Introduce a switch to select the type of DNS resource records.

- Fixes #353.
This commit is contained in:
Justus Winter 2024-10-02 11:31:19 +02:00
parent b4158f40de
commit a2440d7cf0
No known key found for this signature in database
GPG Key ID: 686F55B4AB2B3386
3 changed files with 30 additions and 9 deletions

3
NEWS
View File

@ -16,6 +16,9 @@
- `sq key adopt` sets the key's creation time to the current time
(while respecting `--time`) if `--creation-time` is not
specified, and the key's time is the Unix epoch.
- To select the type of generated DNS resource records a new switch
has been introduced. `sq network dane generate --type generic`
replaces the old `--generic` flag.
* Changes in 0.38.0
** Notable changes
- New subcommand `sq key subkey delete` to delete secret key

View File

@ -61,7 +61,7 @@ emitted. If multiple user IDs map to one email address, then all \
matching user IDs are included in the emitted certificates.
By default, OPENPGPKEY resource records are emitted. If your DNS \
server doesn't understand those, use `--generic` to emit generic \
server doesn't understand those, use `--type generic` to emit generic \
records instead.
",
after_help = GENERATE_EXAMPLES,
@ -95,11 +95,15 @@ pub struct GenerateCommand {
help = "Try to shrink the certificates to this size",
)]
pub size_limit: usize,
#[clap(
long = "generic",
help = "Emit generic resource records [default: OPENPGPKEY records]",
long = "type",
value_name = "TYPE",
default_value = "openpgp",
help = "Change the emitted resource record type",
)]
pub generic: bool,
pub typ: ResourceRecordType,
#[clap(
long = "skip",
help = "Skip expired certificates and those that do not have \
@ -108,6 +112,14 @@ pub struct GenerateCommand {
pub skip: bool,
}
#[derive(clap::ValueEnum, Clone, Copy, Debug, Default, PartialEq, Eq)]
pub enum ResourceRecordType {
#[default]
#[clap(name = "openpgp")]
OpenPGP,
Generic,
}
#[derive(Debug, Args)]
#[clap(
about = "Retrieve certificates using DANE",

View File

@ -1220,11 +1220,17 @@ pub fn dispatch_dane(mut sq: Sq, c: cli::network::dane::Command)
e @ Err(_) if ! c.skip => e?,
_ => continue,
};
match if c.generic {
dane::generate_generic(&vc, &c.domain, c.ttl, c.size_limit)
} else {
dane::generate(&vc, &c.domain, c.ttl, c.size_limit)
} {
use cli::network::dane::ResourceRecordType;
let r = match c.typ {
ResourceRecordType::OpenPGP =>
dane::generate(&vc, &c.domain, c.ttl, c.size_limit),
ResourceRecordType::Generic =>
dane::generate_generic(&vc, &c.domain, c.ttl,
c.size_limit),
};
match r {
Ok(records) =>
records.iter().for_each(|r| println!("{}", r)),
Err(e) =>