sequoia-sq/sequoia-sq.changes

-------------------------------------------------------------------
Tue Aug 19 18:53:17 UTC 2025 - Felix Niederwanger <felix.niederwanger@suse.de>

- Update vendored dependencies due to security issues

-------------------------------------------------------------------
Thu Apr 10 13:18:35 UTC 2025 - Felix Niederwanger <felix.niederwanger@suse.de>

- Update to version 1.3.1:
  * Release 1.3.1.
  * Fix formatting.
  * Improve documentation of `sq config`.
  * Emit hints to mark an imported key as authenticated or introducer.
  * Hedge against importing keys into the cert store.
  * Improve displaying of preferred user IDs.
  * Fix typo.
  * Display backtraces attached to errors.
  * tests: Avoid DSA key in tests as DSA will be rejected in the future.
  * tests: Update PKI test vectors to not expire.
  * Enable backtraces and tracing when running tests.
  * Make importing Autocrypt certs more robust.
  * Release 1.3.0.
  * Make sq config get print to stdout.
  * Fix early abort in sq keyring filter
  * Fix test sq_verify_policy_as_of_relative_time
  * Fix error message.
  * Prefix matching for --...-self parameters fixed
  * Fix examples.
  * Port to sequoia-openpgp 2.
  * ci: Always build the pages, but only publish when merging to main.
  * Upgrade sequoia-man.
  * Split out the man page generation into a new crate.
  * Update openssl to address RUSTSEC-2025-0004.
  * Update hickory-proto to address RUSTSEC-2025-0006.
  * man: Fix NAME section for subcommands.

-------------------------------------------------------------------
Tue Feb 04 19:51:59 UTC 2025 - felix.niederwanger@suse.de

- Update to version 1.2.0:
  * Release 1.2.0.
  * Update Cargo.lock.
  * Use authenticated identifiers in sq verify.
  * Improve quoting.
  * Improve sq download's output.
  * Add a parameter to the authenticate function to control the output.
  * Move helper function to common.
  * Add a mechanism to replace an argument in a hint with a placeholder.
  * Avoid crash parsing arguments to Strings.
  * Make sq cert lint less quiet when there are no issues.
  * Add sq key rotate.
  * Extend replay to optionally take a signer.
  * tests: Move utility function to the common module.
  * Move function to the common module.
  * Extend replay to allow the caller to limit what is replayed.
  * Improve output.
  * Allow the caller to specify an indentation level.
  * Disable tracing.
  * Fix test helper function.
  * Add sq pki vouch replay.
  * Move certification listing code to the common module.
  * Move code in common to the sole function that uses it.
  * Move the sq pki link list implement to its own module.
  * Extend sq pki vouch list to list certifications of a certificate.
  * Improve test.
  * Simplify specifying certificate designators in tests.
  * Require that certificate designators are authenticated.
  * Use an explicit type for the trust amount parameter.
  * Fix sq --cli-version.
  * Improve sq pki link list's help text.
  * Improve error messages.
  * Avoid unnecessary lookups.
  * Relax sq pki link list's certificate designators.
  * Fix examples.
  * Don't export non-exportable sigs and components when exporting keys.
  * Add missing NEWS entry.
  * Fix duplicating packets when dumping.
  * Prevent monomorphization of Sq::resolve_cert.
  * Prevent monomorphization of Sq::resolve_certs_filter.
  * Add new command sq pki vouch list.
  * Move the code for listing certification to common.
  * Release 1.1.0.
  * Relax subplot dependency.
  * Relax rusqlite dependency.
  * Update Cargo.lock.
  * Fix output.
  * Add a lint for uncertified user IDs.
  * Show certificates without user IDs with --gossip.
  * Improve sq cert list's documentation.
  * Improve help text lints.
  * Fix long help generation for cert designators.
  * Update NEWS file.
  * Add option --unusable to sq cert list, etc.
  * Show hints about unusable bindings when --gossip is provided.
  * Change how we refer to unusable bindings in sq cert list.
  * Change sq cert list to not show warnings if --quiet is given.
  * Distinguish unauthenticated and invalid bindings in sq cert list.
  * Improve linting for sq cert list.
  * Don't list revoke user IDs.
  * Fix listing certificates by fingerprint or key ID.
  * Remove duplicate code.
  * Rework sq cert list's human readable output.
  * Improve UserIDDesignator::argument_value.
  * Fix UserIDDesignator::argument_value.
  * Add some helper functions.
  * tests: Add tests for sq cert list.
  * Fix sq cert list --gossip.
  * Fix output.
  * Release 1.0.0.
  * Fix NEWS.
  * Align `sq download` with `sq verify`.
  * Fix displaying preferred user IDs.
  * Write to temporary file first, then persist it under the final name.
  * Avoid using absolute paths in name of scratch files.
  * Automatically import certificates from GnuPG's certificate store.
  * Escape user IDs.
  * Escape preferred keyserver and policy URI.
  * Escape notation name and data.
  * Escape literal data file name and data prefix.
  * Escape all regular expressions.
  * Escape all reason for revocation messages.
  * Improve output sanitization.
  * Use the visual idiom for cert,userid pairs authenticating downloads.
  * Use the visual idiom for cert, userid pairs when decrypting.
  * Use the visual idiom for cert, userid pairs when importing revs.
  * Use the visual idiom for cert, userid pairs when certifying.
  * Improve argument and value formatting in hints.
  * Improve help output.
  * Revert "Refine sq pki {authenticate,lookup}'s user ID designators."
  * Fix commands embedded in the documentation.
  * Make verifying detached signatures more efficient.
  * Require sequoia-openpgp 1.22.
  * Fix hint.
  * Refine sq key userid revoke's user ID designators.
  * Refine sq pki vouch {add,authorize}'s user ID designators.
  * Refine sq pki {authenticate,lookup}'s user ID designators.
  * Refine sq pki link retract's user ID designators.
  * Refine sq pki link {add,authorize}'s user ID designators.
  * Add sq pki path --userid-by-email.
  * Gracefully handle unencrypted Autocrypt messages.
  * Align output emitted when importing certificates.
  * Don't unconditionally show provenance messages.
  * Fix importing unencrypted Autocrypt messages.
  * Improve error handling opening the cert store.
  * Do not hide errors from keyrings in verify.
  * Refactor packet and keyring files in /cli to new example framework.
  * Refactor files in /cli/network to new example framework.
  * Refactor files in /cli/pki to new example framework.
  * Refactor files in /cli to new example framework.
  * Remove the unstable CLI warning.
  * Don't make impossible recommendations.
  * Remove useless code.
  * Disable the --name and --add-name arguments.
  * Rename --userid-or-add to --add-userid, etc.
  * Extend and adjust the set of user ID designators.
  * Refactor the user ID designators.
  * Update all dependencies.
  * Fix test.
  * Trim unused features on sequoia-cert-store.
  * Update sequoia-net and reqwest.
  * Add argument `sq network search --iterations`.
  * Add argument `sq network search --use-dane`.
  * Add argument `sq network search --use-wkd`.
  * Better handle user ID's matched by --all.
  * Make --all conflict with other user ID designators.
  * Fix test for sq pki link retract.
  * Make `sq cert list` display certificates without user IDs.
  * Prepare for userid-less certificates in common::pki::authenticate.
  * Split OutputFormat::add_paths into two functions.
  * Fix listing certificates without authenticated bindings.
  * Apply the input lints to all certs.
  * Only show hints about an empty cert store if it is indeed empty.
  * Change `sq config inspect policy` to explain the policy.
  * Fix warnings about elided lifetimes that have a name.
  * Add tests for sq key approvals update.
  * tests: Improve sq key approvals update help functions.
  * Add tests for sq key approvals list.
  * Add tests for sq key userid revoke.
  * Add tests for sq pki lookup.
  * Add tests for sq pki authenticate.
  * Add tests for sq pki vouch {add,authorize}.
  * tests: Rename Sq::pki_vouch_authorize_p.
  * tests: Simplify Sq::try_pki_vouch_add and Sq::pki_vouch_authorize_p.
  * Add tests for sq pki link retract.
  * Add tests for sq pki link authorize.
  * Add tests for sq pki link add.
  * Simplify comments.
  * Lint CLI help texts.
  * Align CLI help texts with our UI guidelines.
  * Make long help texts configurable for cert designators.
  * Deduplicate and rework the signature notation argument handling.
  * Require explicit opt-out for encrypting without signing.
  * Use cert designators for `sq cert list`.
  * Add examples for `sq cert list`
  * Refactor files in /cli/cert to new example framework
  * Modify examples
  * Refactor files under .../cli/key to use example framework
  * Fix generation of user ID-less keys.
  * Upgrade hickory-proto to avoid vulnerable idna 0.4.0.
  * Gracefully handle missing ui section in config file.
  * Add `sq encrypt --profile` in preparation for RFC9580.
  * Add `sq key generate --profile` in preparation for RFC9580.
  * Parse key.generate.cipher-suite case sensitively.
  * Mention the configuration key in the augmented help texts.
  * Make `sq network dane generate` require cert designators or `--all`.
  * Make `sq pki link list` fail if a designated cert has no link.
  * Refactor user ID matching when resolving certificates.
  * Generalize the filter for `Sq::resolve_certs_filter.
  * Align `sq sign --detached-file` with `sq verify --detached-file`.
  * Make the default third-party certification expiration configurable.
  * Introduce a specialization for third-party certifications.
  * Make ExpirationArg configurable.
  * Manually implement clap::Args for ExpirationArg.
  * Add tests for sq pki link list.
  * Add tests for sq key list.
  * Listing an empty certificate store should not be an error.
  * Fix hint.
  * Hide --without-password from the sq key generate examples.
  * Make it possible to hide parts of an example.
  * Change the default third-party certification expiration to 10y.
  * Implement `sq pki vouch {add,authorize} --certifier-self`.
  * Improve the `--self-signer` help texts and add to the template.
  * Add a pattern argument to `sq pki link list`.
  * Add missing conflict for `sq key list`.
  * Change sq config inspect network to use stdout.
  * Change sq config inspect paths to use stdout.
  * Change sq cert import and sq key import to use stdout.
  * Improve sq network wkd publish's output.
  * Change sq network wkd publish to use stdout.
  * Convert a hint to a warning.
  * Change sq network keyserver publish to use stdout.
  * Change sq pki link add, etc. to use stdout.
  * Generalize make_qprintln to write to a different stream.
  * Change sq pki link list to use stdout.
  * Before printing a hint, flush stdout.
  * Change sq cert list, sq pki authenticate, etc. to use stdout.
  * Generalize the authentication output routines to use any stream.
  * Change sq key approvals list to use stdout.
  * Change sq key list to use stdout.
  * Add new macro wwrintln.
  * Generalize weprintln and iweprintln to write to any stream.
  * Rename wprintln to weprintln.
  * Clean up sq key list's output.
  * Implement `sq config inspect network`.
  * Implement `sq config inspect paths`.
  * Implement `sq config inspect policy`.
  * Make `sq key list` fail without key store, align error messages.
  * Align error messages when listing certs.
  * Import the secret key so that the example has something to list.
  * Change sq inspect to show the cert associated with a recipient.
  * policy: Update certificates.
  * Simplify code.
  * Remove unreachable code.
  * Fix resolving `--signer-self`.
  * Improve formatting of message.
  * Implement `sq sign --signer-self` and `sq encrypt --signer-self`.
  * Make the number of iterations configurable for `sq network search`.
  * Make use of DANE configurable when doing `sq network search`.
  * Make use of WKD configurable when doing `sq network search`.
  * Make the path to the backend servers configurable.
  * Fix displaying effective configuration.
  * Make hints configurable.
  * Generalize function.
  * Make verbosity configurable.
  * Introduce accessors for sq.quiet and sq.verbose.
  * Use platform-specific prompt in hints.
  * Indent hints so that they look different from shell prompts.
  * Improve the `--for-self` encryption hint.
  * Don't show hint if a recipient is listed in encrypt.for-self.
  * Don't explicitly create `Recipient`s.
  * Show the configuration file's location in sq config --help.
  * Fix message.
  * Display a hint if encrypting a message that one can not decrypt.
  * Implement `sq encrypt --for-self`.
  * When encrypting a message, list signers.
  * When encrypting a message, list recipients and passwords.
  * Use BufferedReader::copy to avoid an extra copy.
  * Rework encryption subkey selection.
  * Fix handling of `--home=default` and `--home=none`.
  * Drop superfluous mut.
  * Align user ID designators in `sq pki link retract`.
  * Add support for addressing shadow CAs by symbolic names.
  * Make `sq config get policy.path` reflect SEQUOIA_CONFIG_POLICY.

-------------------------------------------------------------------
Fri Jan 03 11:00:32 UTC 2025 - felix.niederwanger@suse.com

- Update to version 1.1.0:
  * Release 1.1.0.
  * Relax subplot dependency.
  * Relax rusqlite dependency.
  * Update Cargo.lock.
  * Fix output.
  * Add a lint for uncertified user IDs.
  * Show certificates without user IDs with --gossip.
  * Improve sq cert list's documentation.
  * Improve help text lints.
  * Fix long help generation for cert designators.
  * Update NEWS file.
  * Add option --unusable to sq cert list, etc.
  * Show hints about unusable bindings when --gossip is provided.
  * Change how we refer to unusable bindings in sq cert list.
  * Change sq cert list to not show warnings if --quiet is given.
  * Distinguish unauthenticated and invalid bindings in sq cert list.
  * Improve linting for sq cert list.
  * Don't list revoke user IDs.
  * Fix listing certificates by fingerprint or key ID.
  * Remove duplicate code.
  * Rework sq cert list's human readable output.
  * Improve UserIDDesignator::argument_value.
  * Fix UserIDDesignator::argument_value.
  * Add some helper functions.
  * tests: Add tests for sq cert list.
  * Fix sq cert list --gossip.
  * Fix output.

-------------------------------------------------------------------
Thu Dec 19 10:47:17 UTC 2024 - felix.niederwanger@suse.com

- Update to version 1.0.0:
  * Release 1.0.0.
  * Fix NEWS.
  * Align `sq download` with `sq verify`.
  * Fix displaying preferred user IDs.
  * Write to temporary file first, then persist it under the final name.
  * Avoid using absolute paths in name of scratch files.
  * Automatically import certificates from GnuPG's certificate store.
  * Escape user IDs.
  * Escape preferred keyserver and policy URI.
  * Escape notation name and data.

-------------------------------------------------------------------
Wed Dec 04 10:48:32 UTC 2024 - felix.niederwanger@suse.de

- Update to version 0.40.0:
  * Release 0.40.0.
  * Support thiserror 2.0.
  * Update Cargo.lock.
  * Mark `sq keyring filter` experimental.
  * Update MSRV to 1.79, which is subplot's current MSRV.
  * Add a configuration file and associated management commands.
  * Align user ID designators in `sq pki {link,vouch} {add,authorize}`.
  * Require self-signed user IDs when publishing certs in a WKD.
  * Update sequoia-keystore to 0.6.2.
  * Remove argument `sq key subkey export --cert-file`.
  * Fix message.
  * Remove argument `sq cert lint --export-secret-keys`.
  * Change sq pki link retract to use the NULL policy.
  * Improve hint.
  * To revoke a user ID, require the cert be valid under the current policy.
  * Improve message when a certificate can't be used for encryption.
  * tests: Add more tests for sq encrypt.
  * Don't use revoked certificates for encryption.
  * Improve sq key password's output.
  * Make sq key password change the password of weakly bound keys.
  * tests: Add tests for sq key password.
  * Improve how sq key delete handles ambiguous associations.
  * Change sq key {delete,password} to work with more certificates.
  * Change sq key delete to refuse to work with weakly bound subkeys.
  * Update to subplot 0.11.0.
  * Fix hint.
  * Improve documentation.
  * New mandatory switches `sq key generate <--own-key|--shared-key>`.
  * Improve status messages when publishing a WKD.
  * Fix copying the policy file if no updates happened.
  * Make `sq network wkd publish` work without a cert store.
  * Change sq key subkey {password,delete} to work with weak bindings.
  * Rename --notation to --signature-notation.
  * Add `sq encrypt --signature-notation`.
  * Fix examples.
  * Add missing examples for the network commands.
  * Add a builder-style interface to the example framework.
  * Certify newly created keys with a per-host shadow CA.
  * Differentiate the help texts for `--notation` slightly.
  * Fix sq cert lint.
  * Check for the cert / key store before doing work.
  * Improve no cert store / no key store error messages.
  * Catch clap errors, and display them better.
  * Rename `sq pki vouch certify` to `sq pki vouch add`.
  * Make `sq key import` read from stdin if no files are given.
  * Move the CLI parser for sq key import to its own module.
  * update container examples in readme
  * make container a single-user environment
  * add dockerignore file
  * add bash completion and manpages to container
  * improve OCI compatibility of Containerfile
  * rename Dockerfile to vendor-neutral Containerfile
  * Change sq network wkd generate to avoid unnecessary churn.
  * Improve sq network wkd generate's error messages.
  * Fail if the user tries to create an empty WKD.
  * Make sq network wkd publish more chatty.
  * Make sq network wkd publish more robust.
  * Fix sq packet join to not panic if there is no input.
  * Show an issuer's user ID, if we know it.
  * Rename sq packet split --prefix to --output-prefix.
  * Add a hint to sq packet split's output.
  * Change sq packet split to write to stdout by default.
  * Improve the "waiting for input on stdin" message.
  * Limit width when wrapping help texts to increase readability.
  * Use a simpler word separator algorithm to keep URLs intact.
  * Don't break lines if stderr is not a terminal.
  * Don't limit the width of emitted text.
  * Remove `sq toolbox extract-cert`.
  * Remove test framework for toolbox strip-userid.
  * Fix hints to do packet dump.
  * Change sq decrypt to not use rpassword directly.
  * Change sq decrypt to respect --batch.
  * Make `sq cert lint` read from stdin again.
  * Only display hint for live certs.
  * Align spelling of cert-store with the command line argument.
  * Show sources of data when fetching certs over the network.
  * In sq key list, prefer weakly bound user IDs to nothing.
  * Change sq key list to display more user IDs.
  * Refactor common::get_keys to be less clever.
  * Fix sq pki path to use Sq::resolve_cert.
  * Remove unnecessary lookup.
  * Fix documentation.
  * Don't add approvals for non-exportable certifications or certs.
  * Move the ca_creation_time function to the common module.
  * Change the packet dumper to show the issuer, when available.
  * Remove the `--binary` flag from all commands emitting certs or keys.
  * Use `--cert-` prefix for all cert designators.
  * Remove `sq toolbox strip-userid`.
  * Turn `sq key approvals --add-authenticated` into a flag.
  * When searching by fingerprint, show any unauthenticated certificate.
  * Rearrange the order of the user ID designator arguments.
  * Rename --add-userid to --userid-or-add, etc.
  * Add support for examples that are only syntax checked.
  * Add some tracing.
  * Fix sq cert list for fingerprints and key IDs.
  * Implement From<KeyHandle> for CertDesignators.
  * When listing who made a certification, show the fingerprint.
  * When listing approvals, indicate whether there are any pending.
  * Make sq key approvals more transparent.
  * Make sq key approvals update require an action.
  * Lint user IDs that would be added and are not self signed.
  * Rename sq toolbox dearmor to sq packet dearmor.
  * Rename sq toolbox armor to sq packet armor.
  * Move sq toolbox packet to sq packet.
  * Move sq toolbox keyring to sq keyring.
  * Fix comment.
  * tests: Fix check.
  * Show standard usage if no arguments are supplied to sq cert export.
  * Port sq toolbox userid-strip to the user ID designator framework.
  * Port sq cert list and two more to the user ID designator framework.
  * Upgrade sequoia-wot.
  * Move the authenticate function to its own module under common.
  * Improve the format of error messages for failing examples.
  * Revise the authenticate code's linting.
  * Port sq pki {authenticate,identify} to the cert designator framework.
  * Move the sq pki identify cli definition to its own module.
  * Move the sq pki lookup cli definition to its own module.
  * Move the sq pki authenticate cli definition to its own module.
  * Improve documentation.
  * Expand ~ in state directories.
  * Make `sq encrypt --set-metadata-filename` take a simple string.
  * Remove `sq encrypt --set-metadata-time`.
  * Port sq pki path to the user ID designator framework.
  * Add support for adding a user ID by display name.
  * Make sq pki path's user ID argument a named argument.
  * Move the sq pki path cli definition to its own module.
  * Move the sq pki path implementation to its own module.
  * Make `sq download --output` mandatory.
  * Port sq key userid revoke to the user ID designator framework.
  * Add support for adding a user ID by display name.
  * When printing self-signed user IDs, also show invalid user IDs.
  * Port sq key approvals update to the user ID designator framework.
  * Port sq key approvals list to the user ID designator framework.
  * Add support for designating a self-signed user ID by display name.
  * Improve naming.
  * Optimize downloading of data files with detached signatures.
  * Forbid `--output` when verifying detached signatures.
  * Add note.
  * Cause sq download to fail faster if the output file can't be used.
  * Split the argument `sq network wkd publish --create` into two.
  * Use cert designators for the signer arguments of `sq encrypt`.
  * Use cert designators for the signer arguments of `sq sign`.
  * Change --email and --add-email to only match user IDs unambiguously.
  * Add `sq sign --mode` to create binary or text signatures.
  * Change --add-userid from a flag to two arguments.
  * Generalize active_certifications.
  * tests: When calling sq pki authenticate include --show-paths.
  * tests: Abstract user ID argument passing.
  * Drop debugging remnant.
  * Replace `--no-cert-store` and `--no-key-store`.
  * Make home directory optional.
  * Introduce accessors.
  * Require explicit mode, and align `sq sign` and `sq verify`.
  * Make tests less expensive.
  * Change sq key list to not filter out unauthenticated certificates.
  * Add a DWIM search parameter to sq key list.
  * Remove `sq cert lint --list-keys`.
  * Set signature creation times closer to where the builder is created.
  * Expand the designated signers to user ID, email, and domain queries.
  * Use only designated signers to verify signatures.
  * Make `sq pki link add` honor `sq --time`.
  * Move struct VHelper to commands::verify.
  * Disable the help subcommand everywhere except at the top-level.
  * Add new command sq download.
  * Don't move when passing a reference will do.
  * Add new argument, --cli-version, to require a CLI version.
  * Rename OutputVersion to Version and move it to its own module.
  * Fix sq toolbox packet dump's help text.
  * Don't show the progress bar if --batch is specified.
  * Print out the certificate that decrypted a message.
  * Show more information about certificates in sq key list.
  * Normalize output.
  * Show more information about certificates in sq cert list.
  * Finish renaming attestation to approval.
  * Make sq key expire's expiration argument required.
  * Use key designators for sq key subkey revoke.
  * Fix documentation.
  * Use key designators for sq key subkey {delete,password}.
  * Change sq key subkey export to require the certificate to export.
  * Move the bind module.
  * Move the sq key subkey revoke implementation to its own module.
  * Move the sq key subkey expire implementation to its own module.
  * Move the sq key subkey password implementation to its own module.
  * Move the sq key subkey delete implementation to its own module.
  * Move the sq key subkey export implementation to its own module.
  * Move the sq key subkey add implementation to its own module.
  * Move cli parser for sq key subkey bind to its own module.
  * Move cli parser for sq key subkey revoke to its own module.
  * Move cli parser for sq key subkey expire to its own module.
  * Move cli parser for sq key subkey password to its own module.
  * Move cli parser for sq key subkey delete to its own module.
  * Move cli parser for sq key subkey export to its own module.
  * Move cli parser for sq key subkey add to its own module.
  * Add a new key designator type.
  * Use more qualified names to reduce ambiguity.
  * Don't extend the expiration of invalid components.
  * Change sq key subkey bind to use the expriation type.
  * Extend Time to support relative timestamps.
  * Move the Time type to its own module.
  * Make it clearer that we don't support ISO 8601 durations.
  * Dry out sq key expire's expiration argument.
  * Add a global option, --policy-as-of, to select a crypto policy.
  * If decryption fails, delete the output file.
  * tests: Generalize Sq::encrypt and Sq::decrypt to work with files.
  * If signature verification fails, delete the output file.
  * Add support for merging bare revocation certificates.
  * Dry out the keyring merge function.

-------------------------------------------------------------------
Mon Nov 04 07:40:40 UTC 2024 - felix.niederwanger@suse.de

- Update to version 0.39.0:
  * Release 0.39.0.
  * Loosen reqwest dependency.
  * Loosen subplot dependency.
  * Upgrade terminal_size.
  * Upgrade sequoia-policy-config.
  * Update Cargo.lock.
  * Fix various typo in the NEWS file.
  * Add support for importing bare revocation certificates.
  * Rework signature verification output.
  * Don't let bad signatures override good signatures.
  * When reading from stdin, emit a warning if we don't get any input.
  * Improve sq encrypt's examples to better reflect best practices.
  * Improve the error message shown when sq encrypt gets no recipients.
  * Make sq key userid revoke's positional arguments named arguments.
  * Make sq key subkey revoke's positional arguments named arguments.
  * Make sq key revoke's positional arguments named arguments.
  * Dry out --expiration.
  * Move the Expiration type to its own module.
  * Make sq key expire's expiration argument a named argument.
  * Make sq key subkey expire's expiration argument a named argument.
  * Improve error messages.
  * Improve message.
  * Fix how user IDs are displayed.
  * When displaying a gossip path, show the path's trust amount.
  * Fix self signature check.
  * Fix how paths for self signatures are displayed.
  * Rework gossip.
  * Upgrade sequoia-wot.
  * Remove sq pki path's --gossip argument.
  * tests: Dry out certificate handling.
  * Use cert designators for the certifier in `sq pki vouch authorize`.
  * Use cert designators for the certifier in `sq pki vouch certify`.
  * Remove the pEp store integration.
  * Add `--output` and `--binary` arguments to `sq key subkey export`.
  * Add `--output` and `--binary` arguments to `sq key export`.
  * Add an `--output` argument to `sq cert export`.
  * Use cert designators for `sq toolbox packet dump`.
  * Use cert designators for `sq toolbox strip-userid`.
  * Add `sq network keyserver publish --domain`.
  * Use cert designators for `sq key approvals update`.
  * Use cert designators for `sq key approvals list`.
  * Use cert designators for `sq key subkey bind`.
  * Use cert designators for `sq key subkey revoke`.
  * Use cert designators for `sq key subkey expire`.
  * Use cert designators for `sq key subkey password`.
  * Use cert designators for `sq key subkey delete`.
  * Improve wrapping of examples.
  * Use cert designators for `sq key subkey add`.
  * Use cert designators for `sq key userid revoke`.
  * Use cert designators for `sq key userid add`.
  * Use cert designators for `sq key revoke`.
  * Avoid heap allocation if we don't change the help text.
  * Use cert designators for `sq key expire`.
  * Use cert designators for `sq key password`.
  * Cleanup.
  * Move the CLI parser for `sq key password` to its own module.
  * Improve wrapping of examples.
  * Use cert designators for `sq cert lint`.
  * Consolidate import stat printing more.
  * Fix and add hints for when no certs matched.
  * Fix updating import statistics.
  * Make `sq key delete --file` require `--output`.
  * Use cert designators for `sq key delete`.
  * Move the command line parser for `sq key delete` to its own module.
  * Use cert designators for `sq key export`.
  * Introduce a symbolic name for the default empty options.
  * Move the command line parser for `sq key export` to its own module.
  * Use cert designators for `sq key list`.
  * Move the command line parser for `sq key list` to its own module.
  * Use cert designators for `sq inspect`.
  * Use cert designators for `sq verify`.
  * Use cert designators for `sq decrypt`.
  * Change --cert to only look up by primary key fingerprint.
  * Raise limit of stdout and stderr shown in tests.
  * Add filters to `sq pki link list`.
  * Adapt fingerprint, user ID pairs display in link listings.
  * Tweak edge annotations.
  * Rework how fingerprint, user ID pairs are displayed.
  * Merge `sq autocrypt import` into `sq cert import`, remove others.
  * Implement AddAssign for ImportStats.
  * Parse certificates from a Dup reader.
  * Remove the Autocrypt gossip CA framework.
  * Print error chains at the top level.
  * Improve formatting of error chains.
  * Remove obsolete TODOs.
  * Make `sq inspect` handle non-OpenPGP data.
  * Fix hint formatting.
  * Enable the use of state in the subplot tests.
  * Set a SEQUOIA_HOME directory for the subplot tests.
  * Remove the DWIM interface from `sq cert export`.
  * Fix mutability of recipient in accessors.
  * Only export certificates with authenticated bindings.
  * Remove obsolete todos.
  * Hide certification and key creation times for shadow CAs.
  * Remove redundant trust amount information.
  * Use non-breaking hyphens to format dates.
  * Filter out self-signatures when `--gossip` is given.
  * Remove now unused non-concise human readable output format.
  * Make the path output a little less dense.
  * Merge the path printing into the concise human readable output.
  * Align the output of `sq cert list` with `sq key list`.
  * Align timestamp formatting.
  * Align hint formatting.
  * Split `sq network wkd publish --rsync` into two to avoid ambiguity.
  * Fix documentation.
  * Rename `sq verify --signer-cert` to `--signer`.
  * Simplify crate::load_keys.
  * Simplify crate::load_certs.
  * Add `--all` flag to `sq network wkd publish` and `dane generate`.
  * Use imperative mood to describe the cert and user ID designators.
  * Make `sq --home=default` work.
  * Remove `sq network dane generate --skip`.
  * Move sq pki list to sq cert list.
  * Rename test files.
  * Add a test.
  * Don't try to certify invalid user IDs.
  * Make it easier to debug failing examples.
  * Move sq pki {certify,authorize} under sq pki vouch.
  * Split authorization functionality out of sq pki link add.
  * Generalize helper function.
  * Reorder sq pki link add's options.
  * Dedup user IDs.
  * Identify common user errors when verifying detached signatures.
  * Fix example description.
  * Make `inspect` return the kind of data it thinks it is looking at.
  * Port sq pki link retract to the user ID designator framework.
  * Don't require --add-userid if that option isn't enabled.
  * Improve output when retracting a link.
  * Fix sq pki link retract when retracting all certifications.
  * Check all user IDs, not just self-signed user IDs.
  * Align sq pki link add's user ID specification with sq pki certify.
  * Remove sq pki link retract's positional argument for specifying a user ID.
  * Remove sq pki link add's positional argument for specifying a user ID.
  * Change sq pki link retract to use a named argument for the certificate.
  * Change sq pki link add to use a named argument for the certificate.
  * Add `sq cert export --local` to export non-exportable sigs.
  * Show more information about downloaded certificates.
  * Support indentation parameters in qprintln.
  * Fix hint.
  * Check that we don't certify our own certificate.
  * Refactor user ID resolution.
  * Add a user ID designator abstraction.
  * Extend sq pki authorize to constrain by domain.
  * Move the domain to regex conversion functionality to common.
  * Don't specify value_name twice for a single argument.
  * Add new subcommand sq pki authorize.
  * Generalize Sq::pki_certify to certify multiple user IDs at once.
  * Reorder sq pki certify's options.
  * Change sq pki certify to use a named argument for the certificate.
  * Extend the cert designator framework to support required arguments.
  * Change sq pki certify to use a named argument for the user ID.
  * Refactor sq pki certify, sq pki link add and sq pki link retract.
  * Add a None variant to the TrustAmount enum.
  * Simplify the active_certification utility function.
  * Emit a hint if `sq cert import`ing a key.
  * Drop the free-form command hint interface.
  * Make all command hints use the structured hint framework.
  * On debug builds, parse the emitted hints and panic if that fails.
  * Add a structured command hint framework.
  * Emit hint on how to extract a particular certificate.
  * Move function.
  * Always list found certificates, and reword the message.
  * Rename `sq network fetch` to `search`, likewise hkp, WKD, and DANE.
  * Merge certificates fetched from the network earlier.
  * Move type ImportStatus.
  * Unify key and cert import stats, be explicit about what is imported.
  * Add a test to execute some sanity checks against the CLI.
  * Make `--rev-cert` argument mandatory if `--output` has been given.
  * Improve some integration tests to use more of the test framework.
  * Remove `sq network keyserver publish --require-all`.
  * Always print the error message in addition to propagating it.
  * Emit a hint that the Mailvelope key server rejects some certs.
  * Augment usage messages with examples.
  * Slightly indent the pointer to the global arguments.
  * Provide helpful guidance if there are no secret keys.
  * Make `sq key generate --rev-cert` behave like other outputs.
  * Move CLI definition of `sq key generate` to its own module.
  * Display the signers cert fingerprint when inspecting artifacts.
  * Fix formatting.
  * Return the selected certificate from Sq::best_userid_for.
  * Make Sq::best_userid_for work with use_wot=false.
  * Improve best user ID computation.
  * Improve certificate lookups when computing best user ID.
  * Use cheaper predicate to see if an iterator is empty.
  * Make `sq toolbox keyring filter --handle` robust.
  * Apply the cert filter only once.
  * Add tests for `sq toolbox keyring filter`.
  * Run tests in a separate working directory.
  * Deduplicate function to locate test artifacts.
  * Change sq pki certify to reject expired and revoked certs.
  * Don't word-wrap commands in hints.
  * Fix hints emitted when fetching certs from the network.
  * Improve hint formatting.
  * Add an explicit output parameter for `sq toolbox packet split`.
  * Align the value-name for --home.
  * Add an ENVIRONMENT section to the top-level man page.
  * Rename environment variables to override cert and key store.
  * Use a custom CLI parser for state directories.
  * Improve documentation for sq key expire and sq key subkey expire.
  * Don't extend the expiration of subkeys that are hard revoke.
  * Add a unit test for sq key subkey expire for soft revocations.
  * Add a unit test for sq key subkey expire for unbound subkeys.
  * Normalize naming.
  * Fix setting a certificate's expiration time.
  * Fix setting a certificate's expiration time.
  * Fix documentation.
  * Fix capitalization of example section in help texts.
  * Port cert lint examples to the example framework.
  * Port keyring examples to the example framework.
  * Implement examples containing pipelines.
  * Add missing example data file bob.pgp.
  * Port dearmor examples to the example framework.
  * Port armor examples to the example framework.
  * Port extract-cert examples to the example framework.
  * Port link examples to the example framework.
  * Fix line wrapping when printing examples.
  * Update futures-util (and related packages).
  * Don't call exit, just return an error.
  * Fix example.
  * Use cert designators for `sq network keyserver publish`.
  * Use cert designators for `sq network wkd publish`.
  * Use cert designators for `sq network dane generate`.
  * Prevent cert designators from over-eagerly grabbing other options.
  * Fix composing cert designators.
  * Make the domain argument a long argument like in wkd publish.
  * Improve listing of secret keys.
  * Fix argument name computation.
  * Rename `sq encrypt --recipient` to sq encrypt --for`.
  * Rename `--recipient-cert` to `--recipient`.
  * Rename `--signer-key` to `--signer`.
  * Rename the global `--force` flag to `--overwrite`.
  * New flag `sq pki link add --recreate` instead of `--force`.
  * New flag `sq key userid revoke --add-userid` instead of `--force`.
  * Make the file creation utilities take a reference to Sq.
  * Move some file support code so that it can use Sq.
  * Rename `sq verify --detached` to `sq verify --signature-file`.
  * Fix changing the expiration time on keys without direct key sig.
  * Add missing NEWS entry.
  * Rename sq key subkey adopt to bind, improve documentation.
  * Move sq key adopt to sq key subkey adopt.
  * Improve warning message.
  * Port the examples of sq toolbox packet to the examples framework.
  * Improve and fix the documentation of sq toolbox packet split.
  * Fix splitting and joining packets with bodies, such as literals.
  * Improve the file names when splitting packet streams.
  * Emit a hint when trying to sq key import a certificate.
  * Deduplicate subkey arguments when revoking subkeys.
  * Introduce a switch to select the type of DNS resource records.
  * Fix adopting subkeys backed by the softkeys backend into softkeys.
  * Allow source certs to be ambiguous when adopting a key.
  * Avoid file descriptor exhaustion when fetching certificates.
  * Disregard bad information in the signers user ID subpacket.
  * Use the cert fingerprint in messages, not the signing subkeys keyID.
  * Fix hints.
  * Bump MSRV to 1.75.
  * Remove redundant long_about.
  * Fix hint.
  * Fix long about strings so that they line wrap.
  * Escape newlines in help text to enable automatic line wrapping.
  * Fix spelling.
  * Don't dump bad signatures by default, add CLI switch for that.
  * Dump bad signatures.
  * Rework indentation in the inspect module.
  * Refactor signature dumping.
  * Refactor key dumping.
  * When adopting a key, if the creation time is unset, set it.
  * Add the --creation-time argument to sq key adopt.
  * When adopting a key, error out if the key's key flags is empty.
  * Allow modifying the key flags when adopting a key.
  * Don't require a key being adopted to have a binding signature.
  * Make the test helper function Sq::key_adopt more consistent.
  * Simplify how tests call sq key adopt.
  * Allow tests to pass addition arguments to sq key adopt.
  * Tighten the sq encrypt tests.
  * Switch sq encrypt to the certificate designator abstraction.
  * Switch sq cert export to the certificate designator abstraction.
  * Fix sq cert export test vector.
  * Add a certificate designator abstraction.
  * Add a test for sq encrypt for revoked subkeys.
  * Add a test for sq encrypt for expired subkeys.
  * Add a test for sq encrypt for non-encryption-capable certifications.
  * Add a test for sq encrypt's certificate designators.
  * Port sq_encrypt.rs to the common test framework.
  * Move implementation, add NEWS entry.
  * Move sq key userid strip to sq toolbox strip-userid.
  * Make sq key expire more robust.
  * Improve debugging output.
  * Add a convenience function to preserve a test's state.
  * Improve comments of revocation certificates.
  * Wrap comment lines in revocation certificates.
  * Align sq key subkey expire and sq key subkey revoke.
  * Move the `sq key subkey` CLI parser to its own module.
  * Move the `sq key revoke` CLI parser to its own module.
  * Avoid using the system-wide crypto policy in tests.
  * Implement sq --quiet.
  * Remove debugging remnant.
  * ci: remove pre-common-ci vestiges

-------------------------------------------------------------------
Thu Oct 17 07:52:05 UTC 2024 - felix.niederwanger@suse.de

- Update to version 0.38.0:
  * Release 0.38.0.
  * Require exact --name and --email matches.
  * Drop dependency itertools.
  * Link to the new user documentation.
  * Fix cleartext, message signing with --signer-cert.
  * Improve wording.
  * Update sequoia-keystore.
  * Update sequoia-openpgp.
  * Add a RSA2k cipher suite.
  * Drop serde_json dependency.

-------------------------------------------------------------------
Thu Feb 29 13:32:20 UTC 2024 - Felix Niederwanger <felix.niederwanger@suse.de>

- Disable cargo_audit for now

-------------------------------------------------------------------
Thu Feb 29 13:30:50 UTC 2024 - Felix Niederwanger <felix.niederwanger@suse.de>

- Add comment for future legal reviews

-------------------------------------------------------------------
Mon Feb 26 17:33:40 UTC 2024 - Jan Engelhardt <jengelh@inai.de>

- Ensure neutrality of descriptions.

-------------------------------------------------------------------
Thu Feb 22 14:21:54 UTC 2024 - Felix Niederwanger <felix.niederwanger@suse.de>

- Add conflict with ispell-sq

-------------------------------------------------------------------
Thu Feb 22 14:20:51 UTC 2024 - Felix Niederwanger <felix.niederwanger@suse.de>

- Add shell completions

-------------------------------------------------------------------
Tue Feb 20 18:56:34 UTC 2024 - Felix Niederwanger <felix.niederwanger@suse.com>

- Add man pages and doc files

-------------------------------------------------------------------
Thu Feb 15 09:48:08 UTC 2024 - felix.niederwanger@suse.de

- Use the sequoia-sq repository instead of the old sequoia with tags therein
- Add sqlite dependency
- Remove cargo_config
- Update to version 0.33.0:
  * Release 0.33.0.
  * Allow updating textwrap to 0.16.
  * Bump all dependencies.
  * Improve build and installation instructions.
  * Update NEWS.
  * Fix markup.
  * Update h2 to fix RUSTSEC-2024-0003.
  * Implement sq version, drop --version, move output-version there.
  * Add sq toolbox, move the armor and packet subcommands there.
  * Move sq import and export to sq cert.

-------------------------------------------------------------------
Thu Feb 15 09:46:33 UTC 2024 - felix.niederwanger@suse.de

- Update to version 0.33.0:
  * Release 0.33.0.
  * Allow updating textwrap to 0.16.
  * Bump all dependencies.
  * Improve build and installation instructions.
  * Update NEWS.
  * Fix markup.
  * Update h2 to fix RUSTSEC-2024-0003.
  * Implement sq version, drop --version, move output-version there.
  * Add sq toolbox, move the armor and packet subcommands there.
  * Move sq import and export to sq cert.

-------------------------------------------------------------------
Thu Feb  8 13:55:05 UTC 2024 - Felix Niederwanger <felix.niederwanger@suse.de>

- Disable update of vendored dependencies due to build errors

-------------------------------------------------------------------
Thu Feb  8 07:44:14 UTC 2024 - Felix Niederwanger <felix.niederwanger@suse.de>

- Update licence (GPLv2-only)

-------------------------------------------------------------------
Wed Feb  7 15:29:37 UTC 2024 - Felix Niederwanger <felix.niederwanger@suse.de>

- Update the service file:
  * Change version schema to not include the git commit
  * Remove unnecessary cargo audit
  * Use obscpio as storage format

-------------------------------------------------------------------
Wed Feb 07 15:21:31 UTC 2024 - felix.niederwanger@suse.de

- Update to version 0.28.0~git0.82eb0d7:
  * sq: Release 0.28.0.
  * sq: Fix usage generation.
  * sq: Avoid deprecated chrono interfaces.
  * sq: Update manpages.
  * sq: Fix features.
  * openpgp: Add streaming decryptor tests using passwords.
  * openpgp: Fix salt generation in impl Arbitrary for S2K.
  * openpgp: Enable test.
  * openpgp: Fix documentation.
  * openpgp: Don't check subpacket area length when parsing.

-------------------------------------------------------------------
Wed Jul 27 11:04:08 UTC 2022 - adam@mizerski.pl

- Update to version 0.27.0~git0.fd8912e4:
  * sq: Release 0.27.0.
  * sq: allow choosing output format and version via the environment
  * sq: update subplot to test JSON output for 'sq keyring list' works
  * sq: add JSON output for 'sq keyring list'
  * sq: add dependency on serde and serde-json
  * sq: add global options --output-format and --output-version
  * sq: add data types for output format and version of output format
  * sq: Update manpages.
  * net: Release 0.25.0.
  * sq: Implement 'key userid strip'.

-------------------------------------------------------------------
Sat Apr 23 10:11:47 UTC 2022 - adam@mizerski.pl

- Update to version 0.26.0~git0.103faed4:
  * sq: Release 0.26.0.
  * openpgp: Open NEWS entry for 1.9.0.
  * openpgp: Release 1.8.0.
  * openpgp: Disable doctest if padding is not available.
  * openpgp: Fix test.
  * openpgp: Fix warnings when building without compression features.
  * openpgp: Fix test failure if compression features are disabled.
  * openpgp: Improve documentation regarding certificate expiry.
  * sq: fix requirement for bad signature to be _no_ output
  * sq: Make test more robust.

-------------------------------------------------------------------
Tue Dec 14 09:10:26 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>

- Initial packaging of version 0.25.0