Recent commits to derivepassphrase.git (f36630533e3f8d9932e4b1b2975ec3d8bde7b45a)

Fix formatting, some coverage pragmas and some linting rules in tests

2024-12-21T00:57:49+01:00

Aside from formatting fixes, disable the E501/line-too-long and
C419/unnecessary-comprehension-in-call linting rules in tests, where
they hinder debuggability of the tests.  (See embedded comments for full
rationale.)  Furthermore, make `coverage` recognize `@overload` lines
automatically as lines that should not be included in coverage, like
`assert False` and friends.
</pre>

Support exporting the `vault` configuration as a POSIX shell script

2024-12-21T00:23:33+01:00

When exporting `vault` configurations via `--export`, a new option
`--export-as=FORMAT` allows selecting the export format (defaulting to
`json`).  Setting `FORMAT` as `sh` selects the new POSIX shell script
export format, which yields a sh(1)-compatible script to reimport the
existing configuration as a series of calls to the `derivepassphrase`
command.

Because the output is very regular, the test suite also includes an
interpreter specifically for the sh(1) subset emitted during an `sh`
export, on top of the usual adaptations to existing tests for the new
functionality.
</pre>

Allow unsetting settings when configuring `vault`

2024-12-20T17:00:48+01:00

When configuring a `vault` service, or the global settings, a new
configuration option `--unset FIELD` will unset the specified `FIELD`
from the service or global settings prior to and addition to applying
the requested settings changes.  This way, the user can update all
settings on the command-line (except for the "notes") without manually
editing and reimporting a configuration export.  (It is permissible to
only unset settings, without applying any other configuration changes.)
</pre>

Rework `ConfigManagementStateMachine` rules for higher data generation success rates

2024-12-20T15:06:20+01:00

Lower the failure/retry rate for data generation by moving all data
generation into initialization rules and by removing data restrictions
on rule inputs as far as possible, turning the rule effectively into
a no-op if necessary.

The only currently remaining operation with notable retry rate is the
top-level rule selection.
</pre>

Fix empty key handling in `vault` config, and harmonize warning text

2024-12-20T11:39:45+01:00

Correctly handle empty `key` settings in the `vault` configuration: if
at the global level, it is equivalent to eliding the setting, but at the
service level, it explicitly disables key usage (even if a global key is
set).  This implies that both cases need different cleanup steps.

Harmonize the warning message for ineffective passphrases for services:
always include the affected service name.

If during configuration import we find a key shadowing a passphrase,
issue the same ineffective passphrase warning as would happen during
interactive configuration or interactive use.

(The tests need minor modifications and reparametrization to continue to
cover all warning cases.)
</pre>

Rewrite incompatible option checking for more readability

2024-12-19T15:47:42+01:00

</pre>

Document handling of file objects internally in CLI

2024-12-19T15:27:08+01:00

The type hints for `click.open_file` are so broad that our file objects,
intended to be typed as `typing.TextIO`, end up getting typed as
`typing.TextIO | typing.IO[typing.Any]` instead.  Fix this by casting,
explicitly, one level higher.  Also document why no further checks for
readability or writablility are actually performed.
</pre>

Fix hypothesis settings for uninstrumented runs

2024-12-19T15:18:58+01:00

The state machine tests appear to have such slow data generation that
they trigger `hypothesis` health check errors even in uninstrumented
runs (i.e. without a trace function running).
</pre>

Hoist and add tests for internal `key_to_phrase` CLI function

2024-12-19T15:04:11+01:00

Commit d15069d2db4040d444f65d7c3db6a854f4adcb92 extended the internal
`key_to_phrase` CLI function, adding more expansive error handling and
better error messages.  The new error handling still needed to be tested,
however.  When actually writing tests for this function, it turns out to
be cumbersome to trigger the various scenarios directly, because, as an
internal function, this means issuing a full CLI call in a high-level
mock environment.  Instead, we now hoist the function to the outer level,
making it easily accessible to tests and easier to isolate and prepare
a smaller and more specialized mock environment for.

(The primary reason this function was internal before was its use of the
`err` error callback, which still is internal to the CLI, but will now
be supplied explicitly as a callback.)
</pre>

Retire `allow_derivepassphrase_extensions` argument to `validate_vault_config`

2024-12-19T15:04:11+01:00

As the Unicode normalization form is now set via the central
configuration file instead of the `vault` data file, there are currently
no defined `derivepassphrase` extensions to the vault configuration file
schema.  Given the new central configuration file and the commitment to
preserve compatibility of the `vault` configuration import/export, we do
not anticipate any future `derivepassphrase` extensions to the schema.
Thus, retire the `allow_derivepassphrase_extensions` validation option.

Also adapt all tests and test datasets accordingly.
</pre>