Log message:
security/keychain: startkeychain: replace README with man page.

Log message:
keychain: add some comments (NFC)

Log message:
security/keychain: startkeychain: simplify and speed up script

Bump revision.

Log message:
security/keychain: startkeychain: use quiet mode by default

Log message:
keychain: startkeychain: fix formatting and quoting

Log message:
security/keychain: add help script to automate usage

Additionally install bash completions.
Bump revision.

Log message:
security/keychain: update to 2.9.8

## keychain 2.9.8 (2 Nov 2025)

This release fixes the release tarball to include all necessary files for \ 
building and using keychain.

Bug fixes:

* Fixed release tarball generation to include bash completion script \ 
(`completions/keychain.bash`),
  Makefile, source files, and other essential components. Previous release \ 
(2.9.7) tarball was
  missing these files.
* Improved tarball generation to use `git archive` as source of truth, \ 
eliminating manual file
  inventory and preventing future omissions.
* Updated release logic to use `dist/` directory for archive generation. GitHub \ 
workflow plumbing
  work for new `/dist` tarball location, associated `Makefile` and CI fixes.

Documentation:

* Added bash completion information to keychain man page (NOTES section).

## keychain 2.9.7 (31 Oct 2025)

This release fixes critical issues with spaces in HOME directories and \ 
usernames, and adds official Git Bash on Windows compatibility.

Bug fixes:

* Fixed keychain failures when HOME directory path contains spaces (e.g., \ 
`C:\Users\John Doe`).
  ([#188](https://github.com/danielrobbins/keychain/issues/188))
* Fixed username detection for usernames containing spaces (e.g., "Mathew \ 
Binkley" on Windows).
  Implemented portable `get_owner()` function using POSIX-defined `ls -ld` \ 
output format with
  intelligent field parsing to distinguish space-in-username from normal \ 
owner/group fields.
* Fixed pidfile generation to properly quote `SSH_AUTH_SOCK` paths containing \ 
spaces while
  leaving `SSH_AGENT_PID` unquoted (numeric value). Rewrote `write_pidfile()` to \ 
use robust
  eval-in-subshell approach for extracting variable values from ssh-agent output.
* All pidfile formats (sh/csh/fish) now correctly handle paths with spaces.
* Fixed ssh-agent invocation to always use `-s` option for Bourne-compatible \ 
output, simplifying
  pidfile generation and improving compatibility across different environments.
  ([#185](https://github.com/danielrobbins/keychain/issues/185))

Testing and quality improvements:

* Added `scripts/test-space-home.sh` - automated test harness that simulates \ 
HOME directories
  with spaces and validates proper handling. Returns proper exit codes for CI \ 
integration.
* Integrated space-in-home test into GitHub Actions release workflow to prevent \ 
regressions.
* Added ShellCheck disable comments with justification for intentional POSIX ls \ 
usage.
* Fixed Unicode arrow characters in comments that caused ShellCheck errors.

New features:

* Added bash completion support (`completions/keychain.bash`) with intelligent \ 
context-aware
  completion for command-line options, SSH keys, GPG keys, and full `--extended` \ 
mode support.
  Based on work by @mikkoi with significant enhancements for keychain 2.9.x features:
  - Dynamically parses `keychain --help` for up-to-date option completion
  - Completes SSH key names from `~/.ssh/*.pub` files
  - Completes GPG key IDs (8-character short format)
  - `--extended` mode: `sshk:<tab>`, `gpgk:<tab>`, \ 
`host:<tab>` with prefix completion
  - Detects hostnames from `~/.ssh/config` for `host:` completion
  - ShellCheck compliant
  ([#186](https://github.com/danielrobbins/keychain/issues/186))
* Added Makefile targets: `install-completions` and `uninstall-completions` for \ 
optional
  bash completion installation (separate from default install target).
* Updated RPM spec file (`keychain.spec.in`) for modern distributions:
  - Modernized description to focus on OpenSSH and GnuPG (removed obsolete \ 
ssh.com/Sun SSH)
  - Updated dependencies: `sh-utils` → `coreutils`, added `Recommends: \ 
bash-completion`
  - Added bash completion installation to RPM package

Documentation:

* Updated keychain.pod with detailed implementation notes for space handling, \ 
POSIX compliance,
  and the robust eval approach used in pidfile generation.
* Standardized option ordering in keychain.pod to follow Unix convention (short \ 
option first,
  then long option), ensuring compatibility with bash completion regex patterns.
* Added comprehensive COMPATIBILITY section to keychain.pod documenting:
  - Minimum OpenSSH version (7.3+) and supported features
  - GnuPG 2.1+ requirements for gpg-agent integration
  - Shell compatibility (Bourne/POSIX, csh/tcsh, fish)
  - **Git Bash (MSYS2) for Windows** - officially documented as supported platform
  - Legacy SSH implementation status (SunSSH, ssh.com)
  - Systemd user environment integration
  - Spaces in HOME and paths handling details
* Updated README.md with bash completion installation instructions for both \ 
system-wide
  and user-only installations.

Log message:
security/keychain: update to 2.9.6

Documentation/branding release (no functional code changes):

	* Updated references in wiki to reflect the new official home of
	  Keychain at https://github.com/danielrobbins/keychain.
	* Consolidate historical references; retain only intentional archival
	  note(s).

Additional release engineering improvements:

	* Add release automation helpers: Makefile release (create) and
	  release-refresh (asset replace), plus scripts under scripts/ and
	* GitHub Actions workflow to build artifacts on tag push (staging
	  only).
	* Add docs/release-steps.md to formalize release process (numeric tags
	  only, assets: tarball, wrapper script, man page).
	* Orchestrated release flow (make release / make release-refresh) now
	  enforces:

		- Mandatory CI (Debian container) artifact fetch for the tag.
		- Normalized comparisons:
			> keychain – raw sha256.
			> keychain.1 – raw sha256; on mismatch, re-compare with
			  Pod::Man first line stripped.
			> Tarball – internal file list + per-file sha256 (man page
			  internally normalized) ignoring tar/gzip metadata.
		- If (and only if) all artifacts match (raw or normalized) CI
		  artifacts are used DIRECTLY for publication; local artifacts are
		  never overwritten (kept for audit).
		- Any real content mismatch aborts unless KEYCHAIN_FORCE_LOCAL=1
		  is explicitly set (single override; KEYCHAIN_ADOPT_CI removed).
		- Copy/paste diff command hints emitted on mismatch for rapid
		  investigation.
		- Asset path indirection via exported variables prevents local
		  file mutation, improving auditability.

	* Release notes body automatically extended with a Build Provenance
	  table (sha256 for keychain and keychain.1) plus the tag commit SHA1.
	* Workflow continues to only stage artifacts; publication requires
	  explicit maintainer action (no auto-release on tag push).