Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
- Upgrade clap from clap 3 to clap 4.
- Use the opportunity to change to clap's derive-style API.
|
|
|
|
|
|
- We've configured the gitlab project so that the only way to push
to main is via a merge request for which CI has passed. As such,
running (most) jobs when merging to main is a waste of resources,
and we don't do it by default.
- Fixes: #1061
|
|
- As of ea31e87029288bfe5897b1dd6a02cdc291946c9e, the all_commits
job works for branches that are not derived from main.
- Remove outdated rule.
|
|
|
|
- `openpgp` uses features that are only present in version 1.3.0 of
buffered reader. Adjust the dependency.
|
|
|
|
|
|
- Fixes #1060.
|
|
|
|
- Use `cipher`'s reexport of `generic-array` instead of directly
depending on `generic-array` and having to worry about synchronizing
the versions.
|
|
|
|
|
|
|
|
- Require version 0.5.1.
|
|
|
|
|
|
- Add a job to authenticate the commits using sequoia-git.
|
|
- Add a commit signing policy.
|
|
- Upgrade regex-syntax to 0.8.
- Fixes #1056.
|
|
- `Cert::from_str`, `Cert::from_reader`, `Cert::from_file`, and
`Cert::from_bytes` return an error if the input contains multiple
certificates.
- Improve the documentation to make that clearer, and suggest the
use of `CertParser` to parse keyrings.
|
|
- Now that we use OnceCell for the cache, we can hand out references
to the cached data. This closes the gap between UserID and
ConventionallyParsedUserID, hence I think this addresses the
concern in #377.
- Deprecate the allocating variants.
- Fixes #377.
|
|
- Behaves the same, but is much nicer.
|
|
|
|
- Fixes #962.
|
|
- Instead, just accept that if other signature types come in, we
miscompute the hash, and we'll reject the signature later on.
|
|
Adapt the doc tests of `KeyAmalgamationIter::secret()`,
`KeyAmalgamationIter::unencrypted_secret()`,
`ValidKeyAmalgamationIter::secret()` and
`ValidKeyAmalgamationIter::unencrypted_secret()` to make use of
`CertBuilder::new()` instead of `CertBuilder::general_purpose()` to be
able to test for the amount of found keys more reliably.
Signed-off-by: David Runge <dave@sleepmap.de>
|
|
Add the new filter `encrypted_secret` to filter on whether secret key
material is present and encrypted.
Remove the `secret` field of `ValidKeyAmalgamationIter` and alter
`ValidKeyAmalgamationIter::secret()` to set both `encrypted_secret` and
`unencrypted_secret` to `Some(true)`.
Closes https://gitlab.com/sequoia-pgp/sequoia/-/issues/1040
Signed-off-by: David Runge <dave@sleepmap.de>
|
|
- Add the private function `skip_secret()` to evaluate whether a secret
key is skipped during filtering and provide a message in that case.
- Add the new filter `encrypted_secret` to filter on whether secret key
material is present and encrypted. Make use of the `skip_secret()`
function to evaluate whether a key is skipped when filtering or not.
- Remove the `secret` field of `KeyAmalgamationIter` and alter
`KeyAmalgamationIter::secret()` to set both `encrypted_secret` and
`unencrypted_secret` to `Some(true)`.
Closes https://gitlab.com/sequoia-pgp/sequoia/-/issues/1040
Signed-off-by: David Runge <dave@sleepmap.de>
|
|
- Fixes #954.
|
|
|
|
- We don't actually stop, and doing that seems like an optimization
for a very unlikely case.
|
|
|
|
- This came up as the new leak tests use our hex parsing functions
to parse /proc/self/maps and apparently Linux will drop leading
zeros from addresses.
- Fix this by allowing these functions to operate on an odd number
of nibbles. I see no reason no reason not to do that, except for
the fact that we don't want to establish that it is okay to drop
leading zeros from key IDs and fingerprints, hence I preserved the
behavior of parsing key IDs and fingerprints.
|
|
- SignatureBuilder::signature_expiration_time is broken. This is
because SignatureBuilder doesn't actually implement
signature_expiration_time. Instead, it is resolved via a Deref to
the SubpacketAreas::signature_expiration_time. That function
returns: creation_time subpacket + expiration_time subpacket, but
the actual creation time in a SignatureBuilder may not yet have
propagated to the subpacket area!
- Fixes #998.
|
|
|
|
- Fixes #973.
|
|
- The `all_commits` check rebases the branch being tested onto main.
This is brittle when the merge request is relative to some very
old commit, as is the case when updating an old release. In these
cases, the changes aren't even intended to be rebased on main so
rebasing them on main makes no sense.
- Change the all_commits check to check commits up to the merge
base.
- Also increase the script's verbosity so it is clearer what is
being checked.
|
|
|
|
|
|
- Zeroing the stack is not something that upstream necessarily
considers their responsibility, hence we need to do it. In any
case, there is a bug in current versions of the AES crate that
spills the symmetric key into the stack when using AES-NI or the
ARMv8 Cryptography Extensions.
- See https://github.com/RustCrypto/block-ciphers/issues/385.
|
|
- This is only effective if the value is computed by a function that
is never inlined. Add a macro that takes care of that.
|
|
- Stack allocated values may be moved freely by the Rust compiler
leaving traces of the secret laying around the stack. Zeroize
doesn't help with that. Heap allocate the secret instead, which
prevents the moves.
|
|
- Fixes #989.
|
|
- Unfortunately, in all of the cipher crates other than the aes
crate this doesn't do anything besides enabling cipher/zeroize.
|