IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- When generating a new key, and saving that key to the key store,
don't require that the user think about where the revocation
certificate should be saved; just save it in the Sequoia home
directory.
- Use `sequoia-directories` to compute the home directory, and the
various component directories.
- This also allows the use of `SEQUOIA_HOME` to set the home
directory.
- While the commit b5a7d15710 moved the
"sq link" command under "sq pki", there are some left-overs in the
error messages.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
- Change `sq pki list`, etc. to work with subkey key IDs and
fingerprints.
- Consider: a user examines a signature using `sq inspect,, and then
looks up the signer's key ID. We shouldn't say that the
certificate is not found, but allow naming the certificate by the
subkey's key ID.
- Fixes#246.
- When `sq inspect` shows an `Alleged signer` or an `Alleged
certifier`, it only shows the signing key's key ID. Use
`best_effort_primary_uid_for` to also display a label.
- Fixes#242.
- The output of `sq pki list`, `sq pki authenticate`, `sq pki
identify` and `sq pki lookup` are overwhelming.
- Change the output to only show whether a binding can be
authenticated, not the paths; group the user IDs according
to the certificate; and, show whether the components are expired
or revoked.
- Use the old output format if the user passes `--show-paths`.
- Fixes#240.
- When `sq decrypt` prompts for a password to decrypt the PKESK,
don't just show the recipient's key ID, also show the
certificate's user ID, if that is available.
- If decrypting a message fails, show the message's recipients.
This may help the user debug the problem, e.g., it is not
encrypted to them, or they need to import a key.
- Fixes#231.
- When generating a new key, we display the new certificate.
- If inspecting the certificate fails, display the error, but don't
fail: the key was created successfully.
- This is particularly important when the key is saved to the key
store as the user has no easy way to figure out the fingerprint of
the generated key.
- Fixes#227.
- Split the `inspect` functionality out of
`commands::inspect::dispatch` and into its own function so that it
can be more easily used from other contexts.
- When we need to reuse a `BufferedReader`, pass a `&mut
BufferedReader` instead of the `BufferedReader` and then doing a
dance to recover the `BufferedReader`.
- Objects that work with either a `BufferedReader` or a `Read`er are
often more efficient when they are directly passed the
`BufferedReader`.
- Prefer `from_buffered_reader` to `from_reader` when possible.
- `FileOrStdin::open` returns a buffered reader without a cookie,
i.e., a `BufferedReader<()>`.
- Sequoia functions that a buffered reader, they expect a
`BufferedReader<openpgp::parse::Cookie>`.
- Make it easier to use the Sequoia functions by changing
`FileOrStdin::open` to return a
`BufferedReader<openpgp::parse::Cookie>`.
- When showing why a key is not valid, or why a certification is not
valid, `sq inspect` only showed the top-level error.
- To make the issue clearer, show the whole error chain.
- Fixes#237.
- When generating a key using `sq key generate`, we first write out
the certificate, and then the revocation certificate.
- If writing out the revocation certificate fails, then we error
out *after* we've already written out the certificate.
- This is particularly surprising when the certificate is written to
the key store: the operation failed, but a new key was added to the
key store!
- Change the order of operations so that we write out the revocation
certificate first, and then the new certificate.
- Change `sq key generate` and `sq key userid add` to require
canonical user IDs by default.
- If a user ID is not in canonical form, explain the problem, and
suggest a solution, if possible.
- Allow the user to disable this check by passing the
`--allow-non-canonical-userids` flag.
- Fixes#209.
- `sq key generate --userid USERID`, `sq key add --userid USERID`,
and `sq key strip --userid USERID` expect a user ID. Use the more
precise type, `UserID`, instead of `String`.
- `sq pki list`, etc. have two failure modes: there are no matching
bindings, and some matching bindings couldn't be authenticated.
- In both cases, the current error message is less than helpful,
e.g.:
```
$ sq pki list user@example.org
No paths found.
```
- If there are no matching bindings, suggest that the run `sq
network fetch`.
- If there are matching bindings that can't be authenticated, tell
they user that they can see them by using the `--gossip` option.
- Fixes#221.
- When `sq key generate` saves the generated certificate on the key
store, add guidance on how to designate it as a trusted introducer,
or to mark it as certified. Also explain how to export it, and
how to publish it.
- Although Sequoia is able to use user ID-less certificates, they
don't have good support in the ecosystem, and are probably not
what most users want.
- Consequently, don't make user ID-less certificates the default.
Instead, require users to opt in by passing the `--no-userids` flag
to `sq key generate`.
- Fixes#223.
- yaml-rust is unmaintained.
- yaml-rust is used by subplot/roadmap/serde_yaml thus an indirect
dependency. Remove when a new version of roadmap is released that
uses a newer version of serde_yaml. See
https://gitlab.com/larswirzenius/roadmap/-/issues/13
