slipenkomk/sequoia-sq
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rename --userid-or-add to --add-userid, etc.

Browse Source 
- Rename `--userid-or-add`, `--email-or-add`, and `--name-or-add`
    respectively to `--add-userid`, `--add-email`, and `--add-name`.

  - These names more closely match their new semantics: they don't
    first try and match a self-signed user ID, but just use a user ID
    consisting of the argument's value.
This commit is contained in:
Neal H. Walfield 2024-12-13 23:03:13 +01:00
parent c0ef0f5dbd
commit 8ccb13db20
No known key found for this signature in database
GPG Key ID: 6863C9AD5B4D22D3
12 changed files with 47 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@ -8,6 +8,9 @@
instead of `--email`.
- `sq encrypt` now requires explicit opt-out for signing in the
form of the `--without-signature` flag.
- The arguments `--userid-or-add`, `--email-or-add`, and
`--name-or-add` have respectively been renamed to `--add-userid`,
`--add-email`, and `--add-name`.
* Changes in 0.41.0
** New functionality

4
sq-subplot.md
View File

@ -1041,7 +1041,7 @@ when I run sq key delete --cert-file bob.pgp --output bob-cert.pgp
when I run sq inspect bob-cert.pgp
then stdout doesn't contain "Certifications:"
when I run sq pki vouch add --certifier-file alice.pgp --cert-file bob-cert.pgp --userid-or-add "My friend Bob" --output cert.pgp
when I run sq pki vouch add --certifier-file alice.pgp --cert-file bob-cert.pgp --add-userid "My friend Bob" --output cert.pgp
when I run sq inspect cert.pgp
then stdout contains "My friend Bob"
then stdout contains "Certifications: 1,"
@ -1060,7 +1060,7 @@ when I run sq key delete --cert-file alice.pgp --output alice-cert.pgp
when I run sq key generate --own-key --without-password --userid Bob --output bob.pgp --rev-cert bob.pgp.rev
when I run sq key delete --cert-file bob.pgp --output bob-cert.pgp
when I run sq pki vouch add --certifier-file alice.pgp --cert-file bob-cert.pgp --email-or-add "bob@example.org" --output cert.pgp
when I run sq pki vouch add --certifier-file alice.pgp --cert-file bob-cert.pgp --add-email "bob@example.org" --output cert.pgp
when I run sq inspect cert.pgp
then stdout contains "<bob@example.org>"
then stdout contains "Certifications: 1,"

2
src/cli/key/userid.rs
View File

@ -194,7 +194,7 @@ policy. If the certificate is not valid under the current policy, \
consider revoking the whole certificate, or fixing it using `sq cert \
lint` after verifying the certificate's integrity. If the certificate \
is valid under the current policy, but the user ID you want to revoke \
isn't, you can still revoke the user ID using `--userid-or-add`.
isn't, you can still revoke the user ID using `--add-userid`.
`sq key userid revoke` respects the reference time set by the top-level \
`--time` argument. When set, it uses the specified time instead of \

2
src/cli/pki/link.rs
View File

@ -535,7 +535,7 @@ with the email address alice@example.org.",
command: &[
"sq", "pki", "link", "add",
"--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0",
"--email-or-add=alice@example.org",
"--add-email=alice@example.org",
],
hide: &[],
}),

2
src/cli/pki/vouch/add.rs
View File

@ -43,7 +43,7 @@ which is not a self-signed user ID.",
"sq", "pki", "vouch", "add",
"--certifier=EB28F26E2739A4870ECC47726F0073F60FD0CBF0",
"--cert=511257EBBF077B7AEDAE5D093F68CB84CE537C9A",
"--email-or-add=bob@bobs.lair.net",
"--add-email=bob@bobs.lair.net",
],
hide: &[],
}),

39
src/cli/types/userid_designator.rs
View File

@ -30,8 +30,7 @@ pub type ExactArgs = typenum::U2;
/// <alice@example.org>".
pub type ByArgs = typenum::U4;
/// Adds a `--userid-or-add`, `--email-or-add`, and `--name-or-add`
/// argument.
/// Adds a `--add-userid`, `--add-email`, and `--add-name` argument.
///
/// For `UserIDDesignator::resolve`, acts like `ExactArgs`, but if
/// there is no matching self-signed user ID, creates one from the
@ -591,7 +590,7 @@ Use all self-signed user IDs"));
let full_name = if plain_is_add {
"userid"
} else {
"userid-or-add"
"add-userid"
};
let (help, long_help) = Docs::help(UserID, false, Add);
@ -694,7 +693,7 @@ Use all self-signed user IDs"));
let full_name = if plain_is_add {
"email"
} else {
"email-or-add"
"add-email"
};
let (help, long_help) = Docs::help(Email, plain_is_add, Add);
let mut arg = clap::Arg::new(&full_name)
@ -741,7 +740,7 @@ Use all self-signed user IDs"));
let full_name = if plain_is_add {
"name"
} else {
"name-or-add"
"add-name"
};
let (help, long_help) = Docs::help(Name, plain_is_add, Add);
let mut arg = clap::Arg::new(&full_name)
@ -892,7 +891,7 @@ where
if add_args {
if let Ok(Some(userids))
= matches.try_get_many::<String>(
if plain_is_add { "userid" } else { "userid-or-add" }) {
if plain_is_add { "userid" } else { "add-userid" }) {
for userid in userids.cloned() {
designators.push(
UserIDDesignator::UserID(Add, userid));
@ -900,7 +899,7 @@ where
}
if let Ok(Some(emails))
= matches.try_get_many::<String>(
if plain_is_add { "email" } else { "email-or-add" })
if plain_is_add { "email" } else { "add-email" })
{
for email in emails.cloned() {
designators.push(
@ -909,7 +908,7 @@ where
}
if let Ok(Some(names))
= matches.try_get_many::<String>(
if plain_is_add { "name" } else { "name-or-add" })
if plain_is_add { "name" } else { "add-name" })
{
for name in names.cloned() {
designators.push(
@ -1129,11 +1128,11 @@ mod test {
]);
assert!(m.is_err());
// Check if --userid-or-add is recognized.
// Check if --add-userid is recognized.
let m = command.clone().try_get_matches_from(vec![
"prog",
"--userid-or-add", "alice",
"--userid-or-add", "bob",
"--add-userid", "alice",
"--add-userid", "bob",
]);
if $add {
let m = m.expect("valid arguments");
@ -1144,11 +1143,11 @@ mod test {
assert!(m.is_err());
}
// Check if --email-or-add is recognized.
// Check if --add-email is recognized.
let m = command.clone().try_get_matches_from(vec![
"prog",
"--email-or-add", "alice@example.org",
"--email-or-add", "bob@example.org",
"--add-email", "alice@example.org",
"--add-email", "bob@example.org",
]);
if $add {
let m = m.expect("valid arguments");
@ -1159,11 +1158,11 @@ mod test {
assert!(m.is_err());
}
// Check if --name-or-add is recognized.
// Check if --add-name is recognized.
let m = command.clone().try_get_matches_from(vec![
"prog",
"--name-or-add", "alice",
"--name-or-add", "bob",
"--add-name", "alice",
"--add-name", "bob",
]);
if $add {
let m = m.expect("valid arguments");
@ -1333,11 +1332,11 @@ mod test {
("--userid", "foo"),
("--userid-by-email", "foo@example.org"),
("--userid-by-name", "foo"),
("--userid-or-add", "foo"),
("--add-userid", "foo"),
("--email", "foo@example.org"),
("--email-or-add", "foo@example.org"),
("--add-email", "foo@example.org"),
("--name", "foo"),
("--name-or-add", "foo"),
("--add-name", "foo"),
]
{
// Make sure the arg/value are recognized.

2
src/commands/key/userid.rs
View File

@ -304,7 +304,7 @@ pub fn userid_revoke(
// To revoke a user ID, we require the certificate be valid under
// the current policy. Users can still revoke user IDs whose
// binding signature relies on weak cryptography using
// `--user-or-add`.
// `--add-user`.
let vcert = cert.with_policy(sq.policy, sq.time)
.with_context(|| {
format!("The certificate is not valid under the current \

6
src/common/types/userid_designator.rs
View File

@ -307,7 +307,7 @@ where
if missing {
if add_args {
weprintln!("Use `--userid-or-add` or `--email-or-add` to use \
weprintln!("Use `--add-userid` or `--add-email` to use \
a user ID even if it isn't self signed, or has \
an invalid self signature.");
}
@ -315,14 +315,14 @@ where
}
if ambiguous_email {
weprintln!("Use `--userid` with the full user ID, or \
`--userid-or-add` to add a new user ID.");
`--add-userid` to add a new user ID.");
return Err(anyhow::anyhow!("\
An email address does not unambiguously designate a \
self-signed user ID"));
}
if ambiguous_name {
weprintln!("Use `--userid` with the full user ID, or \
`--userid-or-add` to add a new user ID.");
`--add-userid` to add a new user ID.");
return Err(anyhow::anyhow!("\
A name does not unambiguously designate a \
self-signed user ID"));

4
tests/integration/common.rs
View File

@ -282,9 +282,9 @@ impl UserIDArg<'_> {
UserIDArg::Name(name) =>
cmd.arg("--name").arg(name),
UserIDArg::AddUserID(userid) =>
cmd.arg("--userid-or-add").arg(userid),
cmd.arg("--add-userid").arg(userid),
UserIDArg::AddEmail(email) =>
cmd.arg("--email-or-add").arg(email),
cmd.arg("--add-email").arg(email),
UserIDArg::ByEmail(email) =>
cmd.arg("--userid-by-email").arg(email),
};

6
tests/integration/sq_key_userid_revoke.rs
View File

@ -103,7 +103,7 @@ fn unbound_userid() {
updated_path.as_path())
.is_err());
// But it should work with --userid-or-add.
// But it should work with --add-userid.
sq.key_userid_revoke(
&[],
&cert_path,
@ -281,7 +281,7 @@ fn userid_designators() {
assert!(sq.pki_authenticate(
&[], &fpr, UserIDArg::UserID(other_userid)).is_ok());
// 2. --userid-or-add: use the specified user ID.
// 2. --add-userid: use the specified user ID.
let (cert, fpr, sq) = setup();
// Self-signed and authenticated.
@ -320,7 +320,7 @@ fn userid_designators() {
UserIDArg::Email(other_email)).is_err());
revocations(&sq, cert.key_handle(), other_userid, 0);
// 4. --email-or-add: use a user ID with the email address.
// 4. --add-email: use a user ID with the email address.
let (cert, fpr, sq) = setup();
// Self-signed and authenticated.

12
tests/integration/sq_pki_link.rs
View File

@ -791,7 +791,7 @@ fn no_ambiguous_email() {
sq.pki_link_add_maybe(
&[], alice.key_handle(), &[UserIDArg::Email("alice@example.org")])
.is_err());
// --email-or-add links a user ID with the email address:
// --add-email links a user ID with the email address:
// Ambiguous is allowed.
assert!(
sq.pki_link_add_maybe(
@ -904,7 +904,7 @@ fn link_userid_designators() {
&[], &fpr, UserIDArg::UserID("Alice <alice@an.org>")).is_ok());
// 2. Use --userid-or-add to link "Alice <alice@some.org>", which
// 2. Use --add-userid to link "Alice <alice@some.org>", which
// is not a self-signed user ID.
// This fails with --userid, because it expects a self-signed user ID.
@ -912,7 +912,7 @@ fn link_userid_designators() {
&mut sq, cert.key_handle(),
UserIDArg::UserID("Alice <alice@some.org>")).is_err());
// But it works with --userid-or-add.
// But it works with --add-userid.
link(&mut sq, cert.key_handle(),
UserIDArg::AddUserID("Alice <alice@some.org>"));
assert!(sq.pki_authenticate(
@ -933,7 +933,7 @@ fn link_userid_designators() {
&[], &fpr, UserIDArg::UserID("Alice <alice@example.org>")).is_ok());
// 4. Use --email-or-add to link "<alice@example.com>", which is
// 4. Use --add-email to link "<alice@example.com>", which is
// not part of a self signed user ID.
// This fails with --email, because it expects a self-signed user ID.
@ -941,13 +941,13 @@ fn link_userid_designators() {
&mut sq, cert.key_handle(),
UserIDArg::Email("alice@example.com")).is_err());
// But it works with --email-or-add.
// But it works with --add-email.
link(&mut sq,
cert.key_handle(), UserIDArg::AddEmail("alice@example.com"));
assert!(sq.pki_authenticate(
&[], &fpr, UserIDArg::UserID("<alice@example.com>")).is_ok());
// Use --email-or-add to link "<alice@third.org>", which is
// Use --add-email to link "<alice@third.org>", which is
// part of the self signed user ID "Alice <alice@third.org>".
// This should link "<alice@third.org>", not the self-signed
// user ID.

10
tests/integration/sq_pki_vouch_add.rs
View File

@ -562,7 +562,7 @@ fn userid_designators() {
&[], &fpr, UserIDArg::UserID("Alice <alice@an.org>")).is_ok());
// 2. Use --userid-or-add to certify "Alice <alice@some.org>",
// 2. Use --add-userid to certify "Alice <alice@some.org>",
// which is not a self-signed user ID.
// This fails with --userid, because it expects a self-signed
@ -571,7 +571,7 @@ fn userid_designators() {
&mut sq, cert.key_handle(),
UserIDArg::UserID("Alice <alice@some.org>")).is_err());
// But it works with --userid-or-add.
// But it works with --add-userid.
vouch(&mut sq, cert.key_handle(),
UserIDArg::AddUserID("Alice <alice@some.org>"));
assert!(sq.pki_authenticate(
@ -592,7 +592,7 @@ fn userid_designators() {
&[], &fpr, UserIDArg::UserID("Alice <alice@example.org>")).is_ok());
// 4. Use --email-or-add to certify "<alice@example.com>",
// 4. Use --add-email to certify "<alice@example.com>",
// which is not part of a self signed user ID.
// This fails with --email, because it expects a self-signed
@ -601,13 +601,13 @@ fn userid_designators() {
&mut sq, cert.key_handle(),
UserIDArg::Email("alice@example.com")).is_err());
// But it works with --email-or-add.
// But it works with --add-email.
vouch(&mut sq,
cert.key_handle(), UserIDArg::AddEmail("alice@example.com"));
assert!(sq.pki_authenticate(
&[], &fpr, UserIDArg::UserID("<alice@example.com>")).is_ok());
// Use --email-or-add to link "<alice@third.org>", which is
// Use --add-email to link "<alice@third.org>", which is
// part of the self signed user ID "Alice <alice@third.org>".
// This should link "<alice@third.org>", not the self-signed
// user ID.