Recent commits to derivepassphrase.git (b57626ae8c2e75e09b0c3f937140f27f3f3c1161)

Generalize the error message for missing SSH agent support

2025-08-02T09:06:07+02:00

We retire the error message for missing UNIX domain socket support, in
favor of a more general error message indicating that this Python and/or
this `derivepassphrase` installation lacks certain functionality.

We further delegate the UNIX domain socket-specific message to a warning
message.  We also introduce a warning message specific to Windows named
pipes.  (Both warning messages are prepared, but not yet in actual use.)

Unfortunately, this entails changing the symbol name for the error
message, because it would otherwise be misleading.
</pre>

Merge topic branch 'test-suite-cleanups' into master

2025-07-27T23:12:36+02:00

* test-suite-cleanups:
  Comment on coverage exclusions, in shorthand
  Provide more deterministic signatures for the test keys
  Fix, and test for, the consistency of the SSH test keys
  Fix some test suite setup mistakes
</pre>

Comment on coverage exclusions, in shorthand

2025-07-26T17:35:21+02:00

Add shorthand codes for different types of coverage exclusions,
explained in `pyproject.toml` in the `tool.coverage` section, because
reasons for excluding code branches from coverage tend to fall into
a handful of common categories.

Also add explicit coverage exclusion patterns for dummy classes which
are never intended to actually be called, such as the `_types._Omitted`
class (for styling function signatures in the generated documentation)
and the two `_DummyModule` classes (which stub out missing dependencies
to appease the type checker).

A very few coverage exclusions were actually unnecessary or nonsensical,
and have been rectified.
</pre>

Provide more deterministic signatures for the test keys

2025-07-26T16:45:41+02:00

Record and provide more deterministic signatures for the test keys,
where feasible.  In particular, for DSA and ECDSA keys, support
recording the RFC 6979 deterministic DSA signatures, as implemented by
Pageant.  In particular, this entails that the `expected_signature` and
`derived_passphrase` fields of the test keys need to change to
accomodate the new shape of the data.

For the existing DSA and ECDSA keys, RFC 6979 signatures and expected
master passphrases are also provided.  Providing the Pageant 0.68–0.80
deterministic signatures and expected master passphrases however is not
quite so straight-forward: because the signature class is the subject of
CVE-2024-31497, Pageant < 0.81 is considered to have a security hole,
and thus it is hard to obtain pre-compiled, unpatched installations of
Pageant to compute the signatures/master passphrases against.
</pre>

Fix, and test for, the consistency of the SSH test keys

2025-07-26T11:45:19+02:00

A typo existed in the ECDSA NIST P-521 raw public key data, making it
incompatible with the copy of the public key included in the raw private
key blob. This caused UNIX Pageant (and likely any other SSH agent
supporting deterministic DSA signatures, if they exist) to reject
unloading and signing with that key, despite actually supporting the key
format. So fix the typo, and add tests and machinery to ensure
rudimentary consistency of all test key data.
</pre>

Fix some test suite setup mistakes

2025-07-23T20:13:06+02:00

These mistakes were carried over from v0.5, and cause woe on The
Annoying OS even before actually running any tests.
</pre>

Merge topic branch 'release-checklist' into master

2025-06-26T18:29:58+02:00

* release-checklist:
  Fix more details in the release checklist, after the fact
</pre>

Fix more details in the release checklist, after the fact

2025-06-24T22:28:10+02:00

Some details in the publishing of the documentation are slightly off.
</pre>

Update wishlist to post-v0.5.1

2025-06-24T22:09:38+02:00

</pre>

Release 0.5.1

2025-06-24T21:59:36+02:00

</pre>