From 61e3b6750501c4a75f31ec2150ee73603c1cfaa2 Mon Sep 17 00:00:00 2001 From: "Neal H. Walfield" Date: Tue, 3 Dec 2024 17:33:44 +0100 Subject: [PATCH] Change sq pki link add, etc. to use stdout. - Change `sq pki link add`, `sq pki link authorize`, `sq pki link retract` to use `stdout`, not `stderr`, for their main output. - See #342. --- src/commands/key/generate.rs | 2 ++ src/commands/pki/link.rs | 3 +++ src/commands/pki/vouch/add.rs | 1 + src/commands/pki/vouch/authorize.rs | 1 + src/common/pki/certify.rs | 11 +++++++---- tests/integration/sq_pki_link.rs | 28 ++++++++++++++-------------- 6 files changed, 28 insertions(+), 18 deletions(-) diff --git a/src/commands/key/generate.rs b/src/commands/key/generate.rs index 8dcb56f3..3d1b4cad 100644 --- a/src/commands/key/generate.rs +++ b/src/commands/key/generate.rs @@ -278,6 +278,7 @@ pub fn generate( // Mark all user IDs as authenticated, and mark // the key as a trusted introducer. crate::common::pki::certify::certify( + &mut std::io::stderr(), &sq, false, // Recreate. &trust_root, @@ -299,6 +300,7 @@ pub fn generate( } else if command.shared_key { // Mark all user IDs as authenticated. crate::common::pki::certify::certify( + &mut std::io::stderr(), &sq, false, // Recreate. &trust_root, diff --git a/src/commands/pki/link.rs b/src/commands/pki/link.rs index c75671f0..fb6068ca 100644 --- a/src/commands/pki/link.rs +++ b/src/commands/pki/link.rs @@ -62,6 +62,7 @@ pub fn add(sq: Sq, c: link::AddCommand) }; crate::common::pki::certify::certify( + &mut std::io::stdout(), &sq, c.recreate, // Recreate. &trust_root, @@ -94,6 +95,7 @@ pub fn authorize(sq: Sq, c: link::AuthorizeCommand) let notations = parse_notations(c.notation)?; crate::common::pki::certify::certify( + &mut std::io::stdout(), &sq, c.recreate, // Recreate. &trust_root, @@ -126,6 +128,7 @@ pub fn retract(sq: Sq, c: link::RetractCommand) let notations = parse_notations(c.notation)?; crate::common::pki::certify::certify( + &mut std::io::stdout(), &sq, c.recreate, // Recreate. &trust_root, diff --git a/src/commands/pki/vouch/add.rs b/src/commands/pki/vouch/add.rs index f191ec97..b1599800 100644 --- a/src/commands/pki/vouch/add.rs +++ b/src/commands/pki/vouch/add.rs @@ -27,6 +27,7 @@ pub fn add(sq: Sq, mut c: add::Command) let notations = parse_notations(&c.notation)?; crate::common::pki::certify::certify( + &mut std::io::stderr(), &sq, true, // Always recreate. &certifier, diff --git a/src/commands/pki/vouch/authorize.rs b/src/commands/pki/vouch/authorize.rs index 548d44af..f19ed75e 100644 --- a/src/commands/pki/vouch/authorize.rs +++ b/src/commands/pki/vouch/authorize.rs @@ -27,6 +27,7 @@ pub fn authorize(sq: Sq, mut c: authorize::Command) let notations = parse_notations(&c.notation)?; crate::common::pki::certify::certify( + &mut std::io::stderr(), &sq, true, // Always recreate. &certifier, diff --git a/src/common/pki/certify.rs b/src/common/pki/certify.rs index ac347c93..884ef98e 100644 --- a/src/common/pki/certify.rs +++ b/src/common/pki/certify.rs @@ -39,11 +39,12 @@ use crate::commands::active_certification; // - Regular expressions // - Notations // - Exportable -pub fn diff_certification(sq: &Sq, old: &Signature, new: &SignatureBuilder, +pub fn diff_certification(o: &mut dyn std::io::Write, + sq: &Sq, old: &Signature, new: &SignatureBuilder, new_ct: SystemTime) -> bool { - make_qprintln!(sq.quiet()); + make_qprintln!(o, sq.quiet()); let mut changed = false; let a_expiration = old.signature_expiration_time(); @@ -158,7 +159,8 @@ pub fn diff_certification(sq: &Sq, old: &Signature, new: &SignatureBuilder, /// /// If the trust amount is 0, the operation is interpreted as a /// retraction and the wording is changed accordingly. -pub fn certify(sq: &Sq, +pub fn certify(o: &mut dyn std::io::Write, + sq: &Sq, recreate: bool, certifier: &Cert, cert: &Cert, @@ -177,7 +179,7 @@ pub fn certify(sq: &Sq, { assert!(templates.len() > 0); assert!(userids.len() > 0); - make_qprintln!(sq.quiet()); + make_qprintln!(o, sq.quiet()); if certifier.fingerprint() == cert.fingerprint() { sq.hint( @@ -364,6 +366,7 @@ The certifier is the same as the certificate to certify.")); } let changed = diff_certification( + o, &sq, &active_certification, &builders[0], sq.time); diff --git a/tests/integration/sq_pki_link.rs b/tests/integration/sq_pki_link.rs index bfc8dde4..f056c9de 100644 --- a/tests/integration/sq_pki_link.rs +++ b/tests/integration/sq_pki_link.rs @@ -484,7 +484,7 @@ fn sq_pki_link_update_detection() -> Result<()> { // Retract it. There is nothing to retract (but this doesn't fail). let output = sq_retract(&sq, &alice_fpr, &[], &[]); - assert!(output.2.contains("You never certified"), + assert!(output.1.contains("You never certified"), "stdout:\n{}\nstderr:\n{}", output.1, output.2); let bytes = compare(bytes, &alice_cert_pgp, true); @@ -495,7 +495,7 @@ fn sq_pki_link_update_detection() -> Result<()> { // As no parameters changed, this should succeeded, but no // certification should be written. let output = sq_link(&sq, &alice_fpr, &[], &[], &["--all"], true); - assert!(output.2.contains("Certification parameters are unchanged"), + assert!(output.1.contains("Certification parameters are unchanged"), "stdout:\n{}\nstderr:\n{}", output.1, output.2); let bytes = compare(bytes, &alice_cert_pgp, true); @@ -513,24 +513,24 @@ fn sq_pki_link_update_detection() -> Result<()> { // Make her a partially trusted CA. let output = sq_link(&sq, &alice_fpr, &[], &[], &["--amount", "30", "--all"], true); - assert!(output.2.contains("was previously"), + assert!(output.1.contains("was previously"), "stdout:\n{}\nstderr:\n{}", output.1, output.2); let bytes = compare(bytes, &alice_cert_pgp, false); let output = sq_link(&sq, &alice_fpr, &[], &[], &["--amount", "30", "--all"], true); - assert!(output.2.contains("Certification parameters are unchanged"), + assert!(output.1.contains("Certification parameters are unchanged"), "stdout:\n{}\nstderr:\n{}", output.1, output.2); let bytes = compare(bytes, &alice_cert_pgp, true); // Retract the link. let output = sq_retract(&sq, &alice_fpr, &[], &[]); - assert!(output.2.contains("was previously"), + assert!(output.1.contains("was previously"), "stdout:\n{}\nstderr:\n{}", output.1, output.2); let bytes = compare(bytes, &alice_cert_pgp, false); let output = sq_retract(&sq, &alice_fpr, &[], &[]); - assert!(output.2.contains("Certification parameters are unchanged"), + assert!(output.1.contains("Certification parameters are unchanged"), "stdout:\n{}\nstderr:\n{}", output.1, output.2); let bytes = compare(bytes, &alice_cert_pgp, true); @@ -538,37 +538,37 @@ fn sq_pki_link_update_detection() -> Result<()> { // Link it again. let output = sq_link(&sq, &alice_fpr, &[], &[], &["--amount", "10", "--all"], true); - assert!(output.2.contains("was retracted"), + assert!(output.1.contains("was retracted"), "stdout:\n{}\nstderr:\n{}", output.1, output.2); let bytes = compare(bytes, &alice_cert_pgp, false); let output = sq_link(&sq, &alice_fpr, &[], &[], &["--amount", "10", "--all"], true); - assert!(output.2.contains("Certification parameters are unchanged"), + assert!(output.1.contains("Certification parameters are unchanged"), "stdout:\n{}\nstderr:\n{}", output.1, output.2); let bytes = compare(bytes, &alice_cert_pgp, true); // Use a notation. let output = sq_link(&sq, &alice_fpr, &[], &[], &["--signature-notation", "foo", "10", "--all"], true); - assert!(output.2.contains("was previously"), + assert!(output.1.contains("was previously"), "stdout:\n{}\nstderr:\n{}", output.1, output.2); let bytes = compare(bytes, &alice_cert_pgp, false); let output = sq_link(&sq, &alice_fpr, &[], &[], &["--signature-notation", "foo", "10", "--all"], true); - assert!(output.2.contains("Certification parameters are unchanged"), + assert!(output.1.contains("Certification parameters are unchanged"), "stdout:\n{}\nstderr:\n{}", output.1, output.2); let bytes = compare(bytes, &alice_cert_pgp, true); // The default link again. let output = sq_link(&sq, &alice_fpr, &[], &[], &["--all"], true); - assert!(output.2.contains("was previously"), + assert!(output.1.contains("was previously"), "stdout:\n{}\nstderr:\n{}", output.1, output.2); let bytes = compare(bytes, &alice_cert_pgp, false); let output = sq_link(&sq, &alice_fpr, &[], &[], &["--all"], true); - assert!(output.2.contains("Certification parameters are unchanged"), + assert!(output.1.contains("Certification parameters are unchanged"), "stdout:\n{}\nstderr:\n{}", output.1, output.2); let bytes = compare(bytes, &alice_cert_pgp, true); @@ -613,7 +613,7 @@ fn sq_pki_link_add_temporary() -> Result<()> { sq_verify(&sq, None, &[], &[], &alice_sig_file, 0, 1); let output = sq_link(&sq, &alice_fpr, &[], &[], &["--temporary", "--all"], true); - assert!(output.2.contains("Certifying "), + assert!(output.1.contains("Certifying "), "stdout:\n{}\nstderr:\n{}", output.1, output.2); let bytes = compare(bytes, &alice_cert_pgp, false); @@ -634,7 +634,7 @@ fn sq_pki_link_add_temporary() -> Result<()> { // Now mark it as fully trusted. It should be trusted now, in 6 // days and in 8 days. let output = sq_link(&sq, &alice_fpr, &[], &[], &["--all"], true); - assert!(output.2.contains("was previously"), + assert!(output.1.contains("was previously"), "stdout:\n{}\nstderr:\n{}", output.1, output.2); eprintln!("{:?}", output); let bytes = compare(bytes, &alice_cert_pgp, false);