55 Commits

Author SHA1 Message Date
Justus Winter
f7cdc4274d
Implement sq key adopt --expire. 2023-04-14 10:15:14 +02:00
Justus Winter
956dc42faf
Honor --time as signature creation time when adopting keys. 2023-04-14 10:15:14 +02:00
Justus Winter
8f5e617b6b
Fix typo. 2023-04-14 10:15:14 +02:00
Justus Winter
d0445e67bf
Implement types::Time::timestamp for easy use with Sequoia. 2023-04-14 10:15:14 +02:00
Neal H. Walfield
0b33c9c603
Generate man pages using clap_mangen
- `clap_mangen` generates the man pages directly from `Clap`, and is
    the successor to `manpage-maker`.

  - Use it, and delete the checked-in (and stale) man pages.
2023-04-08 19:36:50 +02:00
Neal H. Walfield
df012b859c
sq sign --merge shouldn't conflict with --time
- `--time` is now a global option and can be set even if `--merge`
    is passed to `sq sign`.
2023-04-08 19:36:44 +02:00
Neal H. Walfield
1ab79eb1d4
Release 0.29.0 2023-04-07 21:47:55 +02:00
Neal H. Walfield
6b77af08dd
Update Cargo.lock 2023-04-07 21:47:55 +02:00
Neal H. Walfield
54fd575a00
Have sq link list also print any expiration date
- Change `sq link list` to print the date a certification expires
    on, if any.
2023-04-05 19:01:21 +02:00
Neal H. Walfield
be48eca4f6
When --time is not specified, use the current OpenPGP time
- When `--time` is not specified, we set `config.time` to
    `SystemTime::now()`.

  - `SystemTime::now()` has subsecond resolution, and a different
    range from OpenPGP timestamps.  Lossily round trip it via
    `openpgp::types::Timestamp` to adjust the resolution, and to make
    sure the current time is valid in an OpenPGP context.
2023-04-05 17:35:46 +02:00
Neal H. Walfield
4ae448cef8
Add an option to sq link add to temporarily accept a binding
- Add an option to `sq link add`, `--temporary`, to temporarily
    accept a binding.

  - This creates a fully trusted certification that expires after a
    week, and a second certification that is one second older, which
    doesn't expire, but is only partially trusted (trust amount = 40)
    so that the user remembers this decision.
2023-04-05 17:35:41 +02:00
Neal H. Walfield
96a65b4b97
Fix signature comparison
- When checking whether two signatures are the same, we forgot to
    mark the signatures as being different when the expiration times
    are different.  Do it.
2023-04-05 17:34:58 +02:00
Neal H. Walfield
825c0aab52
Fix computation of a SignatureBuilder's expiration time
- Unfortunately, `SignatureBuilder::signature_expiration_time` is
    broken.

    See https://gitlab.com/sequoia-pgp/sequoia/-/issues/998

  - Workaround this issue by computing the expiration time manually.
2023-04-05 17:34:53 +02:00
Neal H. Walfield
78972b3ae1
Add --all option to sq link add.
- If the user doesn't specify any User IDs, don't link all
    self-signed User IDs.  Print out the self-signed User IDs and prompt
    the user to specify `--all` or just the ones they want to link.
2023-04-05 11:11:26 +02:00
Neal H. Walfield
a8dd7061e6
Don't set any trust roots if --gossip is specified
- When the `--gossip` option is passed to `sq wot`, don't set any
    trust roots.
2023-04-03 14:15:35 +02:00
Neal H. Walfield
cbcaa73e09
Add crypto-botan feature 2023-03-31 09:17:37 +02:00
Neal H. Walfield
893e4cd2e3
Update project metadata
- `repository` still pointed to the old repository.
2023-03-31 09:17:37 +02:00
Neal H. Walfield
0dc63db72d
Update Cargo.lock 2023-03-31 09:17:36 +02:00
Neal H. Walfield
580c977ef7
Fix formatting 2023-03-31 09:17:36 +02:00
Neal H. Walfield
2359acb230
When iterating over all certificates, prefetch the data
- Have `sq list` prefetch the data, when the search is
    unconstrained.
2023-03-31 09:17:15 +02:00
Neal H. Walfield
4efea87492
Add sq inspect --cert KEYHANDLE
- Extend `sq inspect` to read from the certificate store.
2023-03-31 09:17:09 +02:00
Neal H. Walfield
cd1a26de1c
Change sq import to print what is imported
- Change `sq import` to print what is imported.
2023-03-30 22:52:29 +02:00
Neal H. Walfield
2ffa96dbca
Add sq link list.
- Add the subcommand `sq link list` to list active and retracted
   links.
2023-03-30 16:08:14 +02:00
Neal H. Walfield
0665df5cf4
Don't create a link when it already exists
- When adding a link, check if the active link has the same
    parameters, if so don't update the link.  If the parameters
    changed, show a diff.
2023-03-30 16:08:14 +02:00
Neal H. Walfield
ee96205df9
Don't create a provenence record when it already exists
- When importing a certificate downloaded from a known verifying
    keyserver, a WKD or DANE, we certify the User IDs that the server
    (probably) authenticated.

  - If we download the certificate again from the same source, don't
    create another certification.  That's just redundant.
2023-03-30 16:08:14 +02:00
Neal H. Walfield
427487b76c
Certify fetched certificates from verifying keyservers, etc.
- When importing a certificate into the certificate store from a
    verifying keyserver (via `sq keyserver get`), WKD (via `sq wkd
    get`), or DANE (via `sq dane get`), certify the User IDs that the
    service checks (for verifying keyservers: all; for WKD and DANE:
    the User IDs with the email that was looked up).

  - Have a per-service key to do the certifications (one for
    keys.openpgp.org, one for keys.mailvelope.com, one for WKD, etc).

  - Make the per-service certificates minimally trusted (trust amount:
    1 of 120) CAs by certifying them with the local trust root.
2023-03-30 16:08:13 +02:00
Neal H. Walfield
eb09c5d4e3
When importing keyserver, etc. results, show what is imported
- When importing results from a keyserver, a WKD, or a DANE lookup,
    show the user what is imported.
2023-03-30 16:08:13 +02:00
Neal H. Walfield
ba35945574
Change network getters to update the certificate store by default
- Change the network getters, `sq keyserver get`, `sq wkd get`, and
    `sq dane get` to update the certificate store by default.
2023-03-30 16:08:13 +02:00
Neal H. Walfield
62493558c5
Change 'sq wkd generate' to respect --time
- Change `sq wkd generate` to respect `--time` when checking
    certificate validity.
2023-03-30 16:08:09 +02:00
Neal H. Walfield
47447cd7d0
Add sq wot
- Add the `sq wot` subcommand, to expose web of trust functionality.

  - This is just an import of the `sq-wot` CLI as `sq wot`.  The
    support for using the `gpg` keyring and gpg's ownertrust, however,
    is removed.
2023-03-30 16:03:48 +02:00
Neal H. Walfield
8cf08e2470
Add --keyring to specify additional keyrings to search
- Add a new top-level option, `--keyring`, which allows users to
    specify additional keyrings to search.

  - When a lookup is performed, all keyrings are searched in addition
    to any certificate store, and the results are merged.

  - Keyrings are read only.
2023-03-30 16:03:40 +02:00
Neal H. Walfield
0e59f2f560
Add sq link
- Add new commands `sq link add` and `sq link retract` to certify
    bindings using the cert-d's trust root, if any.
2023-03-30 16:03:37 +02:00
Neal H. Walfield
ae057eba88
Support authenticating signatures using the web of trust
- When verifying a signature using `sq verify`, and a signer is not
    specified using `--signer-cert`, try and authenticate them using the
    web of trust using the configured certificate store.

  - If we can fully authenticate a signer, consider the signature to
    have been authenticated by that signer.
2023-03-28 14:51:18 +02:00
Neal H. Walfield
6c7b0de5c0
Support addressing recipients by email address and User ID
- Extend `sq encrypt` with the `--recipient-email` and
    `--recipient-userid` arguments to allow the caller to designate a
    certificate by email address or User ID, respectively.  An email
    address or User ID is considered to designate a certificate, if
    the binding between the email address or User ID and the
    certificate can be authenticated using the web of trust.

  - Add support for the web of trust using the `sequoia-wot` crate.

  - Add a top-level option, `--trust-root`, to allow the user to
    specify trust roots.
2023-03-28 14:50:24 +02:00
Neal H. Walfield
62e6b4cb8b
Change sq verify to respect the reference time.
- Change `sq verify` to respect the user-supplied reference time.
2023-03-28 12:26:15 +02:00
Neal H. Walfield
92f49b3ac1
Make sq encrypt better respect the reference time
- Change `sq encrypt` to select recipients that are valid at the
  reference time rather than the current time.
2023-03-28 12:12:12 +02:00
Neal H. Walfield
7b4ed970af
Set the policy's reference time to the configured reference time
- If the user specifies `--time`, then use it, not the current time,
    as the reference time for the policy object.
2023-03-28 12:12:12 +02:00
Neal H. Walfield
16fd67a10c
Add a top-level, global option --time to set the reference time
- Add a top-level, global option `--time` to set the reference time.

  - Remove subcommand's `--time` argument and use this instead.
    Remove `sq key generate`'s `--creation-time` argument `sq key user
    id`'s `--creation-time` argument and use this argument instead.
2023-03-28 12:12:11 +02:00
Neal H. Walfield
5daff2f939
Support setting --cert-store via an environment variable
- Set `--cert-store` using the environment variable `SQ_CERT_STORE`.
2023-03-28 12:12:11 +02:00
Neal H. Walfield
81dd7e0e00
Update to the latest version of subplot 2023-03-17 10:07:17 +01:00
Neal H. Walfield
1f2f28a809
Enable debug symbols for release builds 2023-03-17 09:55:29 +01:00
Neal H. Walfield
df5ae7e18c
Update to clap 4
- Enable the `env` feature for the clap build dependency, not just
    the normal dependency.

  - Disable more rustdoc lints.

  - Explicitly convert a `StyledStr` to a `String`.

  - `ArgEnum` and `arg_enum` are now called `ValueEnum` and
    `value_enum`, respectively.

  - Clap 4 is stricter about how arguments are designated: in argument
    groups and conflicts, they have to be designated using the field
    name, not the long option name.

  - `clap::AppSettings::DeriveDisplayOrder` has been removed and is
    now the default.

  - `parse(from_occurrences)` is deprecated in favor of `action =
    Count`, which takes a `u8`, not a `usize`.

  - `Command` no longer takes a lifetime.
2023-03-17 09:55:19 +01:00
Neal H. Walfield
0742ef8647
Correctly specify the option's name
- When specifying a log-option's name, don't include a leading
    `--`.
2023-03-17 09:22:47 +01:00
Neal H. Walfield
b9c53e19a5
Don't specify multiple_occurences, it's redundant
- Setting `multiple_occurences` for an argument whose type is
    `Vec<_>` is redundant; clap infers it from the type.
2023-03-17 09:10:02 +01:00
Neal H. Walfield
f91c21da12
Simplify the types used for the CLI arguments
- An `Option<Vec<_>>` is redundant, and slightly more complex to
    handle, than just using a `Vec<_>` and checking if it is empty.
2023-03-17 08:58:33 +01:00
Neal H. Walfield
9eb1e0fa7d
Implement Clone for Time
- Clap 4 wants to clone values.
2023-03-16 15:46:32 +01:00
Neal H. Walfield
936ae250e1
Add support for a persistant certificate store
- Add support for a persistant certificate store using
    `sequoia-cert-store`.

  - Add `sq --no-cert-store` to disable the use of the certificate
    store.  Add `sq --cert-store PATH` to use an alternate certificate
    store.

  - Add `sq import` to import a certificate into the certificate
    store.  Add `sq export` to export certificates.

  - Modify `sq certify`, `sq encrypt`, and `sq verify` to lookup
    certificates in the certificate store, if it is configured.
2023-03-16 13:46:50 +01:00
Neal H. Walfield
b354a0afce
Bump MSRV to 1.63
- sequoia-cert-store, a future dependency, requires version 1.63 of
    rustc.

  - Debian testing has version 1.63 of rustc.
2023-03-14 19:22:48 +01:00
Justus Winter
47e6dc920e
ci: Fix all-commits job. 2023-03-13 15:49:57 +01:00
Justus Winter
810f7cde64
Build and push Docker image to Gitlab's registry. 2023-03-13 12:54:00 +01:00