IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- Change `sq key approvals list` and `sq key approvals update` to
ignore certifications that are not exportable, and certificates
that are not exportable, or are a shadow CA.
- Fixes#402.
- `sq cert list FINGERPRINT` does not show the certificate if the
certificate could not be authenticated. Since the user is
searching by fingerprint, which is self authenticating, we don't
run the risk of showing something irrelevant. As such, always
show the certificate in this case.
- Fixes#408.
- Rearrange the order of the user ID designators arguments so that
the help output is easier to scan. Specifically, move
`--userid-or-add` immediately after `--userid`, `--email-or-add`
immediately after `--email`, and `--name-or-add` immediately after
`--name`.
- Rename `--add-userid` to `--userid-or-add`, `--add-email` to
`--email-or-add`, and `--add-name` to `--name-or-add`. The new
names better reflect the semantics: we first try to select a user
ID based on the designator, and then fall back to adding it as it.
- Currently, we execute all examples. Unfortunately, some examples
can't be executed reliably, e.g., those that require network access.
- Add a new example variant that is only syntax checked.
- Fixes#423.
- Add some examples for `sq network search`.
- The implementation of `sq cert list` tried to parse the
pattern. To do so, it relied on type inference to determine how
to parse it. The type was inferred from the type of the `cert`
parameter to `authenticate`. In
2e17dec9ad, the type of the `cert`
parameter changed from `KeyHandle` to `Cert`. `Cert` has a
`Parse` implementation so the type system didn't detect anything
wrong. However, we were now trying to parse the pattern as a
`Cert` instead of a `KeyHandle`, which would fail for key handles.
- Fix it, and add some tests for `sq cert list`.
- When `sq key approvals list` is used to list approvals, indicate
whether any certifications are pending approval, and suggest using
`--pending` to view them.
- When a user ID designator designates a user ID that is not
self-signed, and the command would add it to the certificate, check
that it is in canonical form.
- The relevant commands are: `sq key userid revoke`, `sq pki link
add`, `sq pki link authorize`, `sq pki vouch certify`, and `sq pki
vouch authorize`
- Allow the user to disable the check with a new flag,
`--allow-non-canonical-userids`.
- Fixes#437.
- `sq cert export` uses a custom error message if the user does not
designate any certificates.
- Instead, require that the user designate using clap, which prints
a nicer error message if this is violated.
- Port `sq cert list`, `sq pki authenticate` and `sq pki lookup` to
the user ID designator framework. See #434.
- This changes the user ID parameter from a positional parameter
to a named parameter, and drops the `--email` flag. See #318.
- Compiler error messages are usually formatted as follows:
PROGRAM:FILE_NAME:LINENO: MESSAGE
- When an example fails, format it accordingly.
- This has the advantage that IDEs like emacs can jump to the
specified location.
- Port `sq pki authenticate` and `sq pki identify` to the cert
designator framework. See #207.
- This changes the certificate parameter from a positional parameter
to a named parameter. See #318.
- Previously, the file name was constructed from the path of the
input file, using some transformations that may be considered
surprising (notably, the file name of unspecified encoding was
transformed into UTF-8 using a lossy mechanism).
- Avoid this opaque transformation by taking an explicit string
argument.
- Fixes#351.
- The literal data packet's time field is problematic for a variety
of reasons. The previous timestamp interface allows a number of
time sources (ctime, mtime, message time (that is way better
encoded in the signature creation time), explicit timestamp), but
the information about what kind of timestamp this should be is
lost when the time is encoded, without warning.
- Remove it.
- See #351.
- Port `sq key userid revoke` to the user ID designator framework.
See #434.
- This replaces the `--add-userid` flag with the `--add-userid`,
`--add-email` and `--add-name` arguments. See #318.
- This change also makes a user ID mandatory, which fixes#428.
- When `UserIDDesignators::resolve` fails to resolve a user ID, it
prints a list of valid self-signed user IDs. If there are also
invalid user IDs according to the current policy, print those and
indicate that they are invalid.