Age | Commit message (Collapse) | Author |
|
|
|
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
- Show the revocation certificate's human-readable revocation
message, if any.
- If the revocation certificate is a third-party revocation, then
also show the first issuer.
|
|
- Use `get_certification_keys` to get the certification key. This
also unlocks the key, if needed.
Fixes #776.
- Add `--private-key-store` as an option to also work with keys
stored on a PKS.
|
|
Verify more aspects of how sq generates keys. The scenarios now cover
all ways of running "sq key generate".
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
- Add support for revoking certificates to sq.
|
|
- Generalize get_signing_keys to lookup other types of keys.
- Rename it to get_keys, take a `KeyFlags` parameter, and implement
get_signing_keys in terms of get_keys.
|
|
- Change `get_signing_keys` to also take a `&Cert`, not just a `Cert`,
by making it polymorphic over the element type. Specifically,
change it to take a `Borrow<Cert>` instead of a `Cert`.
|
|
- clippy::collapsible-else-if:
Warns about:
if x {
if y {
} else {
}
} else {
if y {
} else {
}
}
But, this can express the intent of the code better than the
version that clippy prefers:
if x {
if y {
} else {
}
} else if y {
} else {
}
- clippy::needless-question-mark, clippy::try-err: While clippy is
right that the ? could sometimes be replaced with a return, using
a ? also does a conversion (`From`). So to allow global
consistency, permit this construct.
- clippy::redundant-clone: Clippy warns that the last use of a
variable doesn't have to be cloned. This is true, but can make
use of a variable in a function inconsistent. Also, if an
additional case that uses the variable is added later, a
`.clone()` may have to be added anyway.
|
|
- Move common functionality in before_script and after_script code
to separate stanzas.
|
|
- Setting complication flags in .gitlab-ci.yml means that they will
only be used by the CI.
- Instead, set flags in .cargo/config.toml so that compiling locally
will use the same set of lints.
|
|
- Detected by the rustdoc::bare-urls lint.
|
|
|
|
- Currently Signer has default implementations for Box and Box + Send
+ Sync.
- Add similar default implementations for Decryptor.
|
|
|
|
- The decryptor only decrypts, the encryptor only encrypts. No need
to have that parameter (in fact, having the parameter presents the
opportunity to get it wrong, see the previous commit).
|
|
- This only went unnoticed because we only hash and write the
digest, and don't invoke the encrypt method (which would have
panic'ed). No functional change.
|
|
|
|
- Previous refactoring inadvertently broke capability URL
construction.
- Fix the bug by moving `append_pair` after `join`.
- Add test cases to capability URL construction code.
|
|
|
|
|
|
|
|
- Use exhaustive match.
|
|
- The documentation link seems to be hardcoded to the 0.25.0
version, that doesn't exist on the server. Replaced it with a
working link.
|
|
- Previously, the tests for sq sign used test vectors from the
openpgp crate. But, those are not bundled with the sq crate,
breaking the test when using the crate's source tarball.
- Fixes #787.
|
|
- The sq frontend is still licensed under the GPL2+. Replace the
symlink to the top-level LICENSE.txt with a copy of the GPL2.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- Remove spurious line continuation.
- Update to debian bookworm.
- Fixes #790.
|
|
- pkgs.llvmPackages.libclang has been split up into multiple outputs,
we need .lib.
- Closes #791.
|
|
- ed25519-dalek requires rand:0.7 types, so make sure they are used,
and not the ones form rand:0.8.
|
|
- Adapt to the new API:
- Gen is now a struct, not a Trait, and replaces StdThreadGen.
- The rand re-export has been removed. As a consequence, we need
our own function to generate an arbitrary value from a range.
|
|
- If the round_up clampes the value to u32::MAX, the precision does
not apply.
- Closes #784.
|
|
This change aligns Private Key Store support to the newest version and
changes how the hash algorithm is passed. Previously it was in the query
parameters and the routine to add that parameter was prone to abuse on
malformed input. Passing the correct algorithm in the `Content-Type`
header is cleaner and simpler for both clients and servers.
|
|
|
|
- Remove the general-purpose ffi crates. They will be moved into
their own repository. Note that we consider general-purpose ffi
crates to be a dead end: exposing Sequoia's interface requires a
large number of types and functions, and using the interface from
C turned out to be verbose and error-prone. Instead, we prefer to
write point solutions in Rust that implement exactly the
functionality the downstream consumer needs, then expose this via
ffi bindings.
- See https://gitlab.com/sequoia-pgp/sequoia-ffi.
|
|
|
|
|
|
|
|
The "binary signature" Subplot scenario was a little flaky. I could
reproduce this locally by running it repeatedly, and it would
invariably fail before the 300th repetition.
The problem is that the signature file produced by sq did not always
look like what the scenario expected. The fix is to change how the
signed file is modified: always remove the third line, after the
"BEGIN PGP SIGNATURE" and empty lines. Also, don't insist on the exit
code 1 for failure, until we've established what sq's exit codes can
be.
Fixes #786. This passes over 2000 runs of the "binary signature" test
run.
|
|
- In the Generic buffered reader, which wraps io::Readers, do not
poll the wrapped reader again once we hit EOF.
- This fixes the problem where parsing OpenPGP data from stdin was
misbehaving with respect to signaling EOF by pressing CTRL-d.
Depending on the readers on the reader stack the user had to press
CTRL-d multiple times, which was annoying and confusing.
- Fixes #679.
|
|
|
|
|
|
|
|
|