IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- On October 18, 2021, Sequoia PGP's license was changed from the
GPL to the LGPL. Unfortunately, we forgot to update sq's license.
- See 884639bf1b
- Change Sequoia's license from GPL 2.0 or later to LGPL 2.0 or
later as unanimously decided on October 18, 2021 by:
- Christof Wahl <cw@pep.security> (pEp security CEO)
- Heiko Schaefer <heiko.schaefer@posteo.de> (pEp Foundation
employee, Sequoia developer)
- Justus Winter <justus@sequoia-pgp.org> (pEp Foundation
employee, Sequoia Founder)
- Neal H. Walfield <neal@pep.foundation> (pEp Foundation
employee, Sequoia Founder)
- Patrick Meier <pm@pep.security> (pEp security Chief Product
and Service Officer)
- Rudolf Bohli <rb@pep.security> (pEp security Chairman of the
Board)
- Volker Birk <vb@pep.security> (pEp security Founder, pEp
Foundation Council)
- The dot-writer crate is unmaintained, and prevents upgrading sq in
Fedora. As a short-term workaround, we make this dependency
optional so that it can be easily patched out by packagers. The
same has been done for the sq-wot tool.
- https://gitlab.com/sequoia-pgp/sequoia-wot/-/issues/51
- https://gitlab.com/sequoia-pgp/sequoia-wot/-/issues/47
- If the situation improves, either because the crate is maintained
again, or we port to a different crate, we can easily undo this
change.
- Also, remove all the examples that use the dot output format. Not
only is it awkward to make these examples optional, the existing
examples are also very repetetive, as they duplicate an existing
example, and only change the output format.
- Fixes#146.
- This allows users to tweak the StandardPolicy used by Sequoia to
evaluate cryptographic artifacts. For example, on Fedora it will
adhere to the system-wide cryptographic policy for Sequoia.
- Fixes#128.
* New functionality
- `sq key subkey add` allows to create and add a new subkey to an
existing certificate.
- The functionality of `sq-keyring-linter` is now available as
`sq keyring lint`.
- The new subcommands `sq key revoke`, `sq key subkey revoke` and
`sq key userid revoke`, allow writing to a file using the
`--output` option.
* Notable changes
- The `--keyring` option is now global and can be specified anywhere
when calling `sq`.
* Deprecated functionality
- The `--expires` and `--expires-in` options used in various
subcommands are deprecated in favor of the unifying `--expiry`.
- `sq key generate --export FILE` is deprecated in favor of the more
generic `sq key generate --output FILE`.
- The `sq revoke certificate` command has been renamed to `sq key
revoke`.
- The `sq revoke subkey` command has been renamed to `sq key subkey
revoke`.
- The `sq revoke userid` command has been renamed to `sq key userid
revoke`.
This commit is mostly a copy over from the keyring-linter repository,
with a few changes included to make it work in the sq codebase. These
changes are:
- replaced calls to atty with calls to is-terminal. This was done due
to is-terminal already being in the dependency tree of sq, and atty
being unmaintained.
- replace ansi_term with termcolor, because ansi_term is unmaintained
- removed a few things from the keyring linter, that were also present
in sq itself, to avoid duplication. This included the reference time
parameter, key decryption and IO handling
- added output file and binary parameters to the linter, so that I
could handle output the same as the other commands do
- Replace `sq_cli::types::IoArgs` with the more granular
`sq_cli::types::FileOrStdin`, `sq_cli::types::FileOrCertStore` and
`sq_cli::types::FileOrStdout`.
- Replace all generic `input` (describing single files) and `output`
arguments with the respective new facilities to share code and not
repeat ourselves.
- Replace the `open_or_stdin()` function with `FileOrStdin::open()`.
- Replace the `create_or_stdout()` function with the private
`FileOrStdout::create()`, so that it can not be called directly.
- Replace the `emit_unstable_cli_warning()`
and `create_or_stdout_unsafe()` functions with
`FileOrStdout::create_unsafe()`.
- Replace the `create_or_stdout_safe()` function with
`FileOrStdout::create_safe()`.
- Replace the `create_or_stdout_pgp()` function with
`FileOrStdout::create_pgp_safe()`.
- Remove the field `unstable_cli_warning_emitted` from `Config`, as
it is replaced by the static `UNSTABLE_CLI_WARNING`, which allows for
tracking whether a warning has been emitted across several instances
of `FileOrStdout`.
* Changes in 0.30.1
* Notable changes
- The `crypto-botan` feature now selects Botan's v3 interface. Use
the new `crypto-botan2` feature to continue using Botan's v2
interface.
* Notable fixes
- Several parser bugs were fixed in sequoia-openpgp 1.16.0 and
buffered-reader 1.2.0. These are all low-severity as Rust
correctly detects the out of bounds access and panics. Update
Cargo.lock to make sure we use these versions.
- sequoia-openpgp 1.16 changed `sequoia-openpgp/crypto-botan` to
build against Botan's v3 interface, and exposed
`sequoia-openpgp/crypto-botan2` to build against the v2 interface.
- Do the same. Add a `crypto-botan2` feature to allow the user to
build against Botan's v2 interface.
Installing sq from crates.io (cargo install sequoia-sq) was broken by a
semver-compatible change in Tera. Running cargo test uses the lockfile
and isn't affected.
This has the side benefit of reducing dependency bloat, the baseline
depends on check/build/build --release but in the case of a non-release
build the dependency count goes from 403 to 315.
Fixes#2.
The subplot/tera issue was likely triggered by this change in tera
1.18: <https://github.com/Keats/tera/pull/799>.
- Add the top-level option `--pep-cert-store` and the environment
variable `PEP_CERT_STORE`, which allow users to use pEp
certificate stores.
- By default, no pEp certificate store is used. Users can however
put `export PEP_CERT_STORE=$HOME/.pEp` in their `.bashrc` file, for
instance, to turn it on.
- `clap_mangen` generates the man pages directly from `Clap`, and is
the successor to `manpage-maker`.
- Use it, and delete the checked-in (and stale) man pages.
- Add the `sq wot` subcommand, to expose web of trust functionality.
- This is just an import of the `sq-wot` CLI as `sq wot`. The
support for using the `gpg` keyring and gpg's ownertrust, however,
is removed.
- Extend `sq encrypt` with the `--recipient-email` and
`--recipient-userid` arguments to allow the caller to designate a
certificate by email address or User ID, respectively. An email
address or User ID is considered to designate a certificate, if
the binding between the email address or User ID and the
certificate can be authenticated using the web of trust.
- Add support for the web of trust using the `sequoia-wot` crate.
- Add a top-level option, `--trust-root`, to allow the user to
specify trust roots.
- Enable the `env` feature for the clap build dependency, not just
the normal dependency.
- Disable more rustdoc lints.
- Explicitly convert a `StyledStr` to a `String`.
- `ArgEnum` and `arg_enum` are now called `ValueEnum` and
`value_enum`, respectively.
- Clap 4 is stricter about how arguments are designated: in argument
groups and conflicts, they have to be designated using the field
name, not the long option name.
- `clap::AppSettings::DeriveDisplayOrder` has been removed and is
now the default.
- `parse(from_occurrences)` is deprecated in favor of `action =
Count`, which takes a `u8`, not a `usize`.
- `Command` no longer takes a lifetime.
- Add support for a persistant certificate store using
`sequoia-cert-store`.
- Add `sq --no-cert-store` to disable the use of the certificate
store. Add `sq --cert-store PATH` to use an alternate certificate
store.
- Add `sq import` to import a certificate into the certificate
store. Add `sq export` to export certificates.
- Modify `sq certify`, `sq encrypt`, and `sq verify` to lookup
certificates in the certificate store, if it is configured.
- This implementation has been moved from the Sequoia repository to
its own repository. To inspect the history, either look at the
Sequoia repository, or graft it onto this repository like this:
$ git remote add sequoia https://gitlab.com/sequoia-pgp/sequoia
$ git fetch sequoia 82eb0d7b240d137141fc0aaaa3dff1685bb11864
$ git replace --graft <THIS-COMMIT> 82eb0d7b240d137141fc0aaaa3dff1685bb11864