Make sq pki certify's positional parameter a named parameter.

- In `sq pki certify`, change the certifier file parameter from a
     positional parameter to a named parameter, `--certifier-file`.
This commit is contained in:
Neal H. Walfield 2024-06-05 10:20:48 +02:00
parent bb0aa2f555
commit b55d1f3239
No known key found for this signature in database
GPG Key ID: 6863C9AD5B4D22D3
7 changed files with 29 additions and 22 deletions

2
NEWS
View File

@ -53,6 +53,8 @@
positional parameter to a named parameter, `--cert-file`. positional parameter to a named parameter, `--cert-file`.
- `sq pki certify`'s certifier parameter interprets `-` as meaning - `sq pki certify`'s certifier parameter interprets `-` as meaning
it should read the certificate from stdin. it should read the certificate from stdin.
- In `sq pki certify`, change the certifier file parameter from a
positional parameter to a named parameter, `--certifier-file`.
* Changes in 0.36.0 * Changes in 0.36.0
- Missing - Missing
* Changes in 0.35.0 * Changes in 0.35.0

View File

@ -44,11 +44,13 @@ reference time.
"EXAMPLES: "EXAMPLES:
# Juliet certifies that Romeo controls romeo.pgp and romeo@example.org # Juliet certifies that Romeo controls romeo.pgp and romeo@example.org
$ sq pki certify juliet.pgp romeo.pgp '<romeo@example.org>' $ sq pki certify --certifier-file juliet.pgp
romeo.pgp '<romeo@example.org>'
# Certify the User ID Ada, and set the certification time to July # Certify the User ID Ada, and set the certification time to July
# 21, 2013 at midnight UTC: # 21, 2013 at midnight UTC:
$ sq pki certify --time 20130721 neal.pgp ada.pgp Ada $ sq pki certify --time 20130721 --certifier-file neal.pgp
ada.pgp Ada
", ",
)] )]
pub struct Command { pub struct Command {
@ -196,23 +198,23 @@ pub struct Command {
)] )]
pub allow_revoked_certifier: bool, pub allow_revoked_certifier: bool,
#[clap( #[clap(
value_name = "CERTIFIER-KEY", long,
value_name = "CERTIFIER-FILE",
required = true, required = true,
index = 1,
help = "Create the certification using CERTIFIER-KEY.", help = "Create the certification using CERTIFIER-KEY.",
)] )]
pub certifier: FileOrStdin, pub certifier_file: FileOrStdin,
#[clap( #[clap(
value_name = "KEY_ID|FINGERPRINT|FILE", value_name = "KEY_ID|FINGERPRINT|FILE",
required = true, required = true,
index = 2, index = 1,
help = "Certify CERTIFICATE.", help = "Certify CERTIFICATE.",
)] )]
pub certificate: String, pub certificate: String,
#[clap( #[clap(
value_name = "USERID", value_name = "USERID",
required = true, required = true,
index = 3, index = 2,
help = "Certify USERID for CERTIFICATE.", help = "Certify USERID for CERTIFICATE.",
)] )]
pub userid: String, pub userid: String,

View File

@ -26,7 +26,7 @@ pub fn certify(sq: Sq, c: certify::Command)
let userid = c.userid; let userid = c.userid;
let certifier = sq.lookup_one( let certifier = sq.lookup_one(
c.certifier, Some(KeyFlags::empty().set_certification()), true)?; c.certifier_file, Some(KeyFlags::empty().set_certification()), true)?;
// XXX: Change this interface: it's dangerous to guess whether an // XXX: Change this interface: it's dangerous to guess whether an
// identifier is a file or a key handle. // identifier is a file or a key handle.
let cert = if let Ok(kh) = cert.parse::<KeyHandle>() { let cert = if let Ok(kh) = cert.parse::<KeyHandle>() {

View File

@ -44,7 +44,7 @@ fn sq_certify() -> Result<()> {
.arg("--no-cert-store") .arg("--no-cert-store")
.arg("--no-key-store") .arg("--no-key-store")
.arg("pki").arg("certify") .arg("pki").arg("certify")
.arg(alice_pgp.to_str().unwrap()) .arg("--certifier-file").arg(alice_pgp.to_str().unwrap())
.arg(bob_pgp.to_str().unwrap()) .arg(bob_pgp.to_str().unwrap())
.arg("bob@example.org") .arg("bob@example.org")
.assert() .assert()
@ -84,7 +84,7 @@ fn sq_certify() -> Result<()> {
.arg("--no-cert-store") .arg("--no-cert-store")
.arg("--no-key-store") .arg("--no-key-store")
.arg("pki").arg("certify") .arg("pki").arg("certify")
.arg(alice_pgp.to_str().unwrap()) .arg("--certifier-file").arg(alice_pgp.to_str().unwrap())
.arg(bob_pgp.to_str().unwrap()) .arg(bob_pgp.to_str().unwrap())
.arg("bob@example.org") .arg("bob@example.org")
.args(["--expiry", "never"]) .args(["--expiry", "never"])
@ -124,7 +124,7 @@ fn sq_certify() -> Result<()> {
.arg("--no-cert-store") .arg("--no-cert-store")
.arg("--no-key-store") .arg("--no-key-store")
.arg("pki").arg("certify") .arg("pki").arg("certify")
.arg(alice_pgp.to_str().unwrap()) .arg("--certifier-file").arg(alice_pgp.to_str().unwrap())
.arg(bob_pgp.to_str().unwrap()) .arg(bob_pgp.to_str().unwrap())
.arg("bob@example.org") .arg("bob@example.org")
.args(["--depth", "10"]) .args(["--depth", "10"])
@ -172,7 +172,7 @@ fn sq_certify() -> Result<()> {
.arg("--no-cert-store") .arg("--no-cert-store")
.arg("--no-key-store") .arg("--no-key-store")
.arg("pki").arg("certify") .arg("pki").arg("certify")
.arg(alice_pgp.to_str().unwrap()) .arg("--certifier-file").arg(alice_pgp.to_str().unwrap())
.arg(bob_pgp.to_str().unwrap()) .arg(bob_pgp.to_str().unwrap())
.arg("bob") .arg("bob")
.assert() .assert()
@ -187,7 +187,7 @@ fn sq_certify() -> Result<()> {
.args(["--notation", "foo", "bar"]) .args(["--notation", "foo", "bar"])
.args(["--notation", "!foo", "xyzzy"]) .args(["--notation", "!foo", "xyzzy"])
.args(["--notation", "hello@example.org", "1234567890"]) .args(["--notation", "hello@example.org", "1234567890"])
.arg(alice_pgp.to_str().unwrap()) .arg("--certifier-file").arg(alice_pgp.to_str().unwrap())
.arg(bob_pgp.to_str().unwrap()) .arg(bob_pgp.to_str().unwrap())
.arg("bob@example.org") .arg("bob@example.org")
.assert() .assert()
@ -310,7 +310,7 @@ fn sq_certify_creation_time() -> Result<()>
cmd.args(["--no-cert-store", cmd.args(["--no-cert-store",
"--no-key-store", "--no-key-store",
"pki", "certify", "pki", "certify",
&alice_pgp.to_string_lossy(), "--certifier-file", &alice_pgp.to_string_lossy(),
&bob_pgp.to_string_lossy(), bob, &bob_pgp.to_string_lossy(), bob,
"--time", iso8601 ]); "--time", iso8601 ]);
@ -397,7 +397,7 @@ fn sq_certify_with_expired_key() -> Result<()>
cmd.args(["--no-cert-store", cmd.args(["--no-cert-store",
"--no-key-store", "--no-key-store",
"pki", "certify", "pki", "certify",
&alice_pgp.to_string_lossy(), "--certifier-file", &alice_pgp.to_string_lossy(),
&bob_pgp.to_string_lossy(), bob ]); &bob_pgp.to_string_lossy(), bob ]);
cmd.assert().failure(); cmd.assert().failure();
@ -408,7 +408,7 @@ fn sq_certify_with_expired_key() -> Result<()>
"--no-key-store", "--no-key-store",
"pki", "certify", "pki", "certify",
"--allow-not-alive-certifier", "--allow-not-alive-certifier",
&alice_pgp.to_string_lossy(), "--certifier-file", &alice_pgp.to_string_lossy(),
&bob_pgp.to_string_lossy(), bob ]); &bob_pgp.to_string_lossy(), bob ]);
let assertion = cmd.assert().try_success()?; let assertion = cmd.assert().try_success()?;
@ -493,7 +493,7 @@ fn sq_certify_with_revoked_key() -> Result<()>
cmd.args(["--no-cert-store", cmd.args(["--no-cert-store",
"--no-key-store", "--no-key-store",
"pki", "certify", "pki", "certify",
&alice_pgp.to_string_lossy(), "--certifier-file", &alice_pgp.to_string_lossy(),
&bob_pgp.to_string_lossy(), bob ]); &bob_pgp.to_string_lossy(), bob ]);
cmd.assert().failure(); cmd.assert().failure();
@ -504,7 +504,7 @@ fn sq_certify_with_revoked_key() -> Result<()>
"--no-key-store", "--no-key-store",
"pki", "certify", "pki", "certify",
"--allow-revoked-certifier", "--allow-revoked-certifier",
&alice_pgp.to_string_lossy(), "--certifier-file", &alice_pgp.to_string_lossy(),
&bob_pgp.to_string_lossy(), bob ]); &bob_pgp.to_string_lossy(), bob ]);
let assertion = cmd.assert().try_success()?; let assertion = cmd.assert().try_success()?;
@ -587,7 +587,7 @@ fn sq_certify_using_cert_store() -> Result<()>
let mut cmd = Command::cargo_bin("sq")?; let mut cmd = Command::cargo_bin("sq")?;
cmd.args(["--cert-store", &certd, cmd.args(["--cert-store", &certd,
"pki", "certify", "pki", "certify",
&alice_pgp, "--certifier-file", &alice_pgp,
&bob.fingerprint().to_string(), &bob.fingerprint().to_string(),
"<bob@example.org>"]); "<bob@example.org>"]);

View File

@ -227,7 +227,9 @@ mod integration {
for userid in bob_certified_userids { for userid in bob_certified_userids {
let mut cmd = Command::cargo_bin("sq")?; let mut cmd = Command::cargo_bin("sq")?;
cmd.args(["--cert-store", &certd, cmd.args(["--cert-store", &certd,
"pki", "certify", &alice_pgp, &bob_pgp, userid]); "pki", "certify",
"--certifier-file", &alice_pgp,
&bob_pgp, userid]);
let output = cmd.output().expect("success"); let output = cmd.output().expect("success");
let stdout = String::from_utf8_lossy(&output.stdout); let stdout = String::from_utf8_lossy(&output.stdout);

View File

@ -195,7 +195,8 @@ fn sq_certify(cert_store: &str,
{ {
let mut cmd = Command::cargo_bin("sq").expect("have sq"); let mut cmd = Command::cargo_bin("sq").expect("have sq");
cmd.args(&["--cert-store", cert_store]); cmd.args(&["--cert-store", cert_store]);
cmd.args(&["pki", "certify", "--time", &tick(), key, cert, userid]); cmd.args(&["pki", "certify", "--time", &tick(),
"--certifier-file", key, cert, userid]);
if let Some(trust_amount) = trust_amount { if let Some(trust_amount) = trust_amount {
cmd.args(&["--amount", &trust_amount.to_string()[..]]); cmd.args(&["--amount", &trust_amount.to_string()[..]]);
} }

View File

@ -1187,7 +1187,7 @@ fn sq_verify_wot() -> Result<()> {
{ {
let mut cmd = Command::cargo_bin("sq").expect("have sq"); let mut cmd = Command::cargo_bin("sq").expect("have sq");
cmd.args(&["--cert-store", cert_store]); cmd.args(&["--cert-store", cert_store]);
cmd.args(&["pki", "certify", key, cert, userid]); cmd.args(&["pki", "certify", "--certifier-file", key, cert, userid]);
if let Some(trust_amount) = trust_amount { if let Some(trust_amount) = trust_amount {
cmd.args(&["--amount", &trust_amount.to_string()[..]]); cmd.args(&["--amount", &trust_amount.to_string()[..]]);
} }