https://git.schokokeks.org/derivepassphrase.git/tree/c24003e853bd053cf88b2b9c3d940170dbc332ecRecent commits to derivepassphrase.git (c24003e853bd053cf88b2b9c3d940170dbc332ec)2024-12-19T15:04:11+01:00tag:gitlist.org,2012:commit/c24003e853bd053cf88b2b9c3d940170dbc332ecTurn Unicode normalization preferences into user configuration settings2024-12-19T15:04:11+01:00Marco Riccisoftware@the13thletter.info
<pre>Instead of storing Unicode normalization preferences in the vault
configuration file, store these settings in the user configuration file:
* For a service `SERVICE`, consult the configuration key
`vault.SERVICE.unicode-normalization-form`.
* If that is unset, or if there is no service, use
`vault.default-unicode-normalization-form`.
* If that too is unset, default to `NFC`.
</pre>
tag:gitlist.org,2012:commit/f02b81ad6df6d92cdcbb3469a7010f5f340afe99Introduce a central user configuration file (and division of responsibility)2024-12-19T15:04:11+01:00Marco Riccisoftware@the13thletter.info
<pre>Introduce a new file for centralized user configuration of
`derivepassphrase`, which we expect the user to write and maintain, and
which we will never attempt to write to. Treat the existing "vault"
configuration file as a "data" file, which is `derivepassphrase`'s
responsibility to write and to maintain, and which the user shouldn't
edit directly.
In general, we now divide the configuration file set semantically into
"user" files and "data" files with the aforementioned responsibilities:
"user" files are managed by the user, "data" files are managed by the
application. (This mirrors the distinction in the XDG Base Directory
Specification, although we do not use their paths or their environment
variables.) We choose TOML as the file format for "user" files, because
it is the simplest configuration file format with both a robust parser
in the Python standard library and support for comments. The "data"
files currently use JSON, but may use other serialization formats in the
future as well.
We envision some use cases for the user configuration file such as
disabling certain expected warnings, or declaring the desired Unicode
normalization form of a text string, but as of now, no such
configuration is defined or supported.
</pre>
tag:gitlist.org,2012:commit/83df7001d8996914bbfa0beaea8402074c0acd05Highlight security warnings and risks more prominently in the docs2024-12-19T15:04:11+01:00Marco Riccisoftware@the13thletter.info
<pre></pre>
tag:gitlist.org,2012:commit/b9849af1b001d25ac62165f88778cfa18aacb547Make obtaining the compatibility config filename more explicit2024-12-19T15:04:11+01:00Marco Riccisoftware@the13thletter.info
<pre>When obtaining the compatibility config filename `settings.json` from
`cli._config_filename`, rename the corresponding subsystem from
`settings` to `old settings.json`. Furthermore, pass that explicit
subsystem upon each call. This frees us up to change the default
subsystem in a future commit.
Because this is not a public function, this is not a change in the
public API.
Some reformatting is necessary.
</pre>
tag:gitlist.org,2012:commit/855a758e4f21ce51fec6978b575caece90dd515fMerge topic branch 'usage-fixes' into master2024-12-17T20:13:49+01:00Marco Riccisoftware@the13thletter.info
<pre>* t/usage-fixes:
Fix user interface errors if the SSH agent does not work
Fix usage of `--debug`, `--verbose` and `--quiet` options
</pre>
tag:gitlist.org,2012:commit/d15069d2db4040d444f65d7c3db6a854f4adcb92Fix user interface errors if the SSH agent does not work2024-12-13T14:52:17+01:00Marco Riccisoftware@the13thletter.info
<pre>While the configuration and interactive selection of an SSH key is
properly guarded against (i.e., any exceptions are wrapped into proper
command-line error messages), the calls to `vault.Vault.phrase_from_key`
were not similarly guarded. This has now been fixed.
The fix also uncovered an incorrectly specified mock function in the
test suite, which has been repaired as well.
</pre>
tag:gitlist.org,2012:commit/58f6653d0d7a886d1cf02f70bb005de640a6b0b0Fix usage of `--debug`, `--verbose` and `--quiet` options2024-12-13T14:25:44+01:00Marco Riccisoftware@the13thletter.info
<pre>The three "verbosity" options `--debug`, `--verbose` and `--quiet` set
the logging level for `derivepassphrase`, globally. Because `click`
does not support mutually exclusive options by default, these options
are implemented as boolean flags, and it is possible to override earlier
verbosity settings with later options.
The previous setup treated the three options as disjointed flags, so
each callback was called once, irrespective of the others, so the
aforementioned intended overriding behavior was not working properly.
In addition, the callback was faulty, always enabling each of the flags.
The new setup now links all three options to the same flag, with
different flag values. We further expose the option objects at the top
level, and unify the three callback functions to a single one.
As a side effect, we also fix a misclassified diagnostic during
configuration file migration ("vault" derivation scheme).
</pre>
tag:gitlist.org,2012:commit/a6a657011d5d39671bd4d0b8bbaa10617e32cfb9Merge topic branch 'hypothesis-fixes' into master2024-12-12T12:03:53+01:00Marco Riccisoftware@the13thletter.info
<pre>* t/hypothesis-fixes:
Actually correctly implement custom hypothesis settings
Overhaul the state machine for testing vault configuration imports
</pre>
tag:gitlist.org,2012:commit/7189e0e3b7eb053181c6a28cc585c7c4aebb6ee7Actually correctly implement custom hypothesis settings2024-12-12T12:03:30+01:00Marco Riccisoftware@the13thletter.info
<pre>The `hypothesis.settings` decorators are intended to modify the
currently active `hypothesis` settings profile for singular tests.
However, the profiles are defined and selected only *after* the `tests`
module has been loaded, so any settings defined in the `tests` module
actually modify the `hypothesis` default settings, not the selected
profile's settings.
Fix this by defining decorators that construct and apply the correct
settings, which defines the settings objects deferredly, instead of
defining them immediately.
</pre>
tag:gitlist.org,2012:commit/6755c20096ad41e99aceede4a9a4c914520a5d6fOverhaul the state machine for testing vault configuration imports2024-12-12T12:03:30+01:00Marco Riccisoftware@the13thletter.info
<pre>Redesign the state machine for testing vault configuration imports, and
the `hypothesis` generation strategies for vault configurations, to
overcome the following problems with the old design:
1. Data generation of vault configurations needs many redraws, because
we express dependencies by rejecting the whole tuple of properties
if it doesn't match. We could instead draw the independent
properties, and conditional on their values, draw the dependent
ones; cf. Gibbs sampling vs. rejection sampling.
2. `hypothesis` implements state machine rule selection as drawing from
a list of eligible rules. This list must remain static during
redrawing and backtracking, lest `hypothesis` complains the test is
flaky. While it isn't expressly forbidden to store state manually
in the state machine, the old design made the list of eligible
rules dependent on the implicit machine state and on the generated
values, in a way that led to flakiness.
Fix these issues by doing the following:
- Rename the class from `ConfigMergingStateMachine` to
`ConfigManagementStateMachine`, because it's no longer just about
merging configurations.
- Implement strategies to build a full vault configuration from
multiple full settings configurations, and a partial settings
configuration from a full settings configuration. Draw
interactively, first the independent properties, then the dependent
ones. This tackles issue (1).
- Overhaul the state machine, effectively rewriting it from scratch,
by managing all state in `hypothesis` bundles. Ensure the bundles
are filled at initialization, and that each (non-bookkeeping) rule
begins with storing the configuration and ends with checking and
returning the transformed configuration. Filter the values drawn
from the bundles, instead of filtering the rule set based on the
machine's current state. This tackles issue (2) above.
The resulting state machine should have an acceptable drawing success
rate (without needing to override the `filter_too_much` `hypothesis`
health check), at the cost of slow(ish) drawing speed and slow(er)
execution speed because the configuration must be replayed onto disk
during each step. On the other hand, the single steps now are more
repeatable and more independent of each other.
This implementation makes use of several top-level functions and
constants, outside of the state machine class. Attempting to use static
and class methods instead leads to messy workarounds because of the name
resolution rules and because of mismatches in the calling conventions of
static and class methods during class definition vs. during execution
time. In the end, the "top-level functions and constants" version is
the most straight-forward to read.
</pre>