Commit Graph

122 Commits

Author SHA1 Message Date
Justus Winter
7c7837140a
Release 1.0.0. 2024-12-16 18:23:22 +01:00
Justus Winter
32e2d7743f
Automatically import certificates from GnuPG's certificate store.
- This improves first impressions, as we'll present the same set of
    certificates that GnuPG knows, and also import the owner's
    certificates that are required to transparently use the keys using
    gpg-agent.

  - We keep it simple: we only do this for the default Sequoia and
    GnuPG state directories.  Further, We don't parse the GnuPG
    configuration file, we just scan GnuPG's default cert stores.

  - Fixes #489.
2024-12-16 14:30:15 +01:00
Justus Winter
4b755cf2a2
Update all dependencies. 2024-12-13 17:01:38 +01:00
Justus Winter
0cebcf5ea9
Trim unused features on sequoia-cert-store. 2024-12-13 16:48:18 +01:00
Justus Winter
50e941164c
Update sequoia-net and reqwest. 2024-12-13 16:47:32 +01:00
Justus Winter
44d97fc920
Upgrade hickory-proto to avoid vulnerable idna 0.4.0.
- See https://rustsec.org/advisories/RUSTSEC-2024-0421
2024-12-11 12:44:49 +01:00
Neal H. Walfield
3b45a6bb63
Release 0.40.0.
* Changes in 0.40.0
** New functionality
   - New subcommand `sq download`, which downloads a file and a
     signature file, and then authenticates the file.
** Notable changes
   - `sq toolbox keyring merge` now supports merging bare revocation
     certificates.
   - `sq verify` now deletes the output file on failure.
   - `sq decrypt` now deletes the output file on failure.
   - Add a global option, `--policy-as-of`, that selects the
     cryptographic policy as of the specified time.
   - `sq key subkey export` takes an additional argument, `--cert`,
     which is required.  The specified keys must be attached to that
     certificate.  This ensures that if a key is attached to multiple
     certificates, the correct certificate is exported.
   - Add a new argument, `--cli-version`, which requests a particular
     semver-compatible version of the CLI.  This enables breaking
     changes to the CLI in the future.
   - The `help` subcommand has been removed everywhere except at the
     top-level (`--help` still works).
   - If designated signers are specified for `sq verify`, `sq
     decrypt`, and `sq download`, they are now the only certificates
     that are considered when verifying signatures.  If no signers are
     specified, the certificate store is consulted.
   - The argument `sq cert lint --list-keys` has been removed.
   - `sq key list` now has a DWIM search parameter.
   - The flag `sq sign --detached` is now called `sq sign
     --signature-file`.
   - The flag `sq sign --clearsign` is now called `sq sign
     --cleartext`.
   - Both `sq sign` and `sq verify` now require an explicit mode,
     one of `--signature-file`, `--message`, or `--cleartext`.
   - The flag `sq --no-cert-store` has been replaced with `sq
     --cert-store=none`.
   - The flag `sq --no-key-store` has been replaced with `sq
     --key-store=none`.
   - Similarly, `sq --home=none` disables all state, unless explicitly
     re-enabled using `--cert-store` or `--key-store`.
   - `sq pki link add`, `sq pki link authorize`, `sq pki vouch
     certify`, and `sq pki vouch authorize` have a `--userid-or-add`
     flag.  Replace it with an `--userid-or-add` argument, and an
     `--email-or-add` argument.
   - The `--email` and `--email-or-add` arguments to `sq pki link add`,
     etc. cannot be used to designate a self-signed user ID, if
     multiple self-signed user IDs include the specified email
     address.  Previously, the arguments would designate all
     self-signed user IDs with the specified email address.
   - The new argument `sq sign --mode` can be used to create text
     signatures in addition to binary signatures.
   - The argument `sq network wkd publish --create` has been split
     into two arguments, `--create` and `--method`, avoiding an
     ambiguity when parsing the arguments.
   - `sq key userid revoke` no longer accepts the `--userid-or-add` flag
     to indicate that a user ID specified using `--userid`, an email
     specified using `--email`, or a name specified using `--name`
     should be used even if there is no corresponding self-signed user
     ID.  This functionality is replaced by the `--userid-or-add`,
     `--email-or-add` and `--name-or-add` arguments.
   - `sq pki path` previously interpreted the last positional argument
     as the user ID to authenticate.  Make it a named argument
     instead, `--userid`.
   - Add `sq pki path --email` and `sq pki path --name` as additional
     ways to specify the user ID to authenticate.
   - The argument `sq encrypt --set-metadata-time` has been removed.
   - The argument `sq encrypt --set-metadata-filename` now takes a
     string that specifies the file name to be set.
   - `sq pki authenticate`'s positional argument for specifying the
     certificate to authenticate must now be specified using a named
     argument, `--cert`.
   - `sq pki identify`'s positional argument for specifying the
     certificate to identify must now be specified using a named
     argument, `--cert`.
   - Drop `sq cert list --email`'s flag, and replace it with the
     `--userid` and `--email` positional arguments, which match on
     user IDs.
   - Drop `sq pki authenticate --email`'s flag, and replace it with
     the `--userid` and `--email` positional arguments, which match on
     user IDs.
   - Drop `sq pki lookup --email`'s flag, and replace it with the
     `--userid` and `--email` positional arguments, which match on
     user IDs.
   - `sq toolbox keyring` is now just `sq keyring`.
   - `sq toolbox packet` is now just `sq packet`.
   - `sq toolbox armor` is now `sq packet armor`.
   - `sq toolbox dearmor` is now `sq packet dearmor`.
   - `sq key userid revoke`, `sq pki link add`, `sq pki link
     authorize`, `sq pki vouch certify`, and `sq pki vouch authorize`
     now check that user IDs that are not self-signed are in canonical
     form.  Add a flag, `--allow-non-canonical-userids`, to disable
     this check.
   - `sq key approvals update` now requires an action, like
     `--add-authenticated`.
   - `sq key approvals --add-authenticated` is now a simple flag, and
     we always require full authentication.
   - `sq toolbox strip-userid` has been removed.
   - All cert designators now use the `--cert-` prefix, e.g.  `sq key
     export --email` has been changed to `sq key export --cert-email`
     for consistency reasons, and to free `--name`, `--email`, and
     `--userid` for user ID designators.
   - The `--binary` argument has been removed from all commands but
     those that emit signed and or encrypted messages.
   - The command `sq toolbox extract-cert` has been removed in favor
     of `sq key delete` and `sq key subkey delete`.
   - The command `sq packet split` now writes to stdout by default.
   - The argument `sq packets split --prefix` is now called
     `--output-prefix`.
   - `sq pki vouch certify` is now called `sq pki vouch add`.
   - We now certify newly generated keys with a per-host shadow CA.
   - The argument `sq encrypt --signature-notation` has been added.
   - All arguments to add signature notations have been renamed from
     `--notation` to `--signature-notation`.
   - When generating keys, either `--own-key` or `--shared-key` has to
     be given.  The former marks the key's user IDs as authenticated
     and makes it a trusted introducer.  The latter marks the key's
     user IDs as authenticated, and marks the key as a group key.
   - The argument `sq cert lint --export-secret-keys` has been
     removed: if a secret key is provided as file input, it will be
     emitted.
   - The argument `sq key subkey export --cert-file` has been removed.
   - `sq` now reads a configuration file that can be used to tweak a
     number of defaults, like the cipher suite to generate new keys,
     the set of key servers to query, and the cryptographic policy.
   - The command `sq keyring filter` is now considered experimental
     and may change in the future.  To acknowledge this, it has to be
     invoked with the `--experimental` flag.
2024-11-28 06:45:13 +01:00
Neal H. Walfield
99d97c0cc3
Support thiserror 2.0.
- Adjust one bit of syntax to be compatible with `thiserror` 1.0 and
    `thiserror` 2.0, and loosen the dependency requirements to accept
    either version.
2024-11-28 06:37:07 +01:00
Neal H. Walfield
841ce9d0b5
Update Cargo.lock. 2024-11-28 06:06:55 +01:00
Justus Winter
4b3f2c97ad
Add a configuration file and associated management commands.
- Add a configuration file for sq, and sq config get to
    programmatically query configuration values, and sq config template
    to create a template as a starting point for a custom configuration
    file.

  - As a first step, the following things have been made configurable:

    - The cipher suite for key generation.
    - The set of keyservers.
    - The cryptographic policy, which can be sourced from an external
      file as well as modified inline.

  - If there is no configuration file, sq config template can be used to
    create a template for the user to modify.

  - If a default has been overridden using the configuration file,
    sq's --help output is augmented with the configured value.
2024-11-27 15:26:36 +01:00
Justus Winter
7b2be4d93c
Update sequoia-keystore to 0.6.2.
- Fixes #458.
2024-11-26 20:50:52 +01:00
Justus Winter
df23d2bb25
Update to subplot 0.11.0.
- Fixes #158.
2024-11-21 17:28:01 +01:00
Justus Winter
797ab7a003
Certify newly created keys with a per-host shadow CA.
- This tracks the origin, like we do when we download certificates
    over the network.

  - This also has the benefit that newly created keys also show up in
    the cert listing.

  - Fixes #377.
2024-11-20 14:13:52 +01:00
Neal H. Walfield
472ba5a3a7
Upgrade sequoia-wot.
- Upgrade to the 0.13.2, which includes a fix that the next change
    requires.
2024-11-15 17:45:55 +01:00
Neal H. Walfield
7ecc843dee
Add new command sq download.
- Add a new command, `sq download`, which downloads a file and a
    signature file, and then authenticates the file.

  - Fixes #84.
2024-11-09 13:28:17 +01:00
Neal H. Walfield
1c96be5f62
Release 0.39.0. 2024-10-30 17:02:34 +01:00
Neal H. Walfield
fa5750cb49
Upgrade terminal_size. 2024-10-30 16:43:48 +01:00
Neal H. Walfield
93549fd108
Upgrade sequoia-policy-config. 2024-10-30 16:36:53 +01:00
Neal H. Walfield
5ee0ff8d01
Update Cargo.lock. 2024-10-30 16:34:21 +01:00
Neal H. Walfield
5e5be69dab
Upgrade sequoia-wot. 2024-10-26 09:15:02 +02:00
Neal H. Walfield
43885a05b5
Update futures-util (and related packages).
- `futures-util` 0.3.30 was yanked.  Update to the latest version.
2024-10-07 14:07:29 +02:00
Justus Winter
f448fcb347
Avoid file descriptor exhaustion when fetching certificates.
- Previously, there was a chance of running out of file descriptors
    while or after fetching a large number of certificates using sq
    network fetch.

  - The root cause of that was the use of getaddrinfo(3) to resolve
    names, which is a blocking interface, which has to be executed on
    a special thread for blocking tasks on the tokio runtime.  The
    maximum number of these threads is capped at 512 by default, and
    these threads can tie up a significant number of file descriptors
    in sockets.  The threads do close their sockets and go away after
    a while, presumably after a timeout.  Further, blocking tasks can
    not be canceled.

  - Do release all thread pool resources after doing the fetch.

  - Also, switch to the hickory crate for doing name lookups.  This
    implements a non-blocking interface, and releases resources in a
    timely fashion.

  - Fixes #335.
2024-09-27 13:34:31 +02:00
Neal H. Walfield
16aaab33b9
Add a certificate designator abstraction.
- Add a new type, `CertDesignators`, which can be flattened into a
    clap subcommand, and exposes one or more certificate designator
    arguments (`--file`, `--cert`, `--userid`, `--userid`, `--domain`,
    and `--grep`) with an optional prefix (e.g., it transforms `--file`
    into `--cert-file`).

  - See #207.
2024-09-25 13:15:57 +02:00
Justus Winter
dfaba32a7a
Release 0.38.0. 2024-09-03 17:23:42 +02:00
Justus Winter
9861598940
Drop dependency itertools. 2024-09-03 17:23:41 +02:00
Justus Winter
5c68890fb2
Update sequoia-keystore. 2024-09-02 14:47:55 +02:00
Justus Winter
578f6cb690
Update sequoia-openpgp. 2024-09-02 14:47:55 +02:00
Justus Winter
5131a72569
Drop serde_json dependency. 2024-09-02 14:47:54 +02:00
Justus Winter
20eb29930f
Remove the dot output.
- The dot output does not fit into the output framework: it can only
    describe graphs, and most of what sq emits are not graphs.  Once
    sq gains machine-readable output, the current functionality can be
    implemented by emitting the graph data as machine-readable data,
    then transforming it into dot.

  - Fixes #290.

  - Fixes #137.
2024-08-14 14:29:04 +02:00
Justus Winter
5b033c55b9
Update openssl to address RUSTSEC-2024-0357.
- See https://rustsec.org/advisories/RUSTSEC-2024-0357
2024-08-12 16:23:23 +02:00
Neal H. Walfield
f058505215
Upgrade bytes.
- `bytes` 1.6.0 was yanked.  Upgrade to 1.6.1.
2024-07-18 23:14:05 +02:00
Justus Winter
272bda3703
Cleanup recursive copying.
- Replace dircpy with the more mature and more widely used fs_extra.
2024-07-11 15:26:27 +02:00
Justus Winter
87806baf6a
Implement sq network wkd publish. 2024-07-11 14:52:35 +02:00
Neal H. Walfield
b3fbee9565
Upgrade sequoia-openpgp.
- Upgrade `sequoia-openpgp` to 1.21.1.

  - Versions prior to 1.21.1 have some security vulnerabilities.
2024-07-04 22:51:46 +02:00
Neal H. Walfield
0859a02845
Upgrade zerovec and zerovec-derive.
- The current versions of `zerovec` and `zerovec-derive` are yanked.
    Upgrade to the latest version.
2024-07-04 22:51:46 +02:00
Neal H. Walfield
8752cc462f
Release v0.37.0. 2024-06-14 20:53:27 +02:00
Neal H. Walfield
9667c45089
Update Cargo.lock. 2024-06-14 20:49:59 +02:00
Neal H. Walfield
9ce23340f7
Upgrade sequoia-cert-store and sequoia-wot.
- Upgrade `sequoia-cert-store` to 0.6.0 and `sequoia-wot` to 0.12.0.
2024-06-14 19:38:58 +02:00
Neal H. Walfield
6eef5e9ffc
Change sq key password to support the cert store and key store.
- Change `sq key password` to support the cert store and key store.

  - See #205.
2024-06-05 09:35:11 +02:00
Neal H. Walfield
94b506ca37
Release v0.36.0. 2024-05-21 23:33:00 +02:00
Neal H. Walfield
11203237e3
Update Cargo.lock. 2024-05-21 23:31:10 +02:00
Neal H. Walfield
006482b352
Implement sq key export. 2024-05-21 21:22:44 +02:00
Neal H. Walfield
e75ad72c65
Use sequoia-directories.
- Use `sequoia-directories` to compute the home directory, and the
    various component directories.

  - This also allows the use of `SEQUOIA_HOME` to set the home
    directory.
2024-05-21 21:22:39 +02:00
Neal H. Walfield
1d162d214b
Upgrade sequoia-keystore. 2024-05-21 18:11:44 +02:00
Neal H. Walfield
81009e984d
Upgrade pest.
- Version 2.7.9 was yanked.  Update to 2.7.10.
2024-05-21 18:11:44 +02:00
Neal H. Walfield
c48d1d48dc
Release 0.35.0. 2024-04-15 15:27:08 +02:00
Neal H. Walfield
645c3cb914
Update Cargo.lock. 2024-04-15 15:27:08 +02:00
Neal H. Walfield
aafce5da3f
Upgrade sequoia-cert-store.
- Upgrade `sequoia-cert-store` to at least 0.5.3.  0.5.1 and 0.5.2
    have a minor bug in the cert-d lookup code.
2024-04-15 15:26:58 +02:00
Neal H. Walfield
03c6e57d10
When possible, prefer from_buffered_reader to from_reader.
- Objects that work with either a `BufferedReader` or a `Read`er are
    often more efficient when they are directly passed the
    `BufferedReader`.

  - Prefer `from_buffered_reader` to `from_reader` when possible.
2024-04-12 11:59:47 +02:00
Neal H. Walfield
a549cabf8d
Require canonical user IDs by default.
- Change `sq key generate` and `sq key userid add` to require
    canonical user IDs by default.

  - If a user ID is not in canonical form, explain the problem, and
    suggest a solution, if possible.

  - Allow the user to disable this check by passing the
    `--allow-non-canonical-userids` flag.

  - Fixes #209.
2024-04-09 12:07:42 +02:00