diff --git a/NEWS b/NEWS index ca035dce..d2a5919b 100644 --- a/NEWS +++ b/NEWS @@ -10,6 +10,13 @@ - `sq key userid add` no longer accepts positional arguments. The user ID is provided by the `--userid` argument, and the certificate by `--cert` or `--cert-file`. + - Drop the `--certificate-file` argument from `sq key revoke`, `sq + key subkey revoke`, and `sq key userid revoke` drop the + `--certificate-file`. (The certificate can still be specified + using `--cert-file`.) + - Rename the `--revocation-file` argument to `--revoker-file` in + `sq key revoke`, `sq key subkey revoke`, and `sq key userid + revoke`. * Changes in 0.36.0 - Missing * Changes in 0.35.0 diff --git a/src/cli/key.rs b/src/cli/key.rs index a5bf0453..30536657 100644 --- a/src/cli/key.rs +++ b/src/cli/key.rs @@ -488,17 +488,16 @@ instead of the current time. pub struct RevokeCommand { #[clap( value_name = "FILE", - long = "certificate-file", - alias = "cert-file", + long, help = "The certificate to revoke", long_help = "Read the certificate to revoke from FILE or stdin, if omitted. It is \ an error for the file to contain more than one certificate.", )] - pub input: Option, + pub cert_file: Option, #[clap( - long = "revocation-file", + long, value_name = "KEY_FILE", help = "Sign the revocation certificate using the key in KEY_FILE", long_help = @@ -507,7 +506,7 @@ different from the certificate, this creates a third-party revocation. If \ this option is not provided, and the certificate includes secret key material, \ then that key is used to sign the revocation certificate.", )] - pub secret_key_file: Option, + pub revoker_file: Option, #[clap( value_name = "REASON", @@ -714,19 +713,18 @@ instead of the current time. ",)] pub struct UseridRevokeCommand { #[clap( + long, value_name = "CERT_FILE", - long = "certificate-file", - alias = "cert-file", help = "The certificate containing the User ID to revoke", long_help = "Read the certificate to revoke from CERT_FILE or stdin, \ if omitted. It is an error for the file to contain more than one \ certificate." )] - pub input: Option, + pub cert_file: Option, #[clap( - long = "revocation-file", + long, value_name = "KEY_FILE", help = "Sign the revocation certificate using the key in KEY_FILE", long_help = @@ -735,7 +733,7 @@ different from the certificate, this creates a third-party revocation. If \ this option is not provided, and the certificate includes secret key material, \ then that key is used to sign the revocation certificate.", )] - pub secret_key_file: Option, + pub revoker_file: Option, #[clap( value_name = "USERID", @@ -1195,19 +1193,17 @@ instead of the current time. )] pub struct SubkeyRevokeCommand { #[clap( - value_name = "FILE", - long = "certificate-file", - alias = "cert-file", help = "The certificate containing the subkey to revoke", + long, long_help = "Read the certificate containing the subkey to revoke from FILE or stdin, \ if omitted. It is an error for the file to contain more than one \ certificate." )] - pub input: Option, + pub cert_file: Option, #[clap( - long = "revocation-file", + long, value_name = "KEY_FILE", help = "Sign the revocation certificate using the key in KEY_FILE", long_help = @@ -1217,7 +1213,7 @@ is different from the certificate, this creates a third-party revocation. \ If this option is not provided, and the certificate includes secret key \ material, then that key is used to sign the revocation certificate.", )] - pub secret_key_file: Option, + pub revoker_file: Option, #[clap( value_name = "SUBKEY", diff --git a/src/commands/key/revoke.rs b/src/commands/key/revoke.rs index c051d25a..86d8c21f 100644 --- a/src/commands/key/revoke.rs +++ b/src/commands/key/revoke.rs @@ -18,7 +18,7 @@ use crate::parse_notations; /// Handle the revocation of a certificate struct CertificateRevocation { cert: Cert, - secret: Cert, + revoker: Cert, revocation_packet: Packet, } @@ -27,15 +27,15 @@ impl CertificateRevocation { pub fn new( sq: &Sq, cert: Cert, - secret: Option, + revoker: Option, reason: ReasonForRevocation, message: &str, notations: &[(bool, NotationData)], ) -> Result { - let (secret, mut signer) = get_secret_signer( + let (revoker, mut signer) = get_secret_signer( sq, &cert, - secret.as_ref(), + revoker.as_ref(), )?; let revocation_packet = { @@ -57,7 +57,7 @@ impl CertificateRevocation { Ok(CertificateRevocation { cert, - secret, + revoker, revocation_packet, }) } @@ -80,7 +80,7 @@ impl RevocationOutput for CertificateRevocation } fn revoker(&self) -> &Cert { - &self.secret + &self.revoker } } @@ -89,10 +89,10 @@ pub fn certificate_revoke( sq: Sq, command: RevokeCommand, ) -> Result<()> { - let br = FileOrStdin::from(command.input.as_deref()).open()?; + let br = FileOrStdin::from(command.cert_file.as_deref()).open()?; let cert = Cert::from_buffered_reader(br)?; - let secret = if let Some(file) = command.secret_key_file.as_deref() { + let revoker = if let Some(file) = command.revoker_file.as_deref() { let certs = load_certs(std::iter::once(file))?; if certs.len() > 1 { return Err(anyhow::anyhow!( @@ -109,7 +109,7 @@ pub fn certificate_revoke( let revocation = CertificateRevocation::new( &sq, cert, - secret, + revoker, command.reason.into(), &command.message, ¬ations, diff --git a/src/commands/key/subkey.rs b/src/commands/key/subkey.rs index 3b92e838..82a3c541 100644 --- a/src/commands/key/subkey.rs +++ b/src/commands/key/subkey.rs @@ -31,7 +31,7 @@ use crate::parse_notations; /// Handle the revocation of a subkey struct SubkeyRevocation { cert: Cert, - secret: Cert, + revoker: Cert, revocation_packet: Packet, subkey: Key, } @@ -42,13 +42,13 @@ impl SubkeyRevocation { sq: &Sq, keyhandle: &KeyHandle, cert: Cert, - secret: Option, + revoker: Option, reason: ReasonForRevocation, message: &str, notations: &[(bool, NotationData)], ) -> Result { - let (secret, mut signer) - = get_secret_signer(sq, &cert, secret.as_ref())?; + let (revoker, mut signer) + = get_secret_signer(sq, &cert, revoker.as_ref())?; let (subkey, revocation_packet) = { let valid_cert = cert.with_policy(NULL_POLICY, None)?; @@ -113,7 +113,7 @@ impl SubkeyRevocation { Ok(SubkeyRevocation { cert, - secret, + revoker, revocation_packet, subkey, }) @@ -137,7 +137,7 @@ impl RevocationOutput for SubkeyRevocation { } fn revoker(&self) -> &Cert { - &self.secret + &self.revoker } } @@ -227,10 +227,10 @@ pub fn subkey_revoke( sq: Sq, command: SubkeyRevokeCommand, ) -> Result<()> { - let br = FileOrStdin::from(command.input.as_deref()).open()?; + let br = FileOrStdin::from(command.cert_file.as_deref()).open()?; let cert = Cert::from_buffered_reader(br)?; - let secret = if let Some(file) = command.secret_key_file.as_deref() { + let revoker = if let Some(file) = command.revoker_file.as_deref() { let certs = load_certs(std::iter::once(file))?; if certs.len() > 1 { return Err(anyhow::anyhow!( @@ -248,7 +248,7 @@ pub fn subkey_revoke( &sq, &command.subkey, cert, - secret, + revoker, command.reason.into(), &command.message, ¬ations, diff --git a/src/commands/key/userid.rs b/src/commands/key/userid.rs index cd6c6552..8857405a 100644 --- a/src/commands/key/userid.rs +++ b/src/commands/key/userid.rs @@ -42,7 +42,7 @@ use crate::parse_notations; /// Handle the revocation of a User ID struct UserIDRevocation { cert: Cert, - secret: Cert, + revoker: Cert, revocation_packet: Packet, userid: String, uid: UserID, @@ -55,13 +55,13 @@ impl UserIDRevocation { userid: String, force: bool, cert: Cert, - secret: Option, + revoker: Option, reason: ReasonForRevocation, message: &str, notations: &[(bool, NotationData)], ) -> Result { - let (secret, mut signer) - = get_secret_signer(sq, &cert, secret.as_ref())?; + let (revoker, mut signer) + = get_secret_signer(sq, &cert, revoker.as_ref())?; let uid = UserID::from(userid.as_str()); @@ -125,7 +125,7 @@ impl UserIDRevocation { Ok(UserIDRevocation { cert, - secret, + revoker, revocation_packet, userid, uid, @@ -157,7 +157,7 @@ impl RevocationOutput for UserIDRevocation } fn revoker(&self) -> &Cert { - &self.secret + &self.revoker } } @@ -400,10 +400,10 @@ pub fn userid_revoke( sq: Sq, command: UseridRevokeCommand, ) -> Result<()> { - let br = FileOrStdin::from(command.input.as_deref()).open()?; + let br = FileOrStdin::from(command.cert_file.as_deref()).open()?; let cert = Cert::from_buffered_reader(br)?; - let secret = if let Some(file) = command.secret_key_file.as_deref() { + let revoker = if let Some(file) = command.revoker_file.as_deref() { let certs = load_certs(std::iter::once(file))?; if certs.len() > 1 { return Err(anyhow::anyhow!( @@ -422,7 +422,7 @@ pub fn userid_revoke( command.userid, sq.force, cert, - secret, + revoker, command.reason.into(), &command.message, ¬ations, diff --git a/tests/sq-key-revoke.rs b/tests/sq-key-revoke.rs index aaceb3de..9bf1d8b9 100644 --- a/tests/sq-key-revoke.rs +++ b/tests/sq-key-revoke.rs @@ -111,7 +111,7 @@ fn sq_key_revoke() -> Result<()> { "revoke", "--output", &revocation.to_string_lossy(), - "--certificate-file", + "--cert-file", &path.to_string_lossy(), reason_str, message, @@ -284,9 +284,9 @@ fn sq_key_revoke_thirdparty() -> Result<()> { "revoke", "--output", &revocation.to_string_lossy(), - "--certificate-file", + "--cert-file", &path.to_string_lossy(), - "--revocation-file", + "--revoker-file", &thirdparty_path.to_string_lossy(), reason_str, message, diff --git a/tests/sq-key-subkey.rs b/tests/sq-key-subkey.rs index 4410361a..3d291fb6 100644 --- a/tests/sq-key-subkey.rs +++ b/tests/sq-key-subkey.rs @@ -217,7 +217,7 @@ fn sq_key_subkey_revoke() -> Result<()> { "revoke", "--output", &revocation.to_string_lossy(), - "--certificate-file", + "--cert-file", &path.to_string_lossy(), &subkey_fingerprint.to_string(), reason_str, @@ -416,9 +416,9 @@ fn sq_key_subkey_revoke_thirdparty() -> Result<()> { "revoke", "--output", &revocation.to_string_lossy(), - "--certificate-file", + "--cert-file", &path.to_string_lossy(), - "--revocation-file", + "--revoker-file", &thirdparty_path.to_string_lossy(), &subkey_fingerprint.to_string(), reason_str, diff --git a/tests/sq-key-userid.rs b/tests/sq-key-userid.rs index c5ad0d92..757fdfb0 100644 --- a/tests/sq-key-userid.rs +++ b/tests/sq-key-userid.rs @@ -84,7 +84,7 @@ fn sq_key_userid_revoke() -> Result<()> { "revoke", "--output", &revocation.to_string_lossy(), - "--certificate-file", + "--cert-file", &path.to_string_lossy(), userid_revoke, reason_str, @@ -238,9 +238,9 @@ fn sq_key_userid_revoke_thirdparty() -> Result<()> { "revoke", "--output", &revocation.to_string_lossy(), - "--certificate-file", + "--cert-file", &path.to_string_lossy(), - "--revocation-file", + "--revoker-file", &thirdparty_path.to_string_lossy(), userid_revoke, reason_str,