https://git.schokokeks.org/derivepassphrase.git/tree/bb75e2c43f4f1e88d0c717761e98457b774fb6e8 Recent commits feed provided by GitList. Adhere to standard testing best practices: name tests after the module they test (and move all such tests into the same testing module), group related tests within a module into classes, and move common testing functionality and test data into separate modules. Grouping related tests into classes also means that tests with common prerequisites (such as an available SSH agent) can then be skipped in bulk, if necessary. https://git.schokokeks.org/derivepassphrase.git/commit/bb75e2c43f4f1e88d0c717761e98457b774fb6e8 m@the13thletter.info (Marco Ricci) Sun, 30 Jun 2024 16:27:37 +0200 bb75e2c43f4f1e88d0c717761e98457b774fb6e8 Add a finished command-line interface, with interface parity with vault v0.3. The implementation has 100% coverage, including the tests... even if the tests still contain a lot of manual code and data duplication. The project settings were updated as well, mostly expanding the scope of what is covered by type checking and what is (not) covered by coverage testing. https://git.schokokeks.org/derivepassphrase.git/commit/6e05ad2a2a6d8de341a84dc8257911e21538c64e m@the13thletter.info (Marco Ricci) Sat, 22 Jun 2024 21:19:30 +0200 6e05ad2a2a6d8de341a84dc8257911e21538c64e Currently, we use a one-to-one correspondence between command-line argument name and function argument, via catch-all keyword arguments. This is very unwieldy to use with type checking, it exposes us to name clashes with Python keywords, and it doesn't even save that much typing effort because the arguments still ought to be documented in the documentation anyway. Therefore, introduce an explicit target parameter name for the `click` interface and corresponding explicit function arguments. (The implicit list of (function) arguments that `click` passes to the function is already readily available in the context object.) As a related problem, the code for checking whether incompatible options were specified also relies (excessively cleverly) on command-line argument names and function argument names being equal, and sometimes conflates short and long option names, leading to it missing some examples of incompatible options. Therefore, instead, explicitly build a map of (short and long) option names to option objects and test whether incompatible option objects were used. https://git.schokokeks.org/derivepassphrase.git/commit/09e86bfa6549230d20c41600a57c3a7c37bb9397 m@the13thletter.info (Marco Ricci) Sat, 22 Jun 2024 21:19:30 +0200 09e86bfa6549230d20c41600a57c3a7c37bb9397 In particular, include type guard functions here as well. https://git.schokokeks.org/derivepassphrase.git/commit/1c7c7a74a26be17815a5de3c20375a98400a1d2e m@the13thletter.info (Marco Ricci) Sat, 22 Jun 2024 21:19:30 +0200 1c7c7a74a26be17815a5de3c20375a98400a1d2e Some level of awareness is necessary to support passphrases stored in (JSON) config files. We reject the passphrase if there are multiple Unicode representations (and thus UTF-8 representations) of the same text but with different normalizations. In such a case, a byte string must be used, and the value cannot currently be stored in the JSON config file. https://git.schokokeks.org/derivepassphrase.git/commit/fc134c9aa5519d8cf5b394a0036af8be2a0ecaff m@the13thletter.info (Marco Ricci) Sat, 22 Jun 2024 21:19:30 +0200 fc134c9aa5519d8cf5b394a0036af8be2a0ecaff In vault(1), the passphrase derived from an SSH key signature is *not* just the (framed, binary) SSH signature of the vault UUID. Instead, the payload part of the signature, in binary, is converted to base64, yielding the passphrase. Rewrite the `Vault.phrase_from_signature` method to match vault's behavior, and rename it to `phrase_from_key` to better match the *actual* interface (which takes an SSH key, not a signature). (This design – emitting an SSH signature as payload only, in base64 – is hard-coded into the SSH agent client library used by vault, and likely not a conscious design by vault's primary author.) https://git.schokokeks.org/derivepassphrase.git/commit/d3bdff5889f148f85d644ecfcb3fc9787b0a1aef m@the13thletter.info (Marco Ricci) Sat, 22 Jun 2024 21:19:30 +0200 d3bdff5889f148f85d644ecfcb3fc9787b0a1aef Expose some functionality from `derivepassphrase.Vault` as interal methods, to facilitate testing and to avoid reimplementing the same functionality again in the command-line interface. This includes hash length estimation and SSH key suitability checking. https://git.schokokeks.org/derivepassphrase.git/commit/81f902f6a37fc585684b6fc375ffcb5f2ae964c6 m@the13thletter.info (Marco Ricci) Sat, 22 Jun 2024 21:19:30 +0200 81f902f6a37fc585684b6fc375ffcb5f2ae964c6 The new function `ssh_agent_client.unstring_prefix` does not abort if there is trailing data after the SSH framed byte string. https://git.schokokeks.org/derivepassphrase.git/commit/3d09a07f18a46b597808e3f2030a566d4ef7d1e2 m@the13thletter.info (Marco Ricci) Sat, 22 Jun 2024 21:19:30 +0200 3d09a07f18a46b597808e3f2030a566d4ef7d1e2 https://git.schokokeks.org/derivepassphrase.git/commit/18198578dc3148566fde6e7767a3a1584f338175 m@the13thletter.info (Marco Ricci) Sat, 22 Jun 2024 21:19:30 +0200 18198578dc3148566fde6e7767a3a1584f338175 https://git.schokokeks.org/derivepassphrase.git/commit/23390bc56a135d2c97a3e54d3b08bf5e117f32f0 m@the13thletter.info (Marco Ricci) Sat, 22 Jun 2024 19:54:19 +0200 23390bc56a135d2c97a3e54d3b08bf5e117f32f0