Make sq pki certify's positional parameter a named parameter.

- In `sq pki certify`, change the certifier file parameter from a
     positional parameter to a named parameter, `--certifier-file`.
This commit is contained in:
Neal H. Walfield 2024-06-05 10:20:48 +02:00
parent bb0aa2f555
commit b55d1f3239
No known key found for this signature in database
GPG Key ID: 6863C9AD5B4D22D3
7 changed files with 29 additions and 22 deletions

2
NEWS
View File

@ -53,6 +53,8 @@
positional parameter to a named parameter, `--cert-file`.
- `sq pki certify`'s certifier parameter interprets `-` as meaning
it should read the certificate from stdin.
- In `sq pki certify`, change the certifier file parameter from a
positional parameter to a named parameter, `--certifier-file`.
* Changes in 0.36.0
- Missing
* Changes in 0.35.0

View File

@ -44,11 +44,13 @@ reference time.
"EXAMPLES:
# Juliet certifies that Romeo controls romeo.pgp and romeo@example.org
$ sq pki certify juliet.pgp romeo.pgp '<romeo@example.org>'
$ sq pki certify --certifier-file juliet.pgp
romeo.pgp '<romeo@example.org>'
# Certify the User ID Ada, and set the certification time to July
# 21, 2013 at midnight UTC:
$ sq pki certify --time 20130721 neal.pgp ada.pgp Ada
$ sq pki certify --time 20130721 --certifier-file neal.pgp
ada.pgp Ada
",
)]
pub struct Command {
@ -196,23 +198,23 @@ pub struct Command {
)]
pub allow_revoked_certifier: bool,
#[clap(
value_name = "CERTIFIER-KEY",
long,
value_name = "CERTIFIER-FILE",
required = true,
index = 1,
help = "Create the certification using CERTIFIER-KEY.",
)]
pub certifier: FileOrStdin,
pub certifier_file: FileOrStdin,
#[clap(
value_name = "KEY_ID|FINGERPRINT|FILE",
required = true,
index = 2,
index = 1,
help = "Certify CERTIFICATE.",
)]
pub certificate: String,
#[clap(
value_name = "USERID",
required = true,
index = 3,
index = 2,
help = "Certify USERID for CERTIFICATE.",
)]
pub userid: String,

View File

@ -26,7 +26,7 @@ pub fn certify(sq: Sq, c: certify::Command)
let userid = c.userid;
let certifier = sq.lookup_one(
c.certifier, Some(KeyFlags::empty().set_certification()), true)?;
c.certifier_file, Some(KeyFlags::empty().set_certification()), true)?;
// XXX: Change this interface: it's dangerous to guess whether an
// identifier is a file or a key handle.
let cert = if let Ok(kh) = cert.parse::<KeyHandle>() {

View File

@ -44,7 +44,7 @@ fn sq_certify() -> Result<()> {
.arg("--no-cert-store")
.arg("--no-key-store")
.arg("pki").arg("certify")
.arg(alice_pgp.to_str().unwrap())
.arg("--certifier-file").arg(alice_pgp.to_str().unwrap())
.arg(bob_pgp.to_str().unwrap())
.arg("bob@example.org")
.assert()
@ -84,7 +84,7 @@ fn sq_certify() -> Result<()> {
.arg("--no-cert-store")
.arg("--no-key-store")
.arg("pki").arg("certify")
.arg(alice_pgp.to_str().unwrap())
.arg("--certifier-file").arg(alice_pgp.to_str().unwrap())
.arg(bob_pgp.to_str().unwrap())
.arg("bob@example.org")
.args(["--expiry", "never"])
@ -124,7 +124,7 @@ fn sq_certify() -> Result<()> {
.arg("--no-cert-store")
.arg("--no-key-store")
.arg("pki").arg("certify")
.arg(alice_pgp.to_str().unwrap())
.arg("--certifier-file").arg(alice_pgp.to_str().unwrap())
.arg(bob_pgp.to_str().unwrap())
.arg("bob@example.org")
.args(["--depth", "10"])
@ -172,7 +172,7 @@ fn sq_certify() -> Result<()> {
.arg("--no-cert-store")
.arg("--no-key-store")
.arg("pki").arg("certify")
.arg(alice_pgp.to_str().unwrap())
.arg("--certifier-file").arg(alice_pgp.to_str().unwrap())
.arg(bob_pgp.to_str().unwrap())
.arg("bob")
.assert()
@ -187,7 +187,7 @@ fn sq_certify() -> Result<()> {
.args(["--notation", "foo", "bar"])
.args(["--notation", "!foo", "xyzzy"])
.args(["--notation", "hello@example.org", "1234567890"])
.arg(alice_pgp.to_str().unwrap())
.arg("--certifier-file").arg(alice_pgp.to_str().unwrap())
.arg(bob_pgp.to_str().unwrap())
.arg("bob@example.org")
.assert()
@ -310,7 +310,7 @@ fn sq_certify_creation_time() -> Result<()>
cmd.args(["--no-cert-store",
"--no-key-store",
"pki", "certify",
&alice_pgp.to_string_lossy(),
"--certifier-file", &alice_pgp.to_string_lossy(),
&bob_pgp.to_string_lossy(), bob,
"--time", iso8601 ]);
@ -397,7 +397,7 @@ fn sq_certify_with_expired_key() -> Result<()>
cmd.args(["--no-cert-store",
"--no-key-store",
"pki", "certify",
&alice_pgp.to_string_lossy(),
"--certifier-file", &alice_pgp.to_string_lossy(),
&bob_pgp.to_string_lossy(), bob ]);
cmd.assert().failure();
@ -408,7 +408,7 @@ fn sq_certify_with_expired_key() -> Result<()>
"--no-key-store",
"pki", "certify",
"--allow-not-alive-certifier",
&alice_pgp.to_string_lossy(),
"--certifier-file", &alice_pgp.to_string_lossy(),
&bob_pgp.to_string_lossy(), bob ]);
let assertion = cmd.assert().try_success()?;
@ -493,7 +493,7 @@ fn sq_certify_with_revoked_key() -> Result<()>
cmd.args(["--no-cert-store",
"--no-key-store",
"pki", "certify",
&alice_pgp.to_string_lossy(),
"--certifier-file", &alice_pgp.to_string_lossy(),
&bob_pgp.to_string_lossy(), bob ]);
cmd.assert().failure();
@ -504,7 +504,7 @@ fn sq_certify_with_revoked_key() -> Result<()>
"--no-key-store",
"pki", "certify",
"--allow-revoked-certifier",
&alice_pgp.to_string_lossy(),
"--certifier-file", &alice_pgp.to_string_lossy(),
&bob_pgp.to_string_lossy(), bob ]);
let assertion = cmd.assert().try_success()?;
@ -587,7 +587,7 @@ fn sq_certify_using_cert_store() -> Result<()>
let mut cmd = Command::cargo_bin("sq")?;
cmd.args(["--cert-store", &certd,
"pki", "certify",
&alice_pgp,
"--certifier-file", &alice_pgp,
&bob.fingerprint().to_string(),
"<bob@example.org>"]);

View File

@ -227,7 +227,9 @@ mod integration {
for userid in bob_certified_userids {
let mut cmd = Command::cargo_bin("sq")?;
cmd.args(["--cert-store", &certd,
"pki", "certify", &alice_pgp, &bob_pgp, userid]);
"pki", "certify",
"--certifier-file", &alice_pgp,
&bob_pgp, userid]);
let output = cmd.output().expect("success");
let stdout = String::from_utf8_lossy(&output.stdout);

View File

@ -195,7 +195,8 @@ fn sq_certify(cert_store: &str,
{
let mut cmd = Command::cargo_bin("sq").expect("have sq");
cmd.args(&["--cert-store", cert_store]);
cmd.args(&["pki", "certify", "--time", &tick(), key, cert, userid]);
cmd.args(&["pki", "certify", "--time", &tick(),
"--certifier-file", key, cert, userid]);
if let Some(trust_amount) = trust_amount {
cmd.args(&["--amount", &trust_amount.to_string()[..]]);
}

View File

@ -1187,7 +1187,7 @@ fn sq_verify_wot() -> Result<()> {
{
let mut cmd = Command::cargo_bin("sq").expect("have sq");
cmd.args(&["--cert-store", cert_store]);
cmd.args(&["pki", "certify", key, cert, userid]);
cmd.args(&["pki", "certify", "--certifier-file", key, cert, userid]);
if let Some(trust_amount) = trust_amount {
cmd.args(&["--amount", &trust_amount.to_string()[..]]);
}