Use cert designators for the signer arguments of sq sign.

- See #429.
This commit is contained in:
Justus Winter 2024-11-13 13:53:49 +01:00
parent 6645fdee6c
commit 359245db14
No known key found for this signature in database
GPG Key ID: 686F55B4AB2B3386
2 changed files with 38 additions and 29 deletions

View File

@ -5,7 +5,6 @@ use std::path::PathBuf;
use clap::{ArgGroup, Parser, ValueEnum};
use sequoia_openpgp::{
KeyHandle,
types::SignatureType,
};
@ -15,6 +14,7 @@ use super::types::FileOrStdout;
use crate::cli::examples;
use examples::*;
use crate::cli::types::cert_designator::*;
const SIGN_EXAMPLES: Actions = Actions {
actions: &[
@ -148,24 +148,24 @@ may change line endings. In doubt, create binary signatures.",
"detached",
"cleartext",
"notarize",
"secret_key_file",
"signer",
"signer-file",
"signer-email",
"signer-userid",
],
help = "Merge signatures from the input and SIGNED-MESSAGE",
)]
pub merge: Option<PathBuf>,
#[clap(
long = "signer-file",
value_name = "KEY_FILE",
help = "Sign the message using the key in KEY_FILE",
)]
pub secret_key_file: Vec<PathBuf>,
#[clap(
long = "signer",
value_name = "KEYID|FINGERPRINT",
help = "Sign the message using the specified key on the key store",
)]
pub signer_key: Vec<KeyHandle>,
#[command(flatten)]
pub signers: CertDesignators<CertUserIDEmailFileArgs,
SignerPrefix,
// XXX: should be NoOptions, but we
// cannot express that one cert
// designator must be given unless
// merge is given.
OptionalValue,
SignerDoc>,
#[clap(
long,
@ -187,6 +187,24 @@ may change line endings. In doubt, create binary signatures.",
pub notation: Vec<String>,
}
/// Documentation for signer arguments.
pub struct SignerDoc {}
impl AdditionalDocs for SignerDoc {
fn help(arg: &'static str, help: &'static str) -> clap::builder::StyledStr {
match arg {
"file" =>
"Create the signature using the key read from PATH"
.into(),
_ => {
debug_assert!(help.starts_with("Use certificates"));
help.replace("Use certificates",
"Create the signature using the key")
.into()
},
}
}
}
/// Signature mode, either binary or text.
#[derive(ValueEnum, Clone, Copy, Debug, Default)]
pub enum Mode {

View File

@ -18,12 +18,10 @@ use openpgp::serialize::Serialize;
use openpgp::serialize::stream::{
Message, Armorer, Signer, LiteralWriter,
};
use openpgp::types::KeyFlags;
use openpgp::types::SignatureType;
use crate::Sq;
use crate::load_certs;
use crate::parse_notations;
use crate::cli;
@ -47,14 +45,12 @@ pub fn dispatch(sq: Sq, command: cli::sign::Command) -> Result<()> {
return Err(anyhow::anyhow!("Notarizing messages is not supported."));
}
let mut secrets =
load_certs(command.secret_key_file.iter())?;
for kh in command.signer_key {
let cert = sq.lookup_one(
kh, Some(KeyFlags::empty().set_signing()), true)?;
secrets.push(cert);
};
let signers =
sq.resolve_certs_or_fail(&command.signers, sequoia_wot::FULLY_TRUSTED)?;
let signers = sq.get_signing_keys(&signers, None)?;
if signers.is_empty() && command.merge.is_none() {
return Err(anyhow::anyhow!("No signing keys found"));
}
let notations = parse_notations(command.notation)?;
@ -69,11 +65,6 @@ pub fn dispatch(sq: Sq, command: cli::sign::Command) -> Result<()> {
return merge_signatures(&mut input, &mut input2, output);
}
let signers = sq.get_signing_keys(&secrets, None)?;
if signers.is_empty() {
return Err(anyhow::anyhow!("No signing keys found"));
}
if command.cleartext {
let output = output.create_safe(&sq)?;
clearsign(sq, input, output, signers, &notations)?;