Remove sq network dane generate --skip.

- This didn't do what it said on the tin (it said to skip expired certs, but Cert::with_policy doesn't care about expiration). Further, asking to publish a cert that doesn't have a user ID in that domain should probably just be an error. - Previously, the now removed `sq network wkd generate` command also had a `--skip` flag, but the replacement `sq network wkd publish` never had that flag. - Fixes #371.
2024-10-17 17:41:24 +02:00 · 2024-10-17 17:41:24 +02:00 · cea028e582
commit cea028e582
parent f934cd2e31
2 changed files with 5 additions and 27 deletions
--- a/src/cli/network/dane.rs
+++ b/src/cli/network/dane.rs
@ -108,13 +108,6 @@ pub struct GenerateCommand {
        help = "Change the emitted resource record type",
    )]
    pub typ: ResourceRecordType,
-
-    #[clap(
-        long = "skip",
-        help = "Skip expired certificates and those that do not have \
-                User IDs for given domain.",
-    )]
-    pub skip: bool,
 }

 #[derive(clap::ValueEnum, Clone, Copy, Debug, Default, PartialEq, Eq)]
--- a/src/commands/network.rs
+++ b/src/commands/network.rs
@ -1409,33 +1409,18 @@ pub fn dispatch_dane(mut sq: Sq, c: cli::network::dane::Command)
            }

            for cert in certs {
-                let vc = match cert.with_policy(sq.policy, sq.time) {
-                    Ok(vc) => vc,
-                    e @ Err(_) if ! c.skip => e?,
-                    _ => continue,
-                };
+                let vc = cert.with_policy(sq.policy, sq.time)?;

                use cli::network::dane::ResourceRecordType;
-                let r = match c.typ {
+                let records = match c.typ {
                    ResourceRecordType::OpenPGP =>
-                        dane::generate(&vc, &c.domain, c.ttl, c.size_limit),
+                        dane::generate(&vc, &c.domain, c.ttl, c.size_limit)?,
                    ResourceRecordType::Generic =>
                        dane::generate_generic(&vc, &c.domain, c.ttl,
-                                               c.size_limit),
+                                               c.size_limit)?,
                };

-                match r {
-                    Ok(records) =>
-                        records.iter().for_each(|r| println!("{}", r)),
-                    Err(e) =>
-                        match e.downcast::<openpgp::Error>() {
-                            // Ignore cert with no user ID in domain.
-                            Ok(openpgp::Error::InvalidArgument(_))
-                                if c.skip => (),
-                            Ok(e) => Err(e)?,
-                            Err(e) => Err(e)?,
-                        },
-                }
+                records.iter().for_each(|r| println!("{}", r));
            }
        },
        Search(c) => rt.block_on(async {