Recent commits to derivepassphrase.git (b2c8067ded2b23d25b000067174b1037adce9fb3)

Merge topic branch 'storeroom-invalid-examples' into master

2024-10-10T13:31:41+02:00

* t/storeroom-invalid-examples:
  Trigger InvalidSignature exceptions in storeroom exporter tests
  Add remaining tests to the storeroom exporter for 100% coverage
</pre>

Merge topic branch 'vault-config-falsy' into master

2024-10-10T13:31:25+02:00

* t/vault-config-falsy:
  Signal and list falsy value cleanup steps that were actually performed
  Manage health checks in centralized hypothesis settings as well
  Centralize settings for hypothesis deadline management
  Add changelog entry for key/phrase and falsy behavior changes
  Align behavior with vault concerning falsy values in config
  Align behavior with vault concerning key and phrase in config

GitHub: Closes #17.
</pre>

Merge topic branch 'support-py313' into master

2024-10-10T13:31:16+02:00

* t/support-py313:
  Support Python 3.13
</pre>

Merge topic branch 'documentation-ideas' into master

2024-10-10T13:31:02+02:00

* t/documentation-ideas:
  Suggest new reference documentation: vault(1) configuration
  Add a tutorial: setting up three services with master passphrase
  Add some ideas for missing documentation pages
  Tell MkDocs to ignore scriv's changelog snippets
</pre>

Trigger InvalidSignature exceptions in storeroom exporter tests

2024-10-10T12:36:24+02:00

So far, we haven't been explicitly testing for whether the master and
session keys decrytion routines correctly reject payloads with invalid
MAC values, and with the correct error type.  Surely the `cryptography`
primitive is implemented correctly, but there was no test whether
*we* were using the primitive correctly.  So, add one.
</pre>

Add remaining tests to the storeroom exporter for 100% coverage

2024-10-10T12:18:23+02:00

Before this commit, certain consistency checks within the storeroom
exporter that seemed difficult to test remained untested: a payload size
check in the master keys decryption routine, another payload size check
in the session keys decryption routine, and object connectivity and type
correctness checks in the top-level exporter routine.

The master and session keys decryption routines, it turns out, don't
need this explicit size check: the `struct` library, used for decoding
the payload even further, already checks this automatically.  (What *is*
needed is a wrapper to convert the exception type, in general, for the
whole decryption block.)

For the connectivity and type correctness checks in the top-level
exporter routine, I generated another couple of broken storeroom
configurations (e.g. where directory contents, encoded as a JSON array,
contain non-string elements).  We now test for each of these
configurations if they correctly fail to parse.

Finally, it turns out that many of the docstrings reported the
ciphertext sizes incorrectly, because they wrongly neglected the
padding in their calculations.  Fix this, of course.
</pre>

Signal and list falsy value cleanup steps that were actually performed

2024-10-09T16:20:12+02:00

Signal whether cleanup was actually perfomed on the requested object or
not, and if yes, list the actual cleanup steps undertaken.  When
importing a vault configuration on the command-line, issue a warning for
each cleaning step.

Since the warning messages in both the cleanup steps and the check for
non-normalized passphrases report on "paths" in a JSON object, implement
a fully general JSONPath formatting function (single item selection from
the root only).  This harmonizes the warnings output, but also causes
changes in the test cases and expected output.  Additionally, the
JSONPath function name clashes with a common local variable name,
necessitating renaming, and control flow for the validation function and
the vault configuration import action have changed somewhat; the former
to impose a consistent validation order (global first, service-specific
next), the latter to avoid extraneous else-branches.

As a result of all this, this patch is somewhat larger and less concise
than it should be, given the modest magnitude of changes it actually
introduces.
</pre>

Support Python 3.13

2024-10-09T08:03:20+02:00

No functional changes needed; only the project metadata has been
amended.
</pre>

Manage health checks in centralized hypothesis settings as well

2024-10-08T13:57:21+02:00

Some of the tests that time out under coverage-based slow
instrumentation time out during the data generation phase, not the
actual test phase (i.e. trigger health check errors).  The root cause is
the same, and settings objects cannot be stacked, so amend the standard
decorator for slow `hypothesis`-based tests, instead of introducing
a new one.
</pre>

Centralize settings for hypothesis deadline management

2024-10-08T11:43:10+02:00

Our unit tests run in multiple, very different environments, which leads
to drastically different execution times, up to a slowdown factor of
roughly 40 (test coverage, "timid" Python tracer).  The `hypothesis`
library however runs timing checks on each of its tests, indepedent of
the available processing power and coverage instrumentation.  As
a result, some benign tests time out under these circumstances
regardless.

In the past, I've raised their execution deadline in an ad-hoc manner
whenever this happens (or fixed the tests, if they weren't so benign).
But instead of littering the test suite with one-time adjustments of
deadlines, a more sensible approach is to use a test decorator that
ensures a common extended deadline for tests that need it, only if they
need it (i.e. run under coverage).  So do that.  (Sadly, because of how
the settings decorator works, this must be applied function-wise, and
cannot be stacked with other settings decorators.)

Finally, if this deadline extension still doesn't help, then this
usually means we are generating huge or expensive-to-evaluate inputs.
So limit the size of some of the inputs (string length, recursion depth,
size of passphrases to derive) to keep execution times better
constrained.
</pre>