slipenkomk/sequoia-sq
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rename --certificate-file and --revocation-file.

Browse Source 
- `sq key revoked`, `sq key userid revoke`, and `sq key subkey
    revoke` have two arguments for naming a certificate:
    `--certificate-file` and `--cert-file`.  The latter is an alias.
    Drop `--certificate-file` and promote `--cert-file`.  This
    harmonizes these subcommands with other subcommands, which only
    use `--cert-file`.

  - Rename `--revocation-file` to `--revoker-file`, as the file
    contains a "revoker" not a "revocation."
This commit is contained in:
Neal H. Walfield 2024-05-27 17:48:26 +02:00
parent 368e3f0902
commit e24c9ff92e
No known key found for this signature in database
GPG Key ID: 6863C9AD5B4D22D3
8 changed files with 55 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
NEWS
View File

@ -10,6 +10,13 @@
- `sq key userid add` no longer accepts positional arguments. The
user ID is provided by the `--userid` argument, and the
certificate by `--cert` or `--cert-file`.
- Drop the `--certificate-file` argument from `sq key revoke`, `sq
key subkey revoke`, and `sq key userid revoke` drop the
`--certificate-file`. (The certificate can still be specified
using `--cert-file`.)
- Rename the `--revocation-file` argument to `--revoker-file` in
`sq key revoke`, `sq key subkey revoke`, and `sq key userid
revoke`.
* Changes in 0.36.0
- Missing
* Changes in 0.35.0

28
src/cli/key.rs
View File

@ -488,17 +488,16 @@ instead of the current time.
pub struct RevokeCommand {
#[clap(
value_name = "FILE",
long = "certificate-file",
alias = "cert-file",
long,
help = "The certificate to revoke",
long_help =
"Read the certificate to revoke from FILE or stdin, if omitted. It is \
an error for the file to contain more than one certificate.",
)]
pub input: Option<PathBuf>,
pub cert_file: Option<PathBuf>,
#[clap(
long = "revocation-file",
long,
value_name = "KEY_FILE",
help = "Sign the revocation certificate using the key in KEY_FILE",
long_help =
@ -507,7 +506,7 @@ different from the certificate, this creates a third-party revocation. If \
this option is not provided, and the certificate includes secret key material, \
then that key is used to sign the revocation certificate.",
)]
pub secret_key_file: Option<PathBuf>,
pub revoker_file: Option<PathBuf>,
#[clap(
value_name = "REASON",
@ -714,19 +713,18 @@ instead of the current time.
",)]
pub struct UseridRevokeCommand {
#[clap(
long,
value_name = "CERT_FILE",
long = "certificate-file",
alias = "cert-file",
help = "The certificate containing the User ID to revoke",
long_help =
"Read the certificate to revoke from CERT_FILE or stdin, \
if omitted. It is an error for the file to contain more than one \
certificate."
)]
pub input: Option<PathBuf>,
pub cert_file: Option<PathBuf>,
#[clap(
long = "revocation-file",
long,
value_name = "KEY_FILE",
help = "Sign the revocation certificate using the key in KEY_FILE",
long_help =
@ -735,7 +733,7 @@ different from the certificate, this creates a third-party revocation. If \
this option is not provided, and the certificate includes secret key material, \
then that key is used to sign the revocation certificate.",
)]
pub secret_key_file: Option<PathBuf>,
pub revoker_file: Option<PathBuf>,
#[clap(
value_name = "USERID",
@ -1195,19 +1193,17 @@ instead of the current time.
)]
pub struct SubkeyRevokeCommand {
#[clap(
value_name = "FILE",
long = "certificate-file",
alias = "cert-file",
help = "The certificate containing the subkey to revoke",
long,
long_help =
"Read the certificate containing the subkey to revoke from FILE or stdin, \
if omitted. It is an error for the file to contain more than one \
certificate."
)]
pub input: Option<PathBuf>,
pub cert_file: Option<PathBuf>,
#[clap(
long = "revocation-file",
long,
value_name = "KEY_FILE",
help = "Sign the revocation certificate using the key in KEY_FILE",
long_help =
@ -1217,7 +1213,7 @@ is different from the certificate, this creates a third-party revocation. \
If this option is not provided, and the certificate includes secret key \
material, then that key is used to sign the revocation certificate.",
)]
pub secret_key_file: Option<PathBuf>,
pub revoker_file: Option<PathBuf>,
#[clap(
value_name = "SUBKEY",

18
src/commands/key/revoke.rs
View File

@ -18,7 +18,7 @@ use crate::parse_notations;
/// Handle the revocation of a certificate
struct CertificateRevocation {
cert: Cert,
secret: Cert,
revoker: Cert,
revocation_packet: Packet,
}
@ -27,15 +27,15 @@ impl CertificateRevocation {
pub fn new(
sq: &Sq,
cert: Cert,
secret: Option<Cert>,
revoker: Option<Cert>,
reason: ReasonForRevocation,
message: &str,
notations: &[(bool, NotationData)],
) -> Result<Self> {
let (secret, mut signer) = get_secret_signer(
let (revoker, mut signer) = get_secret_signer(
sq,
&cert,
secret.as_ref(),
revoker.as_ref(),
)?;
let revocation_packet = {
@ -57,7 +57,7 @@ impl CertificateRevocation {
Ok(CertificateRevocation {
cert,
secret,
revoker,
revocation_packet,
})
}
@ -80,7 +80,7 @@ impl RevocationOutput for CertificateRevocation
}
fn revoker(&self) -> &Cert {
&self.secret
&self.revoker
}
}
@ -89,10 +89,10 @@ pub fn certificate_revoke(
sq: Sq,
command: RevokeCommand,
) -> Result<()> {
let br = FileOrStdin::from(command.input.as_deref()).open()?;
let br = FileOrStdin::from(command.cert_file.as_deref()).open()?;
let cert = Cert::from_buffered_reader(br)?;
let secret = if let Some(file) = command.secret_key_file.as_deref() {
let revoker = if let Some(file) = command.revoker_file.as_deref() {
let certs = load_certs(std::iter::once(file))?;
if certs.len() > 1 {
return Err(anyhow::anyhow!(
@ -109,7 +109,7 @@ pub fn certificate_revoke(
let revocation = CertificateRevocation::new(
&sq,
cert,
secret,
revoker,
command.reason.into(),
&command.message,
&notations,

18
src/commands/key/subkey.rs
View File

@ -31,7 +31,7 @@ use crate::parse_notations;
/// Handle the revocation of a subkey
struct SubkeyRevocation {
cert: Cert,
secret: Cert,
revoker: Cert,
revocation_packet: Packet,
subkey: Key<key::PublicParts, key::SubordinateRole>,
}
@ -42,13 +42,13 @@ impl SubkeyRevocation {
sq: &Sq,
keyhandle: &KeyHandle,
cert: Cert,
secret: Option<Cert>,
revoker: Option<Cert>,
reason: ReasonForRevocation,
message: &str,
notations: &[(bool, NotationData)],
) -> Result<Self> {
let (secret, mut signer)
= get_secret_signer(sq, &cert, secret.as_ref())?;
let (revoker, mut signer)
= get_secret_signer(sq, &cert, revoker.as_ref())?;
let (subkey, revocation_packet) = {
let valid_cert = cert.with_policy(NULL_POLICY, None)?;
@ -113,7 +113,7 @@ impl SubkeyRevocation {
Ok(SubkeyRevocation {
cert,
secret,
revoker,
revocation_packet,
subkey,
})
@ -137,7 +137,7 @@ impl RevocationOutput for SubkeyRevocation {
}
fn revoker(&self) -> &Cert {
&self.secret
&self.revoker
}
}
@ -227,10 +227,10 @@ pub fn subkey_revoke(
sq: Sq,
command: SubkeyRevokeCommand,
) -> Result<()> {
let br = FileOrStdin::from(command.input.as_deref()).open()?;
let br = FileOrStdin::from(command.cert_file.as_deref()).open()?;
let cert = Cert::from_buffered_reader(br)?;
let secret = if let Some(file) = command.secret_key_file.as_deref() {
let revoker = if let Some(file) = command.revoker_file.as_deref() {
let certs = load_certs(std::iter::once(file))?;
if certs.len() > 1 {
return Err(anyhow::anyhow!(
@ -248,7 +248,7 @@ pub fn subkey_revoke(
&sq,
&command.subkey,
cert,
secret,
revoker,
command.reason.into(),
&command.message,
&notations,

18
src/commands/key/userid.rs
View File

@ -42,7 +42,7 @@ use crate::parse_notations;
/// Handle the revocation of a User ID
struct UserIDRevocation {
cert: Cert,
secret: Cert,
revoker: Cert,
revocation_packet: Packet,
userid: String,
uid: UserID,
@ -55,13 +55,13 @@ impl UserIDRevocation {
userid: String,
force: bool,
cert: Cert,
secret: Option<Cert>,
revoker: Option<Cert>,
reason: ReasonForRevocation,
message: &str,
notations: &[(bool, NotationData)],
) -> Result<Self> {
let (secret, mut signer)
= get_secret_signer(sq, &cert, secret.as_ref())?;
let (revoker, mut signer)
= get_secret_signer(sq, &cert, revoker.as_ref())?;
let uid = UserID::from(userid.as_str());
@ -125,7 +125,7 @@ impl UserIDRevocation {
Ok(UserIDRevocation {
cert,
secret,
revoker,
revocation_packet,
userid,
uid,
@ -157,7 +157,7 @@ impl RevocationOutput for UserIDRevocation
}
fn revoker(&self) -> &Cert {
&self.secret
&self.revoker
}
}
@ -400,10 +400,10 @@ pub fn userid_revoke(
sq: Sq,
command: UseridRevokeCommand,
) -> Result<()> {
let br = FileOrStdin::from(command.input.as_deref()).open()?;
let br = FileOrStdin::from(command.cert_file.as_deref()).open()?;
let cert = Cert::from_buffered_reader(br)?;
let secret = if let Some(file) = command.secret_key_file.as_deref() {
let revoker = if let Some(file) = command.revoker_file.as_deref() {
let certs = load_certs(std::iter::once(file))?;
if certs.len() > 1 {
return Err(anyhow::anyhow!(
@ -422,7 +422,7 @@ pub fn userid_revoke(
command.userid,
sq.force,
cert,
secret,
revoker,
command.reason.into(),
&command.message,
&notations,

6
tests/sq-key-revoke.rs
View File

@ -111,7 +111,7 @@ fn sq_key_revoke() -> Result<()> {
"revoke",
"--output",
&revocation.to_string_lossy(),
"--certificate-file",
"--cert-file",
&path.to_string_lossy(),
reason_str,
message,
@ -284,9 +284,9 @@ fn sq_key_revoke_thirdparty() -> Result<()> {
"revoke",
"--output",
&revocation.to_string_lossy(),
"--certificate-file",
"--cert-file",
&path.to_string_lossy(),
"--revocation-file",
"--revoker-file",
&thirdparty_path.to_string_lossy(),
reason_str,
message,

6
tests/sq-key-subkey.rs
View File

@ -217,7 +217,7 @@ fn sq_key_subkey_revoke() -> Result<()> {
"revoke",
"--output",
&revocation.to_string_lossy(),
"--certificate-file",
"--cert-file",
&path.to_string_lossy(),
&subkey_fingerprint.to_string(),
reason_str,
@ -416,9 +416,9 @@ fn sq_key_subkey_revoke_thirdparty() -> Result<()> {
"revoke",
"--output",
&revocation.to_string_lossy(),
"--certificate-file",
"--cert-file",
&path.to_string_lossy(),
"--revocation-file",
"--revoker-file",
&thirdparty_path.to_string_lossy(),
&subkey_fingerprint.to_string(),
reason_str,

6
tests/sq-key-userid.rs
View File

@ -84,7 +84,7 @@ fn sq_key_userid_revoke() -> Result<()> {
"revoke",
"--output",
&revocation.to_string_lossy(),
"--certificate-file",
"--cert-file",
&path.to_string_lossy(),
userid_revoke,
reason_str,
@ -238,9 +238,9 @@ fn sq_key_userid_revoke_thirdparty() -> Result<()> {
"revoke",
"--output",
&revocation.to_string_lossy(),
"--certificate-file",
"--cert-file",
&path.to_string_lossy(),
"--revocation-file",
"--revoker-file",
&thirdparty_path.to_string_lossy(),
userid_revoke,
reason_str,