https://git.schokokeks.org/derivepassphrase.git/tree/9dcc9aa9a8e5f82ad121c22c308d1c723ba5b941 2024-06-30T16:37:52+02:00 tag:gitlist.org,2012:commit/9dcc9aa9a8e5f82ad121c22c308d1c723ba5b941 2024-06-30T16:37:52+02:00 Marco Ricci m@the13thletter.info <pre>&lt;/pre&gt; tag:gitlist.org,2012:commit/56ea02d5de542487633a1444cc55ccfb2269a498 2024-06-30T16:37:52+02:00 Marco Ricci m@the13thletter.info <pre>This is Python, not Java. &lt;/pre&gt; tag:gitlist.org,2012:commit/bb75e2c43f4f1e88d0c717761e98457b774fb6e8 2024-06-30T16:27:37+02:00 Marco Ricci m@the13thletter.info <pre>Adhere to standard testing best practices: name tests after the module they test (and move all such tests into the same testing module), group related tests within a module into classes, and move common testing functionality and test data into separate modules. Grouping related tests into classes also means that tests with common prerequisites (such as an available SSH agent) can then be skipped in bulk, if necessary. &lt;/pre&gt; tag:gitlist.org,2012:commit/6e05ad2a2a6d8de341a84dc8257911e21538c64e 2024-06-22T21:19:30+02:00 Marco Ricci m@the13thletter.info <pre>Add a finished command-line interface, with interface parity with vault v0.3. The implementation has 100% coverage, including the tests... even if the tests still contain a lot of manual code and data duplication. The project settings were updated as well, mostly expanding the scope of what is covered by type checking and what is (not) covered by coverage testing. &lt;/pre&gt; tag:gitlist.org,2012:commit/09e86bfa6549230d20c41600a57c3a7c37bb9397 2024-06-22T21:19:30+02:00 Marco Ricci m@the13thletter.info <pre>Currently, we use a one-to-one correspondence between command-line argument name and function argument, via catch-all keyword arguments. This is very unwieldy to use with type checking, it exposes us to name clashes with Python keywords, and it doesn't even save that much typing effort because the arguments still ought to be documented in the documentation anyway. Therefore, introduce an explicit target parameter name for the `click` interface and corresponding explicit function arguments. (The implicit list of (function) arguments that `click` passes to the function is already readily available in the context object.) As a related problem, the code for checking whether incompatible options were specified also relies (excessively cleverly) on command-line argument names and function argument names being equal, and sometimes conflates short and long option names, leading to it missing some examples of incompatible options. Therefore, instead, explicitly build a map of (short and long) option names to option objects and test whether incompatible option objects were used. &lt;/pre&gt; tag:gitlist.org,2012:commit/1c7c7a74a26be17815a5de3c20375a98400a1d2e 2024-06-22T21:19:30+02:00 Marco Ricci m@the13thletter.info <pre>In particular, include type guard functions here as well. &lt;/pre&gt; tag:gitlist.org,2012:commit/fc134c9aa5519d8cf5b394a0036af8be2a0ecaff 2024-06-22T21:19:30+02:00 Marco Ricci m@the13thletter.info <pre>Some level of awareness is necessary to support passphrases stored in (JSON) config files. We reject the passphrase if there are multiple Unicode representations (and thus UTF-8 representations) of the same text but with different normalizations. In such a case, a byte string must be used, and the value cannot currently be stored in the JSON config file. &lt;/pre&gt; tag:gitlist.org,2012:commit/d3bdff5889f148f85d644ecfcb3fc9787b0a1aef 2024-06-22T21:19:30+02:00 Marco Ricci m@the13thletter.info <pre>In vault(1), the passphrase derived from an SSH key signature is *not* just the (framed, binary) SSH signature of the vault UUID. Instead, the payload part of the signature, in binary, is converted to base64, yielding the passphrase. Rewrite the `Vault.phrase_from_signature` method to match vault's behavior, and rename it to `phrase_from_key` to better match the *actual* interface (which takes an SSH key, not a signature). (This design – emitting an SSH signature as payload only, in base64 – is hard-coded into the SSH agent client library used by vault, and likely not a conscious design by vault's primary author.) &lt;/pre&gt; tag:gitlist.org,2012:commit/81f902f6a37fc585684b6fc375ffcb5f2ae964c6 2024-06-22T21:19:30+02:00 Marco Ricci m@the13thletter.info <pre>Expose some functionality from `derivepassphrase.Vault` as interal methods, to facilitate testing and to avoid reimplementing the same functionality again in the command-line interface. This includes hash length estimation and SSH key suitability checking. &lt;/pre&gt; tag:gitlist.org,2012:commit/3d09a07f18a46b597808e3f2030a566d4ef7d1e2 2024-06-22T21:19:30+02:00 Marco Ricci m@the13thletter.info <pre>The new function `ssh_agent_client.unstring_prefix` does not abort if there is trailing data after the SSH framed byte string. &lt;/pre&gt;