2050b26a73f0e30f software@the13thletter.info (Marco Ricci) Fri, 18 Oct 2024 13:26:04 +0200 9a57adad751024ff6d3c98ef2050b26a73f0e30f https://git.schokokeks.org/derivepassphrase.git/commit/45eff8af9e70bed2b828f75111f5517bd9587db0 software@the13thletter.info (Marco Ricci) Wed, 16 Oct 2024 17:33:28 +0200 45eff8af9e70bed2b828f75111f5517bd9587db0 https://git.schokokeks.org/derivepassphrase.git/commit/38696145b173f7194217caacf15bd28d4b15d40b software@the13thletter.info (Marco Ricci) Wed, 16 Oct 2024 00:43:03 +0200 38696145b173f7194217caacf15bd28d4b15d40b Fix typos and outdated command output. Add a (hidden by default) short explanation, mnemonic and examples for the `--repeat` option, which actually denotes maximum consecutive occurrence, not additional allowed repetitions. https://git.schokokeks.org/derivepassphrase.git/commit/23abeb72fb91e2ead0bb029138fd68d0fdf23e9c software@the13thletter.info (Marco Ricci) Wed, 16 Oct 2024 00:29:21 +0200 23abeb72fb91e2ead0bb029138fd68d0fdf23e9c https://git.schokokeks.org/derivepassphrase.git/commit/71c3866eef5deae63ad66f0100c5bf294917a749 software@the13thletter.info (Marco Ricci) Tue, 15 Oct 2024 13:46:21 +0200 71c3866eef5deae63ad66f0100c5bf294917a749 * t/vault-config-amending: Add changelog entry summarizing new warnings emitted Add changelog entry for the new amending/merging config import behavior Warn the user upon supplying an empty service name Add a stateful hypothesis test for config importing and merging Fix missing consideration of key and phrase both being specified Fix clean up of falsy "length" and "repeat" settings Correctly model vault global and service settings Move vault service config generation to top-level tests module Align behavior with vault concerning config imports GitHub: Closes #16. https://git.schokokeks.org/derivepassphrase.git/commit/7d6ac080e84b06a116063b3cfec9c40620242b94 software@the13thletter.info (Marco Ricci) Tue, 15 Oct 2024 13:16:27 +0200 7d6ac080e84b06a116063b3cfec9c40620242b94 https://git.schokokeks.org/derivepassphrase.git/commit/e6710afcce476a8b4301ce49846b44fd6cf714f2 software@the13thletter.info (Marco Ricci) Tue, 15 Oct 2024 13:15:38 +0200 e6710afcce476a8b4301ce49846b44fd6cf714f2 https://git.schokokeks.org/derivepassphrase.git/commit/16068a30b5fbbeb0b8624c52ac664911b24b83f4 software@the13thletter.info (Marco Ricci) Tue, 15 Oct 2024 13:07:09 +0200 16068a30b5fbbeb0b8624c52ac664911b24b83f4 The `derivepassphrase` command-line largely, and vault(1) completely, treats an empty service name the same as if no service name had been supplied, switching over to global operation instead of service-specific operation (or erroring out in case a service must be given). For `derivepassphrase`, this is mostly a user interface issue – the underlying machinery supports empty service names –, but kept for compatibility with vault(1). However, this is very easy to diagnose, and the user would benefit from seeing a warning about a seemingly omitted service name. So do that, and issue a warning upon encountering an empty service name on the command-line or in an imported configuration. (The warning message changes slightly in each case.) Also, add explicit tests for these two scenarios that trigger the warning. https://git.schokokeks.org/derivepassphrase.git/commit/c1bf00eadd1bf733ac25a25eafbe110d61936c54 software@the13thletter.info (Marco Ricci) Tue, 15 Oct 2024 12:47:49 +0200 c1bf00eadd1bf733ac25a25eafbe110d61936c54 The state machine underlying this stateful hypothesis test constructs random vault settings objects and random service names, then merges these together into full configurations and imports those. Alternatively, it sets or purges single-service or global settings. The machine then checks after each step that the nominal, current configuration matches the actual configuration stored by `derivepassphrase`. The program runs with a temporary settings directory for the duration of the state machine run. Unlike how a fully general state machine for this task would probably run, *this* state machine does not filter its steps based on the list of services currently stored in the configuration, but rather on the full list of known service names. (Evaluating a hypothesis search strategy based on the current contents of an instance variable appears to be a very non-straight-foward ordeal, if not outright impossible.) As a consequence, the "purge" action may actually be a no-op, and the "set" action may actually be a "create" action. While this *could* be implemented with `hypothesis.assume`, presumably this would have such a low success probability that it triggers health check errors. https://git.schokokeks.org/derivepassphrase.git/commit/eb2e29c26a1baf9c59d6ed5dfa787b9902e5bb4f software@the13thletter.info (Marco Ricci) Tue, 15 Oct 2024 11:22:02 +0200 eb2e29c26a1baf9c59d6ed5dfa787b9902e5bb4f