File sequoia-sq.changes of Package sequoia-sq
-------------------------------------------------------------------
Tue Aug 19 18:53:17 UTC 2025 - Felix Niederwanger <felix.niederwanger@suse.de>
- Update vendored dependencies due to security issues
-------------------------------------------------------------------
Thu Apr 10 13:18:35 UTC 2025 - Felix Niederwanger <felix.niederwanger@suse.de>
- Update to version 1.3.1:
* Release 1.3.1.
* Fix formatting.
* Improve documentation of `sq config`.
* Emit hints to mark an imported key as authenticated or introducer.
* Hedge against importing keys into the cert store.
* Improve displaying of preferred user IDs.
* Fix typo.
* Display backtraces attached to errors.
* tests: Avoid DSA key in tests as DSA will be rejected in the future.
* tests: Update PKI test vectors to not expire.
* Enable backtraces and tracing when running tests.
* Make importing Autocrypt certs more robust.
* Release 1.3.0.
* Make sq config get print to stdout.
* Fix early abort in sq keyring filter
* Fix test sq_verify_policy_as_of_relative_time
* Fix error message.
* Prefix matching for --...-self parameters fixed
* Fix examples.
* Port to sequoia-openpgp 2.
* ci: Always build the pages, but only publish when merging to main.
* Upgrade sequoia-man.
* Split out the man page generation into a new crate.
* Update openssl to address RUSTSEC-2025-0004.
* Update hickory-proto to address RUSTSEC-2025-0006.
* man: Fix NAME section for subcommands.
-------------------------------------------------------------------
Tue Feb 04 19:51:59 UTC 2025 - felix.niederwanger@suse.de
- Update to version 1.2.0:
* Release 1.2.0.
* Update Cargo.lock.
* Use authenticated identifiers in sq verify.
* Improve quoting.
* Improve sq download's output.
* Add a parameter to the authenticate function to control the output.
* Move helper function to common.
* Add a mechanism to replace an argument in a hint with a placeholder.
* Avoid crash parsing arguments to Strings.
* Make sq cert lint less quiet when there are no issues.
* Add sq key rotate.
* Extend replay to optionally take a signer.
* tests: Move utility function to the common module.
* Move function to the common module.
* Extend replay to allow the caller to limit what is replayed.
* Improve output.
* Allow the caller to specify an indentation level.
* Disable tracing.
* Fix test helper function.
* Add sq pki vouch replay.
* Move certification listing code to the common module.
* Move code in common to the sole function that uses it.
* Move the sq pki link list implement to its own module.
* Extend sq pki vouch list to list certifications of a certificate.
* Improve test.
* Simplify specifying certificate designators in tests.
* Require that certificate designators are authenticated.
* Use an explicit type for the trust amount parameter.
* Fix sq --cli-version.
* Improve sq pki link list's help text.
* Improve error messages.
* Avoid unnecessary lookups.
* Relax sq pki link list's certificate designators.
* Fix examples.
* Don't export non-exportable sigs and components when exporting keys.
* Add missing NEWS entry.
* Fix duplicating packets when dumping.
* Prevent monomorphization of Sq::resolve_cert.
* Prevent monomorphization of Sq::resolve_certs_filter.
* Add new command sq pki vouch list.
* Move the code for listing certification to common.
* Release 1.1.0.
* Relax subplot dependency.
* Relax rusqlite dependency.
* Update Cargo.lock.
* Fix output.
* Add a lint for uncertified user IDs.
* Show certificates without user IDs with --gossip.
* Improve sq cert list's documentation.
* Improve help text lints.
* Fix long help generation for cert designators.
* Update NEWS file.
* Add option --unusable to sq cert list, etc.
* Show hints about unusable bindings when --gossip is provided.
* Change how we refer to unusable bindings in sq cert list.
* Change sq cert list to not show warnings if --quiet is given.
* Distinguish unauthenticated and invalid bindings in sq cert list.
* Improve linting for sq cert list.
* Don't list revoke user IDs.
* Fix listing certificates by fingerprint or key ID.
* Remove duplicate code.
* Rework sq cert list's human readable output.
* Improve UserIDDesignator::argument_value.
* Fix UserIDDesignator::argument_value.
* Add some helper functions.
* tests: Add tests for sq cert list.
* Fix sq cert list --gossip.
* Fix output.
* Release 1.0.0.
* Fix NEWS.
* Align `sq download` with `sq verify`.
* Fix displaying preferred user IDs.
* Write to temporary file first, then persist it under the final name.
* Avoid using absolute paths in name of scratch files.
* Automatically import certificates from GnuPG's certificate store.
* Escape user IDs.
* Escape preferred keyserver and policy URI.
* Escape notation name and data.
* Escape literal data file name and data prefix.
* Escape all regular expressions.
* Escape all reason for revocation messages.
* Improve output sanitization.
* Use the visual idiom for cert,userid pairs authenticating downloads.
* Use the visual idiom for cert, userid pairs when decrypting.
* Use the visual idiom for cert, userid pairs when importing revs.
* Use the visual idiom for cert, userid pairs when certifying.
* Improve argument and value formatting in hints.
* Improve help output.
* Revert "Refine sq pki {authenticate,lookup}'s user ID designators."
* Fix commands embedded in the documentation.
* Make verifying detached signatures more efficient.
* Require sequoia-openpgp 1.22.
* Fix hint.
* Refine sq key userid revoke's user ID designators.
* Refine sq pki vouch {add,authorize}'s user ID designators.
* Refine sq pki {authenticate,lookup}'s user ID designators.
* Refine sq pki link retract's user ID designators.
* Refine sq pki link {add,authorize}'s user ID designators.
* Add sq pki path --userid-by-email.
* Gracefully handle unencrypted Autocrypt messages.
* Align output emitted when importing certificates.
* Don't unconditionally show provenance messages.
* Fix importing unencrypted Autocrypt messages.
* Improve error handling opening the cert store.
* Do not hide errors from keyrings in verify.
* Refactor packet and keyring files in /cli to new example framework.
* Refactor files in /cli/network to new example framework.
* Refactor files in /cli/pki to new example framework.
* Refactor files in /cli to new example framework.
* Remove the unstable CLI warning.
* Don't make impossible recommendations.
* Remove useless code.
* Disable the --name and --add-name arguments.
* Rename --userid-or-add to --add-userid, etc.
* Extend and adjust the set of user ID designators.
* Refactor the user ID designators.
* Update all dependencies.
* Fix test.
* Trim unused features on sequoia-cert-store.
* Update sequoia-net and reqwest.
* Add argument `sq network search --iterations`.
* Add argument `sq network search --use-dane`.
* Add argument `sq network search --use-wkd`.
* Better handle user ID's matched by --all.
* Make --all conflict with other user ID designators.
* Fix test for sq pki link retract.
* Make `sq cert list` display certificates without user IDs.
* Prepare for userid-less certificates in common::pki::authenticate.
* Split OutputFormat::add_paths into two functions.
* Fix listing certificates without authenticated bindings.
* Apply the input lints to all certs.
* Only show hints about an empty cert store if it is indeed empty.
* Change `sq config inspect policy` to explain the policy.
* Fix warnings about elided lifetimes that have a name.
* Add tests for sq key approvals update.
* tests: Improve sq key approvals update help functions.
* Add tests for sq key approvals list.
* Add tests for sq key userid revoke.
* Add tests for sq pki lookup.
* Add tests for sq pki authenticate.
* Add tests for sq pki vouch {add,authorize}.
* tests: Rename Sq::pki_vouch_authorize_p.
* tests: Simplify Sq::try_pki_vouch_add and Sq::pki_vouch_authorize_p.
* Add tests for sq pki link retract.
* Add tests for sq pki link authorize.
* Add tests for sq pki link add.
* Simplify comments.
* Lint CLI help texts.
* Align CLI help texts with our UI guidelines.
* Make long help texts configurable for cert designators.
* Deduplicate and rework the signature notation argument handling.
* Require explicit opt-out for encrypting without signing.
* Use cert designators for `sq cert list`.
* Add examples for `sq cert list`
* Refactor files in /cli/cert to new example framework
* Modify examples
* Refactor files under .../cli/key to use example framework
* Fix generation of user ID-less keys.
* Upgrade hickory-proto to avoid vulnerable idna 0.4.0.
* Gracefully handle missing ui section in config file.
* Add `sq encrypt --profile` in preparation for RFC9580.
* Add `sq key generate --profile` in preparation for RFC9580.
* Parse key.generate.cipher-suite case sensitively.
* Mention the configuration key in the augmented help texts.
* Make `sq network dane generate` require cert designators or `--all`.
* Make `sq pki link list` fail if a designated cert has no link.
* Refactor user ID matching when resolving certificates.
* Generalize the filter for `Sq::resolve_certs_filter.
* Align `sq sign --detached-file` with `sq verify --detached-file`.
* Make the default third-party certification expiration configurable.
* Introduce a specialization for third-party certifications.
* Make ExpirationArg configurable.
* Manually implement clap::Args for ExpirationArg.
* Add tests for sq pki link list.
* Add tests for sq key list.
* Listing an empty certificate store should not be an error.
* Fix hint.
* Hide --without-password from the sq key generate examples.
* Make it possible to hide parts of an example.
* Change the default third-party certification expiration to 10y.
* Implement `sq pki vouch {add,authorize} --certifier-self`.
* Improve the `--self-signer` help texts and add to the template.
* Add a pattern argument to `sq pki link list`.
* Add missing conflict for `sq key list`.
* Change sq config inspect network to use stdout.
* Change sq config inspect paths to use stdout.
* Change sq cert import and sq key import to use stdout.
* Improve sq network wkd publish's output.
* Change sq network wkd publish to use stdout.
* Convert a hint to a warning.
* Change sq network keyserver publish to use stdout.
* Change sq pki link add, etc. to use stdout.
* Generalize make_qprintln to write to a different stream.
* Change sq pki link list to use stdout.
* Before printing a hint, flush stdout.
* Change sq cert list, sq pki authenticate, etc. to use stdout.
* Generalize the authentication output routines to use any stream.
* Change sq key approvals list to use stdout.
* Change sq key list to use stdout.
* Add new macro wwrintln.
* Generalize weprintln and iweprintln to write to any stream.
* Rename wprintln to weprintln.
* Clean up sq key list's output.
* Implement `sq config inspect network`.
* Implement `sq config inspect paths`.
* Implement `sq config inspect policy`.
* Make `sq key list` fail without key store, align error messages.
* Align error messages when listing certs.
* Import the secret key so that the example has something to list.
* Change sq inspect to show the cert associated with a recipient.
* policy: Update certificates.
* Simplify code.
* Remove unreachable code.
* Fix resolving `--signer-self`.
* Improve formatting of message.
* Implement `sq sign --signer-self` and `sq encrypt --signer-self`.
* Make the number of iterations configurable for `sq network search`.
* Make use of DANE configurable when doing `sq network search`.
* Make use of WKD configurable when doing `sq network search`.
* Make the path to the backend servers configurable.
* Fix displaying effective configuration.
* Make hints configurable.
* Generalize function.
* Make verbosity configurable.
* Introduce accessors for sq.quiet and sq.verbose.
* Use platform-specific prompt in hints.
* Indent hints so that they look different from shell prompts.
* Improve the `--for-self` encryption hint.
* Don't show hint if a recipient is listed in encrypt.for-self.
* Don't explicitly create `Recipient`s.
* Show the configuration file's location in sq config --help.
* Fix message.
* Display a hint if encrypting a message that one can not decrypt.
* Implement `sq encrypt --for-self`.
* When encrypting a message, list signers.
* When encrypting a message, list recipients and passwords.
* Use BufferedReader::copy to avoid an extra copy.
* Rework encryption subkey selection.
* Fix handling of `--home=default` and `--home=none`.
* Drop superfluous mut.
* Align user ID designators in `sq pki link retract`.
* Add support for addressing shadow CAs by symbolic names.
* Make `sq config get policy.path` reflect SEQUOIA_CONFIG_POLICY.
-------------------------------------------------------------------
Fri Jan 03 11:00:32 UTC 2025 - felix.niederwanger@suse.com
- Update to version 1.1.0:
* Release 1.1.0.
* Relax subplot dependency.
* Relax rusqlite dependency.
* Update Cargo.lock.
* Fix output.
* Add a lint for uncertified user IDs.
* Show certificates without user IDs with --gossip.
* Improve sq cert list's documentation.
* Improve help text lints.
* Fix long help generation for cert designators.
* Update NEWS file.
* Add option --unusable to sq cert list, etc.
* Show hints about unusable bindings when --gossip is provided.
* Change how we refer to unusable bindings in sq cert list.
* Change sq cert list to not show warnings if --quiet is given.
* Distinguish unauthenticated and invalid bindings in sq cert list.
* Improve linting for sq cert list.
* Don't list revoke user IDs.
* Fix listing certificates by fingerprint or key ID.
* Remove duplicate code.
* Rework sq cert list's human readable output.
* Improve UserIDDesignator::argument_value.
* Fix UserIDDesignator::argument_value.
* Add some helper functions.
* tests: Add tests for sq cert list.
* Fix sq cert list --gossip.
* Fix output.
-------------------------------------------------------------------
Thu Dec 19 10:47:17 UTC 2024 - felix.niederwanger@suse.com
- Update to version 1.0.0:
* Release 1.0.0.
* Fix NEWS.
* Align `sq download` with `sq verify`.
* Fix displaying preferred user IDs.
* Write to temporary file first, then persist it under the final name.
* Avoid using absolute paths in name of scratch files.
* Automatically import certificates from GnuPG's certificate store.
* Escape user IDs.
* Escape preferred keyserver and policy URI.
* Escape notation name and data.
-------------------------------------------------------------------
Wed Dec 04 10:48:32 UTC 2024 - felix.niederwanger@suse.de
- Update to version 0.40.0:
* Release 0.40.0.
* Support thiserror 2.0.
* Update Cargo.lock.
* Mark `sq keyring filter` experimental.
* Update MSRV to 1.79, which is subplot's current MSRV.
* Add a configuration file and associated management commands.
* Align user ID designators in `sq pki {link,vouch} {add,authorize}`.
* Require self-signed user IDs when publishing certs in a WKD.
* Update sequoia-keystore to 0.6.2.
* Remove argument `sq key subkey export --cert-file`.
* Fix message.
* Remove argument `sq cert lint --export-secret-keys`.
* Change sq pki link retract to use the NULL policy.
* Improve hint.
* To revoke a user ID, require the cert be valid under the current policy.
* Improve message when a certificate can't be used for encryption.
* tests: Add more tests for sq encrypt.
* Don't use revoked certificates for encryption.
* Improve sq key password's output.
* Make sq key password change the password of weakly bound keys.
* tests: Add tests for sq key password.
* Improve how sq key delete handles ambiguous associations.
* Change sq key {delete,password} to work with more certificates.
* Change sq key delete to refuse to work with weakly bound subkeys.
* Update to subplot 0.11.0.
* Fix hint.
* Improve documentation.
* New mandatory switches `sq key generate <--own-key|--shared-key>`.
* Improve status messages when publishing a WKD.
* Fix copying the policy file if no updates happened.
* Make `sq network wkd publish` work without a cert store.
* Change sq key subkey {password,delete} to work with weak bindings.
* Rename --notation to --signature-notation.
* Add `sq encrypt --signature-notation`.
* Fix examples.
* Add missing examples for the network commands.
* Add a builder-style interface to the example framework.
* Certify newly created keys with a per-host shadow CA.
* Differentiate the help texts for `--notation` slightly.
* Fix sq cert lint.
* Check for the cert / key store before doing work.
* Improve no cert store / no key store error messages.
* Catch clap errors, and display them better.
* Rename `sq pki vouch certify` to `sq pki vouch add`.
* Make `sq key import` read from stdin if no files are given.
* Move the CLI parser for sq key import to its own module.
* update container examples in readme
* make container a single-user environment
* add dockerignore file
* add bash completion and manpages to container
* improve OCI compatibility of Containerfile
* rename Dockerfile to vendor-neutral Containerfile
* Change sq network wkd generate to avoid unnecessary churn.
* Improve sq network wkd generate's error messages.
* Fail if the user tries to create an empty WKD.
* Make sq network wkd publish more chatty.
* Make sq network wkd publish more robust.
* Fix sq packet join to not panic if there is no input.
* Show an issuer's user ID, if we know it.
* Rename sq packet split --prefix to --output-prefix.
* Add a hint to sq packet split's output.
* Change sq packet split to write to stdout by default.
* Improve the "waiting for input on stdin" message.
* Limit width when wrapping help texts to increase readability.
* Use a simpler word separator algorithm to keep URLs intact.
* Don't break lines if stderr is not a terminal.
* Don't limit the width of emitted text.
* Remove `sq toolbox extract-cert`.
* Remove test framework for toolbox strip-userid.
* Fix hints to do packet dump.
* Change sq decrypt to not use rpassword directly.
* Change sq decrypt to respect --batch.
* Make `sq cert lint` read from stdin again.
* Only display hint for live certs.
* Align spelling of cert-store with the command line argument.
* Show sources of data when fetching certs over the network.
* In sq key list, prefer weakly bound user IDs to nothing.
* Change sq key list to display more user IDs.
* Refactor common::get_keys to be less clever.
* Fix sq pki path to use Sq::resolve_cert.
* Remove unnecessary lookup.
* Fix documentation.
* Don't add approvals for non-exportable certifications or certs.
* Move the ca_creation_time function to the common module.
* Change the packet dumper to show the issuer, when available.
* Remove the `--binary` flag from all commands emitting certs or keys.
* Use `--cert-` prefix for all cert designators.
* Remove `sq toolbox strip-userid`.
* Turn `sq key approvals --add-authenticated` into a flag.
* When searching by fingerprint, show any unauthenticated certificate.
* Rearrange the order of the user ID designator arguments.
* Rename --add-userid to --userid-or-add, etc.
* Add support for examples that are only syntax checked.
* Add some tracing.
* Fix sq cert list for fingerprints and key IDs.
* Implement From<KeyHandle> for CertDesignators.
* When listing who made a certification, show the fingerprint.
* When listing approvals, indicate whether there are any pending.
* Make sq key approvals more transparent.
* Make sq key approvals update require an action.
* Lint user IDs that would be added and are not self signed.
* Rename sq toolbox dearmor to sq packet dearmor.
* Rename sq toolbox armor to sq packet armor.
* Move sq toolbox packet to sq packet.
* Move sq toolbox keyring to sq keyring.
* Fix comment.
* tests: Fix check.
* Show standard usage if no arguments are supplied to sq cert export.
* Port sq toolbox userid-strip to the user ID designator framework.
* Port sq cert list and two more to the user ID designator framework.
* Upgrade sequoia-wot.
* Move the authenticate function to its own module under common.
* Improve the format of error messages for failing examples.
* Revise the authenticate code's linting.
* Port sq pki {authenticate,identify} to the cert designator framework.
* Move the sq pki identify cli definition to its own module.
* Move the sq pki lookup cli definition to its own module.
* Move the sq pki authenticate cli definition to its own module.
* Improve documentation.
* Expand ~ in state directories.
* Make `sq encrypt --set-metadata-filename` take a simple string.
* Remove `sq encrypt --set-metadata-time`.
* Port sq pki path to the user ID designator framework.
* Add support for adding a user ID by display name.
* Make sq pki path's user ID argument a named argument.
* Move the sq pki path cli definition to its own module.
* Move the sq pki path implementation to its own module.
* Make `sq download --output` mandatory.
* Port sq key userid revoke to the user ID designator framework.
* Add support for adding a user ID by display name.
* When printing self-signed user IDs, also show invalid user IDs.
* Port sq key approvals update to the user ID designator framework.
* Port sq key approvals list to the user ID designator framework.
* Add support for designating a self-signed user ID by display name.
* Improve naming.
* Optimize downloading of data files with detached signatures.
* Forbid `--output` when verifying detached signatures.
* Add note.
* Cause sq download to fail faster if the output file can't be used.
* Split the argument `sq network wkd publish --create` into two.
* Use cert designators for the signer arguments of `sq encrypt`.
* Use cert designators for the signer arguments of `sq sign`.
* Change --email and --add-email to only match user IDs unambiguously.
* Add `sq sign --mode` to create binary or text signatures.
* Change --add-userid from a flag to two arguments.
* Generalize active_certifications.
* tests: When calling sq pki authenticate include --show-paths.
* tests: Abstract user ID argument passing.
* Drop debugging remnant.
* Replace `--no-cert-store` and `--no-key-store`.
* Make home directory optional.
* Introduce accessors.
* Require explicit mode, and align `sq sign` and `sq verify`.
* Make tests less expensive.
* Change sq key list to not filter out unauthenticated certificates.
* Add a DWIM search parameter to sq key list.
* Remove `sq cert lint --list-keys`.
* Set signature creation times closer to where the builder is created.
* Expand the designated signers to user ID, email, and domain queries.
* Use only designated signers to verify signatures.
* Make `sq pki link add` honor `sq --time`.
* Move struct VHelper to commands::verify.
* Disable the help subcommand everywhere except at the top-level.
* Add new command sq download.
* Don't move when passing a reference will do.
* Add new argument, --cli-version, to require a CLI version.
* Rename OutputVersion to Version and move it to its own module.
* Fix sq toolbox packet dump's help text.
* Don't show the progress bar if --batch is specified.
* Print out the certificate that decrypted a message.
* Show more information about certificates in sq key list.
* Normalize output.
* Show more information about certificates in sq cert list.
* Finish renaming attestation to approval.
* Make sq key expire's expiration argument required.
* Use key designators for sq key subkey revoke.
* Fix documentation.
* Use key designators for sq key subkey {delete,password}.
* Change sq key subkey export to require the certificate to export.
* Move the bind module.
* Move the sq key subkey revoke implementation to its own module.
* Move the sq key subkey expire implementation to its own module.
* Move the sq key subkey password implementation to its own module.
* Move the sq key subkey delete implementation to its own module.
* Move the sq key subkey export implementation to its own module.
* Move the sq key subkey add implementation to its own module.
* Move cli parser for sq key subkey bind to its own module.
* Move cli parser for sq key subkey revoke to its own module.
* Move cli parser for sq key subkey expire to its own module.
* Move cli parser for sq key subkey password to its own module.
* Move cli parser for sq key subkey delete to its own module.
* Move cli parser for sq key subkey export to its own module.
* Move cli parser for sq key subkey add to its own module.
* Add a new key designator type.
* Use more qualified names to reduce ambiguity.
* Don't extend the expiration of invalid components.
* Change sq key subkey bind to use the expriation type.
* Extend Time to support relative timestamps.
* Move the Time type to its own module.
* Make it clearer that we don't support ISO 8601 durations.
* Dry out sq key expire's expiration argument.
* Add a global option, --policy-as-of, to select a crypto policy.
* If decryption fails, delete the output file.
* tests: Generalize Sq::encrypt and Sq::decrypt to work with files.
* If signature verification fails, delete the output file.
* Add support for merging bare revocation certificates.
* Dry out the keyring merge function.
-------------------------------------------------------------------
Mon Nov 04 07:40:40 UTC 2024 - felix.niederwanger@suse.de
- Update to version 0.39.0:
* Release 0.39.0.
* Loosen reqwest dependency.
* Loosen subplot dependency.
* Upgrade terminal_size.
* Upgrade sequoia-policy-config.
* Update Cargo.lock.
* Fix various typo in the NEWS file.
* Add support for importing bare revocation certificates.
* Rework signature verification output.
* Don't let bad signatures override good signatures.
* When reading from stdin, emit a warning if we don't get any input.
* Improve sq encrypt's examples to better reflect best practices.
* Improve the error message shown when sq encrypt gets no recipients.
* Make sq key userid revoke's positional arguments named arguments.
* Make sq key subkey revoke's positional arguments named arguments.
* Make sq key revoke's positional arguments named arguments.
* Dry out --expiration.
* Move the Expiration type to its own module.
* Make sq key expire's expiration argument a named argument.
* Make sq key subkey expire's expiration argument a named argument.
* Improve error messages.
* Improve message.
* Fix how user IDs are displayed.
* When displaying a gossip path, show the path's trust amount.
* Fix self signature check.
* Fix how paths for self signatures are displayed.
* Rework gossip.
* Upgrade sequoia-wot.
* Remove sq pki path's --gossip argument.
* tests: Dry out certificate handling.
* Use cert designators for the certifier in `sq pki vouch authorize`.
* Use cert designators for the certifier in `sq pki vouch certify`.
* Remove the pEp store integration.
* Add `--output` and `--binary` arguments to `sq key subkey export`.
* Add `--output` and `--binary` arguments to `sq key export`.
* Add an `--output` argument to `sq cert export`.
* Use cert designators for `sq toolbox packet dump`.
* Use cert designators for `sq toolbox strip-userid`.
* Add `sq network keyserver publish --domain`.
* Use cert designators for `sq key approvals update`.
* Use cert designators for `sq key approvals list`.
* Use cert designators for `sq key subkey bind`.
* Use cert designators for `sq key subkey revoke`.
* Use cert designators for `sq key subkey expire`.
* Use cert designators for `sq key subkey password`.
* Use cert designators for `sq key subkey delete`.
* Improve wrapping of examples.
* Use cert designators for `sq key subkey add`.
* Use cert designators for `sq key userid revoke`.
* Use cert designators for `sq key userid add`.
* Use cert designators for `sq key revoke`.
* Avoid heap allocation if we don't change the help text.
* Use cert designators for `sq key expire`.
* Use cert designators for `sq key password`.
* Cleanup.
* Move the CLI parser for `sq key password` to its own module.
* Improve wrapping of examples.
* Use cert designators for `sq cert lint`.
* Consolidate import stat printing more.
* Fix and add hints for when no certs matched.
* Fix updating import statistics.
* Make `sq key delete --file` require `--output`.
* Use cert designators for `sq key delete`.
* Move the command line parser for `sq key delete` to its own module.
* Use cert designators for `sq key export`.
* Introduce a symbolic name for the default empty options.
* Move the command line parser for `sq key export` to its own module.
* Use cert designators for `sq key list`.
* Move the command line parser for `sq key list` to its own module.
* Use cert designators for `sq inspect`.
* Use cert designators for `sq verify`.
* Use cert designators for `sq decrypt`.
* Change --cert to only look up by primary key fingerprint.
* Raise limit of stdout and stderr shown in tests.
* Add filters to `sq pki link list`.
* Adapt fingerprint, user ID pairs display in link listings.
* Tweak edge annotations.
* Rework how fingerprint, user ID pairs are displayed.
* Merge `sq autocrypt import` into `sq cert import`, remove others.
* Implement AddAssign for ImportStats.
* Parse certificates from a Dup reader.
* Remove the Autocrypt gossip CA framework.
* Print error chains at the top level.
* Improve formatting of error chains.
* Remove obsolete TODOs.
* Make `sq inspect` handle non-OpenPGP data.
* Fix hint formatting.
* Enable the use of state in the subplot tests.
* Set a SEQUOIA_HOME directory for the subplot tests.
* Remove the DWIM interface from `sq cert export`.
* Fix mutability of recipient in accessors.
* Only export certificates with authenticated bindings.
* Remove obsolete todos.
* Hide certification and key creation times for shadow CAs.
* Remove redundant trust amount information.
* Use non-breaking hyphens to format dates.
* Filter out self-signatures when `--gossip` is given.
* Remove now unused non-concise human readable output format.
* Make the path output a little less dense.
* Merge the path printing into the concise human readable output.
* Align the output of `sq cert list` with `sq key list`.
* Align timestamp formatting.
* Align hint formatting.
* Split `sq network wkd publish --rsync` into two to avoid ambiguity.
* Fix documentation.
* Rename `sq verify --signer-cert` to `--signer`.
* Simplify crate::load_keys.
* Simplify crate::load_certs.
* Add `--all` flag to `sq network wkd publish` and `dane generate`.
* Use imperative mood to describe the cert and user ID designators.
* Make `sq --home=default` work.
* Remove `sq network dane generate --skip`.
* Move sq pki list to sq cert list.
* Rename test files.
* Add a test.
* Don't try to certify invalid user IDs.
* Make it easier to debug failing examples.
* Move sq pki {certify,authorize} under sq pki vouch.
* Split authorization functionality out of sq pki link add.
* Generalize helper function.
* Reorder sq pki link add's options.
* Dedup user IDs.
* Identify common user errors when verifying detached signatures.
* Fix example description.
* Make `inspect` return the kind of data it thinks it is looking at.
* Port sq pki link retract to the user ID designator framework.
* Don't require --add-userid if that option isn't enabled.
* Improve output when retracting a link.
* Fix sq pki link retract when retracting all certifications.
* Check all user IDs, not just self-signed user IDs.
* Align sq pki link add's user ID specification with sq pki certify.
* Remove sq pki link retract's positional argument for specifying a user ID.
* Remove sq pki link add's positional argument for specifying a user ID.
* Change sq pki link retract to use a named argument for the certificate.
* Change sq pki link add to use a named argument for the certificate.
* Add `sq cert export --local` to export non-exportable sigs.
* Show more information about downloaded certificates.
* Support indentation parameters in qprintln.
* Fix hint.
* Check that we don't certify our own certificate.
* Refactor user ID resolution.
* Add a user ID designator abstraction.
* Extend sq pki authorize to constrain by domain.
* Move the domain to regex conversion functionality to common.
* Don't specify value_name twice for a single argument.
* Add new subcommand sq pki authorize.
* Generalize Sq::pki_certify to certify multiple user IDs at once.
* Reorder sq pki certify's options.
* Change sq pki certify to use a named argument for the certificate.
* Extend the cert designator framework to support required arguments.
* Change sq pki certify to use a named argument for the user ID.
* Refactor sq pki certify, sq pki link add and sq pki link retract.
* Add a None variant to the TrustAmount enum.
* Simplify the active_certification utility function.
* Emit a hint if `sq cert import`ing a key.
* Drop the free-form command hint interface.
* Make all command hints use the structured hint framework.
* On debug builds, parse the emitted hints and panic if that fails.
* Add a structured command hint framework.
* Emit hint on how to extract a particular certificate.
* Move function.
* Always list found certificates, and reword the message.
* Rename `sq network fetch` to `search`, likewise hkp, WKD, and DANE.
* Merge certificates fetched from the network earlier.
* Move type ImportStatus.
* Unify key and cert import stats, be explicit about what is imported.
* Add a test to execute some sanity checks against the CLI.
* Make `--rev-cert` argument mandatory if `--output` has been given.
* Improve some integration tests to use more of the test framework.
* Remove `sq network keyserver publish --require-all`.
* Always print the error message in addition to propagating it.
* Emit a hint that the Mailvelope key server rejects some certs.
* Augment usage messages with examples.
* Slightly indent the pointer to the global arguments.
* Provide helpful guidance if there are no secret keys.
* Make `sq key generate --rev-cert` behave like other outputs.
* Move CLI definition of `sq key generate` to its own module.
* Display the signers cert fingerprint when inspecting artifacts.
* Fix formatting.
* Return the selected certificate from Sq::best_userid_for.
* Make Sq::best_userid_for work with use_wot=false.
* Improve best user ID computation.
* Improve certificate lookups when computing best user ID.
* Use cheaper predicate to see if an iterator is empty.
* Make `sq toolbox keyring filter --handle` robust.
* Apply the cert filter only once.
* Add tests for `sq toolbox keyring filter`.
* Run tests in a separate working directory.
* Deduplicate function to locate test artifacts.
* Change sq pki certify to reject expired and revoked certs.
* Don't word-wrap commands in hints.
* Fix hints emitted when fetching certs from the network.
* Improve hint formatting.
* Add an explicit output parameter for `sq toolbox packet split`.
* Align the value-name for --home.
* Add an ENVIRONMENT section to the top-level man page.
* Rename environment variables to override cert and key store.
* Use a custom CLI parser for state directories.
* Improve documentation for sq key expire and sq key subkey expire.
* Don't extend the expiration of subkeys that are hard revoke.
* Add a unit test for sq key subkey expire for soft revocations.
* Add a unit test for sq key subkey expire for unbound subkeys.
* Normalize naming.
* Fix setting a certificate's expiration time.
* Fix setting a certificate's expiration time.
* Fix documentation.
* Fix capitalization of example section in help texts.
* Port cert lint examples to the example framework.
* Port keyring examples to the example framework.
* Implement examples containing pipelines.
* Add missing example data file bob.pgp.
* Port dearmor examples to the example framework.
* Port armor examples to the example framework.
* Port extract-cert examples to the example framework.
* Port link examples to the example framework.
* Fix line wrapping when printing examples.
* Update futures-util (and related packages).
* Don't call exit, just return an error.
* Fix example.
* Use cert designators for `sq network keyserver publish`.
* Use cert designators for `sq network wkd publish`.
* Use cert designators for `sq network dane generate`.
* Prevent cert designators from over-eagerly grabbing other options.
* Fix composing cert designators.
* Make the domain argument a long argument like in wkd publish.
* Improve listing of secret keys.
* Fix argument name computation.
* Rename `sq encrypt --recipient` to sq encrypt --for`.
* Rename `--recipient-cert` to `--recipient`.
* Rename `--signer-key` to `--signer`.
* Rename the global `--force` flag to `--overwrite`.
* New flag `sq pki link add --recreate` instead of `--force`.
* New flag `sq key userid revoke --add-userid` instead of `--force`.
* Make the file creation utilities take a reference to Sq.
* Move some file support code so that it can use Sq.
* Rename `sq verify --detached` to `sq verify --signature-file`.
* Fix changing the expiration time on keys without direct key sig.
* Add missing NEWS entry.
* Rename sq key subkey adopt to bind, improve documentation.
* Move sq key adopt to sq key subkey adopt.
* Improve warning message.
* Port the examples of sq toolbox packet to the examples framework.
* Improve and fix the documentation of sq toolbox packet split.
* Fix splitting and joining packets with bodies, such as literals.
* Improve the file names when splitting packet streams.
* Emit a hint when trying to sq key import a certificate.
* Deduplicate subkey arguments when revoking subkeys.
* Introduce a switch to select the type of DNS resource records.
* Fix adopting subkeys backed by the softkeys backend into softkeys.
* Allow source certs to be ambiguous when adopting a key.
* Avoid file descriptor exhaustion when fetching certificates.
* Disregard bad information in the signers user ID subpacket.
* Use the cert fingerprint in messages, not the signing subkeys keyID.
* Fix hints.
* Bump MSRV to 1.75.
* Remove redundant long_about.
* Fix hint.
* Fix long about strings so that they line wrap.
* Escape newlines in help text to enable automatic line wrapping.
* Fix spelling.
* Don't dump bad signatures by default, add CLI switch for that.
* Dump bad signatures.
* Rework indentation in the inspect module.
* Refactor signature dumping.
* Refactor key dumping.
* When adopting a key, if the creation time is unset, set it.
* Add the --creation-time argument to sq key adopt.
* When adopting a key, error out if the key's key flags is empty.
* Allow modifying the key flags when adopting a key.
* Don't require a key being adopted to have a binding signature.
* Make the test helper function Sq::key_adopt more consistent.
* Simplify how tests call sq key adopt.
* Allow tests to pass addition arguments to sq key adopt.
* Tighten the sq encrypt tests.
* Switch sq encrypt to the certificate designator abstraction.
* Switch sq cert export to the certificate designator abstraction.
* Fix sq cert export test vector.
* Add a certificate designator abstraction.
* Add a test for sq encrypt for revoked subkeys.
* Add a test for sq encrypt for expired subkeys.
* Add a test for sq encrypt for non-encryption-capable certifications.
* Add a test for sq encrypt's certificate designators.
* Port sq_encrypt.rs to the common test framework.
* Move implementation, add NEWS entry.
* Move sq key userid strip to sq toolbox strip-userid.
* Make sq key expire more robust.
* Improve debugging output.
* Add a convenience function to preserve a test's state.
* Improve comments of revocation certificates.
* Wrap comment lines in revocation certificates.
* Align sq key subkey expire and sq key subkey revoke.
* Move the `sq key subkey` CLI parser to its own module.
* Move the `sq key revoke` CLI parser to its own module.
* Avoid using the system-wide crypto policy in tests.
* Implement sq --quiet.
* Remove debugging remnant.
* ci: remove pre-common-ci vestiges
-------------------------------------------------------------------
Thu Oct 17 07:52:05 UTC 2024 - felix.niederwanger@suse.de
- Update to version 0.38.0:
* Release 0.38.0.
* Require exact --name and --email matches.
* Drop dependency itertools.
* Link to the new user documentation.
* Fix cleartext, message signing with --signer-cert.
* Improve wording.
* Update sequoia-keystore.
* Update sequoia-openpgp.
* Add a RSA2k cipher suite.
* Drop serde_json dependency.
-------------------------------------------------------------------
Thu Feb 29 13:32:20 UTC 2024 - Felix Niederwanger <felix.niederwanger@suse.de>
- Disable cargo_audit for now
-------------------------------------------------------------------
Thu Feb 29 13:30:50 UTC 2024 - Felix Niederwanger <felix.niederwanger@suse.de>
- Add comment for future legal reviews
-------------------------------------------------------------------
Mon Feb 26 17:33:40 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Ensure neutrality of descriptions.
-------------------------------------------------------------------
Thu Feb 22 14:21:54 UTC 2024 - Felix Niederwanger <felix.niederwanger@suse.de>
- Add conflict with ispell-sq
-------------------------------------------------------------------
Thu Feb 22 14:20:51 UTC 2024 - Felix Niederwanger <felix.niederwanger@suse.de>
- Add shell completions
-------------------------------------------------------------------
Tue Feb 20 18:56:34 UTC 2024 - Felix Niederwanger <felix.niederwanger@suse.com>
- Add man pages and doc files
-------------------------------------------------------------------
Thu Feb 15 09:48:08 UTC 2024 - felix.niederwanger@suse.de
- Use the sequoia-sq repository instead of the old sequoia with tags therein
- Add sqlite dependency
- Remove cargo_config
- Update to version 0.33.0:
* Release 0.33.0.
* Allow updating textwrap to 0.16.
* Bump all dependencies.
* Improve build and installation instructions.
* Update NEWS.
* Fix markup.
* Update h2 to fix RUSTSEC-2024-0003.
* Implement sq version, drop --version, move output-version there.
* Add sq toolbox, move the armor and packet subcommands there.
* Move sq import and export to sq cert.
-------------------------------------------------------------------
Thu Feb 15 09:46:33 UTC 2024 - felix.niederwanger@suse.de
- Update to version 0.33.0:
* Release 0.33.0.
* Allow updating textwrap to 0.16.
* Bump all dependencies.
* Improve build and installation instructions.
* Update NEWS.
* Fix markup.
* Update h2 to fix RUSTSEC-2024-0003.
* Implement sq version, drop --version, move output-version there.
* Add sq toolbox, move the armor and packet subcommands there.
* Move sq import and export to sq cert.
-------------------------------------------------------------------
Thu Feb 8 13:55:05 UTC 2024 - Felix Niederwanger <felix.niederwanger@suse.de>
- Disable update of vendored dependencies due to build errors
-------------------------------------------------------------------
Thu Feb 8 07:44:14 UTC 2024 - Felix Niederwanger <felix.niederwanger@suse.de>
- Update licence (GPLv2-only)
-------------------------------------------------------------------
Wed Feb 7 15:29:37 UTC 2024 - Felix Niederwanger <felix.niederwanger@suse.de>
- Update the service file:
* Change version schema to not include the git commit
* Remove unnecessary cargo audit
* Use obscpio as storage format
-------------------------------------------------------------------
Wed Feb 07 15:21:31 UTC 2024 - felix.niederwanger@suse.de
- Update to version 0.28.0~git0.82eb0d7:
* sq: Release 0.28.0.
* sq: Fix usage generation.
* sq: Avoid deprecated chrono interfaces.
* sq: Update manpages.
* sq: Fix features.
* openpgp: Add streaming decryptor tests using passwords.
* openpgp: Fix salt generation in impl Arbitrary for S2K.
* openpgp: Enable test.
* openpgp: Fix documentation.
* openpgp: Don't check subpacket area length when parsing.
-------------------------------------------------------------------
Wed Jul 27 11:04:08 UTC 2022 - adam@mizerski.pl
- Update to version 0.27.0~git0.fd8912e4:
* sq: Release 0.27.0.
* sq: allow choosing output format and version via the environment
* sq: update subplot to test JSON output for 'sq keyring list' works
* sq: add JSON output for 'sq keyring list'
* sq: add dependency on serde and serde-json
* sq: add global options --output-format and --output-version
* sq: add data types for output format and version of output format
* sq: Update manpages.
* net: Release 0.25.0.
* sq: Implement 'key userid strip'.
-------------------------------------------------------------------
Sat Apr 23 10:11:47 UTC 2022 - adam@mizerski.pl
- Update to version 0.26.0~git0.103faed4:
* sq: Release 0.26.0.
* openpgp: Open NEWS entry for 1.9.0.
* openpgp: Release 1.8.0.
* openpgp: Disable doctest if padding is not available.
* openpgp: Fix test.
* openpgp: Fix warnings when building without compression features.
* openpgp: Fix test failure if compression features are disabled.
* openpgp: Improve documentation regarding certificate expiry.
* sq: fix requirement for bad signature to be _no_ output
* sq: Make test more robust.
-------------------------------------------------------------------
Tue Dec 14 09:10:26 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>
- Initial packaging of version 0.25.0
