108 Commits

Author SHA1 Message Date
Neal H. Walfield
3b45a6bb63
Release 0.40.0.
* Changes in 0.40.0
** New functionality
   - New subcommand `sq download`, which downloads a file and a
     signature file, and then authenticates the file.
** Notable changes
   - `sq toolbox keyring merge` now supports merging bare revocation
     certificates.
   - `sq verify` now deletes the output file on failure.
   - `sq decrypt` now deletes the output file on failure.
   - Add a global option, `--policy-as-of`, that selects the
     cryptographic policy as of the specified time.
   - `sq key subkey export` takes an additional argument, `--cert`,
     which is required.  The specified keys must be attached to that
     certificate.  This ensures that if a key is attached to multiple
     certificates, the correct certificate is exported.
   - Add a new argument, `--cli-version`, which requests a particular
     semver-compatible version of the CLI.  This enables breaking
     changes to the CLI in the future.
   - The `help` subcommand has been removed everywhere except at the
     top-level (`--help` still works).
   - If designated signers are specified for `sq verify`, `sq
     decrypt`, and `sq download`, they are now the only certificates
     that are considered when verifying signatures.  If no signers are
     specified, the certificate store is consulted.
   - The argument `sq cert lint --list-keys` has been removed.
   - `sq key list` now has a DWIM search parameter.
   - The flag `sq sign --detached` is now called `sq sign
     --signature-file`.
   - The flag `sq sign --clearsign` is now called `sq sign
     --cleartext`.
   - Both `sq sign` and `sq verify` now require an explicit mode,
     one of `--signature-file`, `--message`, or `--cleartext`.
   - The flag `sq --no-cert-store` has been replaced with `sq
     --cert-store=none`.
   - The flag `sq --no-key-store` has been replaced with `sq
     --key-store=none`.
   - Similarly, `sq --home=none` disables all state, unless explicitly
     re-enabled using `--cert-store` or `--key-store`.
   - `sq pki link add`, `sq pki link authorize`, `sq pki vouch
     certify`, and `sq pki vouch authorize` have a `--userid-or-add`
     flag.  Replace it with an `--userid-or-add` argument, and an
     `--email-or-add` argument.
   - The `--email` and `--email-or-add` arguments to `sq pki link add`,
     etc. cannot be used to designate a self-signed user ID, if
     multiple self-signed user IDs include the specified email
     address.  Previously, the arguments would designate all
     self-signed user IDs with the specified email address.
   - The new argument `sq sign --mode` can be used to create text
     signatures in addition to binary signatures.
   - The argument `sq network wkd publish --create` has been split
     into two arguments, `--create` and `--method`, avoiding an
     ambiguity when parsing the arguments.
   - `sq key userid revoke` no longer accepts the `--userid-or-add` flag
     to indicate that a user ID specified using `--userid`, an email
     specified using `--email`, or a name specified using `--name`
     should be used even if there is no corresponding self-signed user
     ID.  This functionality is replaced by the `--userid-or-add`,
     `--email-or-add` and `--name-or-add` arguments.
   - `sq pki path` previously interpreted the last positional argument
     as the user ID to authenticate.  Make it a named argument
     instead, `--userid`.
   - Add `sq pki path --email` and `sq pki path --name` as additional
     ways to specify the user ID to authenticate.
   - The argument `sq encrypt --set-metadata-time` has been removed.
   - The argument `sq encrypt --set-metadata-filename` now takes a
     string that specifies the file name to be set.
   - `sq pki authenticate`'s positional argument for specifying the
     certificate to authenticate must now be specified using a named
     argument, `--cert`.
   - `sq pki identify`'s positional argument for specifying the
     certificate to identify must now be specified using a named
     argument, `--cert`.
   - Drop `sq cert list --email`'s flag, and replace it with the
     `--userid` and `--email` positional arguments, which match on
     user IDs.
   - Drop `sq pki authenticate --email`'s flag, and replace it with
     the `--userid` and `--email` positional arguments, which match on
     user IDs.
   - Drop `sq pki lookup --email`'s flag, and replace it with the
     `--userid` and `--email` positional arguments, which match on
     user IDs.
   - `sq toolbox keyring` is now just `sq keyring`.
   - `sq toolbox packet` is now just `sq packet`.
   - `sq toolbox armor` is now `sq packet armor`.
   - `sq toolbox dearmor` is now `sq packet dearmor`.
   - `sq key userid revoke`, `sq pki link add`, `sq pki link
     authorize`, `sq pki vouch certify`, and `sq pki vouch authorize`
     now check that user IDs that are not self-signed are in canonical
     form.  Add a flag, `--allow-non-canonical-userids`, to disable
     this check.
   - `sq key approvals update` now requires an action, like
     `--add-authenticated`.
   - `sq key approvals --add-authenticated` is now a simple flag, and
     we always require full authentication.
   - `sq toolbox strip-userid` has been removed.
   - All cert designators now use the `--cert-` prefix, e.g.  `sq key
     export --email` has been changed to `sq key export --cert-email`
     for consistency reasons, and to free `--name`, `--email`, and
     `--userid` for user ID designators.
   - The `--binary` argument has been removed from all commands but
     those that emit signed and or encrypted messages.
   - The command `sq toolbox extract-cert` has been removed in favor
     of `sq key delete` and `sq key subkey delete`.
   - The command `sq packet split` now writes to stdout by default.
   - The argument `sq packets split --prefix` is now called
     `--output-prefix`.
   - `sq pki vouch certify` is now called `sq pki vouch add`.
   - We now certify newly generated keys with a per-host shadow CA.
   - The argument `sq encrypt --signature-notation` has been added.
   - All arguments to add signature notations have been renamed from
     `--notation` to `--signature-notation`.
   - When generating keys, either `--own-key` or `--shared-key` has to
     be given.  The former marks the key's user IDs as authenticated
     and makes it a trusted introducer.  The latter marks the key's
     user IDs as authenticated, and marks the key as a group key.
   - The argument `sq cert lint --export-secret-keys` has been
     removed: if a secret key is provided as file input, it will be
     emitted.
   - The argument `sq key subkey export --cert-file` has been removed.
   - `sq` now reads a configuration file that can be used to tweak a
     number of defaults, like the cipher suite to generate new keys,
     the set of key servers to query, and the cryptographic policy.
   - The command `sq keyring filter` is now considered experimental
     and may change in the future.  To acknowledge this, it has to be
     invoked with the `--experimental` flag.
2024-11-28 06:45:13 +01:00
Neal H. Walfield
99d97c0cc3
Support thiserror 2.0.
- Adjust one bit of syntax to be compatible with `thiserror` 1.0 and
    `thiserror` 2.0, and loosen the dependency requirements to accept
    either version.
2024-11-28 06:37:07 +01:00
Justus Winter
1d23ae8a5b
Update MSRV to 1.79, which is subplot's current MSRV.
- Fixes #460.
2024-11-27 16:39:13 +01:00
Justus Winter
4b3f2c97ad
Add a configuration file and associated management commands.
- Add a configuration file for sq, and sq config get to
    programmatically query configuration values, and sq config template
    to create a template as a starting point for a custom configuration
    file.

  - As a first step, the following things have been made configurable:

    - The cipher suite for key generation.
    - The set of keyservers.
    - The cryptographic policy, which can be sourced from an external
      file as well as modified inline.

  - If there is no configuration file, sq config template can be used to
    create a template for the user to modify.

  - If a default has been overridden using the configuration file,
    sq's --help output is augmented with the configured value.
2024-11-27 15:26:36 +01:00
Justus Winter
df23d2bb25
Update to subplot 0.11.0.
- Fixes #158.
2024-11-21 17:28:01 +01:00
Justus Winter
797ab7a003
Certify newly created keys with a per-host shadow CA.
- This tracks the origin, like we do when we download certificates
    over the network.

  - This also has the benefit that newly created keys also show up in
    the cert listing.

  - Fixes #377.
2024-11-20 14:13:52 +01:00
Justus Winter
14c6c12a96
Use a simpler word separator algorithm to keep URLs intact. 2024-11-19 13:49:10 +01:00
Neal H. Walfield
472ba5a3a7
Upgrade sequoia-wot.
- Upgrade to the 0.13.2, which includes a fix that the next change
    requires.
2024-11-15 17:45:55 +01:00
Neal H. Walfield
7ecc843dee
Add new command sq download.
- Add a new command, `sq download`, which downloads a file and a
    signature file, and then authenticates the file.

  - Fixes #84.
2024-11-09 13:28:17 +01:00
Neal H. Walfield
1c96be5f62
Release 0.39.0. 2024-10-30 17:02:34 +01:00
Neal H. Walfield
0bb0960757
Loosen reqwest dependency.
- Allow using newer versions of reqwest.  Don't actually use them,
    as other dependencies still require the older version.
2024-10-30 16:59:30 +01:00
Neal H. Walfield
e724dad138
Loosen subplot dependency.
- Allow using newer versions of subplot (but don't actually use them
    as they have a higher MSRV).
2024-10-30 16:53:57 +01:00
Neal H. Walfield
fa5750cb49
Upgrade terminal_size. 2024-10-30 16:43:48 +01:00
Neal H. Walfield
93549fd108
Upgrade sequoia-policy-config. 2024-10-30 16:36:53 +01:00
Neal H. Walfield
5e5be69dab
Upgrade sequoia-wot. 2024-10-26 09:15:02 +02:00
Justus Winter
f448fcb347
Avoid file descriptor exhaustion when fetching certificates.
- Previously, there was a chance of running out of file descriptors
    while or after fetching a large number of certificates using sq
    network fetch.

  - The root cause of that was the use of getaddrinfo(3) to resolve
    names, which is a blocking interface, which has to be executed on
    a special thread for blocking tasks on the tokio runtime.  The
    maximum number of these threads is capped at 512 by default, and
    these threads can tie up a significant number of file descriptors
    in sockets.  The threads do close their sockets and go away after
    a while, presumably after a timeout.  Further, blocking tasks can
    not be canceled.

  - Do release all thread pool resources after doing the fetch.

  - Also, switch to the hickory crate for doing name lookups.  This
    implements a non-blocking interface, and releases resources in a
    timely fashion.

  - Fixes #335.
2024-09-27 13:34:31 +02:00
Neal H. Walfield
6477009a78
Bump MSRV to 1.75.
- `rustc` version 1.75 has entered Debian Trixie.  Bump our MSRV
    accordingly.
2024-09-26 16:02:32 +02:00
Neal H. Walfield
16aaab33b9
Add a certificate designator abstraction.
- Add a new type, `CertDesignators`, which can be flattened into a
    clap subcommand, and exposes one or more certificate designator
    arguments (`--file`, `--cert`, `--userid`, `--userid`, `--domain`,
    and `--grep`) with an optional prefix (e.g., it transforms `--file`
    into `--cert-file`).

  - See #207.
2024-09-25 13:15:57 +02:00
Justus Winter
dfaba32a7a
Release 0.38.0. 2024-09-03 17:23:42 +02:00
Justus Winter
9861598940
Drop dependency itertools. 2024-09-03 17:23:41 +02:00
Justus Winter
5c68890fb2
Update sequoia-keystore. 2024-09-02 14:47:55 +02:00
Justus Winter
5131a72569
Drop serde_json dependency. 2024-09-02 14:47:54 +02:00
Justus Winter
761f373754
Compile the RustCrypto crates with optimizations. 2024-08-15 15:48:32 +02:00
Justus Winter
c94fb2249d
Improve the way we make the subplot tests opt-in.
- Promote subplotlib to a proper dependency, as dev-dependencies can
    not be optional.
2024-08-15 14:16:26 +02:00
Justus Winter
20eb29930f
Remove the dot output.
- The dot output does not fit into the output framework: it can only
    describe graphs, and most of what sq emits are not graphs.  Once
    sq gains machine-readable output, the current functionality can be
    implemented by emitting the graph data as machine-readable data,
    then transforming it into dot.

  - Fixes #290.

  - Fixes #137.
2024-08-14 14:29:04 +02:00
Justus Winter
272bda3703
Cleanup recursive copying.
- Replace dircpy with the more mature and more widely used fs_extra.
2024-07-11 15:26:27 +02:00
Justus Winter
87806baf6a
Implement sq network wkd publish. 2024-07-11 14:52:35 +02:00
Neal H. Walfield
44973f0fb7
Upgrade chrono.
- Change the minimum supported version of `chrono` to 0.4.38.

  - This is the version in Debian testing.

  - Upgrading allows us to remove the use of some deprecated
    functions.
2024-07-05 09:50:36 +02:00
Neal H. Walfield
b3fbee9565
Upgrade sequoia-openpgp.
- Upgrade `sequoia-openpgp` to 1.21.1.

  - Versions prior to 1.21.1 have some security vulnerabilities.
2024-07-04 22:51:46 +02:00
Neal H. Walfield
8752cc462f
Release v0.37.0. 2024-06-14 20:53:27 +02:00
Neal H. Walfield
9ce23340f7
Upgrade sequoia-cert-store and sequoia-wot.
- Upgrade `sequoia-cert-store` to 0.6.0 and `sequoia-wot` to 0.12.0.
2024-06-14 19:38:58 +02:00
Neal H. Walfield
6eef5e9ffc
Change sq key password to support the cert store and key store.
- Change `sq key password` to support the cert store and key store.

  - See #205.
2024-06-05 09:35:11 +02:00
Neal H. Walfield
446c63d0ed
Move Config to its own module.
- Move the `Config` to sq.rs.

  - Change `main.rs` to `sq`'s entry point.
2024-05-26 09:40:23 +02:00
Neal H. Walfield
94b506ca37
Release v0.36.0. 2024-05-21 23:33:00 +02:00
Neal H. Walfield
e75ad72c65
Use sequoia-directories.
- Use `sequoia-directories` to compute the home directory, and the
    various component directories.

  - This also allows the use of `SEQUOIA_HOME` to set the home
    directory.
2024-05-21 21:22:39 +02:00
Neal H. Walfield
1d162d214b
Upgrade sequoia-keystore. 2024-05-21 18:11:44 +02:00
Neal H. Walfield
c48d1d48dc
Release 0.35.0. 2024-04-15 15:27:08 +02:00
Neal H. Walfield
aafce5da3f
Upgrade sequoia-cert-store.
- Upgrade `sequoia-cert-store` to at least 0.5.3.  0.5.1 and 0.5.2
    have a minor bug in the cert-d lookup code.
2024-04-15 15:26:58 +02:00
Neal H. Walfield
03c6e57d10
When possible, prefer from_buffered_reader to from_reader.
- Objects that work with either a `BufferedReader` or a `Read`er are
    often more efficient when they are directly passed the
    `BufferedReader`.

  - Prefer `from_buffered_reader` to `from_reader` when possible.
2024-04-12 11:59:47 +02:00
Neal H. Walfield
a549cabf8d
Require canonical user IDs by default.
- Change `sq key generate` and `sq key userid add` to require
    canonical user IDs by default.

  - If a user ID is not in canonical form, explain the problem, and
    suggest a solution, if possible.

  - Allow the user to disable this check by passing the
    `--allow-non-canonical-userids` flag.

  - Fixes #209.
2024-04-09 12:07:42 +02:00
Neal H. Walfield
ddfda32cec
Upgrade sequoia-keystore. 2024-04-04 17:33:30 +02:00
Justus Winter
93e8543748
Trim dependencies. 2024-03-25 12:18:53 +01:00
Neal H. Walfield
696bf3a677
Release 0.34.0. 2024-02-29 17:21:43 +01:00
Neal H. Walfield
828eb4dd44
Relax version requirements on textwrap.
- Also accept version 0.15.x of `textwrap`.
2024-02-29 17:21:37 +01:00
Neal H. Walfield
011c426970
Change best_effort_primary_uid to prefer authenticated user IDs.
- Change `best_effort_primary_uid` to prefer authenticated user IDs
    to user IDs that are only self signed.
2024-02-29 13:42:28 +01:00
Neal H. Walfield
314e19c1af
Upgrade sequoia-cert-store and sequoia-wot.
- Upgrade `sequoia-cert-store` and `sequoia-wot` and adapt to their
    API changes.
2024-02-23 16:58:15 +01:00
Neal H. Walfield
b07a922bb6
Upgrade sequoia-keystore and sequoia-ipc.
- `sequoia-ipc` version 0.33.0 fixes a bug on Windows.

  - See 44b349e32d .
2024-02-20 16:25:39 +01:00
Neal H. Walfield
27093c1709
Add support for using a key store.
- Support using keys managed by `sequoia-keystore`.

  - When decrypting a message, have `sq` automatically ask the
    key store to decrypt the PKESKs.

  - Extend `sq sign` and `sq encrypt` with the `--signer-key`
    parameter to use a key managed by the keystore.

  - Add two top-level options: `--no-key-store`, which disables the
    use of the key store, and `--key-store`, which uses an alternate
    key store instance.

  - Add `sq key list` to list keys on the key store.
2024-02-18 15:24:02 +01:00
Justus Winter
d9f9bf6ea2
Certify certs downloaded from the web.
- Fixes #174.
2024-02-13 14:21:33 +01:00
Justus Winter
b796ce1b8c
Add a progress bar to the network fetch commands. 2024-02-09 18:16:43 +01:00