sequoia-sq-1.3.1/.cargo_vcs_info.json0000644000000001360000000000100131250ustar { "git": { "sha1": "198777869bd9e51d98f0782c2caa605b4dfbdfa5" }, "path_in_vcs": "" }sequoia-sq-1.3.1/.dockerignore000064400000000000000000000001451046102023000143710ustar 00000000000000# don't include the Dockerfile to avoid poisonning the cache Containerfile .dockerignore .git target sequoia-sq-1.3.1/.gitattributes000064400000000000000000000000231046102023000146030ustar 00000000000000* text=auto eol=lf sequoia-sq-1.3.1/.gitignore000064400000000000000000000001131046102023000137000ustar 00000000000000/target/ **/*.rs.bk *~ .gdb_history .dir-locals.el /*.html /*.pdf writelocksequoia-sq-1.3.1/.gitlab-ci.yml000064400000000000000000000043141046102023000143530ustar 00000000000000stages: - pre-check - build - test - deploy include: - component: "gitlab.com/sequoia-pgp/common-ci/sequoia-pipeline@main" inputs: extra_features: ",subplot" variables: SEQUOIA_CRYPTO_POLICY: "" docker-build-push: # Official docker image. image: docker:stable stage: build services: - docker:dind tags: - docker - self-hosted before_script: - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY script: - > docker build --no-cache --file Containerfile --target sq --tag "$IMAGE":latest . # smoke test - docker run "$IMAGE":latest --help - docker push "$IMAGE":latest after_script: [] only: refs: - /docker/i # refs containing 'docker' keyword - tags - web - schedules variables: CI_REGISTRY: "registry.gitlab.com" IMAGE: "$CI_REGISTRY/sequoia-pgp/sequoia-sq" DOCKER_HOST: tcp://docker:2376 pages: stage: build image: jampot.sequoia-pgp.org/sequoia-pgp/build-docker-image/trixie-pandoc:latest script: - ASSET_OUT_DIR=/tmp/assets cargo doc --no-deps -p sequoia-sq - mkdir public - mv -v target/doc public/impl # Man pages. - /tmp/assets/man-pages/man2html.sh --generate - mkdir public/man - mv -v $(for f in $(/tmp/assets/man-pages/man2html.sh --html-files); do echo /tmp/assets/man-pages/$f; done) public/man - echo "/sequoia-sq/man /sequoia-sqv/man/$(/tmp/assets/man-pages/man2html.sh --html-root) 302" >> public/_redirects - mkdir public/subplot - pandoc -s -o public/subplot/sq-subplot.html sq-subplot.md - pandoc -s -o public/subplot/sq-subplot.pdf sq-subplot.md - echo "/sequoia-sq/ /sequoia-sq/man/sq.1.html 302" > public/_redirects - echo "/sequoia-sq/impl /sequoia-sq/impl/sq/index.html 302" >> public/_redirects - echo "/sequoia-sq/subplot /sequoia-sq/subplot/sq-subplot.html 302" >> public/_redirects artifacts: paths: - public pages: false pages-deploy: stage: deploy image: jampot.sequoia-pgp.org/sequoia-pgp/build-docker-image/trixie-pandoc:latest script: echo "publishing" artifacts: paths: - public pages: true rules: - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' sequoia-sq-1.3.1/Cargo.lock0000644000004010120000000000100110760ustar # This file is automatically @generated by Cargo. # It is not intended for manual editing. version = 3 [[package]] name = "addr2line" version = "0.24.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dfbe277e56a376000877090da837660b4427aad530e3028d44e0bffe4f89a1c1" dependencies = [ "gimli", ] [[package]] name = "adler2" version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627" [[package]] name = "aead" version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0" dependencies = [ "crypto-common", "generic-array", ] [[package]] name = "aes" version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0" dependencies = [ "cfg-if", "cipher", "cpufeatures", "zeroize", ] [[package]] name = "aes-gcm" version = "0.10.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "831010a0f742e1209b3bcea8fab6a8e149051ba6099432c8cb2cc117dec3ead1" dependencies = [ "aead", "aes", "cipher", "ctr", "ghash", "subtle", ] [[package]] name = "ahash" version = "0.8.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e89da841a80418a9b391ebaea17f5c112ffaaa96f621d2c285b5174da76b9011" dependencies = [ "cfg-if", "once_cell", "version_check", "zerocopy", ] [[package]] name = "aho-corasick" version = "1.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" dependencies = [ "memchr", ] [[package]] name = "aligned" version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "377e4c0ba83e4431b10df45c1d4666f178ea9c552cac93e60c3a88bf32785923" dependencies = [ "as-slice", ] [[package]] name = "android-tzdata" version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0" [[package]] name = "android_system_properties" version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311" dependencies = [ "libc", ] [[package]] name = "anstream" version = "0.6.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8acc5369981196006228e28809f761875c0327210a891e941f4c683b3a99529b" dependencies = [ "anstyle", "anstyle-parse", "anstyle-query", "anstyle-wincon", "colorchoice", "is_terminal_polyfill", "utf8parse", ] [[package]] name = "anstyle" version = "1.0.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "55cc3b69f167a1ef2e161439aa98aed94e6028e5f9a59be9a6ffb47aef1651f9" [[package]] name = "anstyle-parse" version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3b2d16507662817a6a20a9ea92df6652ee4f94f914589377d69f3b21bc5798a9" dependencies = [ "utf8parse", ] [[package]] name = "anstyle-query" version = "1.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "79947af37f4177cfead1110013d678905c37501914fba0efea834c3fe9a8d60c" dependencies = [ "windows-sys 0.59.0", ] [[package]] name = "anstyle-wincon" version = "3.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ca3534e77181a9cc07539ad51f2141fe32f6c3ffd4df76db8ad92346b003ae4e" dependencies = [ "anstyle", "once_cell", "windows-sys 0.59.0", ] [[package]] name = "anyhow" version = "1.0.97" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dcfed56ad506cb2c684a14971b8861fdc3baaaae314b9e5f9bb532cbe3ba7a4f" [[package]] name = "argon2" version = "0.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3c3610892ee6e0cbce8ae2700349fcf8f98adb0dbfbee85aec3c9179d29cc072" dependencies = [ "base64ct", "blake2", "cpufeatures", "password-hash", ] [[package]] name = "arraydeque" version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7d902e3d592a523def97af8f317b08ce16b7ab854c1985a0c671e6f15cebc236" [[package]] name = "as-slice" version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "516b6b4f0e40d50dcda9365d53964ec74560ad4284da2e7fc97122cd83174516" dependencies = [ "stable_deref_trait", ] [[package]] name = "ascii-canvas" version = "3.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8824ecca2e851cec16968d54a01dd372ef8f95b244fb84b84e70128be347c3c6" dependencies = [ "term 0.7.0", ] [[package]] name = "ascii-canvas" version = "4.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ef1e3e699d84ab1b0911a1010c5c106aa34ae89aeac103be5ce0c3859db1e891" dependencies = [ "term 1.0.1", ] [[package]] name = "assert_cmd" version = "2.0.16" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dc1835b7f27878de8525dc71410b5a31cdcc5f230aed5ba5df968e09c201b23d" dependencies = [ "anstyle", "bstr", "doc-comment", "libc", "predicates", "predicates-core", "predicates-tree", "wait-timeout", ] [[package]] name = "async-generic" version = "1.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ddf3728566eefa873833159754f5732fb0951d3649e6e5b891cc70d56dd41673" dependencies = [ "proc-macro2", "quote", "syn", ] [[package]] name = "async-trait" version = "0.1.87" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d556ec1359574147ec0c4fc5eb525f3f23263a592b1a9c07e0a75b427de55c97" dependencies = [ "proc-macro2", "quote", "syn", ] [[package]] name = "atomic-waker" version = "1.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" [[package]] name = "autocfg" version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26" [[package]] name = "backtrace" version = "0.3.74" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8d82cb332cdfaed17ae235a638438ac4d4839913cc2af585c3c6746e8f8bee1a" dependencies = [ "addr2line", "cfg-if", "libc", "miniz_oxide", "object", "rustc-demangle", "windows-targets 0.52.6", ] [[package]] name = "base16ct" version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" [[package]] name = "base64" version = "0.22.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" [[package]] name = "base64ct" version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" [[package]] name = "bindgen" version = "0.70.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f49d8fed880d473ea71efb9bf597651e77201bdd4893efe54c9e5d65ae04ce6f" dependencies = [ "bitflags", "cexpr", "clang-sys", "itertools 0.13.0", "proc-macro2", "quote", "regex", "rustc-hash", "shlex", "syn", ] [[package]] name = "bit-set" version = "0.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0700ddab506f33b20a03b13996eccd309a48e5ff77d0d95926aa0210fb4e95f1" dependencies = [ "bit-vec 0.6.3", ] [[package]] name = "bit-set" version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "08807e080ed7f9d5433fa9b275196cfc35414f66a0c79d864dc51a0d825231a3" dependencies = [ "bit-vec 0.8.0", ] [[package]] name = "bit-vec" version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb" [[package]] name = "bit-vec" version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5e764a1d40d510daf35e07be9eb06e75770908c27d411ee6c92109c9840eaaf7" [[package]] name = "bitflags" version = "2.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5c8214115b7bf84099f1309324e63141d4c5d7cc26862f97a0a857dbefe165bd" [[package]] name = "blake2" version = "0.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe" dependencies = [ "digest", ] [[package]] name = "block-buffer" version = "0.10.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" dependencies = [ "generic-array", ] [[package]] name = "block-padding" version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a8894febbff9f758034a5b8e12d87918f56dfc64a8e1fe757d65e29041538d93" dependencies = [ "generic-array", ] [[package]] name = "blowfish" version = "0.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e412e2cd0f2b2d93e02543ceae7917b3c70331573df19ee046bcbc35e45e87d7" dependencies = [ "byteorder", "cipher", ] [[package]] name = "botan" version = "0.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "24d4c7647d67c53194fa0740404c6c508880aef2bfe99a9868dbb4b86f090377" dependencies = [ "botan-sys", ] [[package]] name = "botan-sys" version = "0.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "04285fa0c094cc9961fe435b1b279183db9394844ad82ce483aa6196c0e6da38" [[package]] name = "bstr" version = "1.11.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "531a9155a481e2ee699d4f98f43c0ca4ff8ee1bfd55c31e9e98fb29d2b176fe0" dependencies = [ "memchr", "regex-automata 0.4.9", "serde", ] [[package]] name = "buffered-reader" version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "db26bf1f092fd5e05b5ab3be2f290915aeb6f3f20c4e9f86ce0f07f336c2412f" dependencies = [ "bzip2", "flate2", "libc", ] [[package]] name = "bumpalo" version = "3.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1628fb46dfa0b37568d12e5edd512553eccf6a22a78e8bde00bb4aed84d5bdbf" [[package]] name = "byteorder" version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "bytes" version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f61dac84819c6588b558454b194026eb1f09c293b9036ae9b159e74e73ab6cf9" [[package]] name = "bzip2" version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49ecfb22d906f800d4fe833b6282cf4dc1c298f5057ca0b5445e5c209735ca47" dependencies = [ "bzip2-sys", ] [[package]] name = "bzip2-sys" version = "0.1.13+1.0.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "225bff33b2141874fe80d71e07d6eec4f85c5c216453dd96388240f96e1acc14" dependencies = [ "cc", "pkg-config", ] [[package]] name = "camellia" version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3264e2574e9ef2b53ce6f536dea83a69ac0bc600b762d1523ff83fe07230ce30" dependencies = [ "byteorder", "cipher", ] [[package]] name = "capnp" version = "0.19.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4e985a566bdaae9a428a957d12b10c318d41b2afddb54cfbb764878059df636e" dependencies = [ "embedded-io", ] [[package]] name = "capnp-futures" version = "0.19.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f8f3ee810b3890498e51028448ac732cdd5009223897124dd2fac6b085b5d867" dependencies = [ "capnp", "futures", ] [[package]] name = "capnp-rpc" version = "0.19.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fe57ab22a5e121e6fddaf36e837514aab9ae888bcff2baa6fda5630820dfc501" dependencies = [ "capnp", "capnp-futures", "futures", ] [[package]] name = "capnpc" version = "0.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c75ba30e0f08582d53c2f3710cf4bb65ff562614b1ba86906d7391adffe189ec" dependencies = [ "capnp", ] [[package]] name = "cast5" version = "0.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "26b07d673db1ccf000e90f54b819db9e75a8348d6eb056e9b8ab53231b7a9911" dependencies = [ "cipher", ] [[package]] name = "cc" version = "1.2.16" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "be714c154be609ec7f5dad223a33bf1482fff90472de28f7362806e6d4832b8c" dependencies = [ "shlex", ] [[package]] name = "cexpr" version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" dependencies = [ "nom", ] [[package]] name = "cfb-mode" version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "738b8d467867f80a71351933f70461f5b56f24d5c93e0cf216e59229c968d330" dependencies = [ "cipher", ] [[package]] name = "cfg-if" version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "cfg_aliases" version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" [[package]] name = "chrono" version = "0.4.40" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1a7964611d71df112cb1730f2ee67324fcf4d0fc6606acbbe9bfe06df124637c" dependencies = [ "android-tzdata", "iana-time-zone", "js-sys", "num-traits", "wasm-bindgen", "windows-link", ] [[package]] name = "cipher" version = "0.4.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" dependencies = [ "crypto-common", "inout", "zeroize", ] [[package]] name = "clang-sys" version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" dependencies = [ "glob", "libc", "libloading", ] [[package]] name = "clap" version = "4.5.31" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "027bb0d98429ae334a8698531da7077bdf906419543a35a55c2cb1b66437d767" dependencies = [ "clap_builder", "clap_derive", ] [[package]] name = "clap_builder" version = "4.5.31" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5589e0cba072e0f3d23791efac0fd8627b49c829c196a492e88168e6a669d863" dependencies = [ "anstream", "anstyle", "clap_lex", "strsim", "terminal_size", ] [[package]] name = "clap_complete" version = "4.5.46" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f5c5508ea23c5366f77e53f5a0070e5a84e51687ec3ef9e0464c86dc8d13ce98" dependencies = [ "clap", ] [[package]] name = "clap_derive" version = "4.5.28" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bf4ced95c6f4a675af3da73304b9ac4ed991640c36374e4b46795c49e17cf1ed" dependencies = [ "heck", "proc-macro2", "quote", "syn", ] [[package]] name = "clap_lex" version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f46ad14479a25103f283c0f10005961cf086d8dc42205bb44c46ac563475dca6" [[package]] name = "cmac" version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8543454e3c3f5126effff9cd44d562af4e31fb8ce1cc0d3dcd8f084515dbc1aa" dependencies = [ "cipher", "dbl", "digest", ] [[package]] name = "colorchoice" version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990" [[package]] name = "console" version = "0.15.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "054ccb5b10f9f2cbf51eb355ca1d05c2d279ce1804688d0db74b4733a5aeafd8" dependencies = [ "encode_unicode", "libc", "once_cell", "unicode-width 0.2.0", "windows-sys 0.59.0", ] [[package]] name = "const-oid" version = "0.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" [[package]] name = "core-foundation" version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f" dependencies = [ "core-foundation-sys", "libc", ] [[package]] name = "core-foundation-sys" version = "0.8.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" [[package]] name = "cpufeatures" version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280" dependencies = [ "libc", ] [[package]] name = "crc32fast" version = "1.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a97769d94ddab943e4510d138150169a2758b5ef3eb191a9ee688de3e23ef7b3" dependencies = [ "cfg-if", ] [[package]] name = "crossbeam" version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1137cd7e7fc0fb5d3c5a8678be38ec56e819125d8d7907411fe24ccb943faca8" dependencies = [ "crossbeam-channel", "crossbeam-deque", "crossbeam-epoch", "crossbeam-queue", "crossbeam-utils", ] [[package]] name = "crossbeam-channel" version = "0.5.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "06ba6d68e24814cb8de6bb986db8222d3a027d15872cabc0d18817bc3c0e4471" dependencies = [ "crossbeam-utils", ] [[package]] name = "crossbeam-deque" version = "0.8.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9dd111b7b7f7d55b72c0a6ae361660ee5853c9af73f70c3c2ef6858b950e2e51" dependencies = [ "crossbeam-epoch", "crossbeam-utils", ] [[package]] name = "crossbeam-epoch" version = "0.9.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" dependencies = [ "crossbeam-utils", ] [[package]] name = "crossbeam-queue" version = "0.3.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0f58bbc28f91df819d0aa2a2c00cd19754769c2fad90579b3592b1c9ba7a3115" dependencies = [ "crossbeam-utils", ] [[package]] name = "crossbeam-utils" version = "0.8.21" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" [[package]] name = "crunchy" version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "43da5946c66ffcc7745f48db692ffbb10a83bfe0afd96235c5c2a4fb23994929" [[package]] name = "crypto-bigint" version = "0.5.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" dependencies = [ "generic-array", "rand_core", "subtle", "zeroize", ] [[package]] name = "crypto-common" version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" dependencies = [ "generic-array", "rand_core", "typenum", ] [[package]] name = "ctor" version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "32a2785755761f3ddc1492979ce1e48d2c00d09311c39e4466429188f3dd6501" dependencies = [ "quote", "syn", ] [[package]] name = "ctr" version = "0.9.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0369ee1ad671834580515889b80f2ea915f23b8be8d0daa4bbaf2ac5c7590835" dependencies = [ "cipher", ] [[package]] name = "culpa" version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5ae0bfe9317b1cb4ff5a56d766ee4b157b3e1f47f11979253570e88d10fd1fd3" dependencies = [ "culpa-macros", ] [[package]] name = "culpa-macros" version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1234e1717066d3c71dcf89b75e7b586299e41204d361db56ec51e6ded5014279" dependencies = [ "proc-macro2", "quote", "syn", ] [[package]] name = "curve25519-dalek" version = "4.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be" dependencies = [ "cfg-if", "cpufeatures", "curve25519-dalek-derive", "digest", "fiat-crypto", "rustc_version", "subtle", "zeroize", ] [[package]] name = "curve25519-dalek-derive" version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", "syn", ] [[package]] name = "cvt" version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d2ae9bf77fbf2d39ef573205d554d87e86c12f1994e9ea335b0651b9b278bcf1" dependencies = [ "cfg-if", ] [[package]] name = "data-encoding" version = "2.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "575f75dfd25738df5b91b8e43e14d44bda14637a58fae779fd2b064f8bf3e010" [[package]] name = "dbl" version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bd2735a791158376708f9347fe8faba9667589d82427ef3aed6794a8981de3d9" dependencies = [ "generic-array", ] [[package]] name = "der" version = "0.7.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0" dependencies = [ "const-oid", "pem-rfc7468", "zeroize", ] [[package]] name = "deranged" version = "0.3.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4" dependencies = [ "powerfmt", ] [[package]] name = "des" version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ffdd80ce8ce993de27e9f063a444a4d53ce8e8db4c1f00cc03af5ad5a9867a1e" dependencies = [ "cipher", ] [[package]] name = "descape" version = "2.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7c1113b908df80c963b107424498e37fba986b424b605729d1492dfbe4b2a630" [[package]] name = "deunicode" version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "339544cc9e2c4dc3fc7149fd630c5f22263a4fdf18a98afd0075784968b5cf00" [[package]] name = "difflib" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6184e33543162437515c2e2b48714794e37845ec9851711914eec9d308f6ebe8" [[package]] name = "digest" version = "0.10.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ "block-buffer", "const-oid", "crypto-common", "subtle", ] [[package]] name = "directories" version = "5.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a49173b84e034382284f27f1af4dcbbd231ffa358c0fe316541a7337f376a35" dependencies = [ "dirs-sys 0.4.1", ] [[package]] name = "dirs" version = "5.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "44c45a9d03d6676652bcb5e724c7e988de1acad23a711b5217ab9cbecbec2225" dependencies = [ "dirs-sys 0.4.1", ] [[package]] name = "dirs" version = "6.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c3e8aa94d75141228480295a7d0e7feb620b1a5ad9f12bc40be62411e38cce4e" dependencies = [ "dirs-sys 0.5.0", ] [[package]] name = "dirs-next" version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b98cf8ebf19c3d1b223e151f99a4f9f0690dca41414773390fc824184ac833e1" dependencies = [ "cfg-if", "dirs-sys-next", ] [[package]] name = "dirs-sys" version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "520f05a5cbd335fae5a99ff7a6ab8627577660ee5cfd6a94a6a929b52ff0321c" dependencies = [ "libc", "option-ext", "redox_users 0.4.6", "windows-sys 0.48.0", ] [[package]] name = "dirs-sys" version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e01a3366d27ee9890022452ee61b2b63a67e6f13f58900b651ff5665f0bb1fab" dependencies = [ "libc", "option-ext", "redox_users 0.5.0", "windows-sys 0.59.0", ] [[package]] name = "dirs-sys-next" version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4ebda144c4fe02d1f7ea1a7d9641b6fc6b580adcfa024ae48797ecdeb6825b4d" dependencies = [ "libc", "redox_users 0.4.6", "winapi", ] [[package]] name = "displaydoc" version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" dependencies = [ "proc-macro2", "quote", "syn", ] [[package]] name = "doc-comment" version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fea41bba32d969b513997752735605054bc0dfa92b4c56bf1189f2e174be7a10" [[package]] name = "dsa" version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "48bc224a9084ad760195584ce5abb3c2c34a225fa312a128ad245a6b412b7689" dependencies = [ "digest", "num-bigint-dig", "num-traits", "pkcs8", "rfc6979", "sha2", "signature", "zeroize", ] [[package]] name = "dyn-clone" version = "1.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "feeef44e73baff3a26d371801df019877a9866a8c493d315ab00177843314f35" [[package]] name = "eax" version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9954fabd903b82b9d7a68f65f97dc96dd9ad368e40ccc907a7c19d53e6bfac28" dependencies = [ "aead", "cipher", "cmac", "ctr", "subtle", ] [[package]] name = "ecb" version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1a8bfa975b1aec2145850fcaa1c6fe269a16578c44705a532ae3edc92b8881c7" dependencies = [ "cipher", ] [[package]] name = "ecdsa" version = "0.16.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" dependencies = [ "der", "digest", "elliptic-curve", "rfc6979", "signature", "spki", ] [[package]] name = "ed25519" version = "2.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53" dependencies = [ "pkcs8", "signature", ] [[package]] name = "ed25519-dalek" version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4a3daa8e81a3963a60642bcc1f90a670680bd4a77535faa384e9d1c79d620871" dependencies = [ "curve25519-dalek", "ed25519", "rand_core", "serde", "sha2", "subtle", "zeroize", ] [[package]] name = "either" version = "1.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b7914353092ddf589ad78f25c5c1c21b7f80b0ff8621e7c814c3485b5306da9d" [[package]] name = "elliptic-curve" version = "0.13.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" dependencies = [ "base16ct", "crypto-bigint", "digest", "ff", "generic-array", "group", "hkdf", "pem-rfc7468", "pkcs8", "rand_core", "sec1", "subtle", "zeroize", ] [[package]] name = "embedded-io" version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "edd0f118536f44f5ccd48bcb8b111bdc3de888b58c74639dfb034a357d0f206d" [[package]] name = "ena" version = "0.14.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3d248bdd43ce613d87415282f69b9bb99d947d290b10962dd6c56233312c2ad5" dependencies = [ "log", ] [[package]] name = "encode_unicode" version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "34aa73646ffb006b8f5147f3dc182bd4bcb190227ce861fc4a4844bf8e3cb2c0" [[package]] name = "encoding_rs" version = "0.8.35" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "75030f3c4f45dafd7586dd6780965a8c7e8e285a5ecb86713e63a79c5b2766f3" dependencies = [ "cfg-if", ] [[package]] name = "endian-type" version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c34f04666d835ff5d62e058c3995147c06f42fe86ff053337632bca83e42702d" [[package]] name = "enum-as-inner" version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a1e6a265c649f3f5979b601d26f1d05ada116434c87741c9493cb56218f76cbc" dependencies = [ "heck", "proc-macro2", "quote", "syn", ] [[package]] name = "env_filter" version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "186e05a59d4c50738528153b83b0b0194d3a29507dfec16eccd4b342903397d0" dependencies = [ "log", "regex", ] [[package]] name = "env_logger" version = "0.11.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dcaee3d8e3cfc3fd92428d477bc97fc29ec8716d180c0d74c643bb26166660e0" dependencies = [ "anstream", "anstyle", "env_filter", "humantime", "log", ] [[package]] name = "equivalent" version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f" [[package]] name = "errno" version = "0.3.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "33d852cb9b869c2a9b3df2f71a3074817f01e1844f839a144f5fcef059a4eb5d" dependencies = [ "libc", "windows-sys 0.59.0", ] [[package]] name = "fallible-iterator" version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2acce4a10f12dc2fb14a218589d4f1f62ef011b2d0cc4b3cb1bba8e94da14649" [[package]] name = "fallible-streaming-iterator" version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7360491ce676a36bf9bb3c56c1aa791658183a54d2744120f27285738d90465a" [[package]] name = "fastrand" version = "2.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be" [[package]] name = "fd-lock" version = "4.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7e5768da2206272c81ef0b5e951a41862938a6070da63bcea197899942d3b947" dependencies = [ "cfg-if", "rustix", "windows-sys 0.52.0", ] [[package]] name = "ff" version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ded41244b729663b1e574f1b4fb731469f69f79c17667b5d776b16cda0479449" dependencies = [ "rand_core", "subtle", ] [[package]] name = "fiat-crypto" version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" [[package]] name = "filetime" version = "0.2.25" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "35c0522e981e68cbfa8c3f978441a5f34b30b96e146b33cd3359176b50fe8586" dependencies = [ "cfg-if", "libc", "libredox", "windows-sys 0.59.0", ] [[package]] name = "fixedbitset" version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0ce7134b9999ecaf8bcd65542e436736ef32ddca1b3e06094cb6ec5755203b80" [[package]] name = "fixedbitset" version = "0.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1d674e81391d1e1ab681a28d99df07927c6d4aa5b027d7da16ba32d1d21ecd99" [[package]] name = "flate2" version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "11faaf5a5236997af9848be0bef4db95824b1d534ebc64d0f0c6cf3e67bd38dc" dependencies = [ "crc32fast", "miniz_oxide", ] [[package]] name = "float-cmp" version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b09cf3155332e944990140d967ff5eceb70df778b34f77d8075db46e4704e6d8" dependencies = [ "num-traits", ] [[package]] name = "fnv" version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" [[package]] name = "foreign-types" version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" dependencies = [ "foreign-types-shared", ] [[package]] name = "foreign-types-shared" version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" [[package]] name = "form_urlencoded" version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e13624c2627564efccf4934284bdd98cbaa14e79b0b5a141218e507b3a823456" dependencies = [ "percent-encoding", ] [[package]] name = "fs2" version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9564fc758e15025b46aa6643b1b77d047d1a56a1aea6e01002ac0c7026876213" dependencies = [ "libc", "winapi", ] [[package]] name = "fs_at" version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "14af6c9694ea25db25baa2a1788703b9e7c6648dcaeeebeb98f7561b5384c036" dependencies = [ "aligned", "cfg-if", "cvt", "libc", "nix", "windows-sys 0.52.0", ] [[package]] name = "fs_extra" version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" [[package]] name = "futures" version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "65bc07b1a8bc7c85c5f2e110c476c7389b4554ba72af57d8445ea63a576b0876" dependencies = [ "futures-channel", "futures-core", "futures-executor", "futures-io", "futures-sink", "futures-task", "futures-util", ] [[package]] name = "futures-channel" version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2dff15bf788c671c1934e366d07e30c1814a8ef514e1af724a602e8a2fbe1b10" dependencies = [ "futures-core", "futures-sink", ] [[package]] name = "futures-core" version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "05f29059c0c2090612e8d742178b0580d2dc940c837851ad723096f87af6663e" [[package]] name = "futures-executor" version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1e28d1d997f585e54aebc3f97d39e72338912123a67330d723fdbb564d646c9f" dependencies = [ "futures-core", "futures-task", "futures-util", ] [[package]] name = "futures-io" version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9e5c1b78ca4aae1ac06c48a526a655760685149f0d465d21f37abfe57ce075c6" [[package]] name = "futures-macro" version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650" dependencies = [ "proc-macro2", "quote", "syn", ] [[package]] name = "futures-sink" version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e575fab7d1e0dcb8d0c7bcf9a63ee213816ab51902e6d244a95819acacf1d4f7" [[package]] name = "futures-task" version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f90f7dce0722e95104fcb095585910c0977252f286e354b5e3bd38902cd99988" [[package]] name = "futures-util" version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9fa08315bb612088cc391249efdc3bc77536f16c91f6cf495e6fbe85b20a4a81" dependencies = [ "futures-channel", "futures-core", "futures-io", "futures-macro", "futures-sink", "futures-task", "memchr", "pin-project-lite", "pin-utils", "slab", ] [[package]] name = "generator" version = "0.7.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5cc16584ff22b460a382b7feec54b23d2908d858152e5739a120b949293bd74e" dependencies = [ "cc", "libc", "log", "rustversion", "windows", ] [[package]] name = "generic-array" version = "0.14.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" dependencies = [ "typenum", "version_check", "zeroize", ] [[package]] name = "gethostname" version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dc3655aa6818d65bc620d6911f05aa7b6aeb596291e1e9f79e52df85583d1e30" dependencies = [ "rustix", "windows-targets 0.52.6", ] [[package]] name = "getopts" version = "0.2.21" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "14dbbfd5c71d70241ecf9e6f13737f7b5ce823821063188d7e46c41d371eebd5" dependencies = [ "unicode-width 0.1.14", ] [[package]] name = "getrandom" version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" dependencies = [ "cfg-if", "js-sys", "libc", "wasi 0.11.0+wasi-snapshot-preview1", "wasm-bindgen", ] [[package]] name = "getrandom" version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "43a49c392881ce6d5c3b8cb70f98717b7c07aabbdff06687b9030dbfbe2725f8" dependencies = [ "cfg-if", "libc", "wasi 0.13.3+wasi-0.2.2", "windows-targets 0.52.6", ] [[package]] name = "ghash" version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f0d8a4362ccb29cb0b265253fb0a2728f592895ee6854fd9bc13f2ffda266ff1" dependencies = [ "opaque-debug", "polyval", ] [[package]] name = "gimli" version = "0.31.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" [[package]] name = "glob" version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2" [[package]] name = "globset" version = "0.4.16" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "54a1028dfc5f5df5da8a56a73e6c153c9a9708ec57232470703592a3f18e49f5" dependencies = [ "aho-corasick", "bstr", "log", "regex-automata 0.4.9", "regex-syntax 0.8.5", ] [[package]] name = "globwalk" version = "0.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0bf760ebf69878d9fd8f110c89703d90ce35095324d1f1edcb595c63945ee757" dependencies = [ "bitflags", "ignore", "walkdir", ] [[package]] name = "group" version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" dependencies = [ "ff", "rand_core", "subtle", ] [[package]] name = "h2" version = "0.4.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5017294ff4bb30944501348f6f8e42e6ad28f42c8bbef7a74029aff064a4e3c2" dependencies = [ "atomic-waker", "bytes", "fnv", "futures-core", "futures-sink", "http", "indexmap", "slab", "tokio", "tokio-util", "tracing", ] [[package]] name = "hashbrown" version = "0.14.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" dependencies = [ "ahash", ] [[package]] name = "hashbrown" version = "0.15.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bf151400ff0baff5465007dd2f3e717f3fe502074ca563069ce3a6629d07b289" [[package]] name = "hashlink" version = "0.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6ba4ff7128dee98c7dc9794b6a411377e1404dba1c97deb8d1a55297bd25d8af" dependencies = [ "hashbrown 0.14.5", ] [[package]] name = "heck" version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" [[package]] name = "hermit-abi" version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" [[package]] name = "hickory-client" version = "0.24.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "156579a5cd8d1fc6f0df87cc21b6ee870db978a163a1ba484acd98a4eff5a6de" dependencies = [ "cfg-if", "data-encoding", "futures-channel", "futures-util", "hickory-proto", "once_cell", "radix_trie", "rand", "thiserror 1.0.69", "tokio", "tracing", ] [[package]] name = "hickory-proto" version = "0.24.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "92652067c9ce6f66ce53cc38d1169daa36e6e7eb7dd3b63b5103bd9d97117248" dependencies = [ "async-trait", "cfg-if", "data-encoding", "enum-as-inner", "futures-channel", "futures-io", "futures-util", "idna", "ipnet", "once_cell", "openssl", "rand", "thiserror 1.0.69", "tinyvec", "tokio", "tracing", "url", ] [[package]] name = "hickory-resolver" version = "0.24.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cbb117a1ca520e111743ab2f6688eddee69db4e0ea242545a604dce8a66fd22e" dependencies = [ "cfg-if", "futures-util", "hickory-proto", "ipconfig", "lru-cache", "once_cell", "parking_lot", "rand", "resolv-conf", "smallvec", "thiserror 1.0.69", "tokio", "tracing", ] [[package]] name = "hkdf" version = "0.12.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" dependencies = [ "hmac", ] [[package]] name = "hmac" version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" dependencies = [ "digest", ] [[package]] name = "home" version = "0.5.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5" dependencies = [ "windows-sys 0.52.0", ] [[package]] name = "hostname" version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3c731c3e10504cc8ed35cfe2f1db4c9274c3d35fa486e3b31df46f068ef3e867" dependencies = [ "libc", "match_cfg", "winapi", ] [[package]] name = "html-escape" version = "0.2.13" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6d1ad449764d627e22bfd7cd5e8868264fc9236e07c752972b4080cd351cb476" dependencies = [ "utf8-width", ] [[package]] name = "http" version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f16ca2af56261c99fba8bac40a10251ce8188205a4c448fbb745a2e4daa76fea" dependencies = [ "bytes", "fnv", "itoa", ] [[package]] name = "http-body" version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184" dependencies = [ "bytes", "http", ] [[package]] name = "http-body-util" version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "793429d76616a256bcb62c2a2ec2bed781c8307e797e2598c50010f2bee2544f" dependencies = [ "bytes", "futures-util", "http", "http-body", "pin-project-lite", ] [[package]] name = "httparse" version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f2d708df4e7140240a16cd6ab0ab65c972d7433ab77819ea693fde9c43811e2a" [[package]] name = "humansize" version = "2.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6cb51c9a029ddc91b07a787f1d86b53ccfa49b0e86688c946ebe8d3555685dd7" dependencies = [ "libm", ] [[package]] name = "humantime" version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" [[package]] name = "hyper" version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cc2b571658e38e0c01b1fdca3bbbe93c00d3d71693ff2770043f8c29bc7d6f80" dependencies = [ "bytes", "futures-channel", "futures-util", "h2", "http", "http-body", "httparse", "itoa", "pin-project-lite", "smallvec", "tokio", "want", ] [[package]] name = "hyper-rustls" version = "0.27.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2d191583f3da1305256f22463b9bb0471acad48a4e534a5218b9963e9c1f59b2" dependencies = [ "futures-util", "http", "hyper", "hyper-util", "rustls", "rustls-pki-types", "tokio", "tokio-rustls", "tower-service", ] [[package]] name = "hyper-tls" version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "70206fc6890eaca9fde8a0bf71caa2ddfc9fe045ac9e5c70df101a7dbde866e0" dependencies = [ "bytes", "http-body-util", "hyper", "hyper-util", "native-tls", "tokio", "tokio-native-tls", "tower-service", ] [[package]] name = "hyper-util" version = "0.1.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "df2dcfbe0677734ab2f3ffa7fa7bfd4706bfdc1ef393f2ee30184aed67e631b4" dependencies = [ "bytes", "futures-channel", "futures-util", "http", "http-body", "hyper", "pin-project-lite", "socket2", "tokio", "tower-service", "tracing", ] [[package]] name = "iana-time-zone" version = "0.1.61" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "235e081f3925a06703c2d0117ea8b91f042756fd6e7a6e5d901e8ca1a996b220" dependencies = [ "android_system_properties", "core-foundation-sys", "iana-time-zone-haiku", "js-sys", "wasm-bindgen", "windows-core", ] [[package]] name = "iana-time-zone-haiku" version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f" dependencies = [ "cc", ] [[package]] name = "icu_collections" version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "db2fa452206ebee18c4b5c2274dbf1de17008e874b4dc4f0aea9d01ca79e4526" dependencies = [ "displaydoc", "yoke", "zerofrom", "zerovec", ] [[package]] name = "icu_locid" version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "13acbb8371917fc971be86fc8057c41a64b521c184808a698c02acc242dbf637" dependencies = [ "displaydoc", "litemap", "tinystr", "writeable", "zerovec", ] [[package]] name = "icu_locid_transform" version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "01d11ac35de8e40fdeda00d9e1e9d92525f3f9d887cdd7aa81d727596788b54e" dependencies = [ "displaydoc", "icu_locid", "icu_locid_transform_data", "icu_provider", "tinystr", "zerovec", ] [[package]] name = "icu_locid_transform_data" version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fdc8ff3388f852bede6b579ad4e978ab004f139284d7b28715f773507b946f6e" [[package]] name = "icu_normalizer" version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "19ce3e0da2ec68599d193c93d088142efd7f9c5d6fc9b803774855747dc6a84f" dependencies = [ "displaydoc", "icu_collections", "icu_normalizer_data", "icu_properties", "icu_provider", "smallvec", "utf16_iter", "utf8_iter", "write16", "zerovec", ] [[package]] name = "icu_normalizer_data" version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f8cafbf7aa791e9b22bec55a167906f9e1215fd475cd22adfcf660e03e989516" [[package]] name = "icu_properties" version = "1.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "93d6020766cfc6302c15dbbc9c8778c37e62c14427cb7f6e601d849e092aeef5" dependencies = [ "displaydoc", "icu_collections", "icu_locid_transform", "icu_properties_data", "icu_provider", "tinystr", "zerovec", ] [[package]] name = "icu_properties_data" version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "67a8effbc3dd3e4ba1afa8ad918d5684b8868b3b26500753effea8d2eed19569" [[package]] name = "icu_provider" version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6ed421c8a8ef78d3e2dbc98a973be2f3770cb42b606e3ab18d6237c4dfde68d9" dependencies = [ "displaydoc", "icu_locid", "icu_provider_macros", "stable_deref_trait", "tinystr", "writeable", "yoke", "zerofrom", "zerovec", ] [[package]] name = "icu_provider_macros" version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6" dependencies = [ "proc-macro2", "quote", "syn", ] [[package]] name = "idea" version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "075557004419d7f2031b8bb7f44bb43e55a83ca7b63076a8fb8fe75753836477" dependencies = [ "cipher", ] [[package]] name = "idna" version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "686f825264d630750a544639377bae737628043f20d38bbc029e8f29ea968a7e" dependencies = [ "idna_adapter", "smallvec", "utf8_iter", ] [[package]] name = "idna_adapter" version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "daca1df1c957320b2cf139ac61e7bd64fed304c5040df000a745aa1de3b4ef71" dependencies = [ "icu_normalizer", "icu_properties", ] [[package]] name = "ignore" version = "0.4.23" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6d89fd380afde86567dfba715db065673989d6253f42b88179abd3eae47bda4b" dependencies = [ "crossbeam-deque", "globset", "log", "memchr", "regex-automata 0.4.9", "same-file", "walkdir", "winapi-util", ] [[package]] name = "indexmap" version = "2.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8c9c992b02b5b4c94ea26e32fe5bccb7aa7d9f390ab5c1221ff895bc7ea8b652" dependencies = [ "equivalent", "hashbrown 0.15.2", ] [[package]] name = "indicatif" version = "0.17.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "183b3088984b400f4cfac3620d5e076c84da5364016b4f49473de574b2586235" dependencies = [ "console", "number_prefix", "portable-atomic", "unicode-width 0.2.0", "web-time", ] [[package]] name = "inout" version = "0.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "879f10e63c20629ecabbb64a8010319738c66a5cd0c29b02d63d272b03751d01" dependencies = [ "block-padding", "generic-array", ] [[package]] name = "ipconfig" version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b58db92f96b720de98181bbbe63c831e87005ab460c1bf306eb2622b4707997f" dependencies = [ "socket2", "widestring", "windows-sys 0.48.0", "winreg", ] [[package]] name = "ipnet" version = "2.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "469fb0b9cefa57e3ef31275ee7cacb78f2fdca44e4765491884a2b119d4eb130" [[package]] name = "is_terminal_polyfill" version = "1.70.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf" [[package]] name = "itertools" version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b1c173a5686ce8bfa551b3563d0c2170bf24ca44da99c7ca4bfdab5418c3fe57" dependencies = [ "either", ] [[package]] name = "itertools" version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186" dependencies = [ "either", ] [[package]] name = "itertools" version = "0.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2b192c782037fadd9cfa75548310488aabdbf3d2da73885b31bd0abd03351285" dependencies = [ "either", ] [[package]] name = "itoa" version = "1.0.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d75a2a4b1b190afb6f5425f10f6a8f959d2ea0b9c2b1d79553551850539e4674" [[package]] name = "js-sys" version = "0.3.77" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1cfaf33c695fc6e08064efbc1f72ec937429614f25eef83af942d0e227c3a28f" dependencies = [ "once_cell", "wasm-bindgen", ] [[package]] name = "keccak" version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ecc2af9a1119c51f12a14607e783cb977bde58bc069ff0c3da1095e635d70654" dependencies = [ "cpufeatures", ] [[package]] name = "lalrpop" version = "0.20.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "55cb077ad656299f160924eb2912aa147d7339ea7d69e1b5517326fdcec3c1ca" dependencies = [ "ascii-canvas 3.0.0", "bit-set 0.5.3", "ena", "itertools 0.11.0", "lalrpop-util 0.20.2", "petgraph 0.6.5", "regex", "regex-syntax 0.8.5", "string_cache", "term 0.7.0", "tiny-keccak", "unicode-xid", "walkdir", ] [[package]] name = "lalrpop" version = "0.22.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7047a26de42016abf8f181b46b398aef0b77ad46711df41847f6ed869a2a1d5b" dependencies = [ "ascii-canvas 4.0.0", "bit-set 0.8.0", "ena", "itertools 0.14.0", "lalrpop-util 0.22.1", "petgraph 0.7.1", "regex", "regex-syntax 0.8.5", "sha3", "string_cache", "term 1.0.1", "unicode-xid", "walkdir", ] [[package]] name = "lalrpop-util" version = "0.20.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "507460a910eb7b32ee961886ff48539633b788a36b65692b95f225b844c82553" dependencies = [ "regex-automata 0.4.9", ] [[package]] name = "lalrpop-util" version = "0.22.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e8d05b3fe34b8bd562c338db725dfa9beb9451a48f65f129ccb9538b48d2c93b" dependencies = [ "regex-automata 0.4.9", "rustversion", ] [[package]] name = "lazy_static" version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" dependencies = [ "spin", ] [[package]] name = "libc" version = "0.2.170" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "875b3680cb2f8f71bdcf9a30f38d48282f5d3c95cbf9b3fa57269bb5d5c06828" [[package]] name = "libloading" version = "0.8.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fc2f4eb4bc735547cfed7c0a4922cbd04a4655978c09b54f1f7b228750664c34" dependencies = [ "cfg-if", "windows-targets 0.52.6", ] [[package]] name = "libm" version = "0.2.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8355be11b20d696c8f18f6cc018c4e372165b1fa8126cef092399c9951984ffa" [[package]] name = "libredox" version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d" dependencies = [ "bitflags", "libc", "redox_syscall", ] [[package]] name = "libsqlite3-sys" version = "0.28.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0c10584274047cb335c23d3e61bcef8e323adae7c5c8c760540f73610177fc3f" dependencies = [ "cc", "pkg-config", "vcpkg", ] [[package]] name = "line-col" version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9e69cdf6b85b5c8dce514f694089a2cf8b1a702f6cd28607bcb3cf296c9778db" [[package]] name = "linked-hash-map" version = "0.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f" [[package]] name = "linux-raw-sys" version = "0.4.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab" [[package]] name = "litemap" version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "643cb0b8d4fcc284004d5fd0d67ccf61dfffadb7f75e1e71bc420f4688a3a704" [[package]] name = "lock_api" version = "0.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17" dependencies = [ "autocfg", "scopeguard", ] [[package]] name = "log" version = "0.4.26" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "30bde2b3dc3671ae49d8e2e9f044c7c005836e7a023ee57cffa25ab82764bb9e" [[package]] name = "loom" version = "0.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff50ecb28bb86013e935fb6683ab1f6d3a20016f123c76fd4c27470076ac30f5" dependencies = [ "cfg-if", "generator", "scoped-tls", "serde", "serde_json", "tracing", "tracing-subscriber", ] [[package]] name = "lru-cache" version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "31e24f1ad8321ca0e8a1e0ac13f23cb668e6f5466c2c57319f6a5cf1cc8e3b1c" dependencies = [ "linked-hash-map", ] [[package]] name = "marked-yaml" version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f2eb25a7ab146f4058d67a74dfea52e25c133c575f08ce5851da97d224e3ad8d" dependencies = [ "doc-comment", "hashlink", "serde", "serde_path_to_error", "yaml-rust2", ] [[package]] name = "match_cfg" version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ffbee8634e0d45d258acb448e7eaab3fce7a0a467395d4d9f228e3c1f01fb2e4" [[package]] name = "matchers" version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8263075bb86c5a1b1427b5ae862e8889656f126e9f77c484496e8b47cf5c5558" dependencies = [ "regex-automata 0.1.10", ] [[package]] name = "md-5" version = "0.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d89e7ee0cfbedfc4da3340218492196241d89eefb6dab27de5df917a6d2e78cf" dependencies = [ "cfg-if", "digest", ] [[package]] name = "memchr" version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" [[package]] name = "memsec" version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c797b9d6bb23aab2fc369c65f871be49214f5c759af65bde26ffaaa2b646b492" [[package]] name = "mime" version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" [[package]] name = "minimal-lexical" version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" [[package]] name = "miniz_oxide" version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8e3e04debbb59698c15bacbb6d93584a8c0ca9cc3213cb423d31f760d8843ce5" dependencies = [ "adler2", ] [[package]] name = "mio" version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2886843bf800fba2e3377cff24abf6379b4c4d5c6681eaf9ea5b0d15090450bd" dependencies = [ "libc", "wasi 0.11.0+wasi-snapshot-preview1", "windows-sys 0.52.0", ] [[package]] name = "native-tls" version = "0.2.13" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0dab59f8e050d5df8e4dd87d9206fb6f65a483e20ac9fda365ade4fab353196c" dependencies = [ "libc", "log", "openssl", "openssl-probe", "openssl-sys", "schannel", "security-framework", "security-framework-sys", "tempfile", ] [[package]] name = "nettle" version = "7.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "44e6ff4a94e5d34a1fd5abbd39418074646e2fa51b257198701330f22fcd6936" dependencies = [ "getrandom 0.2.15", "libc", "nettle-sys", "thiserror 1.0.69", "typenum", ] [[package]] name = "nettle-sys" version = "2.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "61a3f5406064d310d59b1a219d3c5c9a49caf4047b6496032e3f930876488c34" dependencies = [ "bindgen", "cc", "libc", "pkg-config", "tempfile", "vcpkg", ] [[package]] name = "new_debug_unreachable" version = "1.0.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "650eef8c711430f1a879fdd01d4745a7deea475becfb90269c06775983bbf086" [[package]] name = "nibble_vec" version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "77a5d83df9f36fe23f0c3648c6bbb8b0298bb5f1939c8f2704431371f4b84d43" dependencies = [ "smallvec", ] [[package]] name = "nix" version = "0.29.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "71e2746dc3a24dd78b3cfcb7be93368c6de9963d30f43a6a73998a9cf4b17b46" dependencies = [ "bitflags", "cfg-if", "cfg_aliases", "libc", ] [[package]] name = "nom" version = "7.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" dependencies = [ "memchr", "minimal-lexical", ] [[package]] name = "normalize-line-endings" version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "61807f77802ff30975e01f4f071c8ba10c022052f98b3294119f3e615d13e5be" [[package]] name = "normpath" version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c8911957c4b1549ac0dc74e30db9c8b0e66ddcd6d7acc33098f4c63a64a6d7ed" dependencies = [ "windows-sys 0.59.0", ] [[package]] name = "nu-ansi-term" version = "0.46.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "77a8165726e8236064dbb45459242600304b42a5ea24ee2948e18e023bf7ba84" dependencies = [ "overload", "winapi", ] [[package]] name = "num-bigint-dig" version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dc84195820f291c7697304f3cbdadd1cb7199c0efc917ff5eafd71225c136151" dependencies = [ "byteorder", "lazy_static", "libm", "num-integer", "num-iter", "num-traits", "rand", "smallvec", "zeroize", ] [[package]] name = "num-conv" version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" [[package]] name = "num-integer" version = "0.1.46" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" dependencies = [ "num-traits", ] [[package]] name = "num-iter" version = "0.1.45" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" dependencies = [ "autocfg", "num-integer", "num-traits", ] [[package]] name = "num-traits" version = "0.2.19" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" dependencies = [ "autocfg", "libm", ] [[package]] name = "num_cpus" version = "1.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43" dependencies = [ "hermit-abi", "libc", ] [[package]] name = "number_prefix" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "830b246a0e5f20af87141b25c173cd1b609bd7779a4617d6ec582abaf90870f3" [[package]] name = "object" version = "0.36.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "62948e14d923ea95ea2c7c86c71013138b66525b86bdc08d2dcc262bdb497b87" dependencies = [ "memchr", ] [[package]] name = "ocb3" version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c196e0276c471c843dd5777e7543a36a298a4be942a2a688d8111cd43390dedb" dependencies = [ "aead", "cipher", "ctr", "subtle", ] [[package]] name = "once_cell" version = "1.20.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "945462a4b81e43c4e3ba96bd7b49d834c6f61198356aa858733bc4acf3cbe62e" [[package]] name = "opaque-debug" version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" [[package]] name = "openpgp-cert-d" version = "0.3.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d3dd47b0b6df1022ca8a9a06791261c3153028abef191fe53aa326b7f443f2d6" dependencies = [ "anyhow", "dirs 6.0.0", "fd-lock", "libc", "sha1collisiondetection", "sha2", "tempfile", "thiserror 2.0.12", "walkdir", ] [[package]] name = "openssl" version = "0.10.71" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5e14130c6a98cd258fdcb0fb6d744152343ff729cbfcb28c656a9d12b999fbcd" dependencies = [ "bitflags", "cfg-if", "foreign-types", "libc", "once_cell", "openssl-macros", "openssl-sys", ] [[package]] name = "openssl-macros" version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", "syn", ] [[package]] name = "openssl-probe" version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d05e27ee213611ffe7d6348b942e8f942b37114c00cc03cec254295a4a17852e" [[package]] name = "openssl-sys" version = "0.9.106" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8bb61ea9811cc39e3c2069f40b8b8e2e70d8569b361f879786cc7ed48b777cdd" dependencies = [ "cc", "libc", "pkg-config", "vcpkg", ] [[package]] name = "option-ext" version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "04744f49eae99ab78e0d5c0b603ab218f515ea8cfe5a456d7629ad883a3b6e7d" [[package]] name = "overload" version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39" [[package]] name = "p256" version = "0.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b" dependencies = [ "ecdsa", "elliptic-curve", "primeorder", "sha2", ] [[package]] name = "p384" version = "0.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fe42f1670a52a47d448f14b6a5c61dd78fce51856e68edaa38f7ae3a46b8d6b6" dependencies = [ "ecdsa", "elliptic-curve", "primeorder", "sha2", ] [[package]] name = "p521" version = "0.13.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0fc9e2161f1f215afdfce23677034ae137bbd45016a880c2eb3ba8eb95f085b2" dependencies = [ "base16ct", "ecdsa", "elliptic-curve", "primeorder", "rand_core", "sha2", ] [[package]] name = "parking_lot" version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27" dependencies = [ "lock_api", "parking_lot_core", ] [[package]] name = "parking_lot_core" version = "0.9.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8" dependencies = [ "cfg-if", "libc", "redox_syscall", "smallvec", "windows-targets 0.52.6", ] [[package]] name = "password-hash" version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "346f04948ba92c43e8469c1ee6736c7563d71012b17d40745260fe106aac2166" dependencies = [ "base64ct", "rand_core", "subtle", ] [[package]] name = "paste" version = "1.0.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" [[package]] name = "pem-rfc7468" version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412" dependencies = [ "base64ct", ] [[package]] name = "percent-encoding" version = "2.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" [[package]] name = "pest" version = "2.7.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b7cafe60d6cf8e62e1b9b2ea516a089c008945bb5a275416789e7db0bc199dc" dependencies = [ "memchr", "thiserror 2.0.12", "ucd-trie", ] [[package]] name = "pest_derive" version = "2.7.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "816518421cfc6887a0d62bf441b6ffb4536fcc926395a69e1a85852d4363f57e" dependencies = [ "pest", "pest_generator", ] [[package]] name = "pest_generator" version = "2.7.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7d1396fd3a870fc7838768d171b4616d5c91f6cc25e377b673d714567d99377b" dependencies = [ "pest", "pest_meta", "proc-macro2", "quote", "syn", ] [[package]] name = "pest_meta" version = "2.7.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e1e58089ea25d717bfd31fb534e4f3afcc2cc569c70de3e239778991ea3b7dea" dependencies = [ "once_cell", "pest", "sha2", ] [[package]] name = "petgraph" version = "0.6.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b4c5cc86750666a3ed20bdaf5ca2a0344f9c67674cae0515bec2da16fbaa47db" dependencies = [ "fixedbitset 0.4.2", "indexmap", ] [[package]] name = "petgraph" version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3672b37090dbd86368a4145bc067582552b29c27377cad4e0a306c97f9bd7772" dependencies = [ "fixedbitset 0.5.7", "indexmap", ] [[package]] name = "phf_shared" version = "0.11.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "67eabc2ef2a60eb7faa00097bd1ffdb5bd28e62bf39990626a582201b7a754e5" dependencies = [ "siphasher", ] [[package]] name = "pikchr" version = "0.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "13680336a9060974d823f15053decc0ae5380eebf6f82abf17608523a7d71826" dependencies = [ "cc", "libc", ] [[package]] name = "pin-project-lite" version = "0.2.16" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3b3cff922bd51709b605d9ead9aa71031d81447142d828eb4a6eba76fe619f9b" [[package]] name = "pin-utils" version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" [[package]] name = "pkcs1" version = "0.7.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f" dependencies = [ "der", "pkcs8", "spki", ] [[package]] name = "pkcs8" version = "0.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" dependencies = [ "der", "spki", ] [[package]] name = "pkg-config" version = "0.3.32" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c" [[package]] name = "polyval" version = "0.6.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9d1fe60d06143b2430aa532c94cfe9e29783047f06c0d7fd359a9a51b729fa25" dependencies = [ "cfg-if", "cpufeatures", "opaque-debug", "universal-hash", ] [[package]] name = "portable-atomic" version = "1.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "350e9b48cbc6b0e028b0473b114454c6316e57336ee184ceab6e53f72c178b3e" [[package]] name = "powerfmt" version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391" [[package]] name = "ppv-lite86" version = "0.2.20" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04" dependencies = [ "zerocopy", ] [[package]] name = "precomputed-hash" version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "925383efa346730478fb4838dbe9137d2a47675ad789c546d150a6e1dd4ab31c" [[package]] name = "predicates" version = "3.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a5d19ee57562043d37e82899fade9a22ebab7be9cef5026b07fda9cdd4293573" dependencies = [ "anstyle", "difflib", "float-cmp", "normalize-line-endings", "predicates-core", "regex", ] [[package]] name = "predicates-core" version = "1.0.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "727e462b119fe9c93fd0eb1429a5f7647394014cf3c04ab2c0350eeb09095ffa" [[package]] name = "predicates-tree" version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "72dd2d6d381dfb73a193c7fca536518d7caee39fc8503f74e7dc0be0531b425c" dependencies = [ "predicates-core", "termtree", ] [[package]] name = "primeorder" version = "0.13.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6" dependencies = [ "elliptic-curve", ] [[package]] name = "proc-macro2" version = "1.0.94" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a31971752e70b8b2686d7e46ec17fb38dad4051d94024c88df49b667caea9c84" dependencies = [ "unicode-ident", ] [[package]] name = "pulldown-cmark" version = "0.12.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f86ba2052aebccc42cbbb3ed234b8b13ce76f75c3551a303cb2bcffcff12bb14" dependencies = [ "bitflags", "getopts", "memchr", "pulldown-cmark-escape", "unicase", ] [[package]] name = "pulldown-cmark-escape" version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "007d8adb5ddab6f8e3f491ac63566a7d5002cc7ed73901f72057943fa71ae1ae" [[package]] name = "quick-error" version = "1.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0" [[package]] name = "quote" version = "1.0.39" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c1f1914ce909e1658d9907913b4b91947430c7d9be598b15a1912935b8c04801" dependencies = [ "proc-macro2", ] [[package]] name = "radix_trie" version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c069c179fcdc6a2fe24d8d18305cf085fdbd4f922c041943e203685d6a1c58fd" dependencies = [ "endian-type", "nibble_vec", ] [[package]] name = "rand" version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" dependencies = [ "libc", "rand_chacha", "rand_core", ] [[package]] name = "rand_chacha" version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" dependencies = [ "ppv-lite86", "rand_core", ] [[package]] name = "rand_core" version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" dependencies = [ "getrandom 0.2.15", ] [[package]] name = "rayon" version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b418a60154510ca1a002a752ca9714984e21e4241e804d32555251faf8b78ffa" dependencies = [ "either", "rayon-core", ] [[package]] name = "rayon-core" version = "1.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1465873a3dfdaa8ae7cb14b4383657caab0b3e8a0aa9ae8e04b044854c8dfce2" dependencies = [ "crossbeam-deque", "crossbeam-utils", ] [[package]] name = "redox_syscall" version = "0.5.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "82b568323e98e49e2a0899dcee453dd679fae22d69adf9b11dd508d1549b7e2f" dependencies = [ "bitflags", ] [[package]] name = "redox_users" version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ba009ff324d1fc1b900bd1fdb31564febe58a8ccc8a6fdbb93b543d33b13ca43" dependencies = [ "getrandom 0.2.15", "libredox", "thiserror 1.0.69", ] [[package]] name = "redox_users" version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dd6f9d3d47bdd2ad6945c5015a226ec6155d0bcdfd8f7cd29f86b71f8de99d2b" dependencies = [ "getrandom 0.2.15", "libredox", "thiserror 2.0.12", ] [[package]] name = "regex" version = "1.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b544ef1b4eac5dc2db33ea63606ae9ffcfac26c1416a2806ae0bf5f56b201191" dependencies = [ "aho-corasick", "memchr", "regex-automata 0.4.9", "regex-syntax 0.8.5", ] [[package]] name = "regex-automata" version = "0.1.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132" dependencies = [ "regex-syntax 0.6.29", ] [[package]] name = "regex-automata" version = "0.4.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "809e8dc61f6de73b46c85f4c96486310fe304c434cfa43669d7b40f711150908" dependencies = [ "aho-corasick", "memchr", "regex-syntax 0.8.5", ] [[package]] name = "regex-syntax" version = "0.6.29" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1" [[package]] name = "regex-syntax" version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c" [[package]] name = "remove_dir_all" version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "808cc0b475acf76adf36f08ca49429b12aad9f678cb56143d5b3cb49b9a1dd08" dependencies = [ "cfg-if", "cvt", "fs_at", "libc", "normpath", "windows-sys 0.59.0", ] [[package]] name = "reqwest" version = "0.12.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "43e734407157c3c2034e0258f5e4473ddb361b1e85f95a66690d67264d7cd1da" dependencies = [ "base64", "bytes", "encoding_rs", "futures-core", "futures-util", "h2", "hickory-resolver", "http", "http-body", "http-body-util", "hyper", "hyper-rustls", "hyper-tls", "hyper-util", "ipnet", "js-sys", "log", "mime", "native-tls", "once_cell", "percent-encoding", "pin-project-lite", "rustls-pemfile", "serde", "serde_json", "serde_urlencoded", "sync_wrapper", "system-configuration", "tokio", "tokio-native-tls", "tokio-util", "tower", "tower-service", "url", "wasm-bindgen", "wasm-bindgen-futures", "wasm-streams", "web-sys", "windows-registry", ] [[package]] name = "resolv-conf" version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "52e44394d2086d010551b14b53b1f24e31647570cd1deb0379e2c21b329aba00" dependencies = [ "hostname", "quick-error", ] [[package]] name = "rfc6979" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" dependencies = [ "hmac", "subtle", ] [[package]] name = "ring" version = "0.17.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "da5349ae27d3887ca812fb375b45a4fbb36d8d12d2df394968cd86e35683fe73" dependencies = [ "cc", "cfg-if", "getrandom 0.2.15", "libc", "untrusted", "windows-sys 0.52.0", ] [[package]] name = "ripemd" version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bd124222d17ad93a644ed9d011a40f4fb64aa54275c08cc216524a9ea82fb09f" dependencies = [ "digest", ] [[package]] name = "roadmap" version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ec49775c5134c7e4befdedecaf112bb72964baa9b24bedfc79b54c3ca0ee9f77" dependencies = [ "anyhow", "marked-yaml", "serde", "tempfile", "textwrap", "thiserror 2.0.12", ] [[package]] name = "roff" version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "88f8660c1ff60292143c98d08fc6e2f654d722db50410e3f3797d40baaf9d8f3" [[package]] name = "rpassword" version = "7.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "80472be3c897911d0137b2d2b9055faf6eeac5b14e324073d83bc17b191d7e3f" dependencies = [ "libc", "rtoolbox", "windows-sys 0.48.0", ] [[package]] name = "rsa" version = "0.9.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "47c75d7c5c6b673e58bf54d8544a9f432e3a925b0e80f7cd3602ab5c50c55519" dependencies = [ "const-oid", "digest", "num-bigint-dig", "num-integer", "num-traits", "pkcs1", "pkcs8", "rand_core", "signature", "spki", "subtle", "zeroize", ] [[package]] name = "rtoolbox" version = "0.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c247d24e63230cdb56463ae328478bd5eac8b8faa8c69461a77e8e323afac90e" dependencies = [ "libc", "windows-sys 0.48.0", ] [[package]] name = "rusqlite" version = "0.31.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b838eba278d213a8beaf485bd313fd580ca4505a00d5871caeb1457c55322cae" dependencies = [ "bitflags", "fallible-iterator", "fallible-streaming-iterator", "hashlink", "libsqlite3-sys", "smallvec", ] [[package]] name = "rustc-demangle" version = "0.1.24" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" [[package]] name = "rustc-hash" version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" [[package]] name = "rustc_version" version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" dependencies = [ "semver", ] [[package]] name = "rustix" version = "0.38.44" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154" dependencies = [ "bitflags", "errno", "libc", "linux-raw-sys", "windows-sys 0.59.0", ] [[package]] name = "rustls" version = "0.23.23" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "47796c98c480fce5406ef69d1c76378375492c3b0a0de587be0c1d9feb12f395" dependencies = [ "once_cell", "rustls-pki-types", "rustls-webpki", "subtle", "zeroize", ] [[package]] name = "rustls-pemfile" version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dce314e5fee3f39953d46bb63bb8a46d40c2f8fb7cc5a3b6cab2bde9721d6e50" dependencies = [ "rustls-pki-types", ] [[package]] name = "rustls-pki-types" version = "1.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "917ce264624a4b4db1c364dcc35bfca9ded014d0a958cd47ad3e960e988ea51c" [[package]] name = "rustls-webpki" version = "0.102.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9" dependencies = [ "ring", "rustls-pki-types", "untrusted", ] [[package]] name = "rustversion" version = "1.0.19" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f7c45b9784283f1b2e7fb61b42047c2fd678ef0960d4f6f1eba131594cc369d4" [[package]] name = "ryu" version = "1.0.19" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6ea1a2d0a644769cc99faa24c3ad26b379b786fe7c36fd3c546254801650e6dd" [[package]] name = "same-file" version = "1.0.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502" dependencies = [ "winapi-util", ] [[package]] name = "schannel" version = "0.1.27" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1f29ebaa345f945cec9fbbc532eb307f0fdad8161f281b6369539c8d84876b3d" dependencies = [ "windows-sys 0.59.0", ] [[package]] name = "scoped-tls" version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e1cf6437eb19a8f4a6cc0f7dca544973b0b78843adbfeb3683d1a94a0024a294" [[package]] name = "scopeguard" version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" [[package]] name = "sec1" version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" dependencies = [ "base16ct", "der", "generic-array", "pkcs8", "subtle", "zeroize", ] [[package]] name = "security-framework" version = "2.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02" dependencies = [ "bitflags", "core-foundation", "core-foundation-sys", "libc", "security-framework-sys", ] [[package]] name = "security-framework-sys" version = "2.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49db231d56a190491cb4aeda9527f1ad45345af50b0851622a7adb8c03b01c32" dependencies = [ "core-foundation-sys", "libc", ] [[package]] name = "semver" version = "1.0.25" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f79dfe2d285b0488816f30e700a7438c5a73d816b5b7d3ac72fbc48b0d185e03" [[package]] name = "sequoia-autocrypt" version = "0.26.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "11d65ff1c8589a3e505d36c8e1919483bf4a2d8d6eb65f84c3922fbdcae6928b" dependencies = [ "base64", "sequoia-openpgp", ] [[package]] name = "sequoia-cert-store" version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cc8987ed37e9931aee509c7ebc10e93b2ee5862849546c8a0c4588f3ed670b74" dependencies = [ "anyhow", "crossbeam", "dirs 5.0.1", "gethostname", "num_cpus", "openpgp-cert-d", "rayon", "rusqlite", "sequoia-openpgp", "smallvec", "thiserror 2.0.12", "url", ] [[package]] name = "sequoia-directories" version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b01dd48960c5cf8617ab77e5c9f8ebeb55a1d694e3eabf830fa70453ffa637d5" dependencies = [ "anyhow", "directories", "same-file", "tempfile", "thiserror 1.0.69", ] [[package]] name = "sequoia-gpg-agent" version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c7f01803c82bdada34baa0f049e523c77b446ee347035df239a1f890c5d70c48" dependencies = [ "anyhow", "chrono", "futures", "lalrpop 0.22.1", "lalrpop-util 0.22.1", "libc", "sequoia-ipc", "sequoia-openpgp", "stfu8", "tempfile", "thiserror 2.0.12", "tokio", ] [[package]] name = "sequoia-ipc" version = "0.36.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c92579bbd37f62bbcc41e4dce7771fea395037bebaf9b8e10c20b765be8280ab" dependencies = [ "anyhow", "capnp-rpc", "ctor", "dirs 5.0.1", "fs2", "lalrpop 0.20.2", "lalrpop-util 0.20.2", "libc", "memsec", "rand", "sequoia-openpgp", "socket2", "tempfile", "thiserror 2.0.12", "tokio", "tokio-util", "winapi", ] [[package]] name = "sequoia-keystore" version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b510811048c0767a0d3196b3bb0719d999eb52a836580d794e97a2586b546347" dependencies = [ "anyhow", "async-generic", "capnp", "capnpc", "dirs 5.0.1", "env_logger", "log", "paste", "sequoia-directories", "sequoia-ipc", "sequoia-keystore-backend", "sequoia-keystore-gpg-agent", "sequoia-keystore-softkeys", "sequoia-openpgp", "thiserror 2.0.12", "tokio", "tokio-util", ] [[package]] name = "sequoia-keystore-backend" version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c55b047f9b6412c34dc7a26a42f278205cbf1e29516feab1228edccca215f500" dependencies = [ "anyhow", "async-trait", "env_logger", "futures", "log", "sequoia-openpgp", "tempfile", "thiserror 2.0.12", "tokio", ] [[package]] name = "sequoia-keystore-gpg-agent" version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7ad901f1f1d88b38f5f5738d5bf2b80136ec44e94a40716193be0bbf3314df2b" dependencies = [ "anyhow", "async-trait", "futures", "log", "openpgp-cert-d", "sequoia-gpg-agent", "sequoia-ipc", "sequoia-keystore-backend", "sequoia-openpgp", "tokio", ] [[package]] name = "sequoia-keystore-softkeys" version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "713736e9a5277f8ff829a1efaf99c0f6c07718fe0c199f435406883313ee8742" dependencies = [ "anyhow", "async-trait", "dirs 5.0.1", "futures", "log", "sequoia-keystore-backend", "sequoia-openpgp", ] [[package]] name = "sequoia-man" version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e0a9d99c0d8879eb0acc2f21908ea328b3370e429079d21a8a187b42161bc674" dependencies = [ "anyhow", "clap", "roff", ] [[package]] name = "sequoia-net" version = "0.30.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "956ef5d37e41f53259cd3c6caac5f135351ee92f76f3ac6ee9cf771ee6e33925" dependencies = [ "anyhow", "base64", "futures-util", "hickory-client", "hickory-resolver", "http", "hyper", "hyper-tls", "libc", "percent-encoding", "reqwest", "sequoia-openpgp", "thiserror 1.0.69", "tokio", "url", "z-base-32", ] [[package]] name = "sequoia-openpgp" version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "015e5fc3d023418b9db98ca9a7f3e90b305872eeafe5ca45c5c32b5eb335c1e8" dependencies = [ "aes", "aes-gcm", "anyhow", "argon2", "base64", "block-padding", "blowfish", "botan", "buffered-reader", "bzip2", "camellia", "cast5", "cfb-mode", "chrono", "cipher", "des", "digest", "dsa", "dyn-clone", "eax", "ecb", "ecdsa", "ed25519", "ed25519-dalek", "flate2", "getrandom 0.2.15", "hkdf", "idea", "idna", "lalrpop 0.20.2", "lalrpop-util 0.20.2", "libc", "md-5", "memsec", "nettle", "num-bigint-dig", "ocb3", "openssl", "openssl-sys", "p256", "p384", "p521", "rand", "rand_core", "regex", "regex-syntax 0.8.5", "ripemd", "rsa", "sha1collisiondetection", "sha2", "sha3", "thiserror 2.0.12", "twofish", "typenum", "win-crypto-ng", "winapi", "x25519-dalek", "xxhash-rust", ] [[package]] name = "sequoia-policy-config" version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8e016b708d64857b6a97e1a331d9471b73e30ed450d247628e1a0ce236b1e597" dependencies = [ "anyhow", "chrono", "sequoia-openpgp", "serde", "thiserror 1.0.69", "toml", ] [[package]] name = "sequoia-sq" version = "1.3.1" dependencies = [ "aho-corasick", "anyhow", "assert_cmd", "buffered-reader", "cfg-if", "chrono", "clap", "clap_complete", "clap_lex", "culpa", "dirs 5.0.1", "filetime", "fs_extra", "futures-util", "gethostname", "humantime", "indicatif", "libc", "once_cell", "predicates", "regex", "reqwest", "roff", "rpassword", "rusqlite", "sequoia-autocrypt", "sequoia-cert-store", "sequoia-directories", "sequoia-ipc", "sequoia-keystore", "sequoia-man", "sequoia-net", "sequoia-openpgp", "sequoia-policy-config", "sequoia-wot", "serde", "subplot-build", "subplotlib", "tempfile", "termcolor", "terminal_size", "textwrap", "thiserror 1.0.69", "tokio", "toml_edit", "typenum", ] [[package]] name = "sequoia-wot" version = "0.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7725fa3249ea6f786362408e7fc9ebd86e9250633991d97a2bd64d1197dce490" dependencies = [ "anyhow", "chrono", "crossbeam", "num_cpus", "sequoia-cert-store", "sequoia-openpgp", "thiserror 2.0.12", ] [[package]] name = "serde" version = "1.0.218" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e8dfc9d19bdbf6d17e22319da49161d5d0108e4188e8b680aef6299eed22df60" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" version = "1.0.218" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f09503e191f4e797cb8aac08e9a4a4695c5edf6a2e70e376d961ddd5c969f82b" dependencies = [ "proc-macro2", "quote", "syn", ] [[package]] name = "serde_json" version = "1.0.140" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "20068b6e96dc6c9bd23e01df8827e6c7e1f2fddd43c21810382803c136b99373" dependencies = [ "itoa", "memchr", "ryu", "serde", ] [[package]] name = "serde_path_to_error" version = "0.1.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "59fab13f937fa393d08645bf3a84bdfe86e296747b506ada67bb15f10f218b2a" dependencies = [ "itoa", "serde", ] [[package]] name = "serde_urlencoded" version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd" dependencies = [ "form_urlencoded", "itoa", "ryu", "serde", ] [[package]] name = "sha1collisiondetection" version = "0.3.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1f606421e4a6012877e893c399822a4ed4b089164c5969424e1b9d1e66e6964b" dependencies = [ "const-oid", "digest", "generic-array", ] [[package]] name = "sha2" version = "0.10.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8" dependencies = [ "cfg-if", "cpufeatures", "digest", ] [[package]] name = "sha3" version = "0.10.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "75872d278a8f37ef87fa0ddbda7802605cb18344497949862c0d4dcb291eba60" dependencies = [ "digest", "keccak", ] [[package]] name = "sharded-slab" version = "0.1.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f40ca3c46823713e0d4209592e8d6e826aa57e928f09752619fc696c499637f6" dependencies = [ "lazy_static", ] [[package]] name = "shell-words" version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "24188a676b6ae68c3b2cb3a01be17fbf7240ce009799bb56d5b1409051e78fde" [[package]] name = "shlex" version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" [[package]] name = "signature" version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" dependencies = [ "digest", "rand_core", ] [[package]] name = "siphasher" version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "56199f7ddabf13fe5074ce809e7d3f42b42ae711800501b5b16ea82ad029c39d" [[package]] name = "slab" version = "0.4.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8f92a496fb766b417c996b9c5e57daf2f7ad3b0bebe1ccfca4856390e3d3bb67" dependencies = [ "autocfg", ] [[package]] name = "slug" version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "882a80f72ee45de3cc9a5afeb2da0331d58df69e4e7d8eeb5d3c7784ae67e724" dependencies = [ "deunicode", "wasm-bindgen", ] [[package]] name = "smallvec" version = "1.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7fcf8323ef1faaee30a44a340193b1ac6814fd9b7b4e88e9d4519a3e4abe1cfd" [[package]] name = "smawk" version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b7c388c1b5e93756d0c740965c41e8822f866621d41acbdf6336a6a168f8840c" [[package]] name = "socket2" version = "0.5.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c970269d99b64e60ec3bd6ad27270092a5394c4e309314b18ae3fe575695fbe8" dependencies = [ "libc", "windows-sys 0.52.0", ] [[package]] name = "spin" version = "0.9.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" [[package]] name = "spki" version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" dependencies = [ "base64ct", "der", ] [[package]] name = "stable_deref_trait" version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3" [[package]] name = "state" version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2b8c4a4445d81357df8b1a650d0d0d6fbbbfe99d064aa5e02f3e4022061476d8" dependencies = [ "loom", ] [[package]] name = "stfu8" version = "0.2.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e51f1e89f093f99e7432c491c382b88a6860a5adbe6bf02574bf0a08efff1978" [[package]] name = "string_cache" version = "0.8.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "938d512196766101d333398efde81bc1f37b00cb42c2f8350e5df639f040bbbe" dependencies = [ "new_debug_unreachable", "parking_lot", "phf_shared", "precomputed-hash", ] [[package]] name = "strsim" version = "0.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" [[package]] name = "subplot" version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5eb998cc5b2599ac493bd0fd2972013c3f3c11ef37800f6d2d2f4067d78a0c01" dependencies = [ "anyhow", "base64", "descape", "getopts", "html-escape", "lazy_static", "line-col", "marked-yaml", "pikchr", "pulldown-cmark", "regex", "roadmap", "serde", "serde_json", "slug", "tera", "thiserror 2.0.12", "tracing", "walkdir", ] [[package]] name = "subplot-build" version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "008b31a93442526100369310bf717117df546b8259b7043aebcfdffa84af35bf" dependencies = [ "subplot", "tracing", ] [[package]] name = "subplotlib" version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6ddf898c1d4ef62f77028b546f7baf9c1e661c927587249da0b0fa5ec5906422" dependencies = [ "base64", "culpa", "filetime", "fs2", "lazy_static", "regex", "remove_dir_all", "shell-words", "state", "subplotlib-derive", "tempfile", "time", ] [[package]] name = "subplotlib-derive" version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f37c9bc08dcdd72eb2a5f0d2f405c5384466c7c199921b00d4ab9d8f60972efb" dependencies = [ "culpa", "proc-macro2", "quote", "subplot", "syn", ] [[package]] name = "subtle" version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "syn" version = "2.0.99" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e02e925281e18ffd9d640e234264753c43edc62d64b2d4cf898f1bc5e75f3fc2" dependencies = [ "proc-macro2", "quote", "unicode-ident", ] [[package]] name = "sync_wrapper" version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0bf256ce5efdfa370213c1dabab5935a12e49f2c58d15e9eac2870d3b4f27263" dependencies = [ "futures-core", ] [[package]] name = "synstructure" version = "0.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971" dependencies = [ "proc-macro2", "quote", "syn", ] [[package]] name = "system-configuration" version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3c879d448e9d986b661742763247d3693ed13609438cf3d006f51f5368a5ba6b" dependencies = [ "bitflags", "core-foundation", "system-configuration-sys", ] [[package]] name = "system-configuration-sys" version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8e1d1b10ced5ca923a1fcb8d03e96b8d3268065d724548c0211415ff6ac6bac4" dependencies = [ "core-foundation-sys", "libc", ] [[package]] name = "tempfile" version = "3.17.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "22e5a0acb1f3f55f65cc4a866c361b2fb2a0ff6366785ae6fbb5f85df07ba230" dependencies = [ "cfg-if", "fastrand", "getrandom 0.3.1", "once_cell", "rustix", "windows-sys 0.59.0", ] [[package]] name = "tera" version = "1.20.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ab9d851b45e865f178319da0abdbfe6acbc4328759ff18dafc3a41c16b4cd2ee" dependencies = [ "globwalk", "humansize", "lazy_static", "percent-encoding", "pest", "pest_derive", "rand", "regex", "serde", "serde_json", "slug", "unic-segment", ] [[package]] name = "term" version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c59df8ac95d96ff9bede18eb7300b0fda5e5d8d90960e76f8e14ae765eedbf1f" dependencies = [ "dirs-next", "rustversion", "winapi", ] [[package]] name = "term" version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a3bb6001afcea98122260987f8b7b5da969ecad46dbf0b5453702f776b491a41" dependencies = [ "home", "windows-sys 0.52.0", ] [[package]] name = "termcolor" version = "1.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "06794f8f6c5c898b3275aebefa6b8a1cb24cd2c6c79397ab15774837a0bc5755" dependencies = [ "winapi-util", ] [[package]] name = "terminal_size" version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5352447f921fda68cf61b4101566c0bdb5104eff6804d0678e5227580ab6a4e9" dependencies = [ "rustix", "windows-sys 0.59.0", ] [[package]] name = "termtree" version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8f50febec83f5ee1df3015341d8bd429f2d1cc62bcba7ea2076759d315084683" [[package]] name = "textwrap" version = "0.16.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "23d434d3f8967a09480fb04132ebe0a3e088c173e6d0ee7897abbdf4eab0f8b9" dependencies = [ "smawk", "unicode-linebreak", "unicode-width 0.1.14", ] [[package]] name = "thiserror" version = "1.0.69" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52" dependencies = [ "thiserror-impl 1.0.69", ] [[package]] name = "thiserror" version = "2.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "567b8a2dae586314f7be2a752ec7474332959c6460e02bde30d702a66d488708" dependencies = [ "thiserror-impl 2.0.12", ] [[package]] name = "thiserror-impl" version = "1.0.69" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1" dependencies = [ "proc-macro2", "quote", "syn", ] [[package]] name = "thiserror-impl" version = "2.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7f7cf42b4507d8ea322120659672cf1b9dbb93f8f2d4ecfd6e51350ff5b17a1d" dependencies = [ "proc-macro2", "quote", "syn", ] [[package]] name = "thread_local" version = "1.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b9ef9bad013ada3808854ceac7b46812a6465ba368859a37e2100283d2d719c" dependencies = [ "cfg-if", "once_cell", ] [[package]] name = "time" version = "0.3.37" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "35e7868883861bd0e56d9ac6efcaaca0d6d5d82a2a7ec8209ff492c07cf37b21" dependencies = [ "deranged", "num-conv", "powerfmt", "serde", "time-core", "time-macros", ] [[package]] name = "time-core" version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3" [[package]] name = "time-macros" version = "0.2.19" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2834e6017e3e5e4b9834939793b282bc03b37a3336245fa820e35e233e2a85de" dependencies = [ "num-conv", "time-core", ] [[package]] name = "tiny-keccak" version = "2.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2c9d3793400a45f954c52e73d068316d76b6f4e36977e3fcebb13a2721e80237" dependencies = [ "crunchy", ] [[package]] name = "tinystr" version = "0.7.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9117f5d4db391c1cf6927e7bea3db74b9a1c1add8f7eda9ffd5364f40f57b82f" dependencies = [ "displaydoc", "zerovec", ] [[package]] name = "tinyvec" version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "09b3661f17e86524eccd4371ab0429194e0d7c008abb45f7a7495b1719463c71" dependencies = [ "tinyvec_macros", ] [[package]] name = "tinyvec_macros" version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" version = "1.43.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3d61fa4ffa3de412bfea335c6ecff681de2b609ba3c77ef3e00e521813a9ed9e" dependencies = [ "backtrace", "bytes", "libc", "mio", "pin-project-lite", "socket2", "tokio-macros", "windows-sys 0.52.0", ] [[package]] name = "tokio-macros" version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6e06d43f1345a3bcd39f6a56dbb7dcab2ba47e68e8ac134855e7e2bdbaf8cab8" dependencies = [ "proc-macro2", "quote", "syn", ] [[package]] name = "tokio-native-tls" version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2" dependencies = [ "native-tls", "tokio", ] [[package]] name = "tokio-rustls" version = "0.26.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8e727b36a1a0e8b74c376ac2211e40c2c8af09fb4013c60d910495810f008e9b" dependencies = [ "rustls", "tokio", ] [[package]] name = "tokio-util" version = "0.7.13" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d7fcaa8d55a2bdd6b83ace262b016eca0d79ee02818c5c1bcdf0305114081078" dependencies = [ "bytes", "futures-core", "futures-io", "futures-sink", "pin-project-lite", "tokio", ] [[package]] name = "toml" version = "0.5.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f4f7f0dd8d50a853a531c426359045b1998f04219d88799810762cd4ad314234" dependencies = [ "serde", ] [[package]] name = "toml_datetime" version = "0.6.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0dd7358ecb8fc2f8d014bf86f6f638ce72ba252a2c3a2572f2a795f1d23efb41" [[package]] name = "toml_edit" version = "0.22.24" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "17b4795ff5edd201c7cd6dca065ae59972ce77d1b80fa0a84d94950ece7d1474" dependencies = [ "indexmap", "toml_datetime", "winnow", ] [[package]] name = "tower" version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d039ad9159c98b70ecfd540b2573b97f7f52c3e8d9f8ad57a24b916a536975f9" dependencies = [ "futures-core", "futures-util", "pin-project-lite", "sync_wrapper", "tokio", "tower-layer", "tower-service", ] [[package]] name = "tower-layer" version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "121c2a6cda46980bb0fcd1647ffaf6cd3fc79a013de288782836f6df9c48780e" [[package]] name = "tower-service" version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3" [[package]] name = "tracing" version = "0.1.41" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0" dependencies = [ "pin-project-lite", "tracing-attributes", "tracing-core", ] [[package]] name = "tracing-attributes" version = "0.1.28" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "395ae124c09f9e6918a2310af6038fba074bcf474ac352496d5910dd59a2226d" dependencies = [ "proc-macro2", "quote", "syn", ] [[package]] name = "tracing-core" version = "0.1.33" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e672c95779cf947c5311f83787af4fa8fffd12fb27e4993211a84bdfd9610f9c" dependencies = [ "once_cell", "valuable", ] [[package]] name = "tracing-log" version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3" dependencies = [ "log", "once_cell", "tracing-core", ] [[package]] name = "tracing-subscriber" version = "0.3.19" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e8189decb5ac0fa7bc8b96b7cb9b2701d60d48805aca84a238004d665fcc4008" dependencies = [ "matchers", "nu-ansi-term", "once_cell", "regex", "sharded-slab", "smallvec", "thread_local", "tracing", "tracing-core", "tracing-log", ] [[package]] name = "try-lock" version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" [[package]] name = "twofish" version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a78e83a30223c757c3947cd144a31014ff04298d8719ae10d03c31c0448c8013" dependencies = [ "cipher", ] [[package]] name = "typenum" version = "1.18.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f" [[package]] name = "ucd-trie" version = "0.1.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2896d95c02a80c6d6a5d6e953d479f5ddf2dfdb6a244441010e373ac0fb88971" [[package]] name = "unic-char-property" version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a8c57a407d9b6fa02b4795eb81c5b6652060a15a7903ea981f3d723e6c0be221" dependencies = [ "unic-char-range", ] [[package]] name = "unic-char-range" version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0398022d5f700414f6b899e10b8348231abf9173fa93144cbc1a43b9793c1fbc" [[package]] name = "unic-common" version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "80d7ff825a6a654ee85a63e80f92f054f904f21e7d12da4e22f9834a4aaa35bc" [[package]] name = "unic-segment" version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e4ed5d26be57f84f176157270c112ef57b86debac9cd21daaabbe56db0f88f23" dependencies = [ "unic-ucd-segment", ] [[package]] name = "unic-ucd-segment" version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2079c122a62205b421f499da10f3ee0f7697f012f55b675e002483c73ea34700" dependencies = [ "unic-char-property", "unic-char-range", "unic-ucd-version", ] [[package]] name = "unic-ucd-version" version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "96bd2f2237fe450fcd0a1d2f5f4e91711124f7857ba2e964247776ebeeb7b0c4" dependencies = [ "unic-common", ] [[package]] name = "unicase" version = "2.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "75b844d17643ee918803943289730bec8aac480150456169e647ed0b576ba539" [[package]] name = "unicode-ident" version = "1.0.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "00e2473a93778eb0bad35909dff6a10d28e63f792f16ed15e404fca9d5eeedbe" [[package]] name = "unicode-linebreak" version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3b09c83c3c29d37506a3e260c08c03743a6bb66a9cd432c6934ab501a190571f" [[package]] name = "unicode-width" version = "0.1.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7dd6e30e90baa6f72411720665d41d89b9a3d039dc45b8faea1ddd07f617f6af" [[package]] name = "unicode-width" version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1fc81956842c57dac11422a97c3b8195a1ff727f06e85c84ed2e8aa277c9a0fd" [[package]] name = "unicode-xid" version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853" [[package]] name = "universal-hash" version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fc1de2c688dc15305988b563c3854064043356019f97a4b46276fe734c4f07ea" dependencies = [ "crypto-common", "subtle", ] [[package]] name = "untrusted" version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" [[package]] name = "url" version = "2.5.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "32f8b686cadd1473f4bd0117a5d28d36b1ade384ea9b5069a1c40aefed7fda60" dependencies = [ "form_urlencoded", "idna", "percent-encoding", ] [[package]] name = "utf16_iter" version = "1.0.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c8232dd3cdaed5356e0f716d285e4b40b932ac434100fe9b7e0e8e935b9e6246" [[package]] name = "utf8-width" version = "0.1.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "86bd8d4e895da8537e5315b8254664e6b769c4ff3db18321b297a1e7004392e3" [[package]] name = "utf8_iter" version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be" [[package]] name = "utf8parse" version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" [[package]] name = "valuable" version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ba73ea9cf16a25df0c8caa16c51acb937d5712a8429db78a3ee29d5dcacd3a65" [[package]] name = "vcpkg" version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" [[package]] name = "version_check" version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" [[package]] name = "wait-timeout" version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "09ac3b126d3914f9849036f826e054cbabdc8519970b8998ddaf3b5bd3c65f11" dependencies = [ "libc", ] [[package]] name = "walkdir" version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b" dependencies = [ "same-file", "winapi-util", ] [[package]] name = "want" version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bfa7760aed19e106de2c7c0b581b509f2f25d3dacaf737cb82ac61bc6d760b0e" dependencies = [ "try-lock", ] [[package]] name = "wasi" version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasi" version = "0.13.3+wasi-0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "26816d2e1a4a36a2940b96c5296ce403917633dff8f3440e9b236ed6f6bacad2" dependencies = [ "wit-bindgen-rt", ] [[package]] name = "wasm-bindgen" version = "0.2.100" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1edc8929d7499fc4e8f0be2262a241556cfc54a0bea223790e71446f2aab1ef5" dependencies = [ "cfg-if", "once_cell", "rustversion", "wasm-bindgen-macro", ] [[package]] name = "wasm-bindgen-backend" version = "0.2.100" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2f0a0651a5c2bc21487bde11ee802ccaf4c51935d0d3d42a6101f98161700bc6" dependencies = [ "bumpalo", "log", "proc-macro2", "quote", "syn", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-futures" version = "0.4.50" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "555d470ec0bc3bb57890405e5d4322cc9ea83cebb085523ced7be4144dac1e61" dependencies = [ "cfg-if", "js-sys", "once_cell", "wasm-bindgen", "web-sys", ] [[package]] name = "wasm-bindgen-macro" version = "0.2.100" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7fe63fc6d09ed3792bd0897b314f53de8e16568c2b3f7982f468c0bf9bd0b407" dependencies = [ "quote", "wasm-bindgen-macro-support", ] [[package]] name = "wasm-bindgen-macro-support" version = "0.2.100" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ae87ea40c9f689fc23f209965b6fb8a99ad69aeeb0231408be24920604395de" dependencies = [ "proc-macro2", "quote", "syn", "wasm-bindgen-backend", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-shared" version = "0.2.100" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1a05d73b933a847d6cccdda8f838a22ff101ad9bf93e33684f39c1f5f0eece3d" dependencies = [ "unicode-ident", ] [[package]] name = "wasm-streams" version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "15053d8d85c7eccdbefef60f06769760a563c7f0a9d6902a13d35c7800b0ad65" dependencies = [ "futures-util", "js-sys", "wasm-bindgen", "wasm-bindgen-futures", "web-sys", ] [[package]] name = "web-sys" version = "0.3.77" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "33b6dd2ef9186f1f2072e409e99cd22a975331a6b3591b12c764e0e55c60d5d2" dependencies = [ "js-sys", "wasm-bindgen", ] [[package]] name = "web-time" version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5a6580f308b1fad9207618087a65c04e7a10bc77e02c8e84e9b00dd4b12fa0bb" dependencies = [ "js-sys", "wasm-bindgen", ] [[package]] name = "widestring" version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7219d36b6eac893fa81e84ebe06485e7dcbb616177469b142df14f1f4deb1311" [[package]] name = "win-crypto-ng" version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "99abfb435a71e54ab2971d8d8c32f1a7e006cdbf527f71743b1d45b93517bb92" dependencies = [ "cipher", "doc-comment", "rand_core", "winapi", "zeroize", ] [[package]] name = "winapi" version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" dependencies = [ "winapi-i686-pc-windows-gnu", "winapi-x86_64-pc-windows-gnu", ] [[package]] name = "winapi-i686-pc-windows-gnu" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" [[package]] name = "winapi-util" version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb" dependencies = [ "windows-sys 0.59.0", ] [[package]] name = "winapi-x86_64-pc-windows-gnu" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" [[package]] name = "windows" version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e686886bc078bc1b0b600cac0147aadb815089b6e4da64016cbd754b6342700f" dependencies = [ "windows-targets 0.48.5", ] [[package]] name = "windows-core" version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9" dependencies = [ "windows-targets 0.52.6", ] [[package]] name = "windows-link" version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6dccfd733ce2b1753b03b6d3c65edf020262ea35e20ccdf3e288043e6dd620e3" [[package]] name = "windows-registry" version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e400001bb720a623c1c69032f8e3e4cf09984deec740f007dd2b03ec864804b0" dependencies = [ "windows-result", "windows-strings", "windows-targets 0.52.6", ] [[package]] name = "windows-result" version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1d1043d8214f791817bab27572aaa8af63732e11bf84aa21a45a78d6c317ae0e" dependencies = [ "windows-targets 0.52.6", ] [[package]] name = "windows-strings" version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4cd9b125c486025df0eabcb585e62173c6c9eddcec5d117d3b6e8c30e2ee4d10" dependencies = [ "windows-result", "windows-targets 0.52.6", ] [[package]] name = "windows-sys" version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" dependencies = [ "windows-targets 0.48.5", ] [[package]] name = "windows-sys" version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ "windows-targets 0.52.6", ] [[package]] name = "windows-sys" version = "0.59.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" dependencies = [ "windows-targets 0.52.6", ] [[package]] name = "windows-targets" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" dependencies = [ "windows_aarch64_gnullvm 0.48.5", "windows_aarch64_msvc 0.48.5", "windows_i686_gnu 0.48.5", "windows_i686_msvc 0.48.5", "windows_x86_64_gnu 0.48.5", "windows_x86_64_gnullvm 0.48.5", "windows_x86_64_msvc 0.48.5", ] [[package]] name = "windows-targets" version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" dependencies = [ "windows_aarch64_gnullvm 0.52.6", "windows_aarch64_msvc 0.52.6", "windows_i686_gnu 0.52.6", "windows_i686_gnullvm", "windows_i686_msvc 0.52.6", "windows_x86_64_gnu 0.52.6", "windows_x86_64_gnullvm 0.52.6", "windows_x86_64_msvc 0.52.6", ] [[package]] name = "windows_aarch64_gnullvm" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" [[package]] name = "windows_aarch64_gnullvm" version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" [[package]] name = "windows_aarch64_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" [[package]] name = "windows_aarch64_msvc" version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" [[package]] name = "windows_i686_gnu" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" [[package]] name = "windows_i686_gnu" version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" [[package]] name = "windows_i686_gnullvm" version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" [[package]] name = "windows_i686_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" [[package]] name = "windows_i686_msvc" version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" [[package]] name = "windows_x86_64_gnu" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" [[package]] name = "windows_x86_64_gnu" version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" [[package]] name = "windows_x86_64_gnullvm" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" [[package]] name = "windows_x86_64_gnullvm" version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" [[package]] name = "windows_x86_64_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "windows_x86_64_msvc" version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] name = "winnow" version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0e7f4ea97f6f78012141bcdb6a216b2609f0979ada50b20ca5b52dde2eac2bb1" dependencies = [ "memchr", ] [[package]] name = "winreg" version = "0.50.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "524e57b2c537c0f9b1e69f1965311ec12182b4122e45035b1508cd24d2adadb1" dependencies = [ "cfg-if", "windows-sys 0.48.0", ] [[package]] name = "wit-bindgen-rt" version = "0.33.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3268f3d866458b787f390cf61f4bbb563b922d091359f9608842999eaee3943c" dependencies = [ "bitflags", ] [[package]] name = "write16" version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d1890f4022759daae28ed4fe62859b1236caebfc61ede2f63ed4e695f3f6d936" [[package]] name = "writeable" version = "0.5.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1e9df38ee2d2c3c5948ea468a8406ff0db0b29ae1ffde1bcf20ef305bcc95c51" [[package]] name = "x25519-dalek" version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c7e468321c81fb07fa7f4c636c3972b9100f0346e5b6a9f2bd0603a52f7ed277" dependencies = [ "curve25519-dalek", "rand_core", "zeroize", ] [[package]] name = "xxhash-rust" version = "0.8.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fdd20c5420375476fbd4394763288da7eb0cc0b8c11deed431a91562af7335d3" [[package]] name = "yaml-rust2" version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2a1a1c0bc9823338a3bdf8c61f994f23ac004c6fa32c08cd152984499b445e8d" dependencies = [ "arraydeque", "encoding_rs", "hashlink", ] [[package]] name = "yoke" version = "0.7.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "120e6aef9aa629e3d4f52dc8cc43a015c7724194c97dfaf45180d2daf2b77f40" dependencies = [ "serde", "stable_deref_trait", "yoke-derive", "zerofrom", ] [[package]] name = "yoke-derive" version = "0.7.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2380878cad4ac9aac1e2435f3eb4020e8374b5f13c296cb75b4620ff8e229154" dependencies = [ "proc-macro2", "quote", "syn", "synstructure", ] [[package]] name = "z-base-32" version = "0.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "21bf7b4a78668416e1e8a332334e26fb2f377afe707f0c6feaf6ed5f9100133b" [[package]] name = "zerocopy" version = "0.7.35" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" dependencies = [ "byteorder", "zerocopy-derive", ] [[package]] name = "zerocopy-derive" version = "0.7.35" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", "syn", ] [[package]] name = "zerofrom" version = "0.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "91ec111ce797d0e0784a1116d0ddcdbea84322cd79e5d5ad173daeba4f93ab55" dependencies = [ "zerofrom-derive", ] [[package]] name = "zerofrom-derive" version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d71e5d6e06ab090c67b5e44993ec16b72dcbaabc526db883a360057678b48502" dependencies = [ "proc-macro2", "quote", "syn", "synstructure", ] [[package]] name = "zeroize" version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" dependencies = [ "zeroize_derive", ] [[package]] name = "zeroize_derive" version = "1.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", "syn", ] [[package]] name = "zerovec" version = "0.10.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "aa2b893d79df23bfb12d5461018d408ea19dfafe76c2c7ef6d4eba614f8ff079" dependencies = [ "yoke", "zerofrom", "zerovec-derive", ] [[package]] name = "zerovec-derive" version = "0.10.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6" dependencies = [ "proc-macro2", "quote", "syn", ] sequoia-sq-1.3.1/Cargo.toml0000644000000156060000000000100111330ustar # THIS FILE IS AUTOMATICALLY GENERATED BY CARGO # # When uploading crates to the registry Cargo will automatically # "normalize" Cargo.toml files for maximal compatibility # with all versions of Cargo and also rewrite `path` dependencies # to registry (e.g., crates.io) dependencies. # # If you are reading this file be aware that the original Cargo.toml # will likely look very different (and much more reasonable). # See Cargo.toml.orig for the original contents. [package] edition = "2021" rust-version = "1.79" name = "sequoia-sq" version = "1.3.1" authors = [ "Azul ", "Heiko Schaefer ", "Igor Matuszewski ", "Justus Winter ", "Kai Michaelis ", "Lars Wirzenius ", "Neal H. Walfield ", "Nora Widdecke ", "Wiktor Kwapisiewicz ", ] build = "build.rs" autolib = false autobins = false autoexamples = false autotests = false autobenches = false description = "Command-line frontends for Sequoia" homepage = "https://sequoia-pgp.org/" documentation = "https://docs.rs/sequoia-sq" readme = "README.md" keywords = [ "cryptography", "openpgp", "pgp", "encryption", "signing", ] categories = [ "cryptography", "authentication", "command-line-utilities", ] license = "LGPL-2.0-or-later" repository = "https://gitlab.com/sequoia-pgp/sequoia-sq" [badges.gitlab] repository = "sequoia-pgp/sequoia-sq" [badges.maintenance] status = "actively-developed" [features] crypto-botan = ["sequoia-openpgp/crypto-botan"] crypto-botan2 = ["sequoia-openpgp/crypto-botan2"] crypto-cng = ["sequoia-openpgp/crypto-cng"] crypto-nettle = ["sequoia-openpgp/crypto-nettle"] crypto-openssl = ["sequoia-openpgp/crypto-openssl"] crypto-rust = ["sequoia-openpgp/crypto-rust"] default = ["crypto-nettle"] subplot = [ "culpa", "subplot-build", "subplotlib", ] [[bin]] name = "sq" path = "src/main.rs" bench = false [[test]] name = "integration" path = "tests/integration.rs" [[test]] name = "sq-subplot" path = "tests/sq-subplot.rs" required-features = ["subplot"] [dependencies.aho-corasick] version = "1" [dependencies.anyhow] version = "1.0.18" [dependencies.buffered-reader] version = "1.4" features = ["compression"] default-features = false [dependencies.chrono] version = "0.4.10" [dependencies.clap] version = "4" features = [ "derive", "env", "string", "wrap_help", ] [dependencies.clap_lex] version = "0.7" default-features = false [dependencies.culpa] version = "1" optional = true [dependencies.dirs] version = "5" [dependencies.filetime] version = "0.2" [dependencies.fs_extra] version = "1" [dependencies.futures-util] version = "0.3" [dependencies.gethostname] version = ">=0.4, <0.6" [dependencies.humantime] version = "2" [dependencies.indicatif] version = "0.17" [dependencies.once_cell] version = "1.17" [dependencies.regex] version = "1" [dependencies.reqwest] version = ">=0.12, <0.13" features = [ "hickory-dns", "stream", ] [dependencies.rpassword] version = "7.0" [dependencies.rusqlite] version = ">=0.31, <0.33" [dependencies.sequoia-autocrypt] version = "0.26" default-features = false [dependencies.sequoia-cert-store] version = "0.7" default-features = false [dependencies.sequoia-directories] version = "0.1" [dependencies.sequoia-ipc] version = "0.36" default-features = false [dependencies.sequoia-keystore] version = "0.7" [dependencies.sequoia-net] version = "0.30" default-features = false [dependencies.sequoia-openpgp] version = "2" features = ["compression"] default-features = false [dependencies.sequoia-policy-config] version = "0.8" [dependencies.sequoia-wot] version = "0.14" default-features = false [dependencies.serde] version = "1.0.137" features = ["derive"] [dependencies.subplotlib] version = ">=0.11, <0.13" optional = true [dependencies.tempfile] version = "3.1" [dependencies.termcolor] version = "1.2.0" [dependencies.terminal_size] version = ">=0.2.6, <0.5" [dependencies.textwrap] version = ">=0.15, <0.17" features = [ "smawk", "unicode-width", ] default-features = false [dependencies.thiserror] version = ">=1, <3" [dependencies.tokio] version = "1.13.1" [dependencies.toml_edit] version = "0.22" features = [ "display", "parse", ] default-features = false [dependencies.typenum] version = "1" [dev-dependencies.assert_cmd] version = "2" [dev-dependencies.libc] version = "0.2" [dev-dependencies.predicates] version = ">=2, <4" [dev-dependencies.regex] version = "1" [build-dependencies.anyhow] version = "1.0.18" [build-dependencies.buffered-reader] version = "1.4" features = ["compression"] default-features = false [build-dependencies.cfg-if] version = "1" [build-dependencies.chrono] version = "0.4.38" [build-dependencies.clap] version = "4" features = [ "derive", "env", "string", "wrap_help", ] [build-dependencies.clap_complete] version = "4" [build-dependencies.clap_lex] version = "0.7" default-features = false [build-dependencies.dirs] version = "5" [build-dependencies.roff] version = "0.2.1" [build-dependencies.sequoia-directories] version = "0.1" [build-dependencies.sequoia-man] version = "0.3" [build-dependencies.sequoia-net] version = "0.30" default-features = false [build-dependencies.sequoia-openpgp] version = "2" features = ["compression"] default-features = false [build-dependencies.serde] version = "1.0.137" features = ["derive"] [build-dependencies.subplot-build] version = ">=0.11, <0.13" optional = true [build-dependencies.terminal_size] version = ">=0.2.6, <0.5" [build-dependencies.textwrap] version = ">=0.15, <0.17" [build-dependencies.typenum] version = "1" [profile.dev.package.aes] opt-level = 2 [profile.dev.package.aes-gcm] opt-level = 2 [profile.dev.package.block-padding] opt-level = 2 [profile.dev.package.blowfish] opt-level = 2 [profile.dev.package.camellia] opt-level = 2 [profile.dev.package.cast5] opt-level = 2 [profile.dev.package.cfb-mode] opt-level = 2 [profile.dev.package.cipher] opt-level = 2 [profile.dev.package.des] opt-level = 2 [profile.dev.package.digest] opt-level = 2 [profile.dev.package.dsa] opt-level = 2 [profile.dev.package.eax] opt-level = 2 [profile.dev.package.ecb] opt-level = 2 [profile.dev.package.ecdsa] opt-level = 2 [profile.dev.package.ed25519] opt-level = 2 [profile.dev.package.ed25519-dalek] opt-level = 2 [profile.dev.package.idea] opt-level = 2 [profile.dev.package.md-5] opt-level = 2 [profile.dev.package.num-bigint-dig] opt-level = 2 [profile.dev.package.p256] opt-level = 2 [profile.dev.package.p384] opt-level = 2 [profile.dev.package.p521] opt-level = 2 [profile.dev.package.ripemd] opt-level = 2 [profile.dev.package.rsa] opt-level = 2 [profile.dev.package.sha2] opt-level = 2 [profile.dev.package.twofish] opt-level = 2 [profile.dev.package.x25519-dalek] opt-level = 2 [profile.release] debug = 2 sequoia-sq-1.3.1/Cargo.toml.orig000064400000000000000000000125571046102023000146160ustar 00000000000000[package] name = "sequoia-sq" description = "Command-line frontends for Sequoia" version = "1.3.1" authors = [ "Azul ", "Heiko Schaefer ", "Igor Matuszewski ", "Justus Winter ", "Kai Michaelis ", "Lars Wirzenius ", "Neal H. Walfield ", "Nora Widdecke ", "Wiktor Kwapisiewicz ", ] build = "build.rs" documentation = "https://docs.rs/sequoia-sq" homepage = "https://sequoia-pgp.org/" repository = "https://gitlab.com/sequoia-pgp/sequoia-sq" readme = "README.md" keywords = ["cryptography", "openpgp", "pgp", "encryption", "signing"] categories = ["cryptography", "authentication", "command-line-utilities"] license = "LGPL-2.0-or-later" edition = "2021" rust-version = "1.79" [badges] gitlab = { repository = "sequoia-pgp/sequoia-sq" } maintenance = { status = "actively-developed" } [dependencies] aho-corasick = "1" buffered-reader = { version = "1.4", default-features = false, features = ["compression"] } dirs = "5" filetime = "0.2" fs_extra = "1" sequoia-directories = "0.1" sequoia-openpgp = { version = "2", default-features = false, features = ["compression"] } sequoia-autocrypt = { version = "0.26", default-features = false } sequoia-net = { version = "0.30", default-features = false } sequoia-policy-config = "0.8" anyhow = "1.0.18" chrono = "0.4.10" clap = { version = "4", features = ["derive", "env", "string", "wrap_help"] } clap_lex = { version = "0.7", default-features = false } futures-util = "0.3" gethostname = { version = ">=0.4, <0.6" } humantime = "2" indicatif = "0.17" once_cell = "1.17" reqwest = { version = ">=0.12, <0.13", features = ["hickory-dns", "stream"] } sequoia-cert-store = { version = "0.7", default-features = false } sequoia-ipc = { version = "0.36", default-features = false } sequoia-keystore = { version = "0.7" } sequoia-wot = { version = "0.14", default-features = false } tempfile = "3.1" thiserror = { version = ">=1, <3" } tokio = { version = "1.13.1" } toml_edit = { version = "0.22", default-features = false, features = ["display", "parse"] } regex = "1" rpassword = "7.0" rusqlite = ">=0.31, <0.33" serde = { version = "1.0.137", features = ["derive"] } terminal_size = ">=0.2.6, <0.5" termcolor = "1.2.0" textwrap = { version = ">=0.15, <0.17", default-features = false, features = ["smawk", "unicode-width"] } typenum = "1" # This is for subplot only. If you don't enable the subplot feature, # feel free to patch it out. subplotlib = { version = ">=0.11, <0.13", optional = true } culpa = { version = "1", optional = true } [build-dependencies] anyhow = "1.0.18" buffered-reader = { version = "1.4", default-features = false, features = ["compression"] } clap = { version = "4", features = ["derive", "env", "string", "wrap_help"] } clap_complete = "4" clap_lex = { version = "0.7", default-features = false } chrono = "0.4.38" dirs = "5" roff = "0.2.1" serde = { version = "1.0.137", features = ["derive"] } sequoia-directories = "0.1" sequoia-man = "0.3" sequoia-openpgp = { version = "2", default-features = false, features = ["compression"] } sequoia-net = { version = "0.30", default-features = false } textwrap = ">=0.15, <0.17" typenum = "1" cfg-if = "1" terminal_size = ">=0.2.6, <0.5" # This is for subplot only. If you don't enable the subplot feature, # feel free to patch it out. subplot-build = { version = ">=0.11, <0.13", optional = true } [dev-dependencies] assert_cmd = "2" predicates = ">=2, <4" regex = "1" libc = "0.2" [[bin]] name = "sq" path = "src/main.rs" bench = false [[test]] name = "sq-subplot" path = "tests/sq-subplot.rs" required-features = ["subplot"] [features] default = [ "crypto-nettle", ] crypto-nettle = ["sequoia-openpgp/crypto-nettle"] crypto-openssl = ["sequoia-openpgp/crypto-openssl"] crypto-botan = ["sequoia-openpgp/crypto-botan"] crypto-botan2 = ["sequoia-openpgp/crypto-botan2"] crypto-cng = ["sequoia-openpgp/crypto-cng"] crypto-rust = ["sequoia-openpgp/crypto-rust"] subplot = ["culpa", "subplot-build", "subplotlib"] [profile.release] debug = true # The Rust Crypto crates are *very* slow when compiled without any # optimizations. Turn on some optimizations. [profile.dev.package.aes] opt-level = 2 [profile.dev.package.aes-gcm] opt-level = 2 [profile.dev.package.block-padding] opt-level = 2 [profile.dev.package.blowfish] opt-level = 2 [profile.dev.package.camellia] opt-level = 2 [profile.dev.package.cast5] opt-level = 2 [profile.dev.package.cipher] opt-level = 2 [profile.dev.package.cfb-mode] opt-level = 2 [profile.dev.package.des] opt-level = 2 [profile.dev.package.digest] opt-level = 2 [profile.dev.package.dsa] opt-level = 2 [profile.dev.package.eax] opt-level = 2 [profile.dev.package.ecb] opt-level = 2 [profile.dev.package.ecdsa] opt-level = 2 [profile.dev.package.ed25519] opt-level = 2 [profile.dev.package.ed25519-dalek] opt-level = 2 [profile.dev.package.idea] opt-level = 2 [profile.dev.package.md-5] opt-level = 2 [profile.dev.package.num-bigint-dig] opt-level = 2 [profile.dev.package.p256] opt-level = 2 [profile.dev.package.p384] opt-level = 2 [profile.dev.package.p521] opt-level = 2 [profile.dev.package.ripemd] opt-level = 2 [profile.dev.package.rsa] opt-level = 2 [profile.dev.package.sha2] opt-level = 2 [profile.dev.package.twofish] opt-level = 2 [profile.dev.package.x25519-dalek] opt-level = 2 sequoia-sq-1.3.1/Containerfile000064400000000000000000000042301046102023000144210ustar 00000000000000# See https://gitlab.com/sequoia-pgp/sequoia/-/blob/main/README.md#debian # for system requirements FROM docker.io/library/debian:trixie AS build # create a sandbox user for the build (in ~builder) and install (in /opt) # give it permissions to the build dir and home # upgrade everything # add dependencies, as specified by the Sequoia README.md file RUN groupadd builder && \ useradd --no-log-init --create-home --gid builder builder && \ apt-get update && \ apt-get upgrade --assume-yes && \ apt-get install --assume-yes --no-install-recommends \ ca-certificates \ capnproto \ cargo \ git \ libclang-dev \ libsqlite3-dev \ libssl-dev \ make \ nettle-dev \ pkg-config \ rustc \ && \ apt-get clean && \ chown builder /opt COPY --chown=builder:builder . /home/builder/sequoia # switch to the sandbox user USER builder # retry build because cargo sometimes segfaults during download (#918854) # # the `build-release` target is used instead of the default because # `install` calls it after anyways RUN cd /home/builder/sequoia && \ CARGO_TARGET_DIR=/tmp/target ASSET_OUT_DIR=/tmp/target/assets cargo build -p sequoia-sq --release && \ install --strip -D --target-directory /opt/usr/local/bin \ /tmp/target/release/sq FROM docker.io/library/debian:trixie-slim AS sq-base RUN apt-get update && \ apt-get upgrade --assume-yes && \ apt-get install -yqq \ bash-completion \ ca-certificates \ libssl3 \ libsqlite3-0 \ man-db && \ apt-get clean && \ rm -fr -- /var/lib/apt/lists/* /var/cache/* FROM sq-base AS sq COPY --from=build /opt/usr/local/bin/sq /usr/local/bin/sq COPY --from=build /etc/ssl/certs /etc/ssl/certs COPY --from=build /tmp/target/assets/shell-completions/sq.bash /etc/bash_completion.d/sq COPY --from=build /tmp/target/assets/man-pages/* /usr/share/man/man1/ ENV SEQUOIA_HOME=/sequoia SEQUOIA_CERT_STORE=/sequoia/certstore SEQUOIA_KEY_STORE=/sequoia/keystore # Set the default workdir to sequoia home directory WORKDIR /sequoia VOLUME /sequoia ENTRYPOINT ["/usr/local/bin/sq"] sequoia-sq-1.3.1/LICENSE.txt000064400000000000000000000627421046102023000135530ustar 00000000000000Sequoia PGP sq is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. Sequoia PGP sq is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. --- GNU LIBRARY GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1991 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. [This is the first released version of the library GPL. It is numbered 2 because it goes with version 2 of the ordinary GPL.] Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This license, the Library General Public License, applies to some specially designated Free Software Foundation software, and to any other libraries whose authors decide to use it. You can use it for your libraries, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library, or if you modify it. For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link a program with the library, you must provide complete object files to the recipients so that they can relink them with the library, after making changes to the library and recompiling it. And you must show them these terms so they know their rights. Our method of protecting your rights has two steps: (1) copyright the library, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the library. Also, for each distributor's protection, we want to make certain that everyone understands that there is no warranty for this free library. If the library is modified by someone else and passed on, we want its recipients to know that what they have is not the original version, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that companies distributing free software will individually obtain patent licenses, thus in effect transforming the program into proprietary software. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. Most GNU software, including some libraries, is covered by the ordinary GNU General Public License, which was designed for utility programs. This license, the GNU Library General Public License, applies to certain designated libraries. This license is quite different from the ordinary one; be sure to read it in full, and don't assume that anything in it is the same as in the ordinary license. The reason we have a separate public license for some libraries is that they blur the distinction we usually make between modifying or adding to a program and simply using it. Linking a program with a library, without changing the library, is in some sense simply using the library, and is analogous to running a utility program or application program. However, in a textual and legal sense, the linked executable is a combined work, a derivative of the original library, and the ordinary General Public License treats it as such. Because of this blurred distinction, using the ordinary General Public License for libraries did not effectively promote software sharing, because most developers did not use the libraries. We concluded that weaker conditions might promote sharing better. However, unrestricted linking of non-free programs would deprive the users of those programs of all benefit from the free status of the libraries themselves. This Library General Public License is intended to permit developers of non-free programs to use free libraries, while preserving your freedom as a user of such programs to change the free libraries that are incorporated in them. (We have not seen how to achieve this as regards changes in header files, but we have achieved it as regards changes in the actual functions of the Library.) The hope is that this will lead to faster development of free libraries. The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, while the latter only works together with the library. Note that it is possible for a library to be covered by the ordinary General Public License rather than by this special one. GNU LIBRARY GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any software library which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Library General Public License (also called "this License"). Each licensee is addressed as "you". A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables. The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".) "Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library. Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does. 1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) The modified work must itself be a software library. b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change. c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License. d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful. (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. This option is useful when you wish to copy part of the code of the Library into a program that is not a library. 4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code. 5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License. However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables. When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law. If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.) Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself. 6. As an exception to the Sections above, you may also compile or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications. You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things: a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.) b) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution. c) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place. d) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute. 7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things: a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above. b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. 8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it. 10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 13. The Free Software Foundation may publish revised and/or new versions of the Library General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation. 14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Libraries If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that everyone can redistribute and change. You can do so by permitting redistribution under these terms (or, alternatively, under the terms of the ordinary General Public License). To apply these terms, attach the following notices to the library. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the library `Frob' (a library for tweaking knobs) written by James Random Hacker. , 1 April 1990 Ty Coon, President of Vice That's all there is to it! sequoia-sq-1.3.1/NEWS000064400000000000000000001172001046102023000124150ustar 00000000000000 -*- org -*- #+TITLE: sequoia-sq NEWS – history of user-visible changes #+STARTUP: content hidestars * Changes in 1.3.1 - This is a bugfix release, fixing and improving displayed hints, improving test vectors so that the tests work fine years into the future, improving some documentation. No new functionality. * Changes in 1.3.0 ** New functionality - This release adds support for RFC 9580. * Changes in 1.2.0 ** New functionality - `sq pki vouch list` lists certifications made by a particular certificate or made on a particular certificate. - `sq pki vouch replay` replays the certifications made by one certificate using another certificate. - `sq key rotate` generates a new certificate based on an existing one. It also copies links, recreates certifications, and retires the old certificate. ** Notable fixes - `sq packet dump` no longer duplicates the PKESK or SKESK packet immediately preceding the SEIPD packet. - `sq key export` and `sq key subkey export` no longer export non-exportable signatures and cert components. - `sq --cli-version` was broken. The check was reversed. That is, instead of `sq` 1.1.0 saying that `sq --cli-version 1.0.0` is compatible, it said it is incompatible, and instead of saying that `sq --cli-version 1.2.0` is incompatible, it said that it is compatible. In terms of the API, this should be considered a new feature. - `sq cert lint`, `sq inspect`, `sq packet dump`, and `sq pki link list` didn't check that certificates designated by user ID using e.g., `--cert-email`, are actually authenticated. They are now correctly checked. * Changes in 1.1.0 ** New functionality - New argument `--unusable` for `sq cert list`, `sq pki identify`, `sq pki lookup`, and `sq pki authenticate`. This option causes these commands to also show unusable bindings and certificates (i.e., those that are not valid according to the current policy, are revoked, or are expired). Requires `--gossip`. ** Notable changes - Fix `--gossip`. The `--gossip` option for `sq cert list`, `sq pki identify`, `sq pki lookup`, and `sq pki authenticate` was broken. It is now fixed, and works as documented. In terms of the API, this should be considered a new feature, as although the option was present, it did not work. - `sq cert list --cert FPR` incorrectly failed if all of a certificate's bindings are invalid (i.e., the bindings are invalid according to the cryptographic policy, or the user ID is revoked). `sq cert list --cert FPR` now only considers the validity of the certificate. Note: this command correctly succeeded when the certificate had no bindings. - `sq cert list` showed certificates with no user IDs, but it should only show authenticated bindings. Certificates with no user IDs are no only shown when `--gossip` is provided. * Changes in 1.0.0 ** New functionality - `sq encrypt --for-self` now adds the certs configured under `encrypt.for-self` to the list of recipients. - `sq sign --signer-self` and `sq encrypt --signer-self` now add the keys configured under `sign.signer-self` to the list of signers. - `sq pki vouch add --certifier-self` and `sq pki vouch authorize --certifier-self` now use the key configured under `pki.vouch.certifier-self` as certification key. - `sq` now automatically imports certificates from GnuPG's certificate store. Note: we only do this for the default Sequoia and GnuPG state directories. Further, We don't parse the GnuPG configuration file, we just scan GnuPG's default cert stores. ** Notable changes - `sq pki link add`, `sq pki link authorize`, and `sq pki link retract` gain a new parameter, `--cert-special`, which allows addressing shadow CAs by symbolic names. For instance, `sq pki link authorize --cert-special keys.openpgp.org --all --unconstrained` can be used to fully trust the keys.openpgp.org key server. This also creates the shadow CA if it doesn't exist yet. - `sq sign --signature-file` now takes a value specifying where the signature should be written to. It conflicts with `--output`. - `sq cert list` now takes cert designators, like `--cert-email` instead of `--email`. - `sq encrypt` now requires explicit opt-out for signing in the form of the `--without-signature` flag. - Remove the `--name` argument from `sq key approvals list`, `sq key approvals update`, `sq key userid revoke` and `sq pki path`, and remove the `--name-or-add` argument from `sq key userid revoke`. - The arguments `--userid-or-add`, and `--email-or-add` have respectively been renamed to `--add-userid`, and `--add-email`. - Change `sq pki link add --email` and `sq pki link authorize --email` to use a user ID with just the specified email address, if the email address is part of a self-signed user ID. That is, if the certificate has the self-signed user ID "Alice ", then `--email alice@example.org` would have selected "Alice " to link, but now it selects "". - Add `sq pki link add --userid-by-email`, and `sq pki link authorize --userid-by-email`, which use the self-signed user ID with the specified email address. That is, if the certificate has the self-signed user ID "Alice ", then `--userid-by-email alice@example.org` selects "Alice " to link. - Add `sq pki link retract --userid-by-email`, which selects a self-signed user ID with the specified email address. - Change `sq pki vouch add --email` and `sq pki vouch authorize --email` to use a user ID with just the specified email address, if the email address is part of a self-signed user ID. That is, if the certificate has the self-signed user ID "Alice ", then `--email alice@example.org` would have selected "Alice " for certification, but now it selects "". - Add `sq pki vouch add --userid-by-email`, and `sq pki vouch authorize --userid-by-email`, which use the self-signed user ID with the specified email address. That is, if the certificate has the self-signed user ID "Alice ", then `--userid-by-email alice@example.org` selects "Alice " for certification. - Change `sq key userid revoke --email` to use a user ID with just the specified email address, if the email address is part of a self-signed user ID. That is, if the certificate has the self-signed user ID "Alice ", then `--email alice@example.org` would have selected "Alice " for revocation, but now it selects "". - Add `sq key userid revoke --userid-by-email`, which uses the self-signed user ID with the specified email address. That is, if the certificate has the self-signed user ID "Alice ", then `--userid-by-email alice@example.org` selects "Alice " for revocation. - When writing to a file output, we first write to a temporary file, then rename the file at the end of the operation so that it has its desired name. There are two benefits: no one sees partially written files, and one can safely use the same file as input and output. - `sq download --signature` is now called `sq download --signature-url`. - `sq download` now requires one of `--signature-url`, `--message`, or `--cleartext` like `sq verify`. * Changes in 0.40.0 ** New functionality - New subcommand `sq download`, which downloads a file and a signature file, and then authenticates the file. ** Notable changes - `sq toolbox keyring merge` now supports merging bare revocation certificates. - `sq verify` now deletes the output file on failure. - `sq decrypt` now deletes the output file on failure. - Add a global option, `--policy-as-of`, that selects the cryptographic policy as of the specified time. - `sq key subkey export` takes an additional argument, `--cert`, which is required. The specified keys must be attached to that certificate. This ensures that if a key is attached to multiple certificates, the correct certificate is exported. - Add a new argument, `--cli-version`, which requests a particular semver-compatible version of the CLI. This enables breaking changes to the CLI in the future. - The `help` subcommand has been removed everywhere except at the top-level (`--help` still works). - If designated signers are specified for `sq verify`, `sq decrypt`, and `sq download`, they are now the only certificates that are considered when verifying signatures. If no signers are specified, the certificate store is consulted. - The argument `sq cert lint --list-keys` has been removed. - `sq key list` now has a DWIM search parameter. - The flag `sq sign --detached` is now called `sq sign --signature-file`. - The flag `sq sign --clearsign` is now called `sq sign --cleartext`. - Both `sq sign` and `sq verify` now require an explicit mode, one of `--signature-file`, `--message`, or `--cleartext`. - The flag `sq --no-cert-store` has been replaced with `sq --cert-store=none`. - The flag `sq --no-key-store` has been replaced with `sq --key-store=none`. - Similarly, `sq --home=none` disables all state, unless explicitly re-enabled using `--cert-store` or `--key-store`. - `sq pki link add`, `sq pki link authorize`, `sq pki vouch certify`, and `sq pki vouch authorize` have a `--userid-or-add` flag. Replace it with an `--userid-or-add` argument, and an `--email-or-add` argument. - The `--email` and `--email-or-add` arguments to `sq pki link add`, etc. cannot be used to designate a self-signed user ID, if multiple self-signed user IDs include the specified email address. Previously, the arguments would designate all self-signed user IDs with the specified email address. - The new argument `sq sign --mode` can be used to create text signatures in addition to binary signatures. - The argument `sq network wkd publish --create` has been split into two arguments, `--create` and `--method`, avoiding an ambiguity when parsing the arguments. - `sq key userid revoke` no longer accepts the `--userid-or-add` flag to indicate that a user ID specified using `--userid`, an email specified using `--email`, or a name specified using `--name` should be used even if there is no corresponding self-signed user ID. This functionality is replaced by the `--userid-or-add`, `--email-or-add` and `--name-or-add` arguments. - `sq pki path` previously interpreted the last positional argument as the user ID to authenticate. Make it a named argument instead, `--userid`. - Add `sq pki path --email` and `sq pki path --name` as additional ways to specify the user ID to authenticate. - The argument `sq encrypt --set-metadata-time` has been removed. - The argument `sq encrypt --set-metadata-filename` now takes a string that specifies the file name to be set. - `sq pki authenticate`'s positional argument for specifying the certificate to authenticate must now be specified using a named argument, `--cert`. - `sq pki identify`'s positional argument for specifying the certificate to identify must now be specified using a named argument, `--cert`. - Drop `sq cert list --email`'s flag, and replace it with the `--userid` and `--email` positional arguments, which match on user IDs. - Drop `sq pki authenticate --email`'s flag, and replace it with the `--userid` and `--email` positional arguments, which match on user IDs. - Drop `sq pki lookup --email`'s flag, and replace it with the `--userid` and `--email` positional arguments, which match on user IDs. - `sq toolbox keyring` is now just `sq keyring`. - `sq toolbox packet` is now just `sq packet`. - `sq toolbox armor` is now `sq packet armor`. - `sq toolbox dearmor` is now `sq packet dearmor`. - `sq key userid revoke`, `sq pki link add`, `sq pki link authorize`, `sq pki vouch certify`, and `sq pki vouch authorize` now check that user IDs that are not self-signed are in canonical form. Add a flag, `--allow-non-canonical-userids`, to disable this check. - `sq key approvals update` now requires an action, like `--add-authenticated`. - `sq key approvals --add-authenticated` is now a simple flag, and we always require full authentication. - `sq toolbox strip-userid` has been removed. - All cert designators now use the `--cert-` prefix, e.g. `sq key export --email` has been changed to `sq key export --cert-email` for consistency reasons, and to free `--name`, `--email`, and `--userid` for user ID designators. - The `--binary` argument has been removed from all commands but those that emit signed and or encrypted messages. - The command `sq toolbox extract-cert` has been removed in favor of `sq key delete` and `sq key subkey delete`. - The command `sq packet split` now writes to stdout by default. - The argument `sq packets split --prefix` is now called `--output-prefix`. - `sq pki vouch certify` is now called `sq pki vouch add`. - We now certify newly generated keys with a per-host shadow CA. - The argument `sq encrypt --signature-notation` has been added. - All arguments to add signature notations have been renamed from `--notation` to `--signature-notation`. - When generating keys, either `--own-key` or `--shared-key` has to be given. The former marks the key's user IDs as authenticated and makes it a trusted introducer. The latter marks the key's user IDs as authenticated, and marks the key as a group key. - The argument `sq cert lint --export-secret-keys` has been removed: if a secret key is provided as file input, it will be emitted. - The argument `sq key subkey export --cert-file` has been removed. - `sq` now reads a configuration file that can be used to tweak a number of defaults, like the cipher suite to generate new keys, the set of key servers to query, and the cryptographic policy. - The command `sq keyring filter` is now considered experimental and may change in the future. To acknowledge this, it has to be invoked with the `--experimental` flag. * Changes in 0.39.0 ** Notable changes - Subcommand `sq key userid strip` has been moved to `sq toolbox strip-userid`. - `sq key adopt` supports adopting bare keys (i.e., a primary key without any signatures). - `sq key adopt` add options (`--can-sign`, `--cannot-sign`, `--can-authenticate`, `--cannot-authenticate`, `--can-encrypt`, `--cannot-encrypt`) to allow overriding the key flags. - `sq key adopt` now accepts the option `--creation-time` to allow the user to override the key's creation time. - `sq key adopt` sets the key's creation time to the current time (while respecting `--time`) if `--creation-time` is not specified, and the key's time is the Unix epoch. - To select the type of generated DNS resource records a new switch has been introduced. `sq network dane generate --type generic` replaces the old `--generic` flag. - `sq key adopt` is now called `sq key subkey bind`. - The option to verify a detached signature has been renamed from `--detached` to `--signature-file`: `sq verify --signature-file foo.sig foo.txt`. - `sq key userid revoke` has a new flag `--add-userid` that adds missing user IDs, analogous to the flag in `sq pki certify`. Previously, the global `--force` was used for this. - `sq pki link add` and `sq pki link retract` have a new flag `--recreate` that forces a signature to be created even if it should not be necessary because the parameters did not change. Previously, the global `--force` was used for this. - The global `--force` flag has been renamed to `--overwrite` and now controls whether existing files are overwritten. - The argument `--signer-key` is now just called `--signer`. - The arguments to name recipients for encryption now use the `--for` prefix, as in `sq encrypt --for-email alice@example.org`. Further, `--recipient-cert` is now just called `--for` - The environment variables to override the default cert store and key store location have been renamed from SQ_CERT_STORE to SEQUOIA_CERT_STORE, and SQ_KEY_STORE to SEQUOIA_KEY_STORE, respectively. - `sq toolbox packet split` now requires an explicit output parameter. - `sq pki certify` no longer supports using expired or revoked certificates; the options `--allow-not-alive-certifier` and `--allow-revoked-certifier` have been removed. - `sq toolbox keyring filter --handle` has been made more robust by splitting `--handle` into `--cert` and `--key`, where the former only matches on primary keys, and the latter matches on both primary keys and subkeys. - The argument `sq network keyserver publish --require-all` is the default now and has been removed. - The argument `sq key generate --rev-cert ...` is now mandatory if `--output` has been given. - `sq network fetch` has been renamed to `sq network search` to emphasize that this is key discovery, and may return related or even wrong results. Likewise for the key server, WKD, and DANE methods. - `sq pki certify`'s positional argument for specifying the user ID to certify must now be specified using a named argument, `--userid`, or `--email`. The `--email` argument no longer changes the meaning of how `--userid` is interpreted, but takes an email address. The `--userid` and `--email` arguments may be given multiple times to certify multiple user IDs at once. - `sq pki certify`'s positional argument for specifying the certificate to certify must now be specified using a named argument, `--cert` or `--cert-file`. - Previously `sq pki certify` could create certifications, and mark a certificate as a trusted introducer (when the user set `--depth` to be greater than zero). The latter functionality has been split off to the new subcommand `sq pki authorize`. - Add the `--domain` argument to `sq pki authorize` so the user doesn't have to manually convert a domain to a regular expression. - `sq pki link add`'s positional argument for specifying the certificate to link must now be specified using a named argument, `--cert`. - `sq pki link retract`'s positional argument for specifying the certificate to unlink must now be specified using a named argument, `--cert`. - Removed `sq pki link add`'s positional argument for specifying a user ID directly or by email address. Use the named arguments, `--userid` or `--email` instead. - Add `--add-userid` to `sq pki link add`. This aligns it with `sq pki certify`. - Removed `sq pki link add`'s `--petname` argument. Use `--userid` in conjunction with `--add-userid` instead. - Previously `sq pki link certify` could create certifications, and mark a certificate as a trusted introducer (when the user set `--depth` to be greater than zero). The latter functionality has been split off to the new subcommand `sq pki link authorize`. - Move `sq pki certify` to `sq pki vouch certify`. - Move `sq pki authorize` to `sq pki vouch authorize`. - Move `sq pki list` to `sq cert list`. - Add a new flag `--all` to `sq network wkd publish` and `sq network dane generate` that adds all certificates with a user ID in the target domain that can be authenticated. - The argument `sq verify --signer-cert` is now called `--signer`. - The argument `sq network wkd --rsync` which previously had an optional value argument has been split into two arguments, a boolean `--rsync` to enable the use of rsync, and `--rsync-path`, which implies `--rsync`, to specify a path to the local rsync executable. - When exporting certificates selected by user IDs (i.e. --email, --userid, --domain, or --grep), the bindings are authenticated and only those certificates that can be authenticated are exported. - The do-what-I-mean query parameter has been removed from `sq cert export`. - `sq autocrypt import` has been merged into `sq cert import`. - `sq autocrypt decode` and `sq autocrypt encode-sender` are removed without substitute. - `--cert` now only looks up by primary key fingerprint. - The argument `sq key delete --cert-file` has been renamed to `--file`. - The argument `sq key delete --file` now requires `--output`. - The argument `sq cert lint --cert-file` has been renamed to `--file`. - The argument `sq key password --cert-file` has been renamed to `--file`. - The argument `sq key password --file` now requires `--output`. - The argument `sq key expire --cert-file` has been renamed to `--file`. - The argument `sq key expire --file` now requires `--output`. - The argument `sq key revoke --cert-file` has been renamed to `--file`. - The argument `sq key revoke --file` now requires `--output`. - The argument `sq key userid add --cert-file` now requires `--output`. - The argument `sq key userid revoke --cert-file` now requires `--output`. - The argument `sq key subkey add --cert-file` has been renamed to `--file`. - The argument `sq key subkey add --file` now requires `--output`. - The argument `sq key subkey delete --cert-file` has been renamed to `--file`. - The argument `sq key subkey delete --file` now requires `--output`. - The argument `sq key subkey password --cert-file` has been renamed to `--file`. - The argument `sq key subkey password --file` now requires `--output`. - The argument `sq key subkey expire --cert-file` has been renamed to `--file`. - The argument `sq key subkey expire --file` now requires `--output`. - The argument `sq key subkey revoke --cert-file` has been renamed to `--file`. - The argument `sq key subkey revoke --file` now requires `--output`. - The argument `sq key subkey bind --cert-file` has been renamed to `--file`. - The argument `sq key subkey bind --file` now requires `--output`. - The argument `sq key approvals update --cert-file` now requires `--output`. - The pEp store integration has been removed. - Removed `sq pki path`'s `--gossip` argument, it didn't actually do anything. - Changed `sq key subkey expire`'s expiration argument from a positional argument to a named argument, `--expiration`. - Changed `sq key expire`'s expiration argument from a positional argument to a named argument, `--expiration`. - Changed `sq key revoke`'s reason and message arguments from positional arguments to named arguments, `--reason`, and `--message`, respectively. - Changed `sq key subkey revoke`'s reason and message arguments from positional arguments to named arguments, `--reason`, and `--message`, respectively. - Changed `sq key userid revoke`'s reason and message arguments from positional arguments to named arguments, `--reason`, and `--message`, respectively. - `sq cert import` now supports importing bare revocation certificates. * Changes in 0.38.0 ** Notable changes - New subcommand `sq key subkey delete` to delete secret key material. - New subcommand `sq network wkd publish` that publishes certificates in a WKD over rsync. - Removed now obsolete `sq network wkd generate`. - Removed `sq network wkd url` and `sq network wkd direct-url`. - Renamed subcommand `sq key attest-certifications` to `sq key approvals update` to reflect the new name in the draft, and to make room for introspection commands. - New subcommand `sq key subkey password` to change the password protecting secret key material. - The subcommand `sq network keyserver publish` can now publish certs from the certificate store using the `--cert` parameter. - The subcommands `sq key generate` and `sq key userid add` gained the options `--name` and `--email` as a more user-friendly way to specify user IDs. - All short options with the exception of `-v` have been removed. We will judiciously add some back before releasing 1.0. - The dot output has been removed. Those relying on it can use the standalone sq-wot tool. - New subcommand `sq key subkey export` to export individual keys. This functionality was split off from `sq key export`. - `sq key generate` and `sq key subkey add` now prompt for a password by default. This can be disabled by passing `--without-password`. - New subcommand `sq key approvals list` that lists approved third-party certifications and those pending approval. - Remove `sq cert export`'s `--key` argument. Change `--cert` to match both primary keys and subkeys. * Changes in 0.37.0 ** Notable changes - Remove PKS support. - `sq key userid add` can now use the certificate store and the keystore. - `sq key userid add` no longer accepts positional arguments. The user ID is provided by the `--userid` argument, and the certificate by `--cert` or `--cert-file`. - Drop the `--certificate-file` argument from `sq key revoke`, `sq key subkey revoke`, and `sq key userid revoke` drop the `--certificate-file`. (The certificate can still be specified using `--cert-file`.) - Rename the `--revocation-file` argument to `--revoker-file` in `sq key revoke`, `sq key subkey revoke`, and `sq key userid revoke`. - `sq key revoke --cert-file`, `sq key revoke --revoker-file` `sq key subkey revoke --cert-file`, `sq key subkey revoke --revoker-file`, `sq key userid revoke --cert-file`, and `sq key userid revoke --revoker-file` now accept `-`, which means to read from stdin. - `sq key revoke`, `sq key subkey revoke`, and `sq key userid revoke` now reads from the certificate store when using `--cert` or --revoker`. When `--cert` is used, and `--output` is not specified, the resulting revocation certificate is saved to the certificate store. - The user ID argument to `sq key userid revoke` is no longer a positional argument, but must be specified with `--userid`. - Change `sq cert lint` to not read from stdin by default. - In `sq cert lint`, change the certificate file parameter from a positional parameter to a named parameter, `--cert-file`. - `sq cert lint` can now use the certificate store and the keystore. - In `sq key subkey add`, change the certificate file parameter from a positional parameter to a named parameter, `--cert-file`. - `sq key subkey add` now reads from the certificate store when using `--cert`. When `--cert` is used, and `--output` is not specified, the new subkey is saved to the key store. - In `sq key expire`, change the certificate file parameter from a positional parameter to a named parameter, `--cert-file`. - Split the functionality to update a subkey's expiration time off of `sq key expire` and into `sq key subkey expire`. - Rename `sq key subkey expire`'s `--subkey` argument to `--key`. - `sq key expire` and `sq key subkey expire` can now use the cert store and the key store. - Add the `--password-file` argument to the `sq sign` command to allow the user to prefill the password cache with a password from a file. - In `sq key password`, change the certificate file parameter from a positional parameter to a named parameter, `--cert-file`. - `sq pki certify`'s certifier parameter interprets `-` as meaning it should read the certificate from stdin. - In `sq pki certify`, change the certifier file parameter from a positional parameter to a named parameter, `--certifier-file`. - `sq pki certify` can now use the cert store and the key store. - In `sq key adopt`, change the certificate file parameter from a positional parameter to a named parameter, `--cert-file`. - `sq key adopt` can now use the cert store and the key store. - In `sq key attest-certifications`, change the certificate file parameter from a positional parameter to a named parameter, `--cert-file`. - In `sq key attest-certifications`, don't make `--all` the default, but require the user to specify it (or `--none`) explicitly. - `sq key attest-certifications` can now use the cert store and the key store. - Rename the `--expiry` argument to `--expiration`. - Rename `sq key password`'s `--clear` argument to `--clear-password`. - Add a top-level `--password-file` argument to seed the password cache. Remove `sq key password`'s `--old-password-file`, and `sq sign`'s `--password-file` local arguments in favor of this argument. * Changes in 0.36.0 - Missing * Changes in 0.35.0 - Missing * Changes in 0.34.0 ** Notable changes - `sq` now uses `sequoia-keystore` for secret key operations. When decrypting a message, `sq` will automatically ask the keystore to decrypt the message. `sq sign --signer-key` can be used to specify a signing key managed by the key store. - New top-level option: `sq --no-key-store`: A new switch to disable the use of the key store. - New top-level option: `sq --key-store`: A new option to use an alternate key store. - New subcommand `sq key list` to list keys managed by the key store. - New subcommand `sq key import` to import a key into the key store. - When showing a user ID for a certificate, choose the one that is most authenticated. - `sq network wkd publish` publishes and updates WKD hierarchies via rsync. * Changes in 0.33.0 ** Notable changes - The command line interface has been restructured. Please consult the manual pages and review any code and documents using the interface. Notably: - `sq import` and `sq export` have been moved to `sq cert`. - `sq wot` has been renamed to `sq pki`. - `sq link` and `sq certify` have been moved to `sq pki`. - `sq lookup, `sq keyserver`, `sq wkd`, and `sq dane` have been moved to `sq network`. - All commands retrieving certificates from network services are now called `fetch`, e.g. `sq network fetch` and `sq network dane fetch`. The command for publishing certs on key servers is now called `sq network keyserver publish`. - `sq armor`, `sq dearmor`, and `sq packet` have been moved to `sq toolbox`. - `sq --version` is now `sq version`, and `sq output-versions` has been integrated with that command. - The manual page generation has been improved, and manual pages and shell completions are generated during the build process. To write the assets to a predictable location, set the environment variable `ASSET_OUT_DIR` to a suitable location. * Changes in 0.32.0 ** New functionality - Support for password-encrypted keys has been improved. For example, a newly generated subkey can be password protected. - When encrypting a message with a password, or creating a new password-protected key or subkey, or changing passwords on a key, sq now prompts you to repeat the password to catch typos. - Literal data metadata can now be set using `--set-metadata-filename` and `--set-metadata-time`. - sq now reads the file /etc/crypto-policies/back-ends/sequoia.config to configure its cryptographic policy. The file to load can be overridden using the SEQUOIA_CRYPTO_POLICY environment variable. For more information on the format, see: https://docs.rs/sequoia-policy-config/latest/sequoia_policy_config/#format - New subcommand: `sq dane generate`. Generates DANE records for the given domain and certificates. DANE is a way to distribute OpenPGP certificates via DNS. https://www.rfc-editor.org/rfc/rfc7929.html - When querying network resources via `sq keyserver get`, `sq wkd get`, or `sq dane get`, multiple queries can be given that are executed simultaneously. - When querying key servers via `sq keyserver get` or `sq keyserver send`, multiple servers are queried simultaneously. - There are now four default keyservers: - hkps://keys.openpgp.org - hkps://mail-api.proton.me - hkps://keys.mailvelope.com - hkps://keyserver.ubuntu.com - New subcommand: `sq lookup`. Searches for certificates using all supported network services. ** Notable changes - Padding has been disabled to increase compatibility with other implementations. The padding method we previously used relies on a compressed data packet to pad the message. However, some implementations do not gracefully process these padded encryption containers, so until we get proper padding support from the next revision of OpenPGP, we disable padding. - Message notarization has been disabled. Message notarization and their semantics are not well defined, and there is no consensus on how to do that. - When doing a userid, subkey, or third-party certificate revocation, with the cert given to --certificate-file containing secret key material, we previously emitted a revocation certificate containing secret key material. This has been fixed, and tests have been added to ensure secret key material is only emitted where we expect it to be. * Changes in 0.31.0 ** New functionality - `sq key subkey add` allows to create and add a new subkey to an existing certificate. - The functionality of `sq-keyring-linter` is now available as `sq keyring lint`. - The new subcommands `sq key revoke`, `sq key subkey revoke` and `sq key userid revoke`, allow writing to a file using the `--output` option. ** Notable changes - The `--keyring` option is now global and can be specified anywhere when calling `sq`. ** Deprecated functionality - The `--expires` and `--expires-in` options used in various subcommands are deprecated in favor of the unifying `--expiry`. - `sq key generate --export FILE` is deprecated in favor of the more generic `sq key generate --output FILE`. - The `sq revoke certificate` command has been renamed to `sq key revoke`. - The `sq revoke subkey` command has been renamed to `sq key subkey revoke`. - The `sq revoke userid` command has been renamed to `sq key userid revoke`. * Changes in 0.30.1 ** Notable changes - The `crypto-botan` feature now selects Botan's v3 interface. Use the new `crypto-botan2` feature to continue using Botan's v2 interface. ** Notable fixes - Several parser bugs were fixed in sequoia-openpgp 1.16.0 and buffered-reader 1.2.0. These are all low-severity as Rust correctly detects the out of bounds access and panics. Update Cargo.lock to make sure we use these versions. * Changes in 0.30 ** New functionality - `sq key adopt` now honors `--time`. - Add `sq key adopt --expire` to allow setting an adopted key's expiration time. - Add support for using pEp's certificate store. A pEp certificate store can be used by specifying `sq --pep-cert-store PATH` or setting the environment variable `PEP_CERT_STORE`. * Changes in 0.29 ** New functionality - `sq` now supports and implicitly uses a certificate store. By default, `sq` uses the standard OpenPGP certificate directory. This is located at `$HOME/.local/share/pgp.cert.d` on XDG compliant systems. - `sq --no-cert-store`: A new switch to disable the use of the certificate store. - `sq --cert-store`: A new option to use an alternate certificate store. Currently, only OpenPGP certificate directories are supported. - `sq import`: A new command to import certificates into the certificate store. - `sq export`: A new command to export certificates from the certificate store. - `sq encrypt --recipient-cert`: A new option to specify a recipient's certificate by fingerprint or key ID, which is then looked up in the certificate store. - `sq verify --signer-cert`: A new option to specify a signer's certificate by fingerprint or key ID, which is then looked up in the certificate store. - `sq verify` now also implicitly looks for missing certificates in the certificate store. But, unless they are explicitly named using `--signer-cert`, they are not considered authenticated and the verification will always fail. - `sq certify`: If the certificate to certify is a fingerprint or Key ID, then the corresponding certificate is looked up in the certificate store. - Add a global option, `--time`, to set the reference time. This option replaces the various subcommand's `--time` argument as well as `sq key generate` and `sq key userid add`'s `--creation-time` arguments. - Add top-level option, `--trust-root`, to allow the user to specify trust roots. - Extend `sq encrypt` to allow addressing recipients by User ID (`--recipient-userid`) or email address (`--recipient-email`). Only User IDs that can be fully authenticated are considered. - Extend `sq verify` to verify certificates looked up from the certificate store using the web of trust. If the signature includes a Signer's User ID packet, and the binding can be fully authenticated, consider the signature to be authenticated. If there is no Signer's User ID packet, consider the signature to be authenticated if any binding can fully be authenticated. - Add `sq link add`, which uses the local trust root to certify the specified bindings. - Add `sq link retract`, which retracts certifications made by the local trust root on the specified bindings. - Add `sq link list`, which lists the links. - Add a top-level option, `--keyring`, to allow the user to specify additional keyrings to search for certificates. - Import web of trust subcommands from sq-wot. Specifically, add: - `sq wot authenticate` to authenticate a binding. - `sq wot lookup` to find a certificate with a particular User ID. - `sq wot identify` to list authenticated bindings for a certificate. - `sq wot list` to list authenticated bindings. - `sq wot path` to authenticate and lint a path in a web of trust. - `sq keyserver get`, `sq wkd get`, and `sq dane get` now import any certificates into the certificate store by default instead of exporting them on stdout. It is still possible to export them using the `--output` option. - When `sq keyserver get` (for verifying key servers), `sq wkd get`, or `sq dane get` saves a certificate to the local certificate store, `sq` certifies the validated User IDs (all returned User IDs in the case of verifying key servers; User IDs that contain the looked up email address in the case of WKD and DANE) using a local service-specific proxy CA. If the proxy key doesn't exist, it is created, and certified as a minimally trusted CA (trust amount 1 of 120) by the local trust root. The proxy certificates can be managed in the usual way using `sq link add` and `sq link retract`. - Extend `sq inspect` to inspect certificates from the certificate store using the `--cert` option. ** Deprecated functionality - `sq key generate --creation-time TIME` is deprecated in favor of `sq key generate --time TIME`. - `sq key user id --creation-time TIME` is deprecated in favor of `sq user id --time TIME`. * Started the NEWS file. sequoia-sq-1.3.1/README.md000064400000000000000000000064171046102023000132040ustar 00000000000000# sq, the Sequoia-PGP command line tool [Sequoia-PGP][] is an implementation of OpenPGP in Rust. It includes a suite of library crates, which are meant to be used from applications. This crate provides the `sq` command line application. `sq` is aimed at command line users as a way to use OpenPGP conveniently from the command line. See the [sq user documentation][] for instructions. The program also has built-in help, using the `--help` option and `help` subcommand: ~~~sh $ sq help ... ~~~ You can also browse the [manual pages][], look at our [acceptance criteria][], and browse the [rustdoc output][] if you want to learn about the implementation. [Sequoia-PGP]: https://sequoia-pgp.org/ [sq user documentation]: https://sequoia-pgp.gitlab.io/user-documentation [manual pages]: https://sequoia-pgp.gitlab.io/sequoia-sq/man/ [acceptance criteria]: https://sequoia-pgp.gitlab.io/sequoia-sq/subplot/ [rustdoc output]: https://sequoia-pgp.gitlab.io/sequoia-sq/impl/ ## Installing The `sq` tool can be installed using cargo: ```sh cargo install sequoia-sq ``` Please see [sequoia-openpgp's README] for how to install build dependencies on your system. [sequoia-openpgp's README]: https://gitlab.com/sequoia-pgp/sequoia#requirements-and-msrv ## Building from source This crate can be built from a source checkout using the standard `cargo` toolchain: ```sh cargo build ``` The above creates the `sq` executable, the manual pages, and its shell completions. By default, the manual pages and shell completions are put into the `cargo` target directory, but the exact location is unpredictable. To write the assets to a predictable location, set the environment variable `ASSET_OUT_DIR` to a suitable location. ## Using a Container (Docker, Podman, etc.) The command line tool `sq` can also be built using an OCI compatible image builder, eg. podman or docker: ```shell $ podman build -f Containerfile -t sq . $ podman run --rm -i sq --help ``` You can then use sq in the container. For example searching for a certificate: ```shell $ podman run --rm -i sq network search 653909A2F0E37C106F5FAF546C8857E0D8E8F074 ``` All sq state is stored under `/sequoia` inside of the container, thus if you would like to persist the state between container runs you may bind mount the directory on the host. ```shell $ mkdir sq-container # create a directory on the host where you will mount the working dir from the container $ podman run --rm -i -v $PWD/sq-container:/sequoia sq network search 653909A2F0E37C106F5FAF546C8857E0D8E8F074 $ podman run --rm -i -v $PWD/sq-container:/sequoia sq inspect --cert 653909A2F0E37C106F5FAF546C8857E0D8E8F074 ``` The container environment has sq manpages and bash completion configured. By default the container will run sq as its "entrypoint", so if you would like to be dropped into a shell then override the entrypoint as follows. ```shell # Note the "-t"; Necessary for the allocation of a pseudo-TTY. $ podman run --rm -t -i --entrypoint bash sq ``` A current build of the container image is available from the gitlab registry. Rename it to `sq` locally so that it matches the above commands and for convenience. ```shell $ podman pull registry.gitlab.com/sequoia-pgp/sequoia-sq:latest $ podman tag registry.gitlab.com/sequoia-pgp/sequoia-sq:latest sq $ podman run --rm -i sq --help ``` sequoia-sq-1.3.1/build.rs000064400000000000000000000111301046102023000133560ustar 00000000000000use clap::ValueEnum; use clap_complete::Shell; use anyhow::Result; use sequoia_man::asset_out_dir; pub mod cli { #![allow(unused_macros)] include!("src/macros.rs"); include!("src/cli/mod.rs"); } fn main() { println!("cargo:rerun-if-changed=build.rs"); // Generate subplot tests. #[cfg(feature = "subplot")] subplot_build::codegen("sq.subplot") .expect("failed to generate code with Subplot"); let mut sq = cli::build(false); generate_shell_completions(&mut sq).unwrap(); generate_man_pages(&mut sq).expect("can generate man pages"); lint_help_texts(&sq).unwrap(); } /// Generates shell completions. fn generate_shell_completions(sq: &mut clap::Command) -> Result<()> { let path = asset_out_dir("shell-completions")?; for shell in Shell::value_variants() { clap_complete::generate_to(*shell, sq, "sq", &path)?; }; println!("cargo:warning=shell completions written to {}", path.display()); Ok(()) } /// Generates man pages. fn generate_man_pages(cli: &mut clap::Command) -> Result<()> { let version = env!("CARGO_PKG_VERSION"); let mut builder = sequoia_man::man::Builder::new(cli, version, None); builder.see_also( &[ "For the full documentation see ." ]); let man_pages = asset_out_dir("man-pages")?; sequoia_man::generate_man_pages(&man_pages, &builder).unwrap(); Ok(()) } /// Lints the help texts. fn lint_help_texts(sq: &clap::Command) -> Result<()> { let mut lints = Vec::new(); walk(&mut Vec::new(), sq, &mut |path: &[&str], c: &clap::Command| { let top_level = path.len() == 1; let path = path.join(" "); lint_short_long(&mut lints, &path, c.get_about(), c.get_long_about()); for arg in c.get_arguments() .filter(|a| a.get_id().as_str() != "help") .filter(|a| ! a.is_global_set() || top_level) { let slug = format!("{} {}", path, if let Some(l) = arg.get_long() { format!("--{}", l) } else if let Some(s) = arg.get_short() { format!("-{}", s) } else { arg.get_id().as_str().to_string() }); lint_short_long(&mut lints, &slug, arg.get_help(), arg.get_long_help()); } Ok(()) }, &mut |_, _, _| Ok(()))?; if lints.is_empty() { Ok(()) } else { println!("cargo:warning=Linting help texts found {} issues", lints.len()); println!("cargo:warning="); for lint in lints { println!("cargo:warning=lint: {}", lint); } Err(anyhow::anyhow!("linting help texts failed")) } } use clap::builder::StyledStr; /// Lints short and long about and help texts. fn lint_short_long(lints: &mut Vec, slug: &str, short: Option<&StyledStr>, long: Option<&StyledStr>) { let short = if let Some(short) = short { short.to_string() } else { lints.push(format!("{}: no short help", slug)); return; }; if short.contains(". ") { lints.push(format!("{}: short contains more than one sentence", slug)); } if short.ends_with(".") { lints.push(format!("{}: short ends in period", slug)); } let long = if let Some(long) = long { long.to_string() } else { return; }; if ! long.starts_with(&format!("{}\n\n", short)) { lints.push(format!("\ {}: long help doesn't start with subject (short help + \\n\\n) long help: {} short help: {}", slug, long, short)); } if long.split("\n").count() == 1 { lints.push(format!("{}: long help consists of a single line", slug)); } } fn walk<'sq, F, G, R>(path: &mut Vec<&'sq str>, c: &'sq clap::Command, fun0: &mut F, fun1: &mut G) -> Result where F: FnMut(&[&str], &clap::Command) -> Result<()>, G: FnMut(&[&str], &clap::Command, &[R]) -> Result, { path.push(c.get_name()); (fun0)(&path, c)?; let mut r = Vec::new(); for s in c.get_subcommands().filter(|cmd| cmd.get_name() != "help") { r.push(walk(path, s, fun0, fun1)?); } let r = (fun1)(&path, c, &r)?; path.pop(); Ok(r) } sequoia-sq-1.3.1/openpgp-policy.toml000064400000000000000000003065721046102023000155740ustar 00000000000000version = 0 commit_goodlist = [] [authorization."Alexander Kjäll"] sign_commit = true keyring = """ -----BEGIN PGP PUBLIC KEY BLOCK----- Comment: 7E06 8070 D5EF 794B 00C8 A9D9 1D10 8E6C 07CB C406 Comment: Alexander Kjäll xjMEXkLj2xYJKwYBBAHaRw8BAQdAHUsNSgCBZ9wSRCyVciyLF/dT+mf9ezwXY0RA 9PAb3L3NLEFsZXhhbmRlciBLasOkbGwgPGFsZXhhbmRlci5ramFsbEBnbWFpbC5j b20+wpYEExYKAD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQR+BoBw1e95 SwDIqdkdEI5sB8vEBgUCZcpRMwUJC0nUWAAKCRAdEI5sB8vEBl3SAQDbtYe+X6Y9 lbNE1RsEYCLQXchSPDAZHIN70QDoSYQs3wD7BMSNcAi1dVpjbYoyMT4CfwxYFbjS OGU1UGbV8Nh4uAHClgQTFgoAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYh BH4GgHDV73lLAMip2R0QjmwHy8QGBQJiBoyrBQkHhg/QAAoJEB0QjmwHy8QGH54A /jzaCsEdQg4QuuezCClRuXQJRkPyPdF8Q/zAjVRhg8dBAP4krUwY7KS8g+fp64lQ IknH0U0dETYVVH0F37dLOuaIBcKWBBMWCAA+AhsDBQsJCAcCBhUKCQgLAgQWAgMB Ah4BAheAFiEEfgaAcNXveUsAyKnZHRCObAfLxAYFAl5DAWcFCQPChIwACgkQHRCO bAfLxAavyAEAoENjrYxz9LCSswCaFJeb57CFiNGlvBWUjlM3StGIg6sA/A2FtNXw Iphqyhk/oRyHsYoYpMdbcURDqVTEt7PGS7IF =JRvp -----END PGP PUBLIC KEY BLOCK----- """ [authorization.dvn] sign_commit = true keyring = """ -----BEGIN PGP PUBLIC KEY BLOCK----- Comment: 0CC0 11A7 C3DC 6EB4 7567 9BC9 AC0A BA31 866A 7E76 Comment: Devan Carpenter Comment: dvn xsFNBFXMXjQBEADdW4duRIkt3SvvS83uK+nmGxnmVwkkvX3DXGFCkSkMLg/60pf3 Xq/gfSPkK/O0nK3QhvdsUfNLQRmt2ugh3mNVJgILz+qsngDLobkFYrGGff2STGZX ZFDKjIo9+iGm8HO+H68NZqhlvMLjfze5YQUOSK1sFp+pQ3ci9nl+wfGG/92z0Xfz FtM1DHQJYAeEdKdUfunJo4TO8cOJs5Kv4SjDkur9N4xHSKbTF/Ml6dHmqjJRh42C XyeXOLA5hdcBjrZdFGziwOz+BwVHIWr99E+cSpif2oJI/kE3PFdpIkElsOzQkhZm IbiVS0TTvaGIUADQ33YLx2oVaD+6onCVjZpLXuA4E4IyoazdjWo1wu3nAOov1VEU eX9sNAUfzzAisHo8Ih5CCWZfsy6f7FUqZJSRFxpaaOmy10wYOQFhMRxIFFodf87G HtLrSXaZXTJAmN8nz3pTTI4JmsdulHn4fIMRIBqtOxHlo8yt7IiZUiJ5A5abB058 aCCDs6hjj9VvC9sTooNVlzF9pP4hu1nDXqLS+x4Tf1XSoWLD9Cizf2O0pUQEr1Yh blSDZiphfR+cQMIWlLr8HdOp+iPpGR318UxilqNtVWYCcfn8Q/6DaBJbewjY+Aam 0lPn/4r9+iCL8AwHPGSCin2F6IZnmqxwK7M3WR8VvLOVIb3qfgLriEOkCQARAQAB zRxEZXZhbiBDYXJwZW50ZXIgPGdpdEBkdm4ubWU+wsGUBBMBCAA+AhsjBQsJCAcC BhUKCQgLAgQWAgMBAh4BAheAFiEEDMARp8PcbrR1Z5vJrAq6MYZqfnYFAmT3YkAF CRLtawwACgkQrAq6MYZqfnaTzw//UO6FO7kmp3dxEsIkKgDnN7YcGOiTmjpOG+WK e/iiSxTMqp1+dI/hxg+rMyC3ZvXrvHE0HBzIK/aT+ySxhZy10co4nLJGr61e0S9p 1fe30KVpV829SOFVGuC+ONHh8qwJvKAdr4hH64iFCG8Vfqx9tSzDF8lHy/7WJzE5 v7VtgI1+MgnCD2bRS/liZGMTYdvEqxyzqjFrntCI8QkaY8zJS8kfzC+N0R6Oub+Q iyKwhWGqCamFkKVFAw0Dky4KO7G1AwiSAEQJW+rx2V9Wj8SHNTb9YaqWRbcxwkdr kukuCDBUyy9CfSEUZyPa/fWz0VsWYPXZeSaRLb/UVqFka/kSWk4aFZLdocpc05SM lcCDOpAqercX8K66Mi6vaZYasNEeTOixeu5kecY+5+pmXnLf+xrp+FU2SC8yNEuT Pz+MRuHpwdt58HJT6F0DVt0yvyBsEyIYTNR9ZMIrdoX3LgnEJw7rhf48P8LQ55oa OXw7YVsf8Fy/a7YYYSufrCE86WKAE9B9EE2itAxShAu9G5wXXKOAJN9qFafcqLTm mQqPZMm1CYAyGbx4852pfP6jEGOkOFVtNoofFNk4jXWlpRLmxynbgGNXtmXquZs+ T1DcaQ2iiRwgAmdFpzm0FSTB9g/mIIRqZ1G8HCKN0DZr+zjXI3QqrkOlmlJ2ag9F cq9feGHCwZQEEwEIAD4CGyMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQQMwBGn w9xutHVnm8msCroxhmp+dgUCYxEvSQUJDyYElQAKCRCsCroxhmp+doehD/46lsGb 7h4RZdNBQCpSO5bNqL2DKENKzffCG8DW3MtjpTpX96XZ8hvkgpv0Mp3MdttyFDQR 9RfV7e/YHUPCF+lD6jO+Yc8rvUuYpvNiyxvfOFOzameNZhvzi3MEV+yOZlR3aJTU eOKcX4OK5LZlfauutMNNgpBqiiG/4cI0L5mZHRmeYD7OorWVRoC7EKkQ3M8/iic8 48Y0M8iQ2ZWlLhftPSRk1MksfIkvkEehbTXQQ0HFnP9hOP2Wk/XqAVYzIPMjhXGP EEZNMXOtbkIiWhNcpijdC8dsSdfgBzXGRx5gM4cqL7bUQmjx7XmeLK7LRPJSmoE7 dQU7y+PT2w8uge3W5Pe5FIZry+rFTN8l1rrgcZ85TFJgh5jU52JnpxJih20Mbqbq SYLOgGy4zKQmI0xjyPN7iDzhNH8M4dnoQOZY9erOL0j8vHzxsZs7IQUstGnY95p+ st3RkfSaQjAZQEJ0l37XxqxedqcCtpy2ZsoQjLYtzlIc3H3wxG02g5xoieEWRNNa jMbAUAOpNJsgBt1H+Qye8HXKb+JwHV4gfIYtH+y0pqNO3OSyCaP4k2Kz4aLDZNys 9bnJWquX4tA0d2gNufquh0x1BfaTwRW+RQLgRdbWdO2hlKrkMdFZ2hhJR35IWJp7 GMuE7MehW7TggTABZfu1lIaGc68tEWmoCCkFfMLBlAQTAQgAPgIbIwULCQgHAgYV CgkICwIEFgIDAQIeAQIXgBYhBAzAEafD3G60dWebyawKujGGan52BQJhHFwWBQkN MTFiAAoJEKwKujGGan52gg4P/A0YQXtg7tM8t6/iooa72LF5rEO1Omj0EGXSmyO1 ZGF44GsrUDM82jTAjEg6zj2wUKz7DxK1O63w/WWIn8srLgTPMLZOx1jXQDbuUOKQ dQzYubeeFd+mJgOo4imDrp89NamxU5EOAz+U0XN4z0HdGr0B1Gf9FogiHAqbQHM+ uEBN3BNE2AeTQsMs7aNbC4/cWGM61WYmYrINnA1L5M4xH+5cQObjHVdMXDeRKZau pvlz5oY0NPLPHCkR6jtDMGDgQTzSbb2L9tKx+xrdXvzxN4w6itv26/vPD3+8ciFH n7+d6R2ffulhPH1TXglFGuVc8AD2hrSXbZeE2QGqNt5AWQIBStBcaE9ndq/3vpsY S4qLHhIzE9T6cUJdGkS4Q4E6TF07eEkv7XdsIiIsBbluFpiltoE2QlNv9it4gvzf hlXPSBTynLK62ns16oLw+ET8Qi1LgZeS4/RcgU9SNyx9xlEkt6mT5cOJiZlKPZDD 6KsUDtSV+ChaQZW6rVLiKj2i6cTUaw6j8UZMJsQCmJcLCQW27bTIRFAbt3GYeaOO sxiahgL6DKTwT5iNtB/WFK5t0QDUMC0F8y1OQp69sEZQU+iezBSHBw9Q1jWPd+yA T7KuFFTtvIK7vPMb3Grq6GuQ9oLqBXYEw/YSUngZBd1BxsLFpnpB6oYKAsQds20N /4vcwsGUBBMBCAA+AhsjBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEEDMARp8Pc brR1Z5vJrAq6MYZqfnYFAl82uBYFCQtLjWIACgkQrAq6MYZqfnYNDBAAmgrT/QtY 9TRLk2HfG2YWuU0n6WBmyfj8ZfEbrrJWFBL+Xcn8OhA/v0t6I1E2md8GVVYM91Qb 0hiRIx5EKIkSqDH8zUkPqp9YzvmLxD/9+C2jlJlgD+vpjsymEQ6W/Z40XMOWmEd6 qAy8YLzR4fJlVYHGL3ITmy3l7JpcQbNFl8AhkosSwJkl5sEueOA66w9IPBfgnnUZ 0hNaYF7EVWBzyM1RMQnT7AS483aZOw4nu/uFV4WbmJD/hpNNMgba8GL6A7cX0Q/L HpC/25A8+TXQZtKre0ijp55Pg30zRjxJp9GdFqcME4wo6Oqj0/Xqdj+jGjGtn+kc rUqB39bO01xx91lutx8JWOCLN3DAJ0VrNwlMJLcXS2JeTnipB2piWLmzClg5UytB 0CotxPPZhUEX6+MjvHuUWDdo6GJDYrp+plHBC53i+3ckuxPe+vvLRwOEnCIJb3+4 0eyazI+RoagOSaYzATWIMFl+OaEdLEz6aRoH2ry3pk2Z5wd1baNKrbQb3Wr2fE1h WhFhAzOpIQi2O89aj3TTOHvxA2nO8V18YGx0BWIr4XuJSk/NMa/IrKo2+kkXaBBB ZXTGfAcRkhLAcazyQS5gZZaNUwdj6+wtuLts2GrOLdZKeFDXUu6cux2jXolDfMe4 xc5zGtSTLXLZvGkL5kAq0gariC0CiPGcjRzCwZQEEwEIAD4WIQQMwBGnw9xutHVn m8msCroxhmp+dgUCW4LinAIbIwUJCWYBgAULCQgHAgYVCgkICwIEFgIDAQIeAQIX gAAKCRCsCroxhmp+diz8D/sGFIshDpr+XkmFLNeCDFzxcV5mlaMekUvcj/RLPSLD DLfnaG59i1onSPnxMKnwjEIh5vhVb9xPh9kOtYmRZwnRr8eVb38jFCVJVKCJn89k 8WUrq/u3nYjxIbvzVgkH/QcjMAZ4NbQ+/owspRGY74WyBcj3DmBG0vvYbsvT6jRy 0dK5Lx0uSOLpqs5L6By2i4PyV8e8vbqMzNmeokvvnBGAkjO6e7qtkquC+Sh8xCf/ g+ruOAwUAGakxvxwXPye1xwy59LKKpYmntdwzHaCsNwejJhxiqf4dpHKCTvyl07a YkjbnEZCIRbClngJzirF0yCcupMs/jVheOeUpt+LxXkaY7UKhJeNspQMhm0udQWw 3xaq74j9CdmLbWmE9AppYwOGSJXVardqbKZT9h0EHVLbD9Ig8mk11EJ4m6lBzH50 E+yA4rry9VS3gFnLgUk18YDdPAipRuutcgW7EG3NXqMDPsrDj+xJcL9lOp6/0Om+ KRo3ajNaF0QtrvN3qghziPADm1RUicnyV210I0q+inPuTH9w4rONieGJeeCc6j3u p1f/5Mm5BGS3t71DAeIJBqmekO+w/BeRE88qx6CtzekQ3+AJVwSYMzizACb0LW18 /6OzP1Ut5tjcLlIF8dT6a3tU+uONQsYKs4/H7qi1HHyFihD+X6MbHMC2d8nEJZj6 Js0RZHZuIDxtYWlsQGR2bi5tZT7CwZYEEwEIAEACGyMHCwkIBwMCAQYVCAIJCgsE FgIDAQIeAQIXgBYhBAzAEafD3G60dWebyawKujGGan52BQJk92JABQkS7WsMAAoJ EKwKujGGan52LLMQAMvw2B4KmY0ugGnth9NxyjPV7mh1cGU9s0ykFlYJ3PX+FNLb 3Y27PCvb7ZdlWzIGv75qWht4kjeV7+R2hVC7BmA6oBZn9ZqiiDy40EldwVZR6GPs /BkFAb7U0Jap1mM4p0O1hg/AdsghxZkdcxwlRYqGQN4JwY0p7EtipsISM2RSm/s8 mIMDEHs6tkQRZ+mRYhBQx8Dfi3Ib5QoUgt2COcuxFiL9Qaxl9pbsTZayUV2Fx+9E 7yCTxOp7KvnMKO+yo4HcpE6se3CUWI0r+lox0bzassYAl5SUQHUeqX3hytAcFAdz pT6d1AZJq+O87sPcjZNAgmJQAvaJM+y/VWVwhXMJQjnT6jCDfjv5vuiG41gTIcsM zQj5/wAPuzoxpxN/iTnMGdjp1zhJhy/gQNns63F+/83qcs5dbDjBqbHtDCya/J7I tzHbtLBzfBi+FWy8kbsT4J1/GogUN7jN7D7mTnSUIp2HDxtaVr6PhcZTdGzhyipu mZTpGDbFKwT5zGq9mfRGtti45SlBq05nFombMXQI1Aiyvg0JkdkxL9wn9h2L1JA7 cS8v2+ndE/RpmblbiNAd/zEnb5D++K+tY/ny5Y8W2da5OdoPyq/DiyvAu3IyUrHM vNOI27gv43NN5dgBhIwbuWu5/thJYOl0SAN0lD2Lg22HNw7IJgcUguKPtxKRwsGW BBMBCABAAhsjBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AWIQQMwBGnw9xutHVn m8msCroxhmp+dgUCYxEvTgUJDyYElQAKCRCsCroxhmp+duN7EACf/qDUvOP85N1J NJp0RA9pzJcDFzQXl9Zn2mUghUHtlufPGtxTX0rluv4+Pt4ra+WpwNDPIsxOiRxT 4NrZjtM7tdSZyDgAfKc+j5x1JkpJY5rEJLfqEZvwWylyM19DSd9LeRNvvwD44OXQ d7DgcVeOtwz2w8Va8HZS8pvu/CkXEWK4OjNqyWSeCxthoooON6I1nVAFGEesjMYG 1LwM+O/bCw/qNXkKYYtOTdQpP9/m3nOPOI5zSIoklFJzasB23QXgS2xIER4MqMa7 6SB8NoK8k8OAYXvMW5GdWbCBt7gsfYcrRPDiT9Mw0Xq9aSSjCrowr/mU3adrqPW7 nqQqHq5jH9NklM7KAQsrDRWMAi6F3uEBKwfcVIbMP0WOiOCN+n6GeT8tM5ote/CQ vkJj/7X7j2UJribG4Z3JaBD+9F5nEnIZerYITwW3/xflbCXMwz1h2PNCx9Zb02hg hzM3+TYJOqS5eiuK1YvZ7MkusjiSwpGDk20PSp5upoTn/OMx6AjnKsLH9nIy4hYX M/VSzk/O7bpQIWg3MQRsXOwKKym+wYarrHyCL4yfoWVFst4cZJFGME9AlxCqzvxT URBuXo018fZqVEzDPrpUYwTtH5OqL3QndVJP8605LjwsMkfTzeYT/42FN9ZBG30U LftON0yp10aOM9wDKlzy3TrmAtCn9MLBlgQTAQgAQAIbIwcLCQgHAwIBBhUIAgkK CwQWAgMBAh4BAheAFiEEDMARp8PcbrR1Z5vJrAq6MYZqfnYFAmEcXBYFCQ0xMWIA CgkQrAq6MYZqfnZuIw//WFxyHLbtT+Qv3TDjmmtsXTliUUeC0f/dIZE8RFFnZ/a5 1evirfyZom30IeAjG0aojBofGQARXVwFO3RteMFTfouBeh6C0iS+eGYeg5+D9YBu bnjeYXkmMX4D4e7wIS/4Wb/SgfA3HjSJjbXjngYwlPiUdFtYJW58b8Ng5bN5xybp FqtilwVzL9ko89WKjchReTKWsGnDjtKWLCxwl9PsfNazJbFUOjEBl1v8GjlUzEZM gUcwRUM98Waxa9KV7/m1dFg1Z5t58w9yJVwCrBQwar2mEkS6WAblg+7bCF6qpn0T HrBlJxmK+SXEknBE1RId95+TlxbZSDiNCyb4DaVmFHixvhkKihh4Nx8OmRxL6s+s DjVxszCxiSiFjq82QtsSVCPfJG6n0xdVsMRVobgEJtPOcs/eE7AIbxerJogUvmIC HklS5jO4NzlaDfjZ6DhkM6twkUBY9g55pDQ/86q6VaI5fwoGuXmGE6EAftyaP7KT mXUixNTYpnxZm1yk4C3MMTj5Lu1+6IrZaD0nGT4r2kvaBm1XHgITBMmEYMSIiEeP uX3B/GDdTd+p9vpCxBbmJk3QNjERzaKAoXHI0258+ZsW9SDIkk6BoYD+K5ZY4+La eYUVC+6NvuWShAFvoVlMdD2paDeMkUigm2c4yUHZZzT278qp2FHvRHuPpdwzjjPC wZYEEwEIAEACGyMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgBYhBAzAEafD3G60 dWebyawKujGGan52BQJfNrgWBQkLS41iAAoJEKwKujGGan52sz8QALCgNeD7ScAK AYrv1GUcg+jLqdbwrGDfFHC6qMeaGhESCZhHvQUgYxhnMpYcy600hb6ZGuffOFRU a96n+pOUBfy03PsyInR1CYVlHrVNZyrHaKY+BkkGq7LPovg9+0spVzneBm0SqZHH gpWfhQg5KV3f8WsB7v5uGLj4UUFTP74i1c2bhpT8bAle1rUvSjymKAYVGnZWZqnS bTPDTyn6F5t/mGxHbZ9jKhQw/VCVrwaWXZyr8iTTxhnfavXl5DXCDtAmtt5zDQ5g XQ/8O3XKqZIgrWc2/fgoIbTsJJT5h+VuYr0s68mRAkCYkFwXS+DqnXkdZFrQxDiI tT2cu5Z//8EmQYy1zg6cVmjw+59s1z72ScXDkYqT0kPaOsA8WZfGe+1v2Xh4JMeL U649MZUpDfxsPD8zDOTyIyyIp9fyboHXPKrcKceVgrvr1oq/z4OXbvRqEk0MNExP eou21vuEdaMjeuHeptoSzOlG18Sib5b05+NbHwnd1rplYbGaZdAkzPSti3FJkq3e 6y2dcqeE0AFnaNCn2Stn+5UeaNRkVvR7ifNg80ou+AN8Yu/tbO73XKcwumLdLkKj N1x4gSqtz1GF2RsyEGHqu4CYLcMnRZeX7iakSw+GP/hqPgD6cif91pNU8/7uA7pD EfelkZT+wMfpZeWqPBAEr94YQeQe2IfPwsGWBBMBCAApBQJVzF40AhsjBQkJZgGA BwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AAIQkQrAq6MYZqfnYWIQQMwBGnw9xu tHVnm8msCroxhmp+dtC+D/9OXNR6KNoB4Uou/pbFCDARYcsTGaqC4euwlOmrKoAk KUECkxA1JJr45k8Hss3fYe/yuQlKxvqSo3pbpXqOeL7FrkzRX7Fq3dbiQaQQbG4z DeaqfiMuPyOaZ2aNY1+HSrZIYDIVx+vdLH1ZD6UgqgvNacaWPnTnGVh0Sgz7MvGt 3r1rZYPSwakM/n2N6mQt5XVepKD/2ftoIf6qb0fqJSm6gk+lfeiVZU+7MOSnjzNC Tlo/dgFIT3vsDDwkRZUtelBqBHC1sAA09X/KrXkzgOVHwtupN02odhWJZIP0W3Dw dDjS7Zo+4rfOxwiIkpXkypuZ9QIymhx3GTOnypc57vA7LrvfZ1Sd7vbzosYjhj5Y gTD8DyEAbohWXSupoyRnBxPs3PJXe0zdYdyQHUQqMbpoTt3xh7IW01N2AE218GBj iqY9n6AjfihKZlKG5hmI02uIjFp5pJ/L82EWTo8SpYuqpyDTiqCrRbFesyP+a9/E ep6O84t0v/OjwgA6kWk3UM+3AQk+Xvp95AZr4/rgxUe7iDy9bWqPS9ODvJNA2Mj0 v5PtDz53JpzQGZxKAu9glMcbQR7Xx44WdPBU0nI4Myn6jTA/QlgObq23U2fsMYuu edWCxxEx1CTAl0tY2ZMqUJX+YhwRwXVBOm0cA0mQGqPhJ53sVmwahCPi0yKjO1QO /g== =nP6D -----END PGP PUBLIC KEY BLOCK----- """ [authorization.justus] sign_commit = true keyring = """ -----BEGIN PGP PUBLIC KEY BLOCK----- Comment: D2F2 C5D4 5BE9 FDE6 A4EE 0AAF 3185 5247 6038 31FD Comment: Justus Winter (Code Signing Key) Comment: Justus Winter Comment: Justus Winter Comment: Justus Winter Comment: Justus Winter Comment: Justus Winter xsFJBFlviMcBD+C//koX7FAGfReL90s19MJFBzi5btpb0Z+48+QJUZJaNqrwJoGy CKhKTj1EMfun4h2sECdx4vEmyF8L6y4haMNKCu8pqiuGC3zTraPrSUr+5TExUyOS g8qh/HWBmZiDPjXPJ7lLidlLVy2vjFnYUW9tiKtvgskm9SfOPO33sGy/yvl2NNkl RUl2ebmwG0sBHHbhFUkppX9Qjw7rnEVVqFxp6rKCyb4cIrW/A3eqmgFB1QWho5fy dwACmv1ct8mdnMiebIeooFwhsAbkH63x7Co/6POnd+qWvb8w0j1ng6mf49lP3Vzx pSmWkYbCOYzTlg2EMJZbXw2dANExdj5fMYlMd/RCbchyV+DKQIpy3B7OHnodbTXj f0MI5twpHutmLenhKo9YQkBTSVqRbs837JN/CPhbOR+3cmmctKQT6sxrahnEJI6/ 46ZXgTkiws20FOvWhiRS0BOsLtnyB9rlN7bGNHkt8eNdcLInqutuBYhhGJOmfu6m vLjXFnqYuipr7GylA74cHgXOWvvuRd2IGdorbAUV8JIusOzAsFT/nicH5yftf/B+ yk7HKBhadsgXYnCXLwVHrV3eiJhJTSyt4mAg1/werWTrZyz0BAl9EhPvC2GlHa1K A3CrjiBx00h81277c5huURdT6DjzxtdW6v9sxuurq3H3uF8u0EA1ABEBAAHNFTx0 ZXl0aG9vbkB1YmVyLnNwYWNlPsLBjQQTAQoAOwIbAQgLCQgHDQwLCgUVCgkICwIe AQIXgBYhBMvNjwMFiGU+7dfiZZt91DPyVJBKBQJmjqwdBQkPAFbNAAoJEJt91DPy VJBKXWsP31MK1Sp4oae6sGvVQmpgsQO9pApo642u5IkTcBb6iqzl97pDUMfcD91T OclNSKt7/+5Oiwgt/ZVlNTrB1QpqzUcZgncHm1A4cPje84yC12wmcdi/glJNogxZ rQNJQcGxyZE46i5iBsvwz3tIygl2JpKtKScE4GrrCJmoabSvobj5I011BBaIfHAb cZvRqaX+cIOt89cddUShs6B30xeginkWdqRMW0Njtb2OTxxFYjLGcQj89GW2Y6Wn WsSRST8WzFMkDn8/UflOhwCcG8s6t7DOQfHEGma6rjtP48qFGg/EDeki4j0pvPEW jIvcNz0Ieei9d338pE5e98G5CNnPxfaS5Z8MDeTUU/6O5n/4DnYsv+I+tgVj0/RB DnHt9u9VIzMo+j6Z5KoIt9sHlvCEWBBZWQnRpsssWKvS6a01Pg0ViKMht9h014ja 6aKDrZUaiaGFUmlA01D7wnT6m2ybQZtRoFqEKSrhgywRynKaZerbFVNISSFH3J5e EX+NbuXqqfT8unabpSLMybecnw/2H2Cot7ziQ5Mqzl1SPSu4OAfBYc3zqY+17HQI Umfnua8sl4hp6yqedWgLT4rBhuAjcjAIsruktvYwGVQ5b0Dl2PgUq8xkmXmUdsLg jTLiUleRHc3b7BNdxrLYLQEeVCYIic8yvAQPv/a4A1JToM3CwY0EEwEKADsCGwEI CwkIBw0MCwoFFQoJCAsCHgECF4AWIQTLzY8DBYhlPu3X4mWbfdQz8lSQSgUCZLgE xAUJDSmvcgAKCRCbfdQz8lSQSpkBD947KTn8OMy15MM7tKpgoahsHmU0QZQNOAoJ LvhdH4x+jBeEKfGS6WUj1C0tb2TNBr7hSz/2F6SnBX6KAZVE7Qx3wUblxvpaVWFW i6ZQktUnlqx/hqHYi00MM7kz/v5iULw70F4a+YBYjPnrC7Ip8EdfFOUX/FDw3rHw j5A2iCl3H4WOoDUU60OZtyl1R49fMEHs2FC5gqDNo+1GEw4V0uhFekVgGoGe28pc YTfi/EygOHHINI+Xu4/coogX/JoStV2CWVhAbk70huF626+Hh5FtwkuKHqfLRfth 6dB+Vj691XHtAwfsYb6nvyrhgOydOBjEhyxEWUJ32IX1ZgXK3hqkj3epf1UPQmdn DeDurvtQDJOFxgEaSzjibFZQblLo8L/k2FUfUoaovQMsxx5qgthq88JtJSouqeA3 gjI2RXZ+BqS3K5Gb5DU5Z8qfpsLKcM4uCbON1p3zJot6CgwOhQ9tej9QRZR5jUVQ 5i+zoIR+QVbN9I1zYPNbu14G2TSAZwXPCodMG0NaRpxKiP2RAEdoDuW7e6XL+SC8 k/dlSdpkjnRGvpHT0U2VyA8BuobRQmWRAqt2n6H/48t5IJYzfnG3IqUsqbtcqpyn esPRZrrdkEsVOoRsrZuCarfR5LwtV48JPoifN/hOCaNLUMVJbQ3/j4vxbs7Rk0kR rGQUwsGNBBMBCgA7AhsBCAsJCAcNDAsKBRUKCQgLAh4BAheAFiEEy82PAwWIZT7t 1+Jlm33UM/JUkEoFAmLVP1AFCQtG6fwACgkQm33UM/JUkErmdQ/ghCovNcEBaxey GucIGBp8iLhdfFhSatUYI7alSU5RWV6or9a/zdYBUpdTbfTLCTeJ+9rEBBML5ULj hjBLFBKwkJ2rzegNdoHq39JlInot0iCBLivZYOVSigTC+jOwOfAhuyEkmBbbV11/ 4r2Gv5ErpEi5VuZtar5glO24CY+pSLwvS3LT7Z+yRLmMmQ4xBmvKMtfKGNPjGlk7 voamkvuI8SoAwB/b54D0Z09KZyB/g4D/piw8QB0rumd7tOLtIjKlZmzBHIxRLB2E bQ136CcnwgoHQg57S6bISC4opg/POhdumlF/kuFbwj8a6N43bh8yw3BhTzIGYrLg kDIfOlI6fh4czzzecC/aELxKYox4JriRZSY/uaWRgXfPC/kBjB/f3BIk7glDzdir xjonCLBhJ+7CPhOiZCUswE3LJUdWwOae3iUUfTeHQxdAZuF1BXG4Oz5VBJNsvN/z VqrvIO4lMDYmNqbVW69tvpf13Tw4eRxQuCIK2dwhS8y6tsLao8EY+kjqMi/N/hm3 Z62Ghpj3VOBFGz3CrOAwNhyHbNMQjM1nPHCCxdb9EKURYp27/+8MqaB3f1IMFkJD /lOr0scMf8f5eqdOo0QxQm+Hi20l2Z15pOc4DVkBAZVSrFFTPijsgHhNJ4X9sBt7 WHLpwF8hpuMI0J1U3CO5dI85z8LBjQQTAQoAOxYhBMvNjwMFiGU+7dfiZZt91DPy VJBKBQJiDRTiAhsBBQkJZgGACAsJCAcNDAsKBRUKCQgLAh4BAheAAAoJEJt91DPy VJBK1TwP32oWAn2LF4IQVFg5jw/pYkb/XOs8kYy7vkU55hYmEvw5uXpxdGMZyURw yosRWdTBSiW7NzuxOhPOK17J+s5a5O1vwDGyGgnLZIxDP4gf6ZZco6J+KUJRN7Vc kj6lA/BUtSq4v3Oeqc5Qel5bpAYlgfPPDXZKUYPhS4Ut6pmL6/GKFKBiEaCcBF1S kok5tD8rmI53XLfuZNWLKgSAWXM5NoosFAd236/l4RHjEiZ5iSd2ksmV5y5pzN6o C+NAfXSeRq3D++llDygrJ3SNm6upXyjcRpixexojGzqZ/1cED6OiNTVlUuTM9Ety jQdrKa3Lv+5vzHb1th2vstdwenQNMI1v7EitfA6Ct1vdv8itgnwanNPVqKF3dI6y V2eRnvTP8wNdRphRcIOPZAe2Us7WctAnl5AcLDQPJsvNgV+a1iVHAQWRmutu+s4r u3Up6sFhMmu4hw//ZnXe1BOmUl8uLyUmMFBLsNx+RHYY0uc1LZzXei1r8dmjWOPI 44iEnfCTJRjmzy6C3EjA7iATfiuB3Fd7XDvDZ3LcMqrNY4cqzvBxrybq5+TvkxAa TtM8vqddkz7UXo4Gj6agRpb9fyGfiZ5eKQsT/qng/EbByUvf/4VvCUmkyM+6d53I Nr4JUvnIJ/u/DDyZbnZiIhYc2+ZInmzNaBzbvq4yTRPX5yTNDUp1c3R1cyBXaW50 ZXLCwY0EEwEKADsCGwEICwkIBw0MCwoFFQoJCAsCHgECF4AWIQTLzY8DBYhlPu3X 4mWbfdQz8lSQSgUCZo6sHQUJDwBWzQAKCRCbfdQz8lSQSkzBD99TLqSlL7+YeFUZ YRPWG+HL+xyC393texwqMQs6eCfvHLLSUmL+KVhv66G+MCAtid2q1UsDwoziZXDO jFmK5hpEuBeqrxpXOfwZX+ofyr2TDIsp/Xf8jYt56aLwCJXhHhVypV+hygIZud/n zaU6QsQt838sEurDiR0gfKjvcDcB7z/fqw0Mu6Khgjy8qYI1ksI9CAMBmDN8R4P0 dVpMKbjUH0Jk452nK3PwkjBuwzqY76jD7vOs7Am/2MyfQ3lF2L5VeIsy0v1wcBNh Nm3eW+2BWtjNlmYz8hHIyI2bn9UsIQOVJhE2PRVBDl1Gm9faoF7NxJH+b8EgJMDo 5wdQDG+xu0KaH9ma/ZXMTP4rklQSn70i7QfMKCFUUdf7+eIgkYYwcXto9Zfkc0sF R+3M9g6oE4KABx0qVJRnMyJKit/kEEKUHGS53duPfnJxrLwL73rDYLk/2pFMshFl TbE/WUg3QfM4YQM/dIm2JE+VA80AVkii9GEFWIqvpwKwg1I1mU3VoZkrcrlJ9w3n gO+UxIKjaWjieTgS5tpPWL4mTIae2o8H0FIC8lmfV+FW9mRCXJi5HlCntgR4i+6R iD/VpL58dGXMgeoeIf7/3XSBJioSeHg3SOvcrEkwMmMSzEp8Um4H1m6JhK0veD6K DvXa94WTXP8+OWFsekdofp+TwsGNBBMBCgA7AhsBCAsJCAcNDAsKBRUKCQgLAh4B AheAFiEEy82PAwWIZT7t1+Jlm33UM/JUkEoFAmS4BMMFCQ0pr3IACgkQm33UM/JU kEqcdA/gvK0hwA5mfyKhQTB+wLn1nCe36rJtamb5uYEe5DE8Fg4FmBD4xRPKD+Sn 81Ht4NfViWE7odwzTzamkTahxYMmpZqpUE4xVFKwsLKlt2o9NSnRxth2/fbdGxdi M3CokCe2f3HdlXd0DC1lf2HlXNz64Bbz0P3eekQhCH3B9nizHiEbEz06/jH7CfJh 3jBc3pMfm1Hglty9BKf59HsleFmCc+M2LRx47ofbrr73igcpNJJXsAk1yuEbO4vX jwMTsiIOUpbBdEfWrS2d0NL4494XlF+v1dH9rezpEwk5PUyP/FxAv1nVWsyAOrWN GjjKRY8bfDq8Af0nn81P9/6Q3sk7oYTtxHtUu/vuywWPgZ6GL5JeX45HOicc1Od9 ZwnOzi3sP2yLe4FzfOYoSU0seLi91jpFcK3qpAErlMMdBbCBSZo+oxGSPOuttBre xPwwWE7HXNn9vaOaDv+7NSP+Gs6Z7g+rUm2DT4Q3rsNdFnqu9F/rhPoKb0yImQDF sZl5dvRC6BE7mA4Afpg1gt+EqXasz4zIxUtHisL1Sm0Mf01rKtAS5mGqmgQxwZ4Q +B6TdSZoM0IVG38NkrRjpnOLVh0zdMLdxfKLuB2Oja0fBXQfZ6pnvOfvrQ+tH3pJ mViLWEZlVurCsKN0/oiQO2Uo1CmnL0YuZCp7H8WHWneiN8LBjQQTAQoAOwIbAQgL CQgHDQwLCgUVCgkICwIeAQIXgBYhBMvNjwMFiGU+7dfiZZt91DPyVJBKBQJi1T9Q BQkLRun8AAoJEJt91DPyVJBKs8IP33cdkjfUKnay4f78I58IkI1BLZvDjnCaTDUD vlBHaKGBM1eGlSxtR6fiLSMML7Cbf//ACkwHSAkEdiz7xPoghd8jmcBRGgq7fqe9 kYQQThhrDUO6pii0YhdtmTTyGsBC8Ugg8EO6USUwsw1FVMRuFwKI9qB0mPHBcU79 Rv1IjqC+F6ZEFXfEOivMUZx+66gtKNUonfMKxBWX5JEgojdzIya3aJeBADfHIKbb RE2Q4UPFGKeCKsHWBTSlrazZxcjydX+V2USl171jspSxEbNDMRr0Qc2YQIeEPhdw NaPOS+x45ZWWFNSnkoQXXm6Vnvg2KrWOBOcjtBzcR/fsyiYSmc27p69OzJeD1bie qQrnWgyDM/7EJNYgvfbIpUjx78bMKDdkS+yOce0YWxug4psF4eMT0SLdex2L+c/j g/KSf2eyM4ssQLr1XZy5mYB64/O+uZdIc125uF66irI9vNKKYciArY4pFP2YH3ym NwTiQtFi4GyFWJme8Q3orUCZXe53C64EmoG96Ea2GVmU7edZKKLdamSd6dCpGd5v No9bf3PSycpZWooB0ZkhAVdG+aKmYn1iIOrCXSuTBV2N9zX7P67Igj2Hf7emOt3E 7X7XEpMjA1Uc+SqrLP/B1h0bohr9Q720OmjE0181LzpYwGvkv6j1Gf+sRDEt/11I mwnCwY0EEwEKADsWIQTLzY8DBYhlPu3X4mWbfdQz8lSQSgUCYg0UiAIbAQUJCWYB gAgLCQgHDQwLCgUVCgkICwIeAQIXgAAKCRCbfdQz8lSQStC6D+CifKzbYbMMMkhl 1RGibMAJY1v2z7DuJfI+yEDtOOCvErVhmaNhcGbShGuDQ5pWbyDqKFS8c7pIymME FJ2MeTkwRTcygDHB58CWjCkHNQ1/g81kvvHJf6fWmw1Yaj0ZTHs7bSHnhgqRD52f RiW+XyARqWlMpn+HdJhBVrFckRz4E4rHZMCMiyK8o+vWIwj5DiudFR8LmMHp8VHJ OcubDdAPPWe5eYeMSrJmxUQBcZnr7mI1Ys7Z65tHsD/jcOG+OeVzX9KBtcEDYbL/ 0JjtrFDP+GWxJErRzzoNMeOpZ5axgBQ6xMeSpRZIBtB6PVXXk/IMX84njfHq+Daq 4s3Mf1DyUzg0iRM5MU3cJHtgltBquY1Yk3kCEmqcWKQ/VKdrcAL6uWIu74J6Hiu+ kXWFkev4TbQbKlmPylZy2hpTwn3sRFJ0o4YrzOwYLl1BQ3PBT8N4embpL0JcY/Du EgHFIFXh5BNmf00mv6f+G6lJRZY9xX+J5yI7Is65aD25ZNZz7AVk8tMqiPpb/GN9 NL8kPDtBwYNoi2Ub/8OtBvasVfN1rwwib2r3Z4pZt4KzGSJIvruiwy5vJ8e4Rg3h +k72kNQvvAoG1Wjy2rrtamgZ8EUou+Ra/YxrpWA25KMGA8xRKGnduE01UA44dtXf Tno97jExwsGW7xlg3BiBB8DszSBKdXN0dXMgV2ludGVyIDxqdXN0dXNAZ251cGcu b3JnPsLBjQQTAQoAOwIbAQgLCQgHDQwLCgUVCgkICwIeAQIXgBYhBMvNjwMFiGU+ 7dfiZZt91DPyVJBKBQJmjqwbBQkPAFbNAAoJEJt91DPyVJBKoHwP4KxtWVRLkuwz KPlj86T8OojiPNJktsgxvW9n5ctXD9ZizMPIbov9D+A9zis3DxouY34YwsWp6Ip+ u1g+abvAsEiBT6hqQN0xSs7rs/knkrKb9qfyrg65u8sd+wrWFGei3U5zamZVCZEF xtTMRFb3K3ZsZP3chCNQuTboazrrrrRD6dEi+kWCZioi5jqLjEOd+WpMPc317P9e HufTIUUizgeUn/J61VJLI94SqZ/+SmKnSL1i5Mt62nKwbpB6Nng8jQFpXoMwJ80v JV0xUSw/bkQRulETnGEoj263ArVjSQsIYRvi5S6Gdqoj0EbrRvM/A09mI7zNxFdR qRoR5dolDekh/S2MUoGDHHvquJHqiRe1RrHGJ2i2+xfLwOZ0YA+ciJtboRhu1njn LCtxJ1kS47lYGQWtbAWKGUuVspv16gDhoPrw92Dcrsu8s0bvePdkdVj0N+WtR7Pa VsROqbSmjIMnV4wS8nZLe2DTINOPuaSZ0Q7TV2P9GrUp4s8sYK+pO+JQ05I8ukbT zHdRnwLqCDN0klUaF94sNFj1RfZN+hJKbQh43D4V+v7oAI7fQ8AYXEcdaoFwH0SZ 3wzQwDlySH64QKeeLcsB9kKVyrsLxwYd8QAW7yeqBFlVi8jqef5XtGbeEcwKE4tf ex2oDwbFFQoSwpbBwtzs2+xyKXzCwY0EEwEKADsCGwEICwkIBw0MCwoFFQoJCAsC HgECF4AWIQTLzY8DBYhlPu3X4mWbfdQz8lSQSgUCZLgEwQUJDSmvcgAKCRCbfdQz 8lSQSpGuD99KOFhfxtQgwbgpcTBXaOJSnBFUjqQ+wN/QfdqDAtzqlrKShMSZCr0e kBfyBYKV5ZelIV0y3C5RwhxUgb91iGvpcbkM60vr7MCkl9WBGWnlVLTcLx6VkZTV FIQ9q5skykLwOBEGqzGhX9LM/FYB2CREYYNLDv1nTSuI7LoRVGC9+6kl8Xu2Wte3 PLCGv10vQnN/1LnybvSQ7DuEsabTObZNniGDBFccKOIG7wWHDiypqIP2TxFpeWlg brI2imcj3q329Wwb3dArObAW1t0edHrICWO2zm4NHTFTshWf5YhVd65LhYZJ6pWp ECjUJ92/j2kIJ75UtaZloqrrRpiZdfQjKjv/Vfs2PJMc1ia8CgouQv5UQtuhzwem N9ctpss1Hka2negQAJGkN7wiuoEWBNabi9aud0CZadlh66Af5IlYp8gjRPhmKAwJ aqhq7o8gcziaY0Frfrdsn2OkZ136Thl58Xxq/G6NMbOClu+/e6vgdlCsB1iGgUXx EF5ntOi03pOvsD1VLUC5mDxYGc0cCuPKfg6KZZ45U6bHUZOYx7tbrTfNs8SczuXP w/ajVIgqWhZ/NXTdLoOcNhh0idqnMVSHYgAW/iruzeDSuac5bjA15y6X9Rqaukcp Y5fAh+4OBQrTQaVdB2mNxyW9Q6rmy/hKVIghjvULD18ka6xXwsGNBBMBCgA7AhsB CAsJCAcNDAsKBRUKCQgLAh4BAheAFiEEy82PAwWIZT7t1+Jlm33UM/JUkEoFAmLV P08FCQtG6fwACgkQm33UM/JUkEq+zA/gol9I420UWGjonZAyavfnTFuQSbUpkOIf kSpHcD34oqmMKpdF15dXuCqZCAUtQHcvL0TogVrEV2s+mFxRQ9EhRVc5BXZeHa2j 5zuTyt2m1RhJk/8FmEVWfwzzdzOWyOPz5CZVvOvqRsN8b1zKfkfD4y0yDuHrBkCU wjty1vJP+RWh7+A72l7+N4wUZp1M9kACbLoYxyigEvHJ/c06q4xelqzo/eUxy1Kz DMTQXkuCU0nYry5Hmao1nM4fssHBEvQLklSMzy3HYLe8Bpk21GCjh7zpBdKQVE/H CvMa2n7jUQMlivDg3hCjqd8BUCWX1nvSGWbVJpfd7KzVJzTmDRJAUX0yxFlzmSuf E64VeVDkYLtLE0qetZRU4egdtK2uQn0uV7jDEaOIf7xy3hWMvFiJLoCGfrPTFUoz 1kqmr2Z9DSIrykkz3aouRzA6gUTqIJk1biJZUTl3vbwO892PuyU4DAz/P8ABKvUq uNCz2zeMy6qzjOs/yjvE3PMMUo1sQIiePUEir4PkH2OalKFnKVFQuf7dn59f/f3g SBZ+QI2d3FJxiytOhUnVwquqCsWvpAcH4uYAXJzSsOGhzdlLoO/Oo6E4HsgRV58I m+znRbtKDEMgmR9koqtBWGNW7M1iZ/L5vuIZzudeTxlSClPUD81C/Di8X7Tnbj2/ 5+vyTsLBjQQTAQoAOxYhBMvNjwMFiGU+7dfiZZt91DPyVJBKBQJajCgaAhsBBQkJ ZgGACAsJCAcNDAsKBRUKCQgLAh4BAheAAAoJEJt91DPyVJBKoEAP33aZ9BSwpKNb Qz/w+86Ky0WU2tcliHnJgFOJ6imnWlK7aJOr9tYN4s9EMyeI/SJ+HezCymc1aZoP C+pws1TEbT/OeEWJ543hRl6XiVoBcgQLbRth+Xc4cWlb2GHycXEazpX0ktPauciv 0f+Z94c9qpr6yMDkyl6OxqO5wYNz9EDWkArweSXG2KQV1DBTG3R5lHESBA0VvUbD Xtgt16GhATDMPb8zi9ZEDCrOLLEq9L0k2UuQIeGjof/GdajlFoNOng1jq9GN6UFn I7eT7OWRaSp0w8xVJmEo7z4+w6ia+bMU8XYxPJ/G8iGBjmGlINiGcbqlFDGe7r6J KCRb6EqHrPScoPDXUqpjdS0XB8mf9OpdE8cTvJE8JU3FFfeZeRZRltkKrkZ1egIh F0sReEG5OInhw9aCqQhpjbqWLvx2JOyUfv96z/DaDSlrwWZB+3bQBsaTPVT5WySr pcgDQVnpkUYHc0X0mq+10DgOX8+ZuehXSAWH/4YU+bedu/rL2m1O2cUZYmV1jSuo iUqg3d3z6pSmTCD1fMxKwwlfkVNhuuG1uJ0XS4+yWlhAaitrLLhQTThT8ePE5D/j c7ZAnkjZiBgnz5bCdXfxiIusc9eWdXClltzdgcok0dJxTAxD2ribJ6ZrSvCElnmq x09A/bfiNuFuldc4wzS28qRbYqXNJUp1c3R1cyBXaW50ZXIgPGp1c3R1c0BwZXAu Zm91bmRhdGlvbj7CwY0EEwEKADsCGwEICwkIBw0MCwoFFQoJCAsCHgECF4AWIQTL zY8DBYhlPu3X4mWbfdQz8lSQSgUCZo6sHAUJDwBWzQAKCRCbfdQz8lSQShksD99k 4TF5zrhA0bC1v7TVB/v4DwvjL4wdLnVisxv+JgRg6wr6iGYn69LuHfFfoBRMre20 PDBNih824XEre/L578aFqvBUSMfM++27AWdDq2xht61gH/oRflwa8cgUw7an4upa PBvejo8r0HdacRbFz5L1qcjqQqk8aNkFVyVQNULhWf+mitpBzDveotGo6+53NfsG pERuWadpxKNRJ+qmmU0184/ECxXSRdkPBFp/j4TQkEQi3GBLQLPgpWow3dkRufjK 0UTM7sj4CaHeH/fAtGLJCEiy/G0G6tjyveLd5lSICTDyPdFqYvh0Lv560DYlLGvB 3dUlEe+Lygp4bDyD9Pmjx/g0exWfxJCNuVEL3ptcooAVPVClkvpRVGYE0ry8rO7k UduLEYp7NpCdebt3jyyP8k5HaKs4WBk/H/XwFwEQp5rIWUmIg5G4x/AwlWQc+J8A 4WjpA6tJa4WhpgprN6LRLOdFsMZJj3jNVXMCagx5dstNmKWjNuxJfmHGwxXIeXK9 A/Vs17CipYWYcM319P2w7Qy66wVJSURsIxmac+fmyHIXzxal5TclYig6KwPzS71P /oum7/aYeXX7eWZqoZgeUjCVZEyxL0HUthgzCjTDY5J0dJwhqY+3bwefUJZ41qup eT3DaHWu/knmHyb0UiYSw5oWZMBgiawrkYfewsGNBBMBCgA7AhsBCAsJCAcNDAsK BRUKCQgLAh4BAheAFiEEy82PAwWIZT7t1+Jlm33UM/JUkEoFAmS4BMIFCQ0pr3IA CgkQm33UM/JUkEp+nQ/gmI8ZFkKWsO00HwKXf8AXokLyjM1Bl977MZXxQNY8LzHe jYFxnqxVtoGZDLkFIbG9g2QrY2hocmRo3TmhzSW32oXpciqIF9wMrWBsz3T5qLPB jABVlN4mFTdQNMJXcYbYvpbhkeKo/iE4kyar08VBnPv2RelJF/mYyP0hPmA1ze/u KIm8p65DC2YHEGaWoRQsl/JnkFALSPPdOwxdxd0S1scEZ10Ha9052BzTlLiK8Mca qA4FjV2qAwwG9mpuTT7j3NvIWT6NHY4FfnN11hOHkokRqZwdekFcwC7ByGrbNipR xPvnhm8RAEo1WOt5tJl33Z5TetswgHj7cQ1gABfACccn0BAL/uHN4lQpt7zyYWmH om+I+WU7o6DVoKOZPLt70xlkwEoyH7GzrXOoKTk6o+8vI/++SjupPQsu6VyEgjE6 o1IHZ5xvM62mUtO8B1gst+SAJBYxF+aKa7PkpbkMPN8rzEdcN8RfupiGHsuNKgNg MfLOe3YsVxaIbYT7fBMAb7R//D9G8qkHoA9m/rhzHDWexb/6HzpWzgY2ozui+L+H PZwD9yMA9yRGHIU1l+acXEy9i6AtCuP389M84ilcfjBANtNfQ1lccbQc6dQVEGwa y4jnmrKV8Y8l3JI1fncJF1JZUL44uP5/5GO77HHe1qacxvfA4ZjEFmufWMLBjQQT AQoAOwIbAQgLCQgHDQwLCgUVCgkICwIeAQIXgBYhBMvNjwMFiGU+7dfiZZt91DPy VJBKBQJi1T9PBQkLRun8AAoJEJt91DPyVJBKAewP4KNgO4GPDex2ksNKTPesAezt mROpdo6eg1fAfPRZsoQ+f5TdFxXRRBosW7VNavB5opoevgR197xU/YhwMH/T+JVH XCRu/jMIyQPbcMj/fAaYS1LZBtYZmAkd2WUxR2WqyCpq8D2XPShMXAsNrzwMdaro QVPEqlBBUO1bGlDqq4e9CMLwAyHuIjYJFhFNNpeZmW+/7uAC1MyPLAVSUsQYequB nDm+4KxWEKexc/atSrsUTI8ForJf/Jdem0Yj/39k1KPVVTtChcPwZK37kA5JI3QL MCclFg3MDp5QHvS1sBmPky9/5thj7t64edeLDKG0yTOUCK9XYnTCnTKyhWCgjRtU mtYc8grOSeHXUA++DFfqCWHwFE5if5RHUD07s/KJLdBmZpGf46Pl3O7FyzDK38mr Q9R5b4sBCpeJW8T3/vsdIU1etfrx3Dfq4CoZWytAD4q6fxQDk8cFTEbOztCN4uRb xcw98STZ0T5XhQ3dDccBQ5W94KfTLRgfreDJR+lXsH1XNjkPYz0TO1vXPfOa45HF abpa9TyQm8p2LUpP/m6xcxXTj9U441ufhqsMKnBvnpSXPyandnxoFVL06qWuIsH/ P5HrZUEZ2JQoXI9XB20yqWhCeS2PnHMmB9DrThhNU0hbmiQrXs1rhOrqadmmaGz/ pYyRUFcL3KTQp8vCwY0EEwEKADsWIQTLzY8DBYhlPu3X4mWbfdQz8lSQSgUCWowo CgIbAQUJCWYBgAgLCQgHDQwLCgUVCgkICwIeAQIXgAAKCRCbfdQz8lSQSkljD99r B68OA5orMkrqORc3dkWA1WaoEMVM1SwivabsoLbDYfyLqeKCEAbi+WRYpwX9uHYD X2yhvSByt7OA8pjO4dnqBKV8G2H/0Srzne3vP+db2+AWn8RWZBP4o6rk+573DyOn QuVQ5+OznPNxpzqTx7YH4abbShmpWoGzMN3GCkgZqx8xNgry6cwHgAEOFFK/kl5H l6mo204YrImwW/wVZ8CdXoBrCB+9kZcMd4gQzUmSULMvFO0ms0SaFGpLEAXiUcgr 10NSEHMav0ou5VK8Dz+BXikLM9fcPzE2b0EZT+LDqIpzLw/YG+RN0Y5IXl/gI9sS 3gutgPov0SeiLeqksH6fE5EATK9WtsTlwnCxjsIR7MB1vPiN+zutDJ2jZ0MVoI51 EHrVdoGcS1FxM163oPr/lAQDIf5WTnI5q+zlvac4p0xLiqVfBVX1XlN2KXAKF24m e3THyBRi4JK4IutCVM/gtXfZIaz74mNAlOTxDEvGZSKy8yrDVEhcDn8P2qTcW6Np vgGoMo3qRzl+Av9NiNhHXMzIlQgkX0E8HXaUq4Xdifqu2DUQ3dR7htHby1IGZgYP KS4Gk76VPMhttq7GiI5daawMZgOPoKD0uQ8fEWIdsnOXp8nqDiL8awHhN2a042Dg epdKx5Ktll4hOZzXTW33GHj+ClFEr4UaWWaYzSZKdXN0dXMgV2ludGVyIDxqdXN0 dXNAc2VxdW9pYS1wZ3Aub3JnPsLBkAQTAQoAPgIbAQgLCQgHDQwLCgUVCgkICwIe AQIXgAIZARYhBMvNjwMFiGU+7dfiZZt91DPyVJBKBQJmjqwUBQkPAFbNAAoJEJt9 1DPyVJBKJlYP4IwR1T13+LRAQ3SiU0gjQC7hbcc2IS9FWs9IvGDG5w5rFZDB9TD/ Qui8/CmAyp4o3xqKRun/fxvw3CN+K2kT48abC1cCk2onz+BK/GiD+OAuezG112cw nyk4az7N85y/Zjrq7yQqIZlYs2KrLg1VqCSZjpE2OBH7FaABGxi6OUVgbCZYGIuT FdrDs0ekDhjJCFRcnnB6ZlCxGG0yNGZHbrqnfTGYCk9GSqKwJ41JnSY/fUBcEWXh rKyDVG3ix9OnFQdEXsj1vOv4L3jXvyRE1jTPBlk2dhUMgpKyl67d2oXCcxAIkWij VlPHZr6Jfy6/59fb+yDFg2jnjS92Im948xh4WhNzwGG9r30KK0aGC8FSmzv422no HQ2Yek3Yybr1LZUqhAW9J0Ki1jH8SO46M59LLSdMR6HUtxP3DK8dKLVtIC5mr1lk I9+dq3UBmj5W8PXGEsJuSnP/uGwS4qINz1dfUOaFKvZt2wpbNiJAYEp2fGmIefVT rdxKUCLZ5vxXS/8jN0NEP3UoajKCXSbCSrqLaR/HfVrO751fZtzMTynka0r0YjbP TkKuwNhnQ3XRwGO2+xo6JjhvaKPW0OGVXF5SVLIyj4Np/LqJc/ZKZEjtdK6Jtc4s n+BFUB0rSNMraBYkVMzhTGgjreIhIdtf52Bf679YewbUwm8vWnLCwZAEEwEKAD4C GwEICwkIBw0MCwoFFQoJCAsCHgECF4ACGQEWIQTLzY8DBYhlPu3X4mWbfdQz8lSQ SgUCZLgEuQUJDSmvcgAKCRCbfdQz8lSQSquUD90a1+mfVI8XtopWQsok6MhYmhar KN5PlFRgdNHsMXqlGKaGG3tuQnLUUby9N7DjWMloZnGpZFHc5FdvEdgETSmiTM3p DHq3QaJeyVXsFrlYxCAks5hpyQYZwgeJ1OkFExlPOfSE9vbObPOQBOFVrkESpeZT odb0r2Pg4ey5aJU6m+x9w+eTEapcjvEfI+toTIJvK2/IgBSepGiJp3ryv1e/qnoN QoKkp4k+mJtpm/EO8DdsGIh77mGXyhQ2iyTC2KSVUKZwjNznq1aipMFbSn/Bf29W 6zC1YdUrdTeQ8ob0AGnqmd1QGtuDSlmd0rlPJ4Sp2T0hT2JysSRaxbrmmweM0Wxl GpVizrEBi87G+eYNF62h6ilMOGxAfM12YJV8H8v8T8JTWQqMyyx8mL2Ib98VQ4SJ J2TIpBQiXVrTHRRG8x/yK5qr8Pur4eXO/xWcJruEN3VxMqRCT4dweJPxXBiRZUNP tZ+0hP9hJ7BJ5hPIa8dXgQYYBrxo2qeXIYLD9Tv8nB0bu/pRedKUoxneZmgBhB9P sBEYn+b8J5gbvH5h2mtOWmGHvHViMImSTl2Fahu4l4dTl/UBKqWinVOvpukwq5XX xlsGRjvRDQHJCwm1I2thtnLMTGE3PsG5ncQ2zNgojHDSHya2yfskilImYHyqg3eR SSGbmsH/RHIwwsGQBBMBCgA+AhsBCAsJCAcNDAsKBRUKCQgLAh4BAheAAhkBFiEE y82PAwWIZT7t1+Jlm33UM/JUkEoFAmLVP0MFCQtG6fwACgkQm33UM/JUkEoJEg/f ehrMCKivTV2N/mEZMb2ox0ES7SwIizINvCbt9UsJ0FPUfk6hrGQra5en9L4jvZ8F Cyof6tWCvigYWXdQWEbTNhxMM4O9V8DfhRoqY17WZkZYgXQAC7hfh4IUgq5OSz7X K5FuJ4YZObVuMWUmIseCLalAoAGfZLMYxWzGvhLIedlD9thZ2r/ukB4Lq6JGHV1d aTpU0I3U8HY9XxkzoavwEBc602mJeYLNpGxL5leNA+0vhyd+6UEgPO6EvHBsmJNI zyqhh8DGN/oQUDHNn+0gkdW4djAivJ1ymzvcEg6QFdXKKpA3xQ8vRdG/SIm6wyS5 +6w8hJnXBXV0f3e4518v7oUIdQz+5jX+FUJmR+LHYE75Z65NsrRuO/2RSitIdCUp Y6HSwD3k8PP6aSkT9+jx46CYBxqbeNoP3mgOXPJyhJTvs3U9WjZVi3vn23STosoG Dy+WScgxKUOdtRNPxucEhNYE/GPkA41uAP8QyxuLCKeoEs2GYCCXNbnBuUYQP+UV PDQC9OsloP1mOLxEM7JM6iBxV5eOFkgZijRIpN2lUv5KkAcS6F+DR6sWUG2ptqsh cXqiGC2RnHd0LIPMNmS33qHEIIrAP2aNuCuSzWSME1WDUVECw1ftujvvE8FdREsQ mZyM6xhNXSzWCM1iKHzmHw4sE51yft2A44FGW8LBkAQTAQoAPgIbAQUJCWYBgAgL CQgHDQwLCgUVCgkICwIeAQIXgBYhBMvNjwMFiGU+7dfiZZt91DPyVJBKBQJbETOa AhkBAAoJEJt91DPyVJBKXGMP31CL+4QQ82XIki6vQpjpTfshzjVi1FPLbPptu3SA w2+NrdgrE3qMKfgcLmxyhqN5uGYwN/MNAyfBdUu+jP55BFst1srsU3MBkbfMu1UD OD7FGEY1Uy1zFpErsZqB73MDv8zUvXCW24Z4KLaG4D3mBRRlybydQA3j+eQbn6eD VOquOOyL3Gili6Vf7C7p1SfVPN9Zs2hgGJuIyeWHkejtEOw74o9yUYeB+bRV/hgL DUC69da8EMokLuQe7T2Ir9/76KzdDCXMkSJ022VDzOHq7AavwG4DaDbQ2nUzGRTG 3E3YOeoUECNXR5HB3sPywT85+fxRsRRzjROvgGpbUKIy/17HNkehtnAhqURxwU1P hmNolG9Zd2ekBq6AJkil8OG30gdDM4n7h8wiPe5TIocQ6g+aX87wtx+4PaOIR/au ABXwHSQQCyeyXOXlCFixxBVSGy5m/JQxXECtACJbAdBWOUxTEYcMT2hdwYDZXtnL CrjhsflgeYNEd8ox5qEdCaSlNSLIz/vTfmJRK8gY5/5lzxzxQP6R2c0GUJXSxB2y WCEcMUJw+pcvPoJmjzARosRQObZXXY9WxqinxG84oK8z6M8z51ba2YbScWSypLWb T0UOn6zTZfW6v8pdqFE7I3BHJDR+uBpywSsdCPm2z09yTbgOOdD9bjBQmBsQpD7C wY0EEwEKADsWIQTLzY8DBYhlPu3X4mWbfdQz8lSQSgUCWownywIbAQUJCWYBgAgL CQgHDQwLCgUVCgkICwIeAQIXgAAKCRCbfdQz8lSQSuN4D99ft+Umit4AAd0SGVTO 4M2NE6o6wpxrImpfmc9wNhlCrpp77DP7nFfma+eGG0YzkI8aCz4tbiYh4Igq8OCo MWBYwVRMuxd+AyOQkdEmvCR2M4vi/4ikuUZYeOIHKobQsAC+fHYNLFOlEVH1h7XV RhiYXSrAw3fUJqIm+2oSBlXzQwPLQ4OhdeKL6cUpJEPvraLc6Z6CDqojH9YJz7Tx dDKBRA57Pf5mMj63ca3GLp8q5L3jwl17z+HjCKHfhIMUyvtCzLXlrdfLpIewE38+ uBB/k7ZNgevJP6cYXY5rYscOvlIZEJKMOO4JloGiS8mFYc46J2XmNKOzxApd3+H5 uZlSZLtj0/sy5Au7irMnTsU56QTtLYTN4jB7KlN8p7O1gLydcCdUnCxEJr3eRFO8 lbvDYIix2B4z1OuYT82omVL3DvB6FwavexBFRNEh+ybGAplLBjGOn4tta7VJooP/ XQPm1gcGvoIXtiv2gBC4ALGx6P/4ILpyYOmAFZCBFzGA5uoGALN2bt9h7oCzdq8i ttGNAXjbKHKQS8hD7/2Y1gBaRqc6/NPjTDiStpIl8YfpL8uRrzGEJBm58WWSkbyL CRamczmzOtY7AbmteeRnB1bE9gqrN0NjVgANT3PphLC/ZdUmRHq4b5pnIgDlEu+K ElKSq5OwFQDHxMdg8mKLzSNKdXN0dXMgV2ludGVyIDxqdXN0dXN3aW50ZXJAZ214 LmRlPsLBjQQTAQoAOwIbAQgLCQgHDQwLCgUVCgkICwIeAQIXgBYhBMvNjwMFiGU+ 7dfiZZt91DPyVJBKBQJmjqwcBQkPAFbNAAoJEJt91DPyVJBK9qwP4LF25tCbRGxP 4M8aC5SO9VoWRb11sGXoVqTZ8VrgYJ8R8ggIgelJX9MKpX08kVIqyKOqXC/RmnY+ suFebMWvDSx+mb79ini3pTYzE0sd1TwG0qa4cy0F7ztucLm5nyPMD+cb7fxzAz7c heESc5+fODwVbY1Y3PnkJvpfaDBvGGJNh8UdkK2ADQ2wOCspme0ykkt699q5Z2C1 V2QH19kYyVorF/rfjfHVbdtwHGhaZDFrOo3OWk/qNXGfzLk3YengHw4Reefg3YCH Eciqyga2rTce1IKLRf/oZCnI8tY0boO3xb/yFX4BmRWLKTLY+H8znmpbsPoFL87g D1p++RkE3IIbFved4Gjsb4E0WK1GMfNbJckYcvH0uXr1fOlZGAMAVMWFA/wyx8TQ u5PKc9mS3ek/5rjq4P2kMkiPxY6ZFVb0VdTZlK2EgX3DgzqBVqUX8WrvrlJk9YTy qtxeNZ7q9wow5l9Y06w3YGYzB97GmjnLIOgXbxDOSPf5uTjcXGm2tDI/6aO59HR4 DVPj3UYZW3XYLAwnQ9Hkvw6PDUxXl1JUsbjzsMitFQFTAnBQ7D5Cy5OuVrbPfniq 3aDNi6f90ymzeLRtbGvr0Y5mFC0RZzQBFpwoqGl3vxyhK+BJz+hpQw4oeCPGYy5i JU1mPDgqx9guiehLhfdgazBKzzDCwY0EEwEKADsCGwEICwkIBw0MCwoFFQoJCAsC HgECF4AWIQTLzY8DBYhlPu3X4mWbfdQz8lSQSgUCZLgEwgUJDSmvcgAKCRCbfdQz 8lSQSlvmD+CTD0x+Pd4OsR/KvP6a/Wo9CJhVNgKwAw8nrheniLo/xfxn/NrJQ8yM 3dx0HBuMv1dAXlDQTFspMZuurEcE2kv8BygKJuaJsXvkki5P1zclIPtYpy32RkJi TWzfN8Eg8t61ynl0CrvTfu2AqTmsfokDk/4VQr3XiDT9MoC4kiQGaP7ID5temWk8 11iajrWywh53S9piJG6K8uUVPY2/ISOtpYK5zRj+Mi7d5GceWoJ6vDaSkahMlGlM pdHbbqYhcmqZAlu/tUGdjIPYH6Q9+paLp/vY/ua98qI5feRCm7sBGM9Hrns0Zq99 czgDZmOl+vYwQ6PKBzhIqnqmr5v2mdk37SwuHqlwiRHT00i6F/ShkFQ8m7AX2i3b i75kT5ADxLCCxo7uFpgXTHkKXc6mc7jKVfb3atmUsqwm3IPkM9X7z6GX7PH/kobv 3k1+EvCBGYiW+VPrWMX/i6VBXfGxP7PZ+yno5H78K23u89VEsVVqxfESlpjCOrEH 7i6dWkCfEdgByHZ2nnSgQ5V91UxzN18jy9oWO/ixt1S6asRJ0m63EwOzoZVFmFxH dJblkVEDPcTIsAJ06BLP9nh8d66ir5ZZVx+r/MYTQF0Jd4HYrkmYozY7rV9W+lpp TXf78X4OVSz8OQ3O42xPyAWP2bzZbFEJyTrRDGdOPP7XFQwVwsGNBBMBCgA7AhsB CAsJCAcNDAsKBRUKCQgLAh4BAheAFiEEy82PAwWIZT7t1+Jlm33UM/JUkEoFAmLV P08FCQtG6fwACgkQm33UM/JUkEpCew/gmPNy8sPg4TVNBKNhaGZAIeuFicQcg/Za 6/2SlqaOm4+AEI484iaWx85cIME6JKBaBJsuyeRgOGSVt7+zEqia8t9ERQw5lUy3 MaIvb6J9EHlf05zyFBYqdTND4hXImRlnLkg+MnbRjeYfhbE/oLBM1ZP4f4XWjv/5 xJqxiD7EJsuXd1xI021pIl4DOvNopTHp+2gMCkvLxkf0LnkBZNkbZQJVwt3eUqja xAFSubRqNoUEXrhsl2l4qGb+QtiTnlm51mhR5Cv0YaR4s6MnAyHrjX9RWs/ov29M zCUNOOi/Z7+i38zgjDv8s4yDsNeL92Ddt1jep/UNL31OS3c3RzBtY/DJ3vLvr5UB +qfY0tBKYdtuV7IsRLIbOmF+e9y33p6DX0kRmR3Dw+hyddBpkDs31SGGaIdGD5j0 up/4FbuYJdLowo42T8TvMeuES0rx7wdjD0kP5D5fF4EItcjxdQ0qNctCYiN/vd5b lycGh2KmRLfdsMq09qZgOI5a8uyv6zPcKc9SkIqxAcgqiOuioNFeO+pC7egT1Ssz pguFhS11fcGff6r1VdujG8zuH6j4F/h4eNEiO+agFzcTY2RnyLSwggosdGnOAnvS MQM+n1lXFQPnbSWxxhY9NJGlG+aIBWBMj/RaY0hXiO7rOR3B+PIL3Y/hd8590iPK YDnONMLBjQQTAQoAOxYhBMvNjwMFiGU+7dfiZZt91DPyVJBKBQJZb4jHAhsBBQkJ ZgGACAsJCAcNDAsKBRUKCQgLAh4BAheAAAoJEJt91DPyVJBKloAP4IyN1gi5VPQw fFzJzRroaGFnTPQ8U9pq9JG2axDF7P9QTX5llz/HOmMZM5SSvnCg74R3REqsDjoa /hDxRl/864p/ryCWxPdHwU5qMZLFKma65g02wXvgXhhB7sfc9wYUX30XxvmhDy1V aZbtEKJEThqOEhqJ56X1RRUzJE1mcNH4pQAqCYbmQRmmRnU4LFjzk7Lai/gfDbqK t2+wS2lZ0pJau8UsAfWAuob/PXywW2JYbj2DHNNzKfxxj09lWjdC4NBkxC7ja1gt LtMPXEd5S0ymCTcAfUIxTb2dzcM3jrJOtidGvXTmBWNfaKxxIBDgFL/PQm0lETyl bW+yKnZoFi6G6hwAqv7zIuF2Gz79FeC/BsOqv3U7DYV5EpzY+TmWdzrfAZfG3UED jmrnQcNravBi2zckEMNY6K6/xDkAqSWlvb4c7bJcB+LSQBnf8wou7sI0RKopAl3F qJVbODdTrTXgtKOJHRNbjq3pU5LPQBhiCJLFcphEc3myeyk3mmP2udbH5+kUrI0I Cfz+1gPUWxJW422h+/jFqHEwf0Yss5xmP+y6xO9xj22cIzAWYUlI3nPeNYQ8wteZ 0/F0mZliqPlH5vkfd3jLdUpTMOZDovw9jFNI9hed1QHlOY+TibYMjh8PTTbRtd/L pG1TZ4Fr3kjUCLCSvllwyyZm3XnNK0p1c3R1cyBXaW50ZXIgPHRleXRob29uQGF2 aW9yLnViZXJzcGFjZS5kZT7CwXIEMAEKACAWIQTLzY8DBYhlPu3X4mWbfdQz8lSQ SgUCYg0TWAIdIAAKCRCbfdQz8lSQSk4vD99XUY9WPKet2AmaSV6hL0nyGKJoRhlf 8rJ6sFMqShf4lPNxQyX5bB3Mv2ml6Y8VEulBQ5kXnXh00obuM1t2ZnzJGmUsDrVt 0AQr5KFPl7t+gU20TJCzkH2zCKZZxQS+gCvjUl1JrnuICvimaDBz0B5iUrwIlLWf wirZfT59nljgX96g88NFzE/n+kksqzga0qRlixsbkPf+/+pnI5n3iYB6GhFqh9cG h7rg8w827QpiIH5tC96ovuApsuMfjH4lrnOggRRV2NpeW1larls7Q0d5kuzHV1Pl 31Z5zxemuErsht9zQgKMUdT9/HbkRGKNYkAXUVtF1PZfDE/5xdFRmmH4oQmWyUUG sqooCWNFBCcrdv9gju8YfGeU1u7eC0fPd1EgLkBrwAwDLbTf5Z8RSa50QPhGQsXO UZ+xattrHRycOeJSBNkZ7Q2R7y1FBPZ62tu1vPZrAVgUQPOx4kVsl93VLeFX8U1d dGnEA2I4OmP4X6QTP8kb09SLd4gzF2XVNqYIgl0mjuFPrK1k5adgoWiRO/HrOqNo aIHPQ84+4H2T/u+1xxkXwBJAvJ73crbU/sTCtuDjMkf3oKQ4mNqtmkEI9SO7hbyR qydxQ2PuxvHx5MRM/UUROTdoL0Micu2ew5TaHNr/sxzYnk75qRygqwGc5wL+Fw6O sBjechZ+wsGNBBMBCgA7FiEEy82PAwWIZT7t1+Jlm33UM/JUkEoFAllviYwCGwEF CQlmAYAICwkIBw0MCwoFFQoJCAsCHgECF4AACgkQm33UM/JUkEoBLA/fa9Njt68p /ihg2lwQ+QJDDPWSXH8/+q0SiIP/lpaJamxkF+JIXQFsYSzsas3AVEW11utsfTbB O2ukFH4SsQBxysQ88mwk7kLcjAeCnlRI6mmWupHrMSBO4edZU/WiMCPHlPogrEM3 LfAMGeIjbMSS3/xjcDDKcPAP5SslFLOCy7RyzY6J137GDqGdxuNRZvAn41oNVqDz usshqnEgGkpUCXh5QITvxlZvmQjKqIWwBQ4G0WjoyVA5GdDGOJiKcGbi4QTfIWIz wfatbrFmeXXoPEH3SM3pajYo+z9fagsDCj5Df3bm9YOiOG7jRz1exwHQBuXk1caF f+qL/CCWByESgixaPDXJq6UqUzRM4G8gYx0Mffe9RhpEsVSuAZXoulQRQXcaGGgW EhfDK/wYlXDlcUudfd+flGEJKrwfC9aZWsKA5p18ujqGsPcUV5bKv//JzOBXD70q O1OuTNwXXUewbm6VNXuasXYhv9k2BcjwcBNvj4XjS09/E31kXSh+cK4GbmIg7w57 TjJkPUb5QKvkevFQ5sIri8vFMJdUl+sS8kQ2hxceolwMBKTHIJwJ0k3on5xGAnVb xAATRmJ3dYOMO3qyuRBpL0oYGzmrb/lIBvuUW6/PTbk/xVGOhIPy3VpJjqCMCVhM wcHsSwklxKoE67p5KCw83MGa4PGcmc0TdGV5dGhvb25AdWJlci5zcGFjZcLBcgQw AQoAIBYhBMvNjwMFiGU+7dfiZZt91DPyVJBKBQJiDRQsAh0AAAoJEJt91DPyVJBK 6OoP4I0GRII96353XOjVgF5+RsHeelZuLfRxO6PbvrpkiytqJjYfDwWyUwezLJwD YKwiABEhUECxcsgraWKX7Iz6RLPUNIqxEU+65lcoF+IdHiNvzOz4v8HiBOx2BYab y7wctc5uYz/F09gcDI9PB5L04bJbN72x0JPh4Cy5pGrAchm6Rdgbpakr5N0OUCIL jGAKYzC2etssOZVctBU52T0RJ87QfHNuRKP4daCbfzLKIUOOISZMn01rbzjuHo7T WojOVjhPdW74eF6vDXS6G6Sa1XyH+HgvpRXKajE/fUE1Q3hQdP2QDD8E+feJYPiS AX8LuZ/CHybjjkzYT1nVIZu2xpkLZYkw1vxsNOaOUREb75XKICs0qLIhWOYdi8t1 oLN/n33TMAB52BFb6D5Q9ABu2RbL6OC3hlp84dzngV0pzgHr1rC9YHaQZncX/D5n QZc+rywYLete3kl3hA+DwxB+oQq2bRqSEyR4uTs7VVer7QlPPkpF1OpFYhkOpgIk uM+gYjiBZ5D21Vi9lIq6nXklOu6+XHWZPfVNzQZSa7B79coAxwcHnyxWXs2jWSVw CyC0v7Uf1s5Bd2W2Nxx2vJe4VHS6FzEvTRyTk/4LRpziyA4Y/Qnn6vaehbJEWL3r gHqvEupSZnQbRUM1/dHi0UPdw3UbTQFfswCd5sP/DpfCwY0EEwEKADsWIQTLzY8D BYhlPu3X4mWbfdQz8lSQSgUCYg0T7AIbAQUJCWYBgAgLCQgHDQwLCgUVCgkICwIe AQIXgAAKCRCbfdQz8lSQSnZpD940gwU4rD94R3jRpsS99yMr484W3U/qov92P+cu Fb63GehlYlkE2V0ia3UoDZO/lCvonhR/DR6tMbJwi8IumGnj68sMqJbWRWyGc2hd ftitMZtlCXCZfHr0AmCIdoiYBN6P5ESnqfTLzg8Fy07oUk0I+JGq7LTn/0zG2N4N vDJdwwhwD1YoR+vpm/9pWZDeGXx2acR2FqOODHTrYnh563mDYYn8LWQrpI0jqbnU iJiP468E+ZnFbVF54AUFDcjtHc/OI1kw/4VAk6QffdUoA4mxx1DpyRY005HM2DCb RlWcvmtWBsahX4ptFkXP5owoBEetd3jhZzkd7mpULhNT4PXQKFTwHnifPfYHd+yd rJLxM7aeJvvutIZWL/Sp+NwCwHORagihqwkWVmKeirrYY7H+vL9aKz9uatrgk620 fr1oeFU07xAJGkdFAg1c4VVw7lP61JTLtwil+KUBSelfSM1l+LogDTLHyyv2V9Fk p+rzt8LmSslepXt/eCJU6F0QXwdYn2e96T0iGxWHJQnLK0KXZKODqxajdhDP4dbh HZsEnTSA2wDMiyA6WpRqSTSv4zLALr/T5I9o5KvMt/yOZvqMuZpRhf5NxtMN/55D zKfY1FPGPTHF4HQIzlqXNENoq1CBAV/FYJgWpMtve4a7OQaSNJiELsKHCAN8g0Pz zsBNBFlviZ8BCAC5Yxiz7fuEDbEXKi4MwFV7IE6Q3mEJrXWYd6LZjLzFO+v3DPhM /YgQOdI7w+8eYprsFaUPtYALFy4bR/5UFGj9M00Rk3tglV3dC05QiHGzaRGgG1W0 4H5hcQuG1DiTXMrgAXzlZJUwXHkaZStIlkbNc13/yvEK8/1I7+1uacPlnJHhSh99 D4PMJTLf8i2WUx07MVIRoeID9+aF735hcW9rIu6Gz1H0ssJks1ZP1PFlYceyDCTz G/YiZzwiAfwHnDPplAvKyMoYx0LGQdtv+WpMohhaSddL3vdjDiq81H3rLJo+GCta 42NcA0rDBX/Wz7eLDWfKPemo2VpmvszJ/ZYXABEBAAHCwq4EGAEKACYCGwIWIQTL zY8DBYhlPu3X4mWbfdQz8lSQSgUCZo6sNQUJDwBWFgFACRCbfdQz8lSQSsB0IAQZ AQoAHRYhBCVqTlXkpy2XrSRo54jcfjM4X3kdBQJZb4mfAAoJEIjcfjM4X3kd12YH /1YhT2uBuB3WO1/Rq4p4w/xmL0Jx3kJfzbGOJSBM0ef/BqbcW3jExdJIxhl+rJ1P qArIT0lIm3HdPXgSFmfgdSiXFKLL8b7xCLnoAPrfGG+tUFs4/hg83PGs//mra/Hz OGumOmNykKIwgstvqLmfQy2URyzR6WcebsATev886/grjQpCyGOV1mWCCj2qLHEQ rl6sRGApDvc2Rb7x0mWrbbPLAWSZKYFZU+xnRsKasOeaYSRmYv6khV4t1OdgQpYu bf6+Iydin6Tv5ZwpH7qUkOZyCQPPk5bDpLM9A2NzJbYvT7S1fWG4DZDjtnkjnJd5 pq4CV8to4ftKjhhtvFqZBAB7Wg/fce0IegZyXADEzF8pi9GkHub+oFo73lJVdINq UEiL1A1pZCjXs8OgMT73zA6HrDM6tejZONiBIAyoaPKg2tmMTanNCPr2M+MNwhlq iMqmJOXbMKMCFOaTqfjRQeJSuo4N7n6TRCiu4u3O2NyAumBqQLeOgO1AHNr8TK4s dBjVVzc1fmJtXEgx+gmN5Op5swdVxpcuUMgJgeMct7jQ4PiT9nOHwjncuaQDsH/V 7GIzuLbluisnmhywa/kSLVmu+pf/PJJWTGaA7LONPLunCWuCQ9h/6UBoM2p5k/sO Jq+M1ZD1RsYrg/UxvlIQdr3f9SsagYWm5j8CtVdq+k2OJXx6dL6wfYr6xv6JvcMP FoBClmqCj7/CcMqIXawgsuORLFjHygJTTLI7cOgcdrj0TQfqQtnH5M78tthh3vQL 6FfV2n4eug8pKHcDhGudxGtytDoigii6zBO9v/6n/CNFXUvjUD+BFBn+gmJO5oZA 6FudCZ1LyJnAMSs7KrufmWitepzvs92zUlV/iYR0ue8qZavouH2VvlmRiuqjatml p/MO/48nCnWJfNWnEtXttOxpsE+O4mdI6FRWYPnXKy5rHSMvn9sxj/+M5fm9ufxn Q1o78MHbEfTvMqrYaQx711KV/ygvQBLHoCjVL0JZmwgfzhCtoQdomdj7tgkis04V P8LCrgQYAQoAJgIbAhYhBMvNjwMFiGU+7dfiZZt91DPyVJBKBQJkuATYBQkNKa65 AUAJEJt91DPyVJBKwHQgBBkBCgAdFiEEJWpOVeSnLZetJGjniNx+MzhfeR0FAllv iZ8ACgkQiNx+MzhfeR3XZgf/ViFPa4G4HdY7X9GrinjD/GYvQnHeQl/NsY4lIEzR 5/8GptxbeMTF0kjGGX6snU+oCshPSUibcd09eBIWZ+B1KJcUosvxvvEIuegA+t8Y b61QWzj+GDzc8az/+atr8fM4a6Y6Y3KQojCCy2+ouZ9DLZRHLNHpZx5uwBN6/zzr +CuNCkLIY5XWZYIKPaoscRCuXqxEYCkO9zZFvvHSZatts8sBZJkpgVlT7GdGwpqw 55phJGZi/qSFXi3U52BCli5t/r4jJ2KfpO/lnCkfupSQ5nIJA8+TlsOksz0DY3Ml ti9PtLV9YbgNkOO2eSOcl3mmrgJXy2jh+0qOGG28WpkEAORyD94rB53lZg3EdBk7 7TLyPxajkqExrBD8bBFbVemReIm3v6GU2wvfQvJya8+W+WUnsrdgfVdu6VOq00c5 yxA15VgFIxXKx0QZNR3uoW4GLl01+YE8H9e8R185mLzPWL0YBd1jSfGtjXv6LOxZ +Y+NHbASw7CkMPeyy1YERBIej4WZhtdNvxHUGzeZ/wmUNXQ9dYn5wk3ODKlGYLwg gbdEg3ajO9WxtLMleNclLDLOHNXlo1vDbLNIRYbWEl91WARMNEEkDNwjBSWnv2dA s3xZCU+gSBSKFNy3YzpWDnfmEhM4EWojylzDAI2IqUDA1RB7kz56GhX6t9r2nn+Y 4obEoXZiEQoRN+C0wnnAkZ1gVn2isLI9AO6zID4N1QXJqdwpRBTf3BCeQd7crWaq w2fAWvNSU0NrLQkC2Baa7W7xlE+f1l0dorXZCiw5ZdMrHjTdoY0IJlwrGE4Q6GNT fTCbOIjG0WnuB6aQ3780LK+tPkxlFa7mb0MLIyEWtbGDo0+kfGavh+pTAqib0pqs HK96w5JO5HrpOTecjk+euXA1Kx8PDPAyTdWjxh3BLEzDxf56NybcI9+oMMhVqU9a /1x7woCQnkYR3wstHTyrCntMyAE4wTe8j5KYMxUJmavp5vGHEezTgvWZRyujbMgJ vzGxbYnfBrR0whxU9VtLt50hwsKuBBgBCgAmAhsCFiEEy82PAwWIZT7t1+Jlm33U M/JUkEoFAmLVP3EFCQtG6VIBQAkQm33UM/JUkErAdCAEGQEKAB0WIQQlak5V5Kct l60kaOeI3H4zOF95HQUCWW+JnwAKCRCI3H4zOF95HddmB/9WIU9rgbgd1jtf0auK eMP8Zi9Ccd5CX82xjiUgTNHn/wam3Ft4xMXSSMYZfqydT6gKyE9JSJtx3T14EhZn 4HUolxSiy/G+8Qi56AD63xhvrVBbOP4YPNzxrP/5q2vx8zhrpjpjcpCiMILLb6i5 n0MtlEcs0elnHm7AE3r/POv4K40KQshjldZlggo9qixxEK5erERgKQ73NkW+8dJl q22zywFkmSmBWVPsZ0bCmrDnmmEkZmL+pIVeLdTnYEKWLm3+viMnYp+k7+WcKR+6 lJDmcgkDz5OWw6SzPQNjcyW2L0+0tX1huA2Q47Z5I5yXeaauAlfLaOH7So4Ybbxa mQQAcOYP4I6nXygwJBq6cOfSu0GG8xM64DSLIE3OrZZfabbJoXzPb55+UbWghl/f AUmmdT1SH+oTi09wjFgwxQZmbeqiqtaboTWFHyYZUOvMDpLowRSHW8AtiD3fR2L5 YkzjgzTQScPoaCBOPUEjs/6K/Mh1gIL9WQz9NSLS+nxSyc5vBQyOHX+ZhJ2+Po7r Lds6V6dT29o4wrnqzJhqiqWb9jAN17Y7xjLPJcuWGq+M5jel3BlVZjpymjwQ9d2K actrferXf1TKcV+pbbMXAtXTcfotj7WrjsTEqF5KTjZm3lpT3D2PxdaAuWKO36Wj dWYrViUxwlc5U7lR4TTJ8k1LJGkNi0pDN+URHKGkohE8dI0Mp3DqPcjd8QsEA94b 5laDAPR2t8mv5IRu13S9WPYSILXaNifAWbNHrcYF1yj24vYZdXG2stSJSgKqvkkj IvxXrv5wrOAYp2gsikEiRFqDrEUivRDxlE/asMDGnWFKD92cy96OKV9mAdmGqQmZ JoZ3p2UD6Hn5wLRz8tfvYCS+MnCUbcmjVrxq0hPgQ1m8rlPpUeaWD26NVarVwCDb LYuHSS8OLCnZjCYDebG7GOmzZIhhkDmWe4rfjDoWOh00m4M2ZtjqCibr0a+DSHvi ZUySxT/StiXwepRLmaz8nE2AcPBctHYX5FXA7Zpe7GORcVzCwq4EGAEKACYCGwIW IQTLzY8DBYhlPu3X4mWbfdQz8lSQSgUCXxxQTgUJCW8trwFACRCbfdQz8lSQSsB0 IAQZAQoAHRYhBCVqTlXkpy2XrSRo54jcfjM4X3kdBQJZb4mfAAoJEIjcfjM4X3kd 12YH/1YhT2uBuB3WO1/Rq4p4w/xmL0Jx3kJfzbGOJSBM0ef/BqbcW3jExdJIxhl+ rJ1PqArIT0lIm3HdPXgSFmfgdSiXFKLL8b7xCLnoAPrfGG+tUFs4/hg83PGs//mr a/HzOGumOmNykKIwgstvqLmfQy2URyzR6WcebsATev886/grjQpCyGOV1mWCCj2q LHEQrl6sRGApDvc2Rb7x0mWrbbPLAWSZKYFZU+xnRsKasOeaYSRmYv6khV4t1Odg QpYubf6+Iydin6Tv5ZwpH7qUkOZyCQPPk5bDpLM9A2NzJbYvT7S1fWG4DZDjtnkj nJd5pq4CV8to4ftKjhhtvFqZBAAI5g/ffzTfb2zH0obMDChz5vkAruEgebBab/LO 7D+m8YbKfmJGmtBV9vCfZcspuX8C+x85wvC80EItj8WXdGetPEx7LZexeeROsVpo c0j7rH2VZ2+7ceLNtSuJgnKP2j5vE8BVK1pfN1f3aQRknUg5qhjCzUCVD+VRchwp tUrKayKNoV9XrbQllR79gJxcoKzGAJjSwxsnsZiH28FOnUWAheA7NMS4QDFja+Mb lKRCOlx7eCcdAipK4K9KHYtahImmwtcpd5heYdtADc0EQ2U1l1cO4oXZMLgMJ/iy 0oMklrQO+Y0X4AAgnomverRcJN8o3/1xgNfP1qx9P2+ZCP5R1ppNXqbrimIoEY88 F0topk5TKrHC69O/Pfc7IlqKdAoRU9QIN3t0uZHfPENNfFDNpsllia3e0o/XI1nO 3Q5elpb+HZrvj6O2X4xCBuWPXWEE7d3NXlVZ+H/1SDfq9fZx066sPTI5lCGDLMSP ZKATr/6fS1HkY7DxuGYn9ZUlJwLEXofysNvtZkYtE1EWnHt2lqsW/ewTYnvEW4Ms 6rthsxFGtRYnG0qXn2UABGstwi/CAKslxRkgQ9FiKgnaZFRubg76Gq2b2pFNY3HH m/4RU1+kBURpHgMSuDvL6/OKcZ4fLRijXTj+fz1c+Phz9B8RKDm0EZHouUYv5ttf ysqYQMLCrgQYAQoAJgIbAhYhBMvNjwMFiGU+7dfiZZt91DPyVJBKBQJdOducBQkF q4V9AUAJEJt91DPyVJBKwHQgBBkBCgAdFiEEJWpOVeSnLZetJGjniNx+MzhfeR0F AllviZ8ACgkQiNx+MzhfeR3XZgf/ViFPa4G4HdY7X9GrinjD/GYvQnHeQl/NsY4l IEzR5/8GptxbeMTF0kjGGX6snU+oCshPSUibcd09eBIWZ+B1KJcUosvxvvEIuegA +t8Yb61QWzj+GDzc8az/+atr8fM4a6Y6Y3KQojCCy2+ouZ9DLZRHLNHpZx5uwBN6 /zzr+CuNCkLIY5XWZYIKPaoscRCuXqxEYCkO9zZFvvHSZatts8sBZJkpgVlT7GdG wpqw55phJGZi/qSFXi3U52BCli5t/r4jJ2KfpO/lnCkfupSQ5nIJA8+TlsOksz0D Y3Mlti9PtLV9YbgNkOO2eSOcl3mmrgJXy2jh+0qOGG28WpkEAHPXD+Cj0oFWO62P pXxHA9VVz8n/PSzDJYQU4yrMLK4pT7QIAn27qo34RUU6RhJJjIgq1KDAPODz/m/B QEVGIQel9DATo9GdedexA7CKIYd5ns7mRn28qfIBthAZMD+rVfGkwxHkOSBnRXWm 5WstkBVs+BgHLo2+IeFeCoFAndcxN/3zzHg3i6DmgsEJiev8itF266aYS9RgVcz9 c26finef1WWAePbzCn4awyZPt1R6K3/9LigKRcbuus/4vr6AtP6h435bF/l3FByJ YSwnlUbAGbGzbmHTU1havUrQ9e2umREByt0iBZ9r8jxd/QsaTsJ/pEfftL8e7ANk OxuOzFvpYMDszVgF6rYdfZUjhn2xeY91hPhqCAx3iu7LZim6xENfGAFi+dX2gcLa ceAmYJD7j8nevZxHaBGricbg6js2CFro667ZjOh21uT6mDq5+7w4vh+aNU4UpO8y 154lolOIh2VmApY2ZLduu6/pNTBXqPXMlYphh94XFg66CdglzXb3F7btcaAG8o+P kRF5R+RWv6qajrKRKaRKCDSzdADykaEY5J69Xm4RPKwwUW/5dMmkjtJzOQUsWASz 5Uzt6+IndpjEmcmNsZ0B5VJz7hBomFnmooy2xm+UG4Z+iCmNXk0f1Zm3WzCBSxE0 tj/m6aOLuLInWUg4rRImJb9F1S/EwsKuBBgBCgAmFiEEy82PAwWIZT7t1+Jlm33U M/JUkEoFAllviZ8CGwIFCQPCZwABQAkQm33UM/JUkErAdCAEGQEKAB0WIQQlak5V 5Kctl60kaOeI3H4zOF95HQUCWW+JnwAKCRCI3H4zOF95HddmB/9WIU9rgbgd1jtf 0auKeMP8Zi9Ccd5CX82xjiUgTNHn/wam3Ft4xMXSSMYZfqydT6gKyE9JSJtx3T14 EhZn4HUolxSiy/G+8Qi56AD63xhvrVBbOP4YPNzxrP/5q2vx8zhrpjpjcpCiMILL b6i5n0MtlEcs0elnHm7AE3r/POv4K40KQshjldZlggo9qixxEK5erERgKQ73NkW+ 8dJlq22zywFkmSmBWVPsZ0bCmrDnmmEkZmL+pIVeLdTnYEKWLm3+viMnYp+k7+Wc KR+6lJDmcgkDz5OWw6SzPQNjcyW2L0+0tX1huA2Q47Z5I5yXeaauAlfLaOH7So4Y bbxamQQASWsP30UDzrabq2YMZoe+M6A8pMdPIyQPMyNvnrDoHyzzctsTNgBuIWD8 vVaVQo3kTJaidY5huYMdmorpUn04N7kZ+eFIQ6hxhLFs+lgQ9lbvf3IhI7Mj7auT a412cLFphJDbwbNVp7xCLBSfRDHL4wef+H4Aup9UziCqsvMcSlF0auZANVlnldeR rjZRf3GWEbaC3UjbN5qHzFU8RfU6hhTmkYdo6LusunCTmBbNth51nltJr3NO7KZU zEuBHHstt/O+Ygza0HFHgDjegTEoy/irYuoITB8P3+G0vQwLI0AdNPiX1QiJoWd5 J83eepDae6TaJsKEUbKC6qF+gjY3agJhBefoIiLrZnAsiDM+rIb60g8yqfV56Mn+ zyKsA4lCmBEAF5PAM+CCYuUztIbBIM/fPk02ADZ7U9cf25RximJn80Hhy905onRR O85jNA3o3O36460P9ZC7HqiCkh7fnhMwiCtxbmQ3jS4afKgXw9wNk062FrEANTmh t4Ha5GQ9H6GaEjm+/5JeTAVo55uuKPO1T33Cq/dV6qmgiOwjNCjHShDvfPgIYWiL X2DHwkD6hLyLMTWWSc4HVu0c0Ohvs8leYIJSXjB1Z5v08SuraNgXgwiX6HyzaWfc Z6KkVrItMtR2DMUUO+9riQeXC6mLVSwt3EGs56trDbHADlpMWrs= =BwBn -----END PGP PUBLIC KEY BLOCK----- """ [authorization.neal] sign_commit = true keyring = """ -----BEGIN PGP PUBLIC KEY BLOCK----- Comment: F717 3B3C 7C68 5CD9 ECC4 191B 74E4 45BA 0E15 C957 Comment: Neal H. Walfield (Code Signing Key) Comment: Neal H. Walfield Comment: Neal H. Walfield Comment: Neal H. Walfield xsEhBFUjmukBDqCpmVI7Ve+2xTFSTG+mXMFHml63/Yai2nqxBk9gBfQfRFIjMt74 whGG3LA1ccH2vtsUMbm+F9d+hmzfiErloOVeamfSTCXVPHl4vuVRGXoH5tL09bbm LE7cidDj49GelOxbfqHKVw3+Fd2zLlQdiaWYJ7CdRDZOT22zEx+6n59/gO5WNnym aib+nXWAbXJ+pU7fzHU4PlhDXT/FfV2mzyQg6AiToColG5/CfOBp+WP6pAU4eNIx IlKYxzLnyAPUy+nuqojTJ+Ni16Jve/hpKM7G1TGAzjzdC5zSVMELi/5kdldCD9Hg 7sqw6RPlxbH52bryenYfLyfIaInHCHKmqWRAu3fxMcZ65qo8khYrzZngYewVAafR i/GSZmKxzntmP0GYziceGsbF8dEFF1scfebGKuDqtBhQ0MMuxTbTLg1+KKN8rhqW Teikrt0JPbD1viaVX7Z7G12fZ8lBU4sjd3HGO5EK+3Cs8bjLXbzb8UIz7u28u7Dq VQB4jhgh+IXyZzaeELV9KPr5IVNjT9K9gX6JJlVSi5BnxUVY0pEhtKiiLO6PCC2N PenWkWpp3UEZ5ILnLhlmPe7ICiBCK1IQtNHEAfDalKO1t/gWKi0JlOqv2j9ER68A EQEAAc0jTmVhbCBILiBXYWxmaWVsZCA8bmVhbEBnMTBjb2RlLmNvbT7CwUoEMAEK ACAWIQSPF3dxGKM92pukjmKqyzJDYwBS2QUCWc01BwIdIAAKCRCqyzJDYwBS2R08 DqCVcQ7mbbsFgEX/0SpcrWIYznMFqrRwIYuYysJxmhUYTHqV1FJiECjVBPOLabov /DSHlCHi2GrpImI4ReKgLDdYAMlAL5zca21lDHGwtghYAXkWMqyQa2SIL5+6+cNB A1tlEPcVAknLqg7At92VHOQMBKaQLR46Dt0BowhnrKbPC/ICnquO7g5nhXMfwN0+ tA+3QDp6nbAjEXDF94zKgG1PXgHTgB3F3oMUipJo5xMfzXJZ0EgsDJiXRjRAu7Lp 44nv6eKJdUw1mVKmo+BfbChC99LuqSNQornEinXUVv/ecjIuWqK10w18BLFFZCnX S+WsPFWSQ4Bl0LIfA+g/TACBsq8gBybkxm0GE/YQw1oSP9VLPEQUaJspeIp1jIW6 wEOLIbPB3KWj/RGvZddDhXz5y1rSOUhg3ObAcC9ytWmpAHr4Q/4onOThL3e7VFNi SK7rEX19TD2dGLMfOiD+lsDrbcmYQL+1bzpQPjO1WlzA8/rBMe/EDjWTV9p7xiC2 Y/BIbph6WgaFX+9VioJ5CIbFssOfkl9VOOStdhsG55+cbv+1xkJ5kUEKm9sjpDO/ GUK9+kI6Yge2I9W3+DeT1PAzwyu0Cj2ePRYEJkp703KXggNfiIjCwWUEEwEKACQF AlUjpZACGwMFCRLMAwAICwkIBw0MCwoFFQoJCAsCHgECF4AAIQkQqssyQ2MAUtkW IQSPF3dxGKM92pukjmKqyzJDYwBS2RZGDpsEbOO6HrU2F5SK4Kc03ndtXi0jpCci Z+nDjfm6TOEBDbYx5YUOsYwnfXt7aWSSNikRTyEZHWA3BExE2J7ddNG8OGIhAnAH +USj4cTmEwlwTdAMyXSVL1Hp82Vsr9CcdJNU6jAxi0QDJk9d8EvDksbQUy8fuDbs dgKb16QjL2nsEZ2Gd7fKluK3I8pTU81cbEA7s/4d3sQzGCLomHQ+75436gypcglN q84TWtpeMAUYku7pl8Do1oj8lryQBqnjKJTRXic3gtN4f7YoRkrCIcRXbeCCdc2k bQbcp8CEjI/NPNTezyXn8Sk6RsJitf+L5Op3yPmcagay2ycjRdfMdPA6V4VC+e8H MAFzSWigdBPrCP6e/7Wo94sMy4lrQtjxHaY7uAqk025KrXMti9KvK5yL0xzww1yh WAHEB6Oso2DS3/FRBAKhn+n7gp8HwjyDAieXP1leL1RToO2a0jJ+MNfWOmWRnGbr U5op9nLaseW4PopTO9G4m+gSJxuTgxiP7Ovo/eD8dicaoEtgvLEi0mSGpZUgdZXd pB8Eo/wiD6wFD1NkMRWYRSlS0b3ataC91z0DmPpoEZ+5F36ZzPgLmvxqN/FCFwb0 bMmDyHo5pAH+niuAi1rNIU5lYWwgSC4gV2FsZmllbGQgPG5lYWxAZ251cGcub3Jn PsLBZQQTAQoAOwIbAwgLCQgHDQwLCgUVCgkICwIeAQIXgBYhBI8Xd3EYoz3am6SO YqrLMkNjAFLZBQJmzCnUBQkTDIO7AAoJEKrLMkNjAFLZErAOn0fLiphDTNzyRbZe SRL96PjRNU/RfnpWRF4OucqUY5SfwVg1MaEUi3N079l33YGQjo1X/ylgc55DRQcw 1o+sQEEfjn9vjqV6fjm2xY8rNUMd4/CgWfLik7tOwF/Mb4tdNubFeEAPIMz8UKhB edq0oHqW/EhaAhoST82PGRl+TDqcbMQ7ZwhEHjok5tbY5bOZYpHOkaj/HuJg9ZzZ S7YJgPksjFctm9aHN5406M+N9Cxz5MP0Ci/uQmam2je+/nIH9Q3ASmtNKEKxsPzm 3FdDUt4Ogmuvf/42kExJFtQSmPDFCUEtM4IW3ShzUOfkIeS/hamWcNm7AT7VgOnc cp/HkddROX5Fz10vc5gqzbW18pU99BF12URLm/O7RCqMfKgp66BCuTpj8Y+fJ9bk IBp/zHdzpV5FytAtpTiygODcVUdUH8SS3ip3fM2ozbNXf0V/KdXvtrh1Ug1Rp5fw EYMan705XZetOO8HmcST3hQL/xivWBHa4zdS6tMy+wzxgynmBP/ievURbwHCHduE Wm3DDuInuRa8sL5gg6+lHxh7FahJsd4Vunl7N96w25Jv/u46Dpkiar8mTnwszuzf Y5cL519ttjpPF7Yw55fFOqdauS6e18c/EcLBZQQTAQoAOwIbAwgLCQgHDQwLCgUV CgkICwIeAQIXgBYhBI8Xd3EYoz3am6SOYqrLMkNjAFLZBQJl3aSvBQkRp1e1AAoJ EKrLMkNjAFLZMocOmgPUi5hvcTR/7a/F2vXpiJAPW20qWBMJHmEJTgSaFL2wPlAY /1LbrwyLyWsY2MjmOnOjVR00cvLHz8bV9kncRUqLp+ERqO+GVe5pPT0jAaNI7F4z cmKyh9lEAy+kqOtEZAcVnmJDjqVYyfmw53m8lGCcbFgEYHVwtJR+/xDq6KTZjRAu zPuKzF5Ztl/9n7I8513UV0XO/EPekMw4CNew4IE0n08nQVAiGknag4CHQMzSosXp etrzk3LhRjZiOgsmEU3aLe6dOFY/BipsU1iq+/gF8Dv2UQliR85+SN4Y0M9G8V1q pO3yWvfDwdSYHhK0uMpO6JfKvVWi/fjuZOjuVOrrhdBfscPxSGJrWpfRwgFGNrvS ANYh53AsLr9Q+KlpTqpiy1xYN+Qsy/6qJfyPnEfAJOCMXTJBZzOR90qi4CsSGhyT NRBXUqrRSlgYxT+SSRprsyCjWS8qvNd/JzsfIYVoX67EEUZ2rEv25/pgxOvgFpIz NaxDlnxOxZkq9rSS/rhh2+awMXLo49AJTyaOOspwKf5MZJ5IgcV6MTFpSlWY8aj9 L0n72PprL5fCmRao9lEVOJiJDKXGv+H+MMvj2Y9VEH15LiUSVZc98oEkPgm4YqxJ ssLBZQQTAQoAOwIbAwgLCQgHDQwLCgUVCgkICwIeAQIXgBYhBI8Xd3EYoz3am6SO YqrLMkNjAFLZBQJkJqswBQkQ5EO1AAoJEKrLMkNjAFLZaOgOoJzDpLGAckDlQGnw Bwx9532kVg+L6quv8PQx3y7Bgo6w2B173qxyJed3efVAJxGf8qgEqArGyMJU36aw 84vYTat4u41KWNw+0eI8QYoJchd/KqqQw0sg2AvnuRbK1Wdhe6BB2Cn76eFO4krM u4EiIV9MltgxnyCuGnEDd7s8R6382N94safhysAVfDXs38HYdo4A+FzDBWn5FLqe nEuJtWcNBVWgZHyAU8zjaOeGPUfnHun8gNpSMNoqcGSoAIf670i3wO6n51HJfGR3 ifaGeIaEkLMn4DyYjxz2pAoroe1QB98KAOoMuRbd1yJJKpUlfiTeH9BRLwQ7Eqsm ZgiQlyHZxfkukZHKLzd1qnng/AiScck0LyuyKqTw6BiRs8GmsBpSNHvuvRGUqYs/ ORVb/BgM4O7GzcTwjszvzxcTgJI9SaIfYtwLxDUQrqKDRgcHRmSdG6I3uLyJRQmU V3BO8iXw4o+UmtPbr7cvNuQFVlGfc+TF8M8h1QnuErKuV7kAtl0zMFagWKLDFUZP 5vJmQkIuPozv72zXIhV+K9cP3LYcEzVpmbx66PGAgbsbv5OeU9gJfbJyWB6DGZ90 aHLBwCHJhrxZSBVIRdquaiQplpMkRvR+icLBZQQTAQoAOwIbAwgLCQgHDQwLCgUV CgkICwIeAQIXgBYhBI8Xd3EYoz3am6SOYqrLMkNjAFLZBQJjN4MHBQkPDROeAAoJ EKrLMkNjAFLZvz8OnjpkQjNx0gzlYtqTIBOUQWJNCZpsALYGol/Wpx33mb4i77mj tCoOJ7BNhxBFUxxJnSCzER0BLYzV7a7NyeZJ2mNnQGtr1o7W3l9UrqlRsmbabLnA 2TnGROurkrVXgCvKKqIelHdGRMHO6AoyiSE6/Cn6NGf59FbqyEoaX1A+y9e2qlz9 12bFjMrdIZCjLPd46d+kGZcZ4nJ3YxfRYW+AdoQ7ZfBepgs0BpxGtIhYDXWwclZx scKhODYzT/D6qVdwZlA5tyA9ZJw6FC8uVHupNZD32wpQW2l7bf8YsWatANI1N6wD Ob7WvRMoX00psTGLTub87lJGF8FOjxM4fCEO6kf4Ykj2eJf5Rnc9bpd9xsvlXhjz qxjK36FiU8JxqKR1oCb/WSe8WQQ074XQ3H1lA0LWNLyghyWE4H9Jwv5yw/EFhFDk cBiZbXrFRohLZwf/vcIKqbxtyA46POA3olcBUUPrDpfcBqJUaBNP/jrsJzYCTgdi /EpLNTwe/4ab7C1SZLcWm6WQ1IK2stL16TFpOJqGjcH/iEAqRTYbYa6bkchW+jh9 5TqxySuwcOLPvCRTO7Cn9BMRgiP1A9jUTz4ICn/uFOTBniIZ0fdrryf9vyLKaQbN 28LBZQQTAQoAOwIbAwgLCQgHDQwLCgUVCgkICwIeAQIXgBYhBI8Xd3EYoz3am6SO YqrLMkNjAFLZBQJiRkCQBQkOG9EnAAoJEKrLMkNjAFLZp48On2IBKfNa8enyuLzx kxa+1cFFtxX3h0Viji2YF0piuSyTWLWKvtP1vfAlrXSDEYW35KVKZSiZaj1Rb7Ff ZXSwoL5Lhlxn49IQzBYoID3lpmgEXifd4n0ExzOYJibJhAUKVtyO5oV6ffb++8il u8VBXLQ1RMAraoEFboXXz27lXQi4zaAEvCOo1zNGrcRqkzS3wzl5f0BScNBq39wZ Dqm+6DkUHQB/FkIRQQCs95ai9qL3JsGP/5On2c8aJKf2HLeTT1Yo1GYcjiYwQDn8 B591mh7SKQgVLRIed3F6Iyz+/Viv+8rX9zW01KEDhhVMyIv6omefRN6XN9CN/rK5 KRg9ZzXzV9wp/0Jeb2RxE6J67BY93AV1D5PjbeT3wbWTYOaBqxn2yKofQhjS5pWw wKngGhvwrli1f8Db+R0yuloV+PsEWWAWoCmBsIykKAk4jHY5v/3OmIvtdOh08dhG m5VcbZ7s+J0d0t+iG0n2rTgOsTDVlTWvh/wr72hqOcZjhkHTc0At2KvFCRjlfSlD 7ZhDhm3CQSFvyIVN/jqmQkA0x7gHlW1qEA9MyzYV9X4mqtQ5B1iKQB25IQorvMUl i6FVVSh7rwUs6OlSMOnxDrFUu76XNaPC58LBZQQTAQoAOwIbAwgLCQgHDQwLCgUV CgkICwIeAQIXgBYhBI8Xd3EYoz3am6SOYqrLMkNjAFLZBQJhVk+2BQkNK+BNAAoJ EKrLMkNjAFLZc1gOn0apoz0XikdVwpsL3+qRJRJi14x7MHctS/p7ZyUviYmX7Nke QEicRKuE5K+xu0yMmpmsICvZrnmIi1cB7EP6pGDZgYo1iqYaIyAmv0yvunm4ghhU S6atwJN+cfAKrUXh+ogZkaV4j5vuvlDtGifawo2HL0dnidcR5C5PParIr3A7r5m0 gI+8bUc1+wlXxOP1Iyv3hYo11qPq/Qu2okN7hLhDmBhmXuZnwqJ8ymUY/bn7uk34 PhAgbHlpBcls3LB0zSvNpPXmPSPf7Kl0088ldRSiMmTAM6ZuEc/osB6gP4Ejj/cY A1ej7i3K/0zSGIRLZ+l9LstSLnH1Nd6mw+gAzMFoObdGBkUoKGGvArzYT8O8mgSm eg+fXd4KuV0Vyw1zD66IfoEfihMvEwDeDhchrWc9ZkS/10Se1uJ8mmKT+sm7j6KK 3DgWfZnr8/CwThARfGtQn6bGcglf1Y0rX2wMG4NF76hoLJknaQ1JE5aYyS/PPeBX NQAX+wTt6wJuyDyx3APUbCNQu6V4eKH0SgX/lgIHxyqqK6xqH/F/Wbdf/gTfD879 kxEWSbg5NZk8Pk/aw9CgBI/XQg35EcL0RD4ZIfqSAGAftFvSHqrXVOmwdDYVsMfT V8LBZQQTAQoAOwIbAwgLCQgHDQwLCgUVCgkICwIeAQIXgBYhBI8Xd3EYoz3am6SO YqrLMkNjAFLZBQJgZQ1FBQkMOp2dAAoJEKrLMkNjAFLZHLcOoIlk/Q48vLf2P1aV 4eAHLSbXwbQb9YUAw16ZkmH0MtKoBNTe+Ka/xv6joxKHL8jgjsUWBsCtVk04Hzuc JzCdQHHVfuFSFrqQV+AZv5lUeuoGVP7qc+drwgS54pjHKl9qRXknlumODA5K9zq2 a12QLedCXU3UrGq7gOBEukaQeJvJVWKaJRFl1Se02mx2goFTkUmyTdVMMukI6OP1 woPA5NZgApiIwD5LvGbx6GgiwXoN2K3FVgmNKWgDDdLYQyDhKmVakzLasdwLSBCw XvH5Ynss9iShaAQHvnpy4pjobzV+hL69ecBUDjc6jBHRrx2IOwFGiaP6aD4FDREt z47Yx+XAxxom+1kOkXhb83RSaHc9Wv5bF1TSwmZ/bX/AMBxc2LHvSDKl1cTuDdPH nKnCM389rQLsU67edDiRgITILpOia9IV2JROLKv52fW4Ee3oLAxHMDDVFsAQLCPn M6hp0Iyz7AewZMOPyKXVcAj8tkBjumT9HA/EWwNPFc175C5QeiSvOV7PJk6Z2b3+ dGzGM8PMv0vFDnc/naXk70Hf87sXLFXkIlgIGO2tltqL8oY+EOClC8eBi6+NdawB zUVfC5VIxYSxUOQDLtolS11K7aRpkBkHDMLBZQQTAQoAOwIbAwgLCQgHDQwLCgUV CgkICwIeAQIXgBYhBI8Xd3EYoz3am6SOYqrLMkNjAFLZBQJcsIjNBQkLT1TRAAoJ EKrLMkNjAFLZYqsOn1VikcHnN61UQhS//27thmZwxReWKHzI2upRrwitWp85/mKx V8c2B6iBoWKgPi6KQibtjEqFQr0Vw+Yt7v/rJBm6gnOPAzWNxNAOoiTdVm2mLK+9 5raAGi7oGEt7tpwWnAGOzBJQzR5b+j2rCWxfDmmr8Yi7lBtkqXKwM4XGAOQJ6x/J gNozs2nZ/aTXmsZH550RnMA6KRZmHVPolKet9VMljnVHLIGmj7ynYe5I+gY7SvAJ Q0ezd7696v3PQZy2QuODjCBGxPf7Wi2axYr0D7b0GabUatQYIa1mnbchVKx62suE k+Svc97VxXryZiLPMk2Zua/QJ4iVuBROJ50CQO82bfzgw0cdKuEl9ZaL8hsw4C1i 283euoIVLqiZB1sjPZuy2PzbRDuueUtsBmTIRbc4CL3/9Lnn1lbUj7m7L3bBJ6y5 4giRKLA+VVgEFXmBBywgpbCewn3B+DG6oR23OSv9PHznGhzvXhvZbSRhA8WbNlf4 atRlrEicryq0U3InJKNi0mVQwgUL3ra/Lc1Pvml/gE8nkdMfbD3pRy3HVxkEqb89 hFy0WS9PUoWIfEzFHFIW1fbty62wBBsIKxE/mUhWAYKmtrz5MLvT4EDTWbzqad+3 LMLBZQQTAQoAOwIbAwgLCQgHDQwLCgUVCgkICwIeAQIXgBYhBI8Xd3EYoz3am6SO YqrLMkNjAFLZBQJZzTZ7BQkHhUwSAAoJEKrLMkNjAFLZty0On3ABjKfIvxqMZLE0 XKo8ybBl1AqJI6/jxtx+NWeKuLQsak/uBvssYe4twK6odXpDszxb2adRO+s+RzX6 YUfh+yl4MSqKyP/4XbmfVI3He8MRU7yBAh3LJt7j9GsENC3htnpKPfK1ci6lGPSk VeWKGFZ0Kv3eYaBvnGazLZUXwZ0QL1hHFgNPgI6DaaZHytPWhtgcuIgYwFAFfVhr 0m1UgVfMlePoBvSLuDFyrpjVS3G6SKp3d16NdfP49nnP9aef96xJSgmedMfi/5ld uL+8d0/yXAb+Xyo7v0s6e+v6ggNl25acvhckkZV6iAyVmzuKx5sG24D/g93kIPx9 HkEXehu5SYWpJLtz8wXRY4q05bC9jRQbJrbKheELm6XPwHiGSwG1wQTwvn9f+N0R wogZRsbyB3J1UVbO015/T3mnJxoapk8w+zsS+OyxkMr44cJ61frShruojiWbMi/q Up4VQNVjgMS7ysBLvtMM/6I4VCsz0e7GDJuvJATopxEVg8VleY8fRZeOGGArWvM0 8jns6RyavY9NhrYutf43XhvtZRg+EnE8Cqw8giVKE4yKjH84w98Z/e0mz9+V4pZr vKa7ELv8Uxqx8H36U3dNQVtdpPTJ04y+oMLBZQQTAQoAJAUCVSOlbwIbAwUJEswD AAgLCQgHDQwLCgUVCgkICwIeAQIXgAAhCRCqyzJDYwBS2RYhBI8Xd3EYoz3am6SO YqrLMkNjAFLZgDoOoKdOLLX7qC39jMzBmQvigcmt9WQzhTMhbeMcn9wHdydt0HEO I1zCsCzsUPaW8Q6tSTb8Ce8sbEg7kM87skn4fzShipd0FtFaopoXMfl9wigSk/y3 rgs84bytMJTrkx+kBtCAP/OUnvAwEDU0noCFdoqajNQrKfA+OntoKqiOXHLv4ydY osPItEiC1g+qxDuZwQ4cr8Zd+Qd6REjfVPRFmnXCX0szc4cQ+5iEAlbOkTCnE1ZL uF7F4WGOTEFZgkd6p6pXWONF9MlPo+NaAUWhPAXu9x+6H5UcKUWkun9wLKZDVBpl 938MrAlmk1fwOzP2QSfZGuDQFND3V87K77ALpXtlJMh+RVZ7oyeEfSlWzTmlGCDQ +VfO2pyas7xFY0SlnxaaIEKajSVBX9QV190NK10ENGllrA6OxEjXjov92L5MjIgb qIZKQW/fTokikLz09boUdluCljjRtBAA7UF1VJRU8xKnLVb7siizngPRVaUsc4hg hJYm/VcUAVBBY9GJDHYvSHzMUbk6tnscsZZJAQ6PL0KBjE7Luji+Rewg6iPckngf m+5kjozpY4/PV6pHKtQ94uz31iiNx81UnkgNk9dR/LP6o73l2ecGostEACq2CEwN 3c0nTmVhbCBILiBXYWxmaWVsZCA8bmVhbEBwZXAtcHJvamVjdC5vcmc+wsFkBBMB CgA7AhsDCAsJCAcNDAsKBRUKCQgLAh4BAheAFiEEjxd3cRijPdqbpI5iqssyQ2MA UtkFAmbMKdQFCRMMg7sACgkQqssyQ2MAUtmNpA6VG0q6QsCl+Vs/XLcPVfuNdrw9 j2Nc4UeORdvbnQMBuNj/geXAeDgBghqxEw/vV+Fue/K/Vg1oby1AzzXrT9ikl01k eusV0H022kNeC/DJ1opxFyekElIsrvYJ5ZoXCZRPjIpAGNU1uVKlT6Gqrj2YrNU9 IAFApjEiuXmQHW6ynIsnMv4iccazm/1wLuhmsy+bqfKUrkeVlMaOtNDA/A3k+Uor 7iM/QvzXAVlN1+2nJwGDJZmltQeltSupKxr23Vhi9CrkHhE0Jl5266u4J1pMs4gU ZK3eqIESJjkhgmmFdnu5rp7lcl6elx+N12JMmvrdYgRmonxvX9cGr8PRtRBX/vFT lgIi+S7vFn/3W48NXCt6cs60aOk16OgzsXHwb6NXHMoI9Gn9R4CoxY9hdGm1cU4Q QcqLbqmfBnS9rS6sryBJ5xMYj6KLhsqaAnfH9MQyGNFFkSXkAlnX9vLgwfY8vY2X zGalyf5wnxf2mO1T1E87NIVUJqmRTbKaQ2LVOFHseMQ3Pv6v/vqX82dw0SCrzNuU eJurcxe1p+NCasO6g4mnjUpYjz+xPV0TiJPuHr9TqEE7+DeuAd5vnigfODGMCYsV Ad31QFm61AAEUlXz10NaUrHCwWUEEwEKADsCGwMICwkIBw0MCwoFFQoJCAsCHgEC F4AWIQSPF3dxGKM92pukjmKqyzJDYwBS2QUCZd2ksAUJEadXtQAKCRCqyzJDYwBS 2RiHDp9PcAdNAk8Azn1JOrghBBbfaAzTfbHBulu6bHE0N8SxtiT2MzdseYttE+c1 iDclJlE0cBf70yEPbep0GXTixcTV4rWcRiUyoooRXgFXOXJ2kp/1fRY/AoGVMsqE ZEE7S/75yQzYfUE8DfoR+yYPbLVM6fRs/7Pq8+Iwq+gAyoFgQae15/NRkgHiZ72l iUQaRveVSQNqSv8EAkt9PBmB/IVo29kTPyPpWkWM7VeGL1nEuvu4ML6ROSp/j/19 JGr6WApBl/IYos40kO5T8H7B6HbysZm0Keb3lZDEUCrUFjdzDwNM9lyK7q1Niskr CqeL0CjMxl+YcDld99qcbQ/Iba90N+1TuN761TxA2nFHQT+AbPHiRvVkz48el6UO joQBj7dWBHC0iuyVvxMBWzWPudUiwuJXmHEtsW1W4hoiAZRL01omUExd4f3leQN/ T7PX6ikE9H6+PGOoeMew3gF/GjAr0oozdsO5f79wU1iu+n+n7Z77zjidzPBv01dq SrAEE89HyEZBaxEsy+mzg1qCM7NT/CRWGZ5mzBwdrWJ6CkTAjD1Zd8BRiVfLUtvs j5yiYpE8Opw7kr1P2GfOURUGL5YZgLW0Lj/dckFnxaGQHtq9LZasplDCwWUEEwEK ADsCGwMICwkIBw0MCwoFFQoJCAsCHgECF4AWIQSPF3dxGKM92pukjmKqyzJDYwBS 2QUCZCarMQUJEORDtQAKCRCqyzJDYwBS2YZkDqCSv2CzWtn0wsrqdrFAU3jPiVeh o85rlG9tRlD6iLCAihUxNiRAm219ynKd0aThEDEbLY+ZNSSCHRkWPcG8Ejblcq3+ BtiLrZTNoTj1rCVi7lRSmsYKpKEVUjQTk3zBWUwWxpiqo8sodOq681AH//JJRJ6c p5IKS9MWDKuE0wQpk399uYdqWBshlhyhUTrpdIbLa6Bl2uyoV3An8ER1QHfbuwGo oKpA2UE5YsssDtQt/XTuKgJzZiYlESQaf4oHBtoYr4ZCcBPJ8QUbiOk6RXrTJwrD Xi5ork7e0VVlsV4slAMaviw9tsGCgv42k9xvzEOF24td9hq5JaeoWkVJLAvwwaSd sCXWt1MZBTSV02UsesxZfJsELo9QSmKnjvUM/hGqX4LW24LBVuMc0GYZE9CkJaPQ 3NEuJO5hvAavLECE7ioyTq5FoneBUHdE264R0UNl7THIYKqqBCxs9M3cNCghU+yT lNTqPglm10ls6j0qNdQEAkm0sZlykeRCbqJ7YyH0haa8ATO4HFDQ04CvsR7pV135 xo5uKLuKzO5HYZLNg/ilLfSCStVda4LH4p+010/+MvVIOvfXZuWSU61WYLoVM/5E sY3yhnVXalcsDg9Q258IDUfCwWUEEwEKADsCGwMICwkIBw0MCwoFFQoJCAsCHgEC F4AWIQSPF3dxGKM92pukjmKqyzJDYwBS2QUCYzeDBwUJDw0TngAKCRCqyzJDYwBS 2aS2Dp9UO7I8U8+iJrNOBRcT4w80scB38uJl938EGuF68jdFdvZcgTLgKctqVG9w KsKwuCDzDhW+bVUweblfnkSKRq1V+6hX2fhrAgUOZVdelB1cwEE2qy4sdILUHqGA XefDtvKrWn2UNyqw5k6TfTFgz38ZroJXL1Q3t0rfEGgQgdqzcq6mS0xpwyAuyH+x h4PnHpjlfuOMzmjyfA9hRPisawQwf6tzcO2YFF9SCvK5c0EauhRoHH/mW/AHwSMK dlH9nLV1ELvBC4bn+77bGfou3pXiEHHIIB40bY7CMtOYsHegGwJ4BSI+oj+zerWk oKKmx3Pt2pdcbhcbl/QkhELUAs90UbbWiUekVY/K6xMI2hphU/zOETIDlSYaeZAH N52B1WNA7cCL/M+kUgyTWtGrTkFaCEiEGNJPqUjJXn57Xmus9fYxSWbP+l1jQr++ qaqYJxzUYMlxdfSIs2ElDRmU0TZ7x9GlNTudZHPt2O1f7vvNvGX10KfSzPBgMKYV XCXPrOkJHpa+fFRSTXYMg2FO54ZCVi+TvR6F+oHVh3tA2Zv7a6HZ1zNEn3RbOwxC aRvNPfdj1PInuoo4+UQXeAdXQkivqzgJvbjSBscuYa04FWNH81dl0wLCwWUEEwEK ADsCGwMICwkIBw0MCwoFFQoJCAsCHgECF4AWIQSPF3dxGKM92pukjmKqyzJDYwBS 2QUCYkZAkAUJDhvRJwAKCRCqyzJDYwBS2RhSDqCQg6j1nrEbGybYr1dvWagOcwy0 p1/oKzDBiQ0vPwYpiA4d7Wfx1JD5gnS2YOYhgBNjvoNQZQAh9WzjIEYmCA77zyT9 WnaXZvDJtMvqgIqT/Lvxqoxh5pZwbmMiGnT8ZPXi5mxlCKgFCUaoEr24DpVHtv83 q6u0YE/w3HS2w4Qmtfgnc+7i5Fjj3ZZf98zaDxRzGRaavnh+G+M1Pg4z4pEP8vPz LI7+Wwmd71FIMqEVzVB8ra5uJAOwo7+g5yzGr0E9AASpI4Nkh8vb9NopLPEVofad lyM7egj1qmbgyEx6Jowcj07a31wSrToEU3R7DD2+1cwMyzNIVEEqccmRuH7lnjgz RmnceF6U3ge2kYhRyvJwPmhASVuAhore9DRNjyljK6laGayxp4YAW7TDm9G3rpGU GmTgAhcf5Nyrztuboz7Gq5Z+OORzhL2id3zQIMkV1upIleeJ7eppEr7IPU/69T6f 2GCcUKydClgghqOhip0nVrvlMUkvmO6dsDeMqL88VTycvJJW55ugO7TOvnwI7LDE UkUvKAf83fSlmpSsNJsSdOBXZrekPReweEqz3kc2FWJyLx2w7fLQbYlkMNSx2DoS ibsqjGPlvYwW8sMsJ88CRXXCwWUEEwEKADsCGwMICwkIBw0MCwoFFQoJCAsCHgEC F4AWIQSPF3dxGKM92pukjmKqyzJDYwBS2QUCYVZPtgUJDSvgTQAKCRCqyzJDYwBS 2avkDp0RxVxnyVT16JF9qe2CYaerV/tvJM427Dg/rKhmknpDlUW5zCU0sRG22RFf x3oU9x9uNb9F0qK5zQLI84d7YFTqQMLX1SkUCYiDhp0c5mF20dXrKoyOZmqpajet DfUkNCqAB1FQnraetNBtDo8subJW6GdilegjM3LaGyluvftJiZ9T3CJ1Dn5nE7h0 7GoIg6OivmdlsV3EOXFZzymmzc9rEA5IHVKQlXSAkXTdC+G9E65Rzcoj85TB2Q0l 6n9Bfr08UMQhR8itYQrQ7E2kthmP0Vt+pqahwDZfeBWFjkAJ2eXVKXhUGEFR11RS WL7TZxma6AZdLWkyRhbHA6h1rvQK+jUSI09PCsJ6RxiF67I4x1wfvqofqyRXeRBu VV42O2xWnxrGo1szJ3iwICyAbw1SLa/9YhIDezq2OkXMwyJa8Sq5IUzJXA05r7q7 qXmebveBe7kT/tLyUVgZ0wuttMglINNrEWFGwjbcGYzrykoldaRUPYUE8a9CaNR9 n1LLP36UrXRKBvbo3s+q3Dv8gGUpqVWN4lqCBRkzLaILZUhcwF49IoZ5vb8RuP/a cJbJjRFRH0/rsp3V735coYTt2+7NgoQxRg4kX9yE796G3vxd2Pu+xEnCwWUEEwEK ADsCGwMICwkIBw0MCwoFFQoJCAsCHgECF4AWIQSPF3dxGKM92pukjmKqyzJDYwBS 2QUCYGUNRQUJDDqdnQAKCRCqyzJDYwBS2fVSDp90hsk4Fx/BOJ6qMZUaV6047viP xR5PHC7YhMYodpUlKkYZ7FeEmBRT9Jufa18ZFvvKw7Loy8/YECWT5yfWG3Sb4kq8 2gcWuMnf696vLa2gRxl051xc58drmdUevFcmPMT4OAIH2hG3Xp/ZD5eLsyn1KMS7 2OQcq29DlcFWzzGSSOEnzlEdFPPBfY6GIvRTtXZZGBgEJwTI7Hro82NIwzslQcdu VYTkJO8TKpqWD3H/8jHNXFIe7u/UwZVqpC1zb1VCQ+9B8ou1+yFSMYte+E0o4PyJ Lfx17ZabeC83l/hHPjzCe4lcMAPJijPaJI+xTWAUN4/p8Y44wRoNwrBMgPeXwys0 qCO9o1lbiR1QSynZZpmR3quNfMWDSa/Dg6V6/u9mv8VVCm5da03WtsLDs9TQZ2WU zFdeDxR4hsac3KN/jbmFPVw7XKj0y69xFMIEAc438KX9X0+490onWB7fLrBn1OtR DCF7W/PkJORCCIKc1EtSErN8ADevv7lh5icmQ3/2sYrGiyhrTNjQpPdDgan6daS6 yumuMdEw/r2tW71VPaMhdyQOgEGEMh/olByB3pmODUvKP8kvNkcvQG7du0wZFTEC 4CqY5fT9EJq+vF9kP90A1NjCwWUEEwEKADsCGwMICwkIBw0MCwoFFQoJCAsCHgEC F4AWIQSPF3dxGKM92pukjmKqyzJDYwBS2QUCXLCIzQUJC09U0QAKCRCqyzJDYwBS 2Us/Dp4rVKtUORqUbcD6+yW6iwvi7al6GPr52rUohCZILVuqcTCpY8g92u7+HTMw U0VWJBV2mxPtfkkYMsaKkZTnznhCSqN9Y/1fTZdBNtmZkvx5DyGxq158KNciwM6l cAw99FrIxSHRB1SHcaz2sR2LOWQNZKGhA4wdcVZsIBL0Kjr3lr6CgAg98bF2Yg5f yI7BsHvLuFil7EGAa9+3ngqWV5gny3EllJeMOH9fcJ5Kh2uSJHU9kfkyTuYQY8Hy 7lToY+z4jmGQNsae9iD2OfeQa3qERNTxT6mxFxdlDD+1BksrQiz1FiQHmrUl882z oJe7ug3liFVvhiUjik/2cm9nHUdxB0e5ynzGCqYHgvi2G2WHSR2MDqHn5LQcEcTd 9hokqh280ejYa4LWsBQqeYpSgE9FLO5rJRX/+ETOfk68BNKlGltMakAL4L4vJhKd Fkzyniq9RwwgD0R4aUfjD8UX9sqAnZ35ibyskMmIu1aAPX+nMQXhr+kHDuGv7ga4 RPZIMaVhvibWaiL/W3CsEakJeMVxsdJrWsCBdpYm2k7ASwiKzHkn7Zl9W89tOoYW A+UluDJOhCWNfvafLodQRojqqx3boZutV+uz27JmVP5r4k3pReKLLDHCwWUEEwEK ADsCGwMICwkIBw0MCwoFFQoJCAsCHgECF4AWIQSPF3dxGKM92pukjmKqyzJDYwBS 2QUCWc02fAUJB4VMEgAKCRCqyzJDYwBS2X+GDp9Iyh19ICgmKigudHjrhhmBYzoV 1O/W4L6qIdG0TF3G8Ty//rjvHbYuIEGdYQC9lmq0BdN8xLN3RXmn6pOl+wempC98 +CyZhohtY4MTELl3vfcqYX7X3nY9hQh43Bz9d6KfzTqnZ+kKhF2OpQZqEnUSZBHz SG6tddPwjehYu5OwuwDr9ZKTs60DMZj/lHS4gL2zD2we38epEk2zMPGyNpuElHoo nWwpEKsDknREZ8+xZKI82CCQz+QK3EGZzoGSQifMF9R3hXGcV5Z56K591dpc/cWF Z1k1+0U7Kj1/UheiSbtG2tfNcD0RLvEpjEyjAHl/evYX9zQlnQXL5SbcAmbp3PpP MW54s0Z1tAYUvzt7czA668HcjFt6x6pITwLTLvHr3x8qJTguKv6PK4pKdOMa4K9x QQ7IE3W4XYlldH+LI74F67yKOQ2fkxfSCDTdApL6i7AsC7PBv7oFFhMrDoWiFDWQ wQ8W6egSW4PUcvvF4wJ0y5nATxY5fEz4Ei5q/YnwxzWju9chQoBDpw6ns4QP1zw6 4GaVZe2eDpliDhExlNysFPWFq9R+L9mdn8ePrHqr1WnuyGGhLc27QhgnhHwgCHDZ 5SusBTnHPRUsbSydTIJSHWTNJk5lYWwgSC4gV2FsZmllbGQgPG5lYWxAcGVwLmZv dW5kYXRpb24+wsFKBDABCgAgFiEEjxd3cRijPdqbpI5iqssyQ2MAUtkFAmbMKm4C HSAACgkQqssyQ2MAUtnVpA6ePYwta9SIyXHT7YqcU19NrbcNzcGiJBG+XF0OHNfP G8f0v0GrBIhPkyn4jwMeqyR5f8JxNX0goVQC3soIKTb3v4bRTw+4dQkfP+3zqE38 wYwR1dclyPaUEfOKTD9uEvD15c9seWyyvsMu0EdBytlXvoUNeOLOSIT24WiSq4mX BfwTHGUojbGK0KpWB+VDO/JWBbz7kBKuzV9SZvCWQJoQDYNdCK/mbiavF/UjzIrw UeZKECljZAzrxRfhSdqtmxS+yw3c3gdYCi//ROlGwK+F3BehLt/hQbK+ypLKBdUx L7y3VJMbt71n9HkkvbkS+9UW4JhmgFbrVne9DH229/rVtoWzkQxwsDQA17+jW2u/ Q3By5QqMb9QwRcKqdDNRqmLwFiTq1K0lQMl8O1dvDPYQcPQ7ZbJVsbY/lymdL1wu t/sorROFDtmvF1r17eXikzeykeItSKYyoaJOBd5+LGJWxixBWvo/bkZDi5F9naio +4V5sFcDHxPYwwb8u9b2EIcBEuwd5ijeuPKsFKtyJSErBMqGls7c3C2tHUSdheKR NpztplRvQrMKClz7Rovm96YVyuWy8SbFNl3vPD6u7zfGWArd2AATdCMSlZVIsXtP 2zqIp0tkwsFlBBMBCgA7AhsDCAsJCAcNDAsKBRUKCQgLAh4BAheAFiEEjxd3cRij PdqbpI5iqssyQ2MAUtkFAmbMKdQFCRMMg7sACgkQqssyQ2MAUtl6dg6fW1qd9tl2 tbyVq3fndwx8ndcBgynyV4CLjH1KHqsBWMcnduKFg+2DxrPb2HldMnRroBi/0pQY GH99aHrfZOxtKoHglBcfdKO8MJm1g1X/RHz1hn1C12h/9SEnhvkUzs4Eazi2hEvl AHwXnZn1iaZ5dc41AHJlNf3ufXXPXjaysB9765AphjpCIagJkqahliHCtf+kFe+h hQ0etjKrQ+isJZ8tZ6MVTrTsDsY1lRwkG9le+IeUvZle1lwUnc90+YQ4ib02y191 ep9i8hvvnRROC9bTDYfNHc49aO8zuAxc7eVAaL0/hrS+cCtoUHaQMAZZ0kAQOvvd SeWxI2APfaM0rkfJxTW1gqZbnTtEEvTmyzo4c9KfJCIU1RRAZlHmpVSYUkGbiLFY znrd3dCIxW9+7MHrytJKOnWp2LSYEbeJyZTcc5mOD61spIb6Sf25MZNUZtngW4j5 Nz5FQ4mriyipPjetllSXxfptgkvqtF3aqhfi761591ygtyDWOYLfTgfkVRhfChTh UXI/Ai0non20SDkRk3MhcbyKKrS6PDBe/g0dm2IWAIIO8QKT7dHo+Y+yvNpGq7Jg Cc08wYttg7X4hF2gHTzgOBcRjbQx4+6/8wJ7OOrDwsFlBBMBCgA7AhsDCAsJCAcN DAsKBRUKCQgLAh4BAheAFiEEjxd3cRijPdqbpI5iqssyQ2MAUtkFAmXdpLAFCRGn V7UACgkQqssyQ2MAUtktqA6eORgm8s2d/zw02a/myc2hvBtRZVnNe6ElYYUTYMGW 4DWj9dZWRHtuloA/ayMwNM+vtD4kBTuMK7iyhk1FbFt5j9rmSpNcxaGNJr2nBrQm cxsdIjUqmyJYPJ5kTmF5TlyY8ZR4KtR29LByNkSa8m05ArbbVcQjvYxVvj3ZN3/D CdeKVSqhqO76dEtkBev09ik6tIUGiy0dmXzN1Jpm1MF4gW+YHfcFfawAx5Cn9kKs 52fpum5hgDMrzt8JZuEBRlK6dN21QN6yYrX3omxsIo72xEbD8rxUbbiCtj3GQZ4D AE56crVLuiSvM2q3IePCq+pNuH9zH+lF+8mP6RwC/sNhPv+wM4kI5rx1c8m/tT9P WLrjQ+LMWx6NoMUWLyhxlF0KIE9W1qLz68VUGFlC28qznUeYR1ddUWHTTSibyRZM 2Xt5c5e8hRW674KebQ/iZP+OQixSfRLEJeeYKYSR2PqV9srZ9JXUy5X8Sl+K35sH 8KyXxuzEgJOxkZzdtWSTdlzI/wenHtoTPap0vAzDlL5CbMAptjquv9hI8dMTL/vD hKhcWc8mwLXz0FAxFf5x788Qw7+0S7dU6dGQfDbAJe1PLKrbe46r7jcjLvIVpjG7 AgnTVou8wsFlBBMBCgA7AhsDCAsJCAcNDAsKBRUKCQgLAh4BAheAFiEEjxd3cRij PdqbpI5iqssyQ2MAUtkFAmQmqzAFCRDkQ7UACgkQqssyQ2MAUtkoqA6fdTSXxiMZ 7Iv8u8zEvkrziH3vZXpEv2L8BY/vlMvQKaVZKgvNg0kVdx8aY532FH4bo8VfwqsE amXr9YPN4AUiyQR1qko1mjavMx0HOTcfuPtDQkIBX9hDyecVcHfqZCkrKRDzOsYj PJ5c2gZbBNROBRq4rDaePAZ6M8i4inCXDvgN8iirf+MPVH1VSTDWVAClAbxYl3fC AvZzkdpkIjL/6xtExQmXe7Gs9jWS3mSJbo+MccS/c8Rsu5ZDpRjYquQbeemnbGdo BoLtd5VZvxPWdLJJtzl4AOL+79aDWmJa9tJRD+L0sGv8/7dkqzU2fZfIcYmgSdSn xuXUlPdOue5apJeTziqNSYUUOyB4aoJmHBCWyRbmmZ4nwcvYFrBOimIz9MOvzAxj TlDbrwo89wnR/BzYFtDVGJD20nzXt1zKyR81OnZUAdAr6hm4Gxdehz4Y9biTMYrX gh5WzasCB2PYnBodPazoTM6VNFIEpnAYY83v64/C9EhhpdfVeopfCtdcZQiAiSoh fAePsb1tfo7FAPGRjqhvXJUlpzmi027Jw970oW4z2KzsNQ+JP6aylmR8+yhvbNWw gjq1eZRzNOnoNgD3+dPqcNupMr1jmHj0mlVju6O2wsFlBBMBCgA7AhsDCAsJCAcN DAsKBRUKCQgLAh4BAheAFiEEjxd3cRijPdqbpI5iqssyQ2MAUtkFAmM3gwcFCQ8N E54ACgkQqssyQ2MAUtkJug6fRRPS65tf2Q6ZPEhm+Qmsk5YSquPKm6xrB17hycoN eekD0K6szV5rnTrTjOPe7J8I5jmsdfqlUPvkclM4yY7odWxW7js7sVZH4GlE3hPq ySMpvr6DLMwmTS9vAL0kUip4HCDofYLGq2Fp0uqlfeHPTnZytINA9Y2aqbR7G7AM rLaYpPsZZ1ivQu/Ud4PEWXEaDoSiyicHUXq/DsYTkk6J7oKG2oK8wtnYcSyQlCgl ZbAlxHg7H+1HtDZCuSYzateZDV8iq0q+LM5xN4Ro2fHuz5+RBRu2VXqpPlW1DyHz oGDDp9e2trpSCAN2SzkIxwfPkH9tPw+YbJHDB7RUb+/JXkew9Y3abrIrowKvaSfO 40rNBnNiEhhh+spVyrRzGjKeNfcidI7ko+JDq+F0xVHG/rM2WjoMfnDzzPoviBYZ DpvtM1T8rXHliAuTiAA+KX/LAvqMHYyOGwpEH5+CoAgVjCy+J4gvHRPdtBTLaKz1 8IkrqxNFEM7BOrJZHlU4n/twZz1sR+FpyeHsYv++eqebLnn89Gj0zAJL9WtfHutU Tkj+lDjETFnSrQ6bsk/wvTU0ST0MY9CYR81oSa6DcQp4DocDolBxSJB5djjsues7 FYVZ40O0wsFlBBMBCgA7AhsDCAsJCAcNDAsKBRUKCQgLAh4BAheAFiEEjxd3cRij PdqbpI5iqssyQ2MAUtkFAmJGQJAFCQ4b0ScACgkQqssyQ2MAUtk62g6eInZSjfcH lR2SHaStzxU/wYi4qzgNIz+FcSmPp2c1G3+iE8MQgDVMnsN3E0x6MKq07tzWpEZu moP2DSRRE0Lxt/RX5NHwjhRqljM7x5ubebYvHh/3tYYuzwtU3hRR+3Hmtu5UL/MY wOg+k2DXs45i31s115PvXfxjDjW/Cv6ifILUDwdTt1/iiXmxMbRXnkLax5nQL2ZC hns0YcoU8vHLNonU5Pu0MBoBgCM22UrgDQ5uIyGjFV89Na6KdXvZK/DVj21JTpcF 1gOqnA4hnoWxB3CPFOSjsq5yZCLl6btg7U6fwii/UAYv50ZQghD3lqLDY2NgQ1D0 viD2X5zLuLp0qFW+IdeC/a8cSXpNW1CeH+gptoY2WcuQLtoSL0/+x6tHttzJxRLE bnEWiqFqrCe7KTLdn4XgVUz1ZxAmxzjJbXhQXDR6nTON+LBoW+UVwTxR1ppPtG3c Nvge15wYZAOdyaAyAlbHC8F6cctTQIPwlflmM8+AJFrl2sEsd3ZwBR/dP7ZAhNW3 y6OqI2iL914LKEJu1cC6+LXsWqheh8G0e8H6MtFDwBBhl5qFtdzbW4KmflwK99hF hYEA4HSxSz0BEYm3O9S8mknKx9Nh8R4yUV+FLbldwsFlBBMBCgA7AhsDCAsJCAcN DAsKBRUKCQgLAh4BAheAFiEEjxd3cRijPdqbpI5iqssyQ2MAUtkFAmFWT7YFCQ0r 4E0ACgkQqssyQ2MAUtnn+g6gpLWZ9IIJQN+tbHAo6IlVGaRtpqtRY/4ED0+w5Adb FyyA/9eMUjGl5J7v734rW+1TKBBl/oRT4VM4K0XcIKKypk0IaEVBfX10c/66KEnt /lt6IBGc51+pvs29oOqFMm2rtfYyt36EkBIkaSAEVVOEbLlWkpqi1eQTpq8ZT19y dkyAzn2kJy4cLQXitiIo/wzW6k22oAtZ/qwuG9WCgp+GIOZI+ZOOFydLbj/79o4i 7hZGxINjLCR3+GWOl/ao6n1AAy3xlxWfw7lwZfC9NtyDsPbBH5nJ/Gy8UA9i/lWR hF0Z4GFplqeg8q0L0ktIXTGjq7EKku0jT3257tj3f/yzB/NvoDRoWD11fCVZ1Q+I sg85rU70s8UJdOXd+NfIpJwKNCqLI6wHJWmTlWLV9ijsMq1C5IZ7BljpHkO6mAvZ ccQJHYEA6Jq36G0muymXf0+HcAg4ktPB7D48B5fJ+eFnCy3HHIfEGI0DafgozXJN 8TuYWgEvM4tS5FPjLiFmDUzn0qn7roZFU1kRsYqX8V9TJ0MVr+yvnjTLOUjoUetx SgqkayRYN5KJ/Qz1vcGOTttO+RC/10VsixTCAJevNnFT0OwkWEwNuciyAl/NVxRA 5VMwRLllwsFlBBMBCgA7AhsDCAsJCAcNDAsKBRUKCQgLAh4BAheAFiEEjxd3cRij PdqbpI5iqssyQ2MAUtkFAmBlDUUFCQw6nZ0ACgkQqssyQ2MAUtm1fA6gnRkLxzwL QY+crxelY4ch23Tmg7M0k5qA9PduGXVIPfGCmWShO5+KzPWby81M7yscomgKQ2Ue K3XFEC/xwpcvXLi6M/3yiZBn7sk6lcXGRlJqgbzTkqy9L25gyA2jE7AT/dZDdsYB 3opLiu+blf1vHJZmjBGU0wCBT7Uja2b6coDDN/bJvwn3lartt61p/EVx4N8DWnQB tPy6rN2J1mQgFJubUp92Ngs7vt4dbKxnC05pkdrVGNcWqXnbLDoR8/33CGz4VO+D mkrq4mWT5GA8Z5LMa/S++NL1hkyWWCkbSDYw2sqc9Oi3s17iXR843w1+qoczD9hV jCGi/RT3so8EgKZIiGhPSqSn4cUSM9JqGmU/wnX/wh2e+1Iiz/hJHy/DmG/Rva8+ CM9+xidIdCPKtb6OxElZ1wFGj2YR0fa18IzkuvBB/H1sh04+XKPQ9E3JNmZJ01s6 1fqirvw8cx8q9iMglYmUOQXYZJUR9d44xixIl54j3G75nFVN52wte5R1sAIVl7kZ 8aHGbC7lB+UOcL2IDjuKS31T6xeSa03CHALeUhxKkVghyvCuK4L3jFZxuolYTe/G rb7/k6nkjFlg3+1PaYjdCkHfIFwloS+xonnR8aI4wsFlBBMBCgA7AhsDCAsJCAcN DAsKBRUKCQgLAh4BAheAFiEEjxd3cRijPdqbpI5iqssyQ2MAUtkFAlywiM0FCQtP VNEACgkQqssyQ2MAUtlazA6fXmah+zPrUo6egmrrn5XIch6V2GXlavrJazgoiTbx iWWDdrgvoSdWVZ9iMBR1MxK6aBRaaPD43r4Kk2L3q/P5ZFyZXdmRZ3Ko6e+DyBz3 82ff5HplhgtJfgpdAKRXx/wJLyQwKMYzcxyQVqNOwMzRPZNojk/aCAWvngbMmsAi 47St008NtAiXkp26oa7ZGbtF96ln3NDjSUamSIiBqNA8dfCV7OWU9rkgZoRnw/5m CDyr0uwVNDtWcx/3qvaODuEoZhnyqI+aPWPPYANeQyeLi6YFL/KircJlRXzvdeku QSuEP1pOpkOT+0av6078GmVN2LMQvGHMpjfe27Ru/q/GQZFXzbJTtWr1LLEcTF6t r82ebufDq3YcbZQwRJ0H7+7ZI/KqQ+GXNcbcZBAhWTHkqu9IVjESublbBSm+So6x KNIRETdRY73m+vSG88P8ylGEXH3RqXk6LsPEbbTybGygxIzweqwIcoE5UAJ38uyU h5B3T+WHnQxzPj5IqkSJE58LEl9KHS6VJ6WMU7wuX555VN6rvGjK4XjD/M6cD20q 2eH6nSZ2c1xYORCMBul+labW0xfLOsXzj79k24GniOBdZou3D34vfq/SdXYPOnyM vzGho/HhwsFlBBMBCgA7AhsDCAsJCAcNDAsKBRUKCQgLAh4BAheAFiEEjxd3cRij PdqbpI5iqssyQ2MAUtkFAlnNNnsFCQeFTBIACgkQqssyQ2MAUtn46g6eJDQNUOuA gVcJGdVNO+A4HUx0kejBrFcc3eyuLbX7AiqultvSuRYsq1bSv7xzqYGgzTC5447s zBiqK1GDGjPUl99MG5aRn3Ni5bzRj5HP37LVwKsMHcZu3qlbhHctfnBKslpcKQub z/kSIygTeYSwN+50PfJ3S0v1a+sJzVrz+X0cGDlBQqKCI3Sb1FJCEUQh4qj1OBXE e+89dydVNQ8RizjceqMhmlvEqwBYkp2Bnm//FnD7jn48hf0fQD+aOYkvF8oB+QI2 /Uu0+qyYPE+v7uDuBXSjhHRscZMLPHe1SFF3Tzh0oWLVejZybnqVA4MFwEFs3zfm bOxy7EQSApRmWaiBIDRwTo2ASx4TdCqWUIQvFo85RcYCDMgwlrVYW0YlRfa4RJey 4y85OBRtd/UJ/eOjBqGJY9PViUfMGghD75qHob4+UkocqU8koOcH0z/WqqXS7GMW KUk0bVF74/lUYSWjLGeiFLvgVkxf4eueZlrZSxDOPA3k6fttjZbtWGNOWWoBZZln VhhL2tLc34p/7+BNdeWl6DcEPNTDBXYXT+nc7hTVhWzqZbsIfB+lOzueofZM8yZN DIZq0Lf1RE9Gf1Lw7Hdo0TWttXhun0w1mx19OsFOzSdOZWFsIEguIFdhbGZpZWxk IDxuZWFsQHNlcXVvaWEtcGdwLm9yZz7CwWUEEwEKADsCGwMICwkIBw0MCwoFFQoJ CAsCHgECF4AWIQSPF3dxGKM92pukjmKqyzJDYwBS2QUCZswp1AUJEwyDuwAKCRCq yzJDYwBS2QfMDp9KBBMNNagHPSDfpfAB/JKcH0SbxFifAzK2ag7Jk6rWCKjAlpCH prR6Ah4sXvUZO8aQ9sdPHkvyjkK59CUIy1TQzP8hnI4Wg37sZRcJbW510K+FA7uk ljMuiXi/LTlDHpw0D/8Bjqz+oU+r2E+986fWf3rbb7ojy3GS4aWJDs5kbiaRzn1e CYeKaoQHGUmQbZ7sRyDzxjeNryZKaR2Ux3d1NnhPWdYZKvY1KGeDwXwZS9cMQVBC 1n27sCOfuUgEu9vnbNsBJs5W9ZdWQ1lk50uwjQu5BzI6Jic7YjbPSV9c8yDnYuIy 1mw8H0RCY9QNhsUryJBT3K3XIUlgtzCSm0JLdDw6mPJSdQRl+ilVpF2gj5ehiugh Q958XT6Kizgtwq0N6gMey+ILEGuSser08Mxw1MbrGQSXG2voLlLcam+NIMVMvuKB Va1OebL8LorCw+GyujwhD71lpGCZT3VO1Npvom7dqtp8NktoEyqTqzOsZCtkyQyj LJYiHbIN8nxHOvSBSlNIu8sbRaxkSf3v+GrB4EUD93y1pHq6S0Ji9GGRFQP92MQ1 bpHqojXtmv4mZmVqCKpbjWLTarCfRxe1rrWiRzEfXLolH55l//l3mwbLzGDrXIzC wWUEEwEKADsCGwMICwkIBw0MCwoFFQoJCAsCHgECF4AWIQSPF3dxGKM92pukjmKq yzJDYwBS2QUCZd2ksAUJEadXtQAKCRCqyzJDYwBS2amyDp9nyo9hWHCA+MELnlAe G1X+tiY3CHZ49wddrlY03pR7C6E0DW9Mmld7aTvs/Uctt0TrmCniHjLWMwC6vI0Y c4V1HUjIDBq0cirg+ymX2NYI2dIhbzCGnZFiEevKlh0SbZVtCvsycNUiX2jOujJF 7h7X9mFW1HCqKp76Q/WgXMVUORLeceGE6RXK09Jew531fJrXwK169GNZQsYqqMVf T0KSyG3V/rE8Zlcx1U2DrjJb30/PRp1hATD5KgQtyhwLpYKj12Suvqu/TCVEoCWq Hd+6El7sA9xAKwlwe+QiUeH/B4ZMd08o7LhRQKbBRVR65dHBG6QAVkbo7PLcxtBy v71iEqk6NixsWoUtbu9KIfP5WyyqEBlY6rZ5qIuQZHZmVpcO131bXYq0CjKeLt17 I6SATqm4W3HRxJwHPhIwGJ/4S+taA6agGd4qMBSevGsBhGAYTznWAhtRp7MasMOy ZlXS/lLkrSswJVpY+by4mLUWQOdmdqRtdT1EFly20DIPHyOioPFcit93XAPAk5QS T9qrdXm8VUiugTvd5ZAW9L1vdrZI2rvuouXng8HQFstpwiydmtFFU8RUpNRnj22S p5cAhSdMCxZrbkanprczP1iBnyrBfevCwWUEEwEKADsCGwMICwkIBw0MCwoFFQoJ CAsCHgECF4AWIQSPF3dxGKM92pukjmKqyzJDYwBS2QUCZCarMQUJEORDtQAKCRCq yzJDYwBS2dWaDp4wru9j9e55BR8R+XLl7NS/2OxTehXhnZdVHws498buEX1/Naee yAgcPAQZs/BlI+59w9VXSyoxmTG9ZwEZZ9jQZTKWuVEa+MAXasKmrZyvmPxNS7Bx CIBhxEbJMU4ZtcpuF5b5vH0Npsxgi8axHOcKlESa5zCcO+6uoSCLbsC6QNjIbrvJ tMBQ/fFPnHoBrZuuK656GbKdbkpLrztgBqOONCfjgtSgMg9CTJ4gdsty3c0gr5lz x1gfr0qLyg8U1vMvhwdz0JtoHZnUmNO5Xgfrui2cxGVhOsrwb5fPuql0GJqQuf3Y fIXATBYaAtcMH8PHc4ZzEc7Qs3wGOA0RfMWGPuvy0vGOUql+dkVLwutOvsEgYxae YZ0H8DtiWiIoEpW7bldPy186b68D9ivvnbv8fUXUtmQ+BTFj+nqxzuadTaNm6xki x7ISLfYbUeVZM7CpMTH3GNc9Pm7V1DXZ4p69lW6Cdn08e5HRkVhN2l3doz0qV05L MqJf7EExEgGfrkU+Gp6SG29jQcFkumZoJskafCfvfyi3Abp7kF6yiB3LxzmB1Uvo voghmDYbf037vWqIKwmWZbH382OBpBCAg1zmn3LKhPIIqkqboQ5mvEBE8xQjUPXC wWUEEwEKADsCGwMICwkIBw0MCwoFFQoJCAsCHgECF4AWIQSPF3dxGKM92pukjmKq yzJDYwBS2QUCYzeDBwUJDw0TngAKCRCqyzJDYwBS2e+1DqCYo9mV9ZkbTyDVr2h3 W5DNmwq9Xre88ItDXJ1DQbxnJ5ikwB0M6O2e6EV60xUmsagePZbrQ6t5eFQHOTvE IMTvibHAG2bzndIQ/fzHwjigq/gHacxN7XKeTkZUcx07mPGM/6CkQFV770p8qaQq nPjHNy8YajHMUns/wQT5uDCORlLI96DFiWCbnxP4jPsoOg5pupuG04i9pMxtRdin fgzo4UiiCx9neptD/XbFzuGnC+6Ffb+YKurkJR2LBrJArb33okskd0LgftJva62I D0Kvy49xAcnq5/HiMP6SfIZU1IbNsXcmoS7eRGGREl0Sj7qSDsAtPDXkpNiOGt1c wBGlgEdayuD+C6+7m77u17hR/cAj/2bp2k5YTQae7BfIIyTvOVGSZluINhOljXmh BA9qz3x7eWgRY+UnWOxaj55TQANqZUUlfvju3GRe5dgewKYd8Bk7rOuJYBLibw/j phbX5TA4RKyfUPyEUNxyZl07ajlgcFGhM93hLKO+TlJAuvgoH/MFSiUK5OzI3wy6 R9pH6NYKm805dvj5tT2LZaINriVpaiWPCfRdq43Hxe6ceIUbbLxfH4tAQ/rAuwX/ elAW5peXC556zEyhBxNcJ3gOW/bo55jCwWUEEwEKADsCGwMICwkIBw0MCwoFFQoJ CAsCHgECF4AWIQSPF3dxGKM92pukjmKqyzJDYwBS2QUCYkZAkAUJDhvRJwAKCRCq yzJDYwBS2UKJDp4u+gHgK6Ygso4vMHWVwmAAhLZz9dRrec4w9bD1t8b7DPfhCnlD Ia02mqI6Gbk5VLe5a5NIJp0DuXMB2OdhZg4OMR5iqA+sWdo4E+m27OhQv4P6myni gNbujkot9RIFGjb3lBfmHaEYtd+GYVyDrpxv4C5Z+LXfTvsuUZ8+vKUbNYtX9oIg X3jGKLgAyHEfjm5oCn7PyAnGi8IVYS4pbJZ11qyQoiv2mlKMs6kHZNE/ECOleI4U n+OWwwOHLNL0vcW0otSlt9awTeLn6PBnz0e428FihdXspVGXpSH/ulnU7CcINd/i WrGljw7FRV4WbkBRt7TMONqLOYMDYdMF5K68LGbjw9tR9Fw4f2coAHhJNCPtOFDX mO04IkEbLh5nbPDi/B/g/C9C2w86ubID3nuHEX1NixjGrgrtAZOwDl6Wy7MzMJ3y 7Z4GD9SXce+qS8XIXYIwWK95qoBKEiBI2b8dw2qWjZyI6wIQBIqi01w10f9d21An TzXpns4Zjux53X0FH4+V2uQJayadKJ29eKvcI5DkNYp02Zg0F5gKSdAtLw1p3TJK jGkKY9wuwKU2pAt0whdkWKKuLuJd+kuFql7uAyyveOqVNyhRCDhdxHA3BBeq2hnC wWUEEwEKADsCGwMICwkIBw0MCwoFFQoJCAsCHgECF4AWIQSPF3dxGKM92pukjmKq yzJDYwBS2QUCYVZPtwUJDSvgTQAKCRCqyzJDYwBS2X/ADp97MQxWRug+QzY94Yuu XI9q8RTzep0hZBuljoFAFiToL4SzOA95epUxsXsxRCp+KN5yAgL5RN1Om2x8RULZ iIEYlFXaUi8Zof958+fyLBHYAiBIYvqMPL7pKmRLgrL9wpI91gNU9BrrtWuBabp+ T+/1PdEgFP4wQ+tkl0nN9RS49KEraHExE1lDNiKeayaYHVL/Q9MQ98ds6X0mN/jC 2p+NEX/JD9VZzwhukzIG+pXbf/XXJSF35jWnaE79nTH3pzY1cRxTx8bjuQNr4xEn Xl6t2qKyTxsgre45JjQ6pAwzyDFi1jON3wceGGIVUU2+/bD29jEJnQQ9He018m+U 99J1h/HHemuj8dgD4sDFQm0t/TRM/ll5BwOKfX4vsptoUSFxaMFaKqGr+nilS4Wf LvZevX8o7lKn2YKN5v6i14aBMgMG/giycTqXyOpc5r0SShRhl/nv7wQuZRw6Eq2+ WJjAHTv1z6k6Xws1H5M4ZzDzUvaD+KD5AppuhSN4b6xyGa/Uh/lKCe7UFRb4GWRO fpWwdl7aSEK4/9JmHn3wxh3wHba4rM3Lm19cpfmfufD+bTjrj9hkmcoKLg7DRRJQ /uJ5L1aCYPlPDXSZLB3OG/Hl3GiaOFXCwWUEEwEKADsCGwMICwkIBw0MCwoFFQoJ CAsCHgECF4AWIQSPF3dxGKM92pukjmKqyzJDYwBS2QUCYGUNRQUJDDqdnQAKCRCq yzJDYwBS2RPgDpkBfLeL6EOQuR54r4KokmwVkppUPhTnSvD2vYHD9JVWlhtMWCQl pHxLSe8bIY9DLJl6rihvevf6tK0NeLQtog9ZVhKOrAlmQjx/Hzzw25GeTdJQhoIE xKzZ+AtxpAjn7I2V3F4Gk39RALswvBTlJryjWjS9oVOSiwiYTCyVrT3br9ftVOog j21/D+KRmRI9r3x+V4A2fLIV651iL5bXrwmXHNFscCvG9MCiftTZiK3AGk81U5yV o27MylQk6ujAhcMmGvWYToKVi55+SYWG1+EjCjSTPFckqaw0U7/Cl6sI419e9ssO 8GaxEGkQam6PpS6C+KK7UfeNLWYMCe1kqnDLZ0Wcd+wJD2NNN9WCs11+EZXIykDn Jrg4SLnHrTbLAZ+k8Iomym8jgV3e7ylM+HFXugk39/rSzguhIE00gBUb+b8Zo+i2 5RSIgeiTwT7rqRy6rlpYVm874AogUXqjrWueJcnzqoJDqHsxrD/OSFMzmp4UAW3P BWcPI3DGekxTu3iICcuUO8AuH/GbjgjUu/YV0A5S373L2O05NWwqoSP2QDwkGe+U b8hzp+ENsJe/x1mpN6N+GaCmg5lBsIypAmwdgW4refw5NFNdAIWbv984H8JEJbvC wWUEEwEKADsCGwMICwkIBw0MCwoFFQoJCAsCHgECF4AWIQSPF3dxGKM92pukjmKq yzJDYwBS2QUCXLCIzQUJC09U0QAKCRCqyzJDYwBS2W5NDp0Uzc7YDw0nP1HWoa+x Z/cJXKJmsDmiTf6G9WwF93tL5rFYiPJqPly0prBpWL5CwcRh1aRFhbweAe22SSPw NFh5EpjmuW9lonQUbCPnKSNPNMFjiOtB6VHkXYbuIGfWfWy9XQfEku1uX8DxvY37 T8L9ebvNo9sRPK56XlabeHzRdBfxbNVGomY7kPpcPX9pknsI/K6OyHavKvZV7382 gmBSgJQE7B272/qfOXEmi9xDaZahA9uHGrorv+h31WJ4dTZI2sdRW/W0hjks8bwg AoyG8DbDTDRcLkffPE0euc99M5zc13DhyLYmjFgxJwqdF3DZ+DDtv338FyLgV1Ml Y+DkLY+3TBYyI7TsnH+Gbz4Asc76KvLlzgAiMjxWjWImiQ8wiLDdz6MQ44hCMRco LkNXX+aqKMIfxjDx6IxiGK9h94pjfLwS9m883CsIvcmQzZ+Z2357dV3sc6gUn158 OmM5bbTI1oMjHEkkvyp3Z/hYPoGygaNf27IamBrG9tcITDM9i1AgfACHlPr7Ot5q Iu/WDPcD/9znKEqWBvXsh6r5Qij4b62mVLPfaHelmM25QizNMzQPTXNA0tTA2eU8 AvQurwBN6/J1TVuJO5n3xuBhpmBn91HCwWUEEwEKADsWIQSPF3dxGKM92pukjmKq yzJDYwBS2QUCWjzjIAIbAwUJB4VMEggLCQgHDQwLCgUVCgkICwIeAQIXgAAKCRCq yzJDYwBS2XkUDp9QLXbWzqYIvZYm0Mq+HEgHr0VpRmRuNp9tWqhFEw8jSAccIv4A UzDti1LCpPZPFstg9z/ttT6lYB7VhPqmTQ4tmG5HPIbdS5loxUUdynbqws+sZE6B 2jhHv0xRQMwtiS5gpFxOt2Lhtx5mWYikl5S35JjzNwA/ebh6l4Q67e+skRHXGCUW Z40MRyMPfaJMkeWQZzIfD41aGXqXwu8Wi/hlXJbileJiOeNs4ery6Rs8gM95p8yS KyEbXx6QQsaga4ukOqc9gb0BheLLTcPpnB24sjvvRsyQbnOErMOSwgZDzHQlQ++2 uhKWA1DB7U8WUNLtzZsizcmrAKm4kKUQSoqS+DuxqYpdY0I7be+X25yY7CTEybbD i/T1aigWUbbyFKwf4Uv5E4RTY/HUwltRqFF5NuyGjzbw2y2pnjpRaZxZ72r1gPCc cGPawoTLjt/aZndmhHXByFEjHN7t1w8tRM8ygTKMAUrOyijOkT4CH+FTAiM9IQrS R89pDHiNH1AoLBOcysc2zXqdVQz3OFcs2XBvat0bpjR0DIGWUu8ThQcAXzHca//o 7fEL89TousBSK0fSZWJX4YcefeNZXug7c2ZXbvH5XDUOpk71dkw+qaBGhHMwRBfN JE5lYWwgSC4gV2FsZmllbGQgPG5lYWxAd2FsZmllbGQub3JnPsLBaAQTAQoAPgIb AwgLCQgHDQwLCgUVCgkICwIeAQIXgAIZARYhBI8Xd3EYoz3am6SOYqrLMkNjAFLZ BQJmzCmkBQkTDIO7AAoJEKrLMkNjAFLZ9HkOn1p4xeT4g8+FswnDWuz+kgqkw79X 3xxim0VWW74bNy36K9bPoZ5+Dm0IU9BeHbZJ6OtNkbdbpbWhZcJZ3Hj2f5vpZiZq GYG91aUkrLys40AbX824IawAVVrAu7/neEFKgC/Nh76aILZglI2183O/U3GOZir+ JhVmnDJ7VzLXLu2i/lb/I7mhNFiDZUrSTH4/Ri+ByPsWFNcBNifwTDoIKoFBqTmH RAOSmJBe9GNZ6sQNOpVddNMORVhrIX0BOUDPoP//0GnMZjvkNVz+22PhpXdsnpfq JbKqTuYYQZqt3J2Njt0tmeTDMoMy+0Zm8t8ILGEhafZyacWZ8r5UUQq+wlXVhXAd CiIgUfy3euKP7rWSEDSoZvv7CwsRmwxRv2Zg8tu4kXFl9CDKKk6m4aZXOLNU758S DnNxZT5SzLL8Cul426CwP1XsfrFTDx25gWoUT547AV0HP0Ag0qPejxW/l1WH/Q0k Xk99EOyHOdsTqyJY+Tl8c+G+lpvv4/1It1fEok0CxZnLaFFqaUz5CH3RRP48HcYV 7tV68zsfEs3Pfn/xu4LnIBnIBQeaFSuil6GOL+8yUQMYCDczfKQZBxMChCyqekG7 5hbihxdhjKG18Z1oF2OpoMLBaAQTAQoAPgIbAwgLCQgHDQwLCgUVCgkICwIeAQIX gAIZARYhBI8Xd3EYoz3am6SOYqrLMkNjAFLZBQJl3aSeBQkRp1e1AAoJEKrLMkNj AFLZP+EOnAw9drSqLDdY2Ik7fFl6JqT7l+YyZJR77MNnM/dyjxwmqmqU1tkDgrSZ e8T4Vf9cnDrHXh7kxyXh3BMigfbQHJPRra4nRth9ZFdXQ6G2UdmZ1afGlTzndNjm aIaDqW9aotWinivr9P0aMyFaCYBf/gF7dc9rQ46AWXjJrJS8eYU5rLs7wh4Lokx+ CLU9nJ/UHHc14nhQ//TYLMCEirSM0EI82D3FAtSrp2j9T1RH07jTTTHlOwKX/rIE F8dhSGHAk9EDVVujRiHECi7lRUiH94/rZCpHaSvExMoWMgSVBomwq0zvbuC8wa+n ornr+67YsOs4VF7k3j57gT78UH52VAx6cR+BBMx9QuX8FjcjzNZ9zQaUZ5lVICnS EdD/8044Cm1G3u3+ZN2hCMLFxbOGYDWMZynxt/zKvVkS34do+nMPAApH4udlPbxm 6UDopmub/oWqUaIS74mj/FI065xH4RuQAUWi7wt58XaYVRVhEZbafbcTFz7oIFfv +iRuF5C+R7BeJpwnRJYitIyxmX4XXg/NvbdmI3f2ySLsfyd12my6HOYb18d1r0QG qjI7Uoz8SRXlUDyCTKHFRmEcuxtq59wZ01jiCa0dQwlVRlCBQqbsNu30tcLBaAQT AQoAPgIbAwgLCQgHDQwLCgUVCgkICwIeAQIXgAIZARYhBI8Xd3EYoz3am6SOYqrL MkNjAFLZBQJkJqseBQkQ5EO1AAoJEKrLMkNjAFLZgtoOnR8xmvB8saoLwsmJF8j4 fBX7b0TsRZomY4XpLbix7CvW3//ZXPiZzjUTpsOmsewe17gkSbPIKdedeU9qhvI4 1ZQhthyczzvbebImaXQO7gS++8k9SJ4yLAVbNF2YXFz95D7pp5NNSSc0kpWFjXz+ qwCm9hMiS+aV4+AtBUa+mdipDUSWAx/vrwonj6VUyYhPb58eUt7lHIlGVlyNWvJX kf187L5NCqEsuhMWHECIkEAJghQKCUaCNNB6OK9ddFeOG8ym+UHNLHAj2JkZlQvg UTWSMr316miJy032K/U7ldNlhOqR0F/U8Pv0aJwcBsboijwXTvFH8KKNmXbuXqst vnn3/fcizCLoxryZ2eZ5MnV36Kj1du0AaE9morEzZe0ptU7y4mWLpgKp4SlU/79b LZyDhFKPjZvnKumVupW+dt13HxlgKblJcPo9v9mutSYqVrK4zZScyz36ycgYb9Ix FS9vHY6rp6qv1Dvha79YtrcPITRRTiuITvgwfk4uLNZLa1ZMec3GWpStO1avMrGd MLZuslkq1Z50XhItWljV+SpSgHyYzZsA8C5QA/BgHWNCZUYLtUtz9/Zr0pkDeFCI IDFKfr1q6T0VkY9C0FYubklFtnbFocLBaAQTAQoAPgIbAwgLCQgHDQwLCgUVCgkI CwIeAQIXgAIZARYhBI8Xd3EYoz3am6SOYqrLMkNjAFLZBQJjN4MHBQkPDROeAAoJ EKrLMkNjAFLZxKsOn0R9ommmBh85jdn2+05r0oDthUZpRQAEAV6mzkGzPWERJA21 0Hy5ierwYzQypAscmqVeL4hW331Wxu16a8UUF9lR/KPp2pS0wey+9TrDLYpGRb27 iTKml3wEKzOOt9RdgN/CcTVGnsTZukNMEJKV+gBaBVPd7r3V28De7GDf2m5tgv++ Cyg0G08JxXV8omGbIjk/ZGQsNyBSi3OfQppA9XWx75WmcBSjI9S9iGL+NxpTq4EP 6unaDWir9mCryMBLHVdG5RhrwVB1CCwDxaQ7RyaFbo/Ws/GpLjbJuGnGJtTUoEzc py5g6ohi7Fia3b4rIXJIRkHe1q/jqJ2CAA7+RIAg/RjKNaAbjJCpZP4XnRwEW9st IOPOcCdu1HG9NAkK0rdEjoByDtvikaWqi1bneHC2CJbRuFDIrBTxnhV19+U7p2RS M3xZ1T4pW5jk9SnBh3EYOf114S4nrRVsuwr9j35eupAWNf1l28P6+fTRomuU2cAo OgX30P8LjmmuznTer0avTg4JEpJmeCBDNs8edrhYm5kZ5ph1SPMNftPMlWHMnSK1 Aldn5QzNTK4lSMXB1DATJAMyFMDDsuS2GfQ5DwiVDVEdMPi4WciAce36SpC2tJzZ eMLBaAQTAQoAPgIbAwgLCQgHDQwLCgUVCgkICwIeAQIXgAIZARYhBI8Xd3EYoz3a m6SOYqrLMkNjAFLZBQJiRkCQBQkOG9EnAAoJEKrLMkNjAFLZYZ0On2UvYdjhAsLQ Zcb0K9EWVrEIp7kUS0u0C2LTioCIkb32ye9aRYMoauJgil13975W9TL7/AEXSc5Q g/QgFua187ELqCsCslckS4OQLdublOrpVX0kKAhM+W7rxJuobDOTSHGBloW56OU9 tGxSkwpm/ESTR7Zv7gJDJC/GlBCe2bl6rw8ykWwQiIhfvIOsgfE5ojp8JjktgvpB 7IUyzstvC65ejr16PsoDeGdju0OToDGagxlplIZ5r6MlcmPc4e7cTCh62ZT4o5FR 52afcTx9MqR8TEc1Ij5MyQurQtqw/zS7qMAjeu8xaVCcFmQHvr/Z2ZjepL36O4cN 1Up3boByGTH+oHpaL9WdTsM4n5Zr2sMwhevI308UYwt2/ROEOHpbLv7uc45X775B UQAmNSgcLUhteqddIILz0lVBbmsV1CIeZiEO+Pz6se434EKaUGIIlYqE7Oqf1tLO Ym9knpyYtB/CqK+dyzz2od7QKez8B7e8yx7Ps1yj9KzeAQb5nHnpEekkwG/5TpLM WGqN33fgeJcZtR1PM3atN/6UIOU8j4z47S5dC/hsCVGmsSxysARY119AqUZYUz/f +97+yD51eP3nknfyPn789A1JkcXgIktl1scMkMLBaAQTAQoAPgIbAwgLCQgHDQwL CgUVCgkICwIeAQIXgAIZARYhBI8Xd3EYoz3am6SOYqrLMkNjAFLZBQJhVk+2BQkN K+BNAAoJEKrLMkNjAFLZKOcOnRG6kdoBqmizCtc6UmEtzBIHSjS0TyM36pYbVdOg gGKYsV95pEDXDDsXcrHCzIY9ZM++ToTAKcx3Y53SZTFC57YtJbVwV/Vc1xZJV7R8 16BPOxXaPTtegu+3Yd94ckmck9SS8rLtyJxn7sK/EDeDyG8upg4PIi73o23Tl/Zw ITu8Rhfyz2AY01Ub2CbRyI6ePPM3Lj/o7tGocYNCaF52kMUOvA2jCNel3lXaEfpB x2Qbt1POlCEdLa/+pJGrB/e3QpmN7ozc3ysVs3fTPhvL5FOwUf9fspceTwNICAI8 J/ZLObOeuNv8LAd146lP/GMLYzOY7oivcFeJenE1GQubZVq1KpBrKKbkpnOJeF8b i48a2MlyGTYKU7KNPFgxVDc9dBI6GauG3XZEN6dI4HVIkIDK2phsu8ENsNEE6Ze0 F7I9EAbQPA0ytvYqRWRNjVeEA1XJ58y1mjLoM8EWv8r9SjGWLyc1I/AX6F37uZpt lo1EsiAYOLjgWt42/Q1tUTJFX7DkhIazgaATrv3DnoencvJy81FGfgrcvaulkQBC sl3Zt1SyxorKd+xfTglRr6m5sHX1bKqicEX03fjavkkowOeOAZGmLJVhpUYMFgLY NCwW2AW30MLBaAQTAQoAPgIbAwgLCQgHDQwLCgUVCgkICwIeAQIXgAIZARYhBI8X d3EYoz3am6SOYqrLMkNjAFLZBQJgZQ0GBQkMOp2dAAoJEKrLMkNjAFLZwBoOn1Qi erIhr15SUjmIttoxEe7EOaXd7WHyJVfnkpbggwbfHyl9/DiElK//ZAPmYqp7E1En FbGal6qusf47Vqv0B4zKm5YjKadc6B7rIUrAaXeenqqrsWgTw+gAGA0YgITLHEtH 5Doy8TBxlOOveVz3EqjgvjGTLk2ZU+kcRjAfOSpo+xi6cJ7KJjdvMSU4Q7trFknF 9TNDFkQzUG6rZblXB6rAivvFYgCKjy2MGqxWqAFzZ8N++jC/cyDaaTBlQgvDF+dx HfMuof8p5UKp8zfa/4SuBVLKue1jD+f9LJzpPwHBtqa/EtBUx1etbAjqflBUKdrH Z+vmNO35bb6swqJg5crDwIddXEaInw+JOPFhPHSRRl76KHvU/yAHCW2LrUyGmmYr gGEIW/s7wVP/V+WCLUaT4WF4HizxeibRaQUcnXbc2Stuwmm32YEHW2upa3H7+TH1 48EAx2KORyVaOgYtS8heFFpiqUGwGLD/CAPRP3MvcySSCZpFulsYWs4uvO6lsnjE Z5g1ZxEbxpaJ4cxMeIx1OyZieYHveAQx/PWx/4t64UcK6jHpMs4zYsPFG3xzhLRJ CCm4FJPeyGCGq+nhqrCAyTQJpBeQadyCmXQKsb/ICx1jUsLBaAQTAQoAPgIbAwgL CQgHDQwLCgUVCgkICwIeAQIXgAIZARYhBI8Xd3EYoz3am6SOYqrLMkNjAFLZBQJc sIi6BQkLT1TRAAoJEKrLMkNjAFLZ76YOnA5g0BjPqLGeKhfEdntDVCs6Yt2bubYv Xnnt11JlCmH8A+DKdcabnPpphrHPOrdBGlstm/+KhVJ2otV0y7LpZ0mid+foX/nc 1YVjqLCTeIDKO+ES6Yt7/08e/vnQKPgBxlF6qGsUsH6ckdBSzRJIInrFNziBbiHq dKJFw93vYVTJ9m5IGP8bRJ3lsS7lOy63DEHMJDXqk9q6+Y7yVqz2+wH4lhgJ0KJl lYqQGT/0Vv2od47cjRSimCbLIb3WJnbGdSufXtUKKriz272eNGC9RNQ7mYxqvm+X WiMUzXeDEaegaUP5BGPsTGu6hRjZYHKjbcAyApYmk/8OUvK2f0FJaZHRsIpDsv2W BQAKXwkgap1nm3PiYfSS0daP9KobTzP2m+lr/r4d5uixDLryiWnUK2jCAxONuy2g Nwd0rRJxMesOS/1kV9Kop4xIpGdx/wzTh86fq2bDRmZKpv2NdZkNR+gOPd7VwZyJ mVNoAINKP/MN48o2w+j8xVRhVkJU/SpqOXL7pyR8dUcnL9lyS4Z8rxeuk+uHXypa 2TGlsWn0judK0PkLSLfdZdmXqWHPdmfFK8sHMt72+I4RtaD0Xrd+2f2U5j5EnQjQ RjbFhsPVnPZYjyCnR8LBaAQTAQoAPgIbAwgLCQgHDQwLCgUVCgkICwIeAQIXgAIZ ARYhBI8Xd3EYoz3am6SOYqrLMkNjAFLZBQJZzTZ7BQkHhUwSAAoJEKrLMkNjAFLZ g9gOoJauK/dNNH+tyzxaiExoDTQ8QW77GrVx3XQMwqxg3iOZ2T7ekh09gQeX/4j+ Lv/XI9Co1Aj3dw8zfLnVt+f2pvHiQbnWCTTRIuNv4ymcEZUTV2xZ1m7U8iEKbsdd YBHHdHHYgPATs8U/S2pUU6/WSx6bhI1jtjq4WI4fFDj1TCf+OkCQ6ygAYSc8tqPl IaIJr6yFa7v3T+9Dh/+/S+GpWnoIlcFbAqFvNOYp9VNnrlvL1YZ2BXGKQNIAD1CJ +1ZtUgHb5RtiSphsoGVX8kegOY9xpGRFVJQ17pqODE7VEh8QbNgcPPAb15xAKYdz 3fj0sfMVe+r6fl3lWzQCrRLvwZ8R0MtS1cmS0pjS4d4MC71kkH4qSUwjhWA9FzEv P8tsH5mnHaPFBsi0J4/XN+JBuVEN7zD+wRLrHhSRB/+3SGHdkrN2JqFlWNqYNoOi Sng7/vAfdLq6L4WEaawuT4dYv69YoyDtIrMtAnDz8TeBrmzteTApqCaTuC3/YT68 QGoKUVzd5asJMa+0kwBe0L5lrVOdPIwO+3T2nDmBgOFZyCFRrwZpCvdvH8volakM /dtwP591ZYhvg235h8lewnstynZN4pAmmJj1uNXhSERM2X6z5/CqT8LBaAQTAQoA JwIbAwUJEswDAAgLCQgHDQwLCgUVCgkICwIeAQIXgAUCVSOlpAIZAQAhCRCqyzJD YwBS2RYhBI8Xd3EYoz3am6SOYqrLMkNjAFLZ9PcOn0Hm3hibYknfxnru43LdXA0o sBOBevQp7jHa2eXlubj736z73goN5x2lfDuL3+VT8dUpfsVkwBxVczih7JB42GeN QVe9IvIODdgsj4zpguVlhkBVIen9SzDl9l/tmbTbF6KA9Ja1B0LDs3YmzTmJg+B0 QTBSxZrbwOuu3xyMCxDJNklHwNJnZ8CM/pu1Pi229rjTWOWSTrc7SYgrsmlqGUau wbyPrR2bYPoMZhOSEn1NGJYTh1L94M59ZuY5GTmDTab2jTCwIE15gcmMl3XHCikC QHgZgVGkxpcu5qtsL0KeUIEKc+h1ifL0nwmt/FPpjryOrgMQmFk8cv0JWzGSa5GP BZ9A8ava4ZdtFTSv2c00oOKGhjk6LhE5DbDroGdGf4N3XSs2k0IjBD7NxiQeAxvA dPSkaPZAwINOLWD6INzGZ0Jy+2Ont3cupETR6JZLhUl+k9LTYdp9vJDSyDcxRQQM eR4rD44MclJcxikTlJ9Aq8v6t7E4vgY/gAxDYo5slzc8g/GUM4+xsuD300voX82t 4kiw2VqZ2PEFc4IUpRaJlAO1ROpeMnG76XqbqfloQ1gxCpDaaf31DeXECr5EC3iu 0P0NJ91rUY039IOHjRTX9UQJCsLBZQQTAQoAJAUCVSOa6QIbAwUJEswDAAgLCQgH DQwLCgUVCgkICwIeAQIXgAAhCRCqyzJDYwBS2RYhBI8Xd3EYoz3am6SOYqrLMkNj AFLZvZsOoKjvoLatMgPVKXFFLZis08PVqEruJkUFY7RVR8Dsf7exCDt9t5IEwqoi 66aC3gkaDRwCNq1sBLCI8vxklE0ubU5fqvpjN5Az903U+xwYTFupqQASh8ARybHp AB6UBn2Q+aHUZoJGq76drO8HVMcJlC+R5KsQDN8YSTAdc7uST6PXYi5KW1BgKh+o wr3B2KmacxG7GPDog9SPIvp/MJrcSnR2+SX5oO+oUCFpUDU73Mkqp8dxhoczm117 6T8I82S4yJGJlIqGGSlaRM5l+ttw0llZRNlORb1GXqMo13Ka7cYLeLA39SIOAPCh 7c17Z06SSG2VhzaUTeqidE9Jz96Y9vaW++v6tW03qC9hqu7ThFN1PRQCoOpqzKpe pdeLBUdnW1TWOmGhxKN4M3K1ZmI4EG/bytBNhrRTfni3eg3ak2i3dYuOHtMzLaSL AF7EFflmik1OVeNCRTCYJ46sYBnpfQCeRNgTViiMJ+mCFcTxf6IHyl3uKPDOFQEx nvjINxgP3ouaEPNQiA2EYBoi+xYeXYM9KXZ55RC1Z1PZCfdmaDTcvMJ4qLP1OVrz wj8RwhrL4ZUpILx84T54PaJquj6BjgEPd0To5ILPR+zc8Qmx4iWcTUR5f87ATQRV I6aWAQgApzVRJF/utO+M73xwoHzrokN49VSBcxkBHh7G6GxzX6N5DvBBhkh4mGVZ 81q4dlMFMtpq1xBb17Hgw5iWmjv4Px/2rAeCfOzk1zSC4OMl5Lby36/CmiDjcJGq gR0tqXiJif4B82MBgJINibabiGG++iHQm9kmkWSVquAMsq7YIyTdgAdbuSd5BVih 1hjqzBrB7AMyfRzDSCaIDM/ztKjbqDnsD/c9tFvMQFMMSYzGfkcdUD3HTLBxye1X D5Iav9AGP5KNMuYko2M/cnKemxl3KIZlpcZR+aErj5U5XaOhOt+kuAUwC6RcLtPK 4YhOA5tCTe9lHODdbk/k7BGXXeSQVQARAQABwsJpBBgBCgAgAhsCFiEEjxd3cRij PdqbpI5iqssyQ2MAUtkFAmbMKgoBKQkQqssyQ2MAUtnAXSAEGQEKAAYFAlUjppYA CgkQciO1ZnjgJSimlAf/eQTOhj7aSKAgiMYK3JaMXd5Xa8YHPi1OJKzeYLWEJDQ4 /2LW6Ke2r0a36bTkuVJMW4q73VDRjcCsIMA0BtqAOZLtFVKFsg2E9lfsjcIX87z1 NvcMoNMJ1oOG546uZOkpfonb1zajlMNtUiMZyNUyy9BDIz+jr/LsNc/wF2TIj97B 2wS3y6T1PhWllMFXWKDj33zRjNFrKSlgWg6fQv4xdx//yiQCmO0x6FEjM1F6NhPf TfDVHxd9AgoNZFEYPBBc715VJqLD5nYRsTihE6RjkiZqUP6wrgViezGcrjDc7vh8 aVgJ3dDZwCNJJ/JUSpyPK5SiDpaByZZ4ozEJMtmk73ZJDqCfNAN62QbHbLc5IOPz rF888UKyPNkKFLNQT1mttFCUYrMR4oslwQEOTsh4tsRJeWQVeij00K30yx5XvOKf pN0QhKyqBUruYjlmiiSL2RAzOnd4wsg38oXiyllhMuH9Org7Row5j0jNo4r5xs9i BydPVcMAv1UAG692NYwBSnjtdiCwcfjs82bzB89mmhRe8yWWz7jWUNq69hWpauNG jLdOxZ/L0wwjFAI3CgTnZQ4JALyl/kArtLP3lwStEkachzEfC4Eo6FYXCytUNdcC n90lFoj9Ppwc22e1gOXJbcO4qRL4TW4E1pefy4VYKx3wv/FAReqph8/wt1qOVHP/ cpxWUBkdAZX8DcVNuSEBXXh71dOnCMSmCP6TO38PL8u3CWnkNEkT2BOmFHRpYnUM 3/GIWzvOxTanfgIKZQUieYrGQK2KQyTQH3EoB+RIaBgmFZNc//+gWVHnRToTorde y80a3RGewdMeQNnL9529SlaUYKj4+r4hergrd2MQDy6RMYVjKJzuUnj0hd4thsab 0Gf4fb1f18RqYr49ir4WlqzplBgyc8caH9eDbOY+F+8oXeWKL3gdz+wnmH0FgjE4 niN2YecB8Dl8eaLNZm1k3gGqpp5zusbCwm8EGAEKACYCGwIWIQSPF3dxGKM92puk jmKqyzJDYwBS2QUCZd2kvgUJEadMKAEpCRCqyzJDYwBS2cBdIAQZAQoABgUCVSOm lgAKCRByI7VmeOAlKKaUB/95BM6GPtpIoCCIxgrcloxd3ldrxgc+LU4krN5gtYQk NDj/Ytbop7avRrfptOS5UkxbirvdUNGNwKwgwDQG2oA5ku0VUoWyDYT2V+yNwhfz vPU29wyg0wnWg4bnjq5k6Sl+idvXNqOUw21SIxnI1TLL0EMjP6Ov8uw1z/AXZMiP 3sHbBLfLpPU+FaWUwVdYoOPffNGM0WspKWBaDp9C/jF3H//KJAKY7THoUSMzUXo2 E99N8NUfF30CCg1kURg8EFzvXlUmosPmdhGxOKETpGOSJmpQ/rCuBWJ7MZyuMNzu +HxpWAnd0NnAI0kn8lRKnI8rlKIOloHJlnijMQky2aTvtHAOn3/p4ELwl8ucO3IW Q7JaXuvON4UmSKRZuMDktq6Y/0yQQ8AGuRSzknaTVMfRpMD1AVnusOsh5BGQ7RhA 7/yzRMtPlzzSvVkr9TSSdamZ3EuvenAWEtA1nvd/u/fzlFyNPGz79IJWQdcqIpX1 gi/y2Ai+q7U7XtCI0J/acut4ID5oArqC3FQ85EhipqIO/HCSAUSUg1AKS/HczsSV k4l91gtxi5lxye/7xYOwCQRPe9CyJGQxEg3yeLgwOUhmCTxp4bqfCIzWbjtx8g/x UFdfSKrXKyS1ARFo7Wj0xepSznULTEE+X3efIxsiO77fRIYu852HxBNDRCBUAnFz IOvj0QDapywcbzIbUBEmTYVxxl8T5Eb+wT9MFM72aiW5dgKeur6tDa2rHbBIlMzw YSq4vjTRUgCN2Vq0S+HuqydcoB0ZvCqlNV1FUSmV5euDEvcRkKbFrFksDlq+aAYh tZtII9uUdH5o+dqWcMXSOA2Ben/INHMUJgzhDXlztXWi8dt2PAPR/Wb3W2+t7s8W XLwrCSLrXMoExqonPemiRno1xXBvYnKdYCtpz1yAyM/ZvQbXjTbgSAy3M5Jy4wcA dxK7fYRuPcMNm02fJswz8Cwz2UVmMDUMmMLCbwQYAQoAJgIbAhYhBI8Xd3EYoz3a m6SOYqrLMkNjAFLZBQJkJqs9BQkQ5DgnASkJEKrLMkNjAFLZwF0gBBkBCgAGBQJV I6aWAAoJEHIjtWZ44CUoppQH/3kEzoY+2kigIIjGCtyWjF3eV2vGBz4tTiSs3mC1 hCQ0OP9i1uintq9Gt+m05LlSTFuKu91Q0Y3ArCDANAbagDmS7RVShbINhPZX7I3C F/O89Tb3DKDTCdaDhueOrmTpKX6J29c2o5TDbVIjGcjVMsvQQyM/o6/y7DXP8Bdk yI/ewdsEt8uk9T4VpZTBV1ig49980YzRaykpYFoOn0L+MXcf/8okApjtMehRIzNR ejYT303w1R8XfQIKDWRRGDwQXO9eVSaiw+Z2EbE4oROkY5ImalD+sK4FYnsxnK4w 3O74fGlYCd3Q2cAjSSfyVEqcjyuUog6WgcmWeKMxCTLZpO+Duw6gn//+G1c64H4Q jJk16GIvUpTYWSNVrhCmI11vQH747N3dChcSkwPrMp7vT1H1bemOyyZDY3efKJma MWAQbEViilmG/ppwOwpuhBGqK6lkFiENosIFcrxxepIexBu42w67k6/6EKduWYXs wcqFZSIemLa+akfP+f8xQaDWeT3y8nGkFMLKqVnkNuOAlXdKn5360l4Fv55BXLTS CjBbJuqo37eQL9umSUVkS55xRDXAYcwV13RJ6uRtq28AE/N6C8d6etyP36dE03Gy rZRYRNej6Ztp0VnRym2/WQ+6ZGvafLmxlGGovTpmb90WgNdHjompVkWNbZAW1gOj feeTdySaEgL+72gXu6T96jxzmYIkmEFln53kk+G9R6WXh4vtjVgbvQZm2wUBuCLY PVbSJpQBhyR1YQuIdlys1liCAJ5qHi9clpfgsXEwpoqVkT5NZRTlEvEFuVQSDvrv QRoeRT71VTWEmtLSvRheQ6zbRZC/zYc0FwOlH/tmno/0CqdHeB5Bte0l738pBKi0 6GxwN78VqTBZ2WYSOP0lX4TN/imn2nLckk6yVrd2bjp38b9xn3pO0BIpjgle/spS Lv8S2ZWwZUcOlB7qzCmV6UaGDnZdKjlIoNBHwsJvBBgBCgAmAhsCFiEEjxd3cRij PdqbpI5iqssyQ2MAUtkFAmM3gxcFCQ8NCAEBKQkQqssyQ2MAUtnAXSAEGQEKAAYF AlUjppYACgkQciO1ZnjgJSimlAf/eQTOhj7aSKAgiMYK3JaMXd5Xa8YHPi1OJKze YLWEJDQ4/2LW6Ke2r0a36bTkuVJMW4q73VDRjcCsIMA0BtqAOZLtFVKFsg2E9lfs jcIX87z1NvcMoNMJ1oOG546uZOkpfonb1zajlMNtUiMZyNUyy9BDIz+jr/LsNc/w F2TIj97B2wS3y6T1PhWllMFXWKDj33zRjNFrKSlgWg6fQv4xdx//yiQCmO0x6FEj M1F6NhPfTfDVHxd9AgoNZFEYPBBc715VJqLD5nYRsTihE6RjkiZqUP6wrgViezGc rjDc7vh8aVgJ3dDZwCNJJ/JUSpyPK5SiDpaByZZ4ozEJMtmk76KpDp4jYQq0Pb7o BshykVq0yvDVgCKxBkHjdtiEDRFQZZnxFfzupoi9W8nkxB+9NbGxxGIQow73WtfF fMEJRvPkQZ8fgWaaoxsjlmwv/NSSaGFQePsNMAs6fulYN3+h5e8Tf+pP3m6OPRfw sRXhi3shj2InnsrYm1rTtI4/VI2V6h5Yml0LFvvrUH5x36hXJtKggWr4mSloPq3S A7OrTncvTlf69D0Ap6ek9iv54nTaADW70Oru4bB+QPW8Ej1ZvGz6yWefNu8G943i W9i8UegI48ohn7gHJ7z19mvPHAgjHY2pVieHyMz25VC6TUVcxrdkpQGUXwrPzysQ 2xk5G3uGlm8bbpK2xbuHyQm8mehQ6kUPKp5bHP5+Lemz+I0YsQWZfCFl8Jf5g8AV c2b6+EtPyGzHNh18LrsKl5PHUhe9nHoxEw9Kta3/qHZXevTEhq2dlL5I4EokpSTg vMiVPm5RAnXLsqkg4Ez5+m1VPDgGxQ2hhVmdnC096QYgjqYindbICXJWTurJJ1Jn o1Zzh/GD6sEDEtgXH8Ueo5Ixp1fHatFWMBRauCtd8eGMt6xJpsuYI/EVlpvFDvo6 0AidFVEi3gVJPYsi5cS+6kwP16X8IFz7shCJejzCwm8EGAEKACYCGwIWIQSPF3dx GKM92pukjmKqyzJDYwBS2QUCYkZApgUJDhvFkAEpCRCqyzJDYwBS2cBdIAQZAQoA BgUCVSOmlgAKCRByI7VmeOAlKKaUB/95BM6GPtpIoCCIxgrcloxd3ldrxgc+LU4k rN5gtYQkNDj/Ytbop7avRrfptOS5UkxbirvdUNGNwKwgwDQG2oA5ku0VUoWyDYT2 V+yNwhfzvPU29wyg0wnWg4bnjq5k6Sl+idvXNqOUw21SIxnI1TLL0EMjP6Ov8uw1 z/AXZMiP3sHbBLfLpPU+FaWUwVdYoOPffNGM0WspKWBaDp9C/jF3H//KJAKY7THo USMzUXo2E99N8NUfF30CCg1kURg8EFzvXlUmosPmdhGxOKETpGOSJmpQ/rCuBWJ7 MZyuMNzu+HxpWAnd0NnAI0kn8lRKnI8rlKIOloHJlnijMQky2aTvah8OnREtrdhU VnpbTCF+TPIsp0mcEpcJuENMqs98Fv8Zk3hcUrFBM43OQUNRygnwjkexESN9BXox FNJD52l6AOJqspLs6mEvghU5txDpg5EWsvGgCYKDIOG0lrJHHh/j7U5biF8+P8p0 jEFv8wz3VESyXVWn2I9H4E1SmXW20S+TJPsQUIWjLPy4pyUi4SJSIEgRDnCkcnnv XAJcn3tYZeJDk63KzPiarpjNuGfSrTRcu3PdNIu4RzogogZ2RJarqAWpCDoLowAp sC7xrRE21/BGMlEFGffeDFrjFOkR9nR5UTKyu17mhWoyTF0au7Mfajmet4qHPLVV rwiYvafRuJiIimNilozV7EJUdAtZ9Xf3kTCd8EWYsgTSKL6OeJcSFxy1MK8W1LA6 ikbKF+Ir1AYuWwluGRMu9bafWz01o+y+NsUTZYAKf8EKP9AqrdpTo/0yhUNMU3fA bJkVy9zdC0xJ7ZYr6TIXc3Nc2zX/0JwM9/jTlJ9mm/0NiCfWqsxj3ZhGhMkNED9P wDHq7iaeDop3XenvqgpSRc8O05gA6zF7OIplPs7qLM2J8RXIW1vbBtLDlGaTcmfQ ClbTjfy5EvwEyB1595Ip6j13JSRjh6zbhC02KpDjG8LCbwQYAQoAJgIbAhYhBI8X d3EYoz3am6SOYqrLMkNjAFLZBQJhVk+dBQkNK9SHASkJEKrLMkNjAFLZwF0gBBkB CgAGBQJVI6aWAAoJEHIjtWZ44CUoppQH/3kEzoY+2kigIIjGCtyWjF3eV2vGBz4t TiSs3mC1hCQ0OP9i1uintq9Gt+m05LlSTFuKu91Q0Y3ArCDANAbagDmS7RVShbIN hPZX7I3CF/O89Tb3DKDTCdaDhueOrmTpKX6J29c2o5TDbVIjGcjVMsvQQyM/o6/y 7DXP8BdkyI/ewdsEt8uk9T4VpZTBV1ig49980YzRaykpYFoOn0L+MXcf/8okApjt MehRIzNRejYT303w1R8XfQIKDWRRGDwQXO9eVSaiw+Z2EbE4oROkY5ImalD+sK4F YnsxnK4w3O74fGlYCd3Q2cAjSSfyVEqcjyuUog6WgcmWeKMxCTLZpO+rGQ6fS2fh llLXiFTbF+NNTMllOliOQg2frN5u8ZA6oCx/C4gaMla2zwyRpbUD75b7vzC/ij0G 0PlVECGP3nM4UiVNILBz19egP5WGgIKr7NzJt9FdNyWsf2QKX36wAos+801xJIY/ XJEgIye9RGGwK9Ug4ZLZqG2Z7epmDBR0elbolEi+UKOh3cSYt2+rQM87ACWOR7V/ WY7lLspuS1cCGjAwYSDpsF23wor4gC/zGNkdAX0mRzQP73xarNl8iM5dkaQiy0x7 R0/4MXJ0NOHuZHFxyzRoG5XGg6FMn5LlLBijfmWrFQRtr7t1BBnjfZifllpcjRPV u77wZYFEu7nwOn3k+AhlwuFC+DiFW/KaO96DKvfaGokrjaE7lFrseqrZ79KGoe4G vs6pZu/prCJBk0KHmveBCfQjLtyjCWy5TyYHfDm0XZnNHmcPhpyVOqjb7T/M4Od1 ubO+mzCTS97tgLBsddeKZE45IWERiESZ4E9K1s2xOH2t24d0AxQPW+HXaHKjTRMB NPpP+RsIDw6h+ZV+l/+8AxFTaIWkK5Vowf1amMak6CByar6MQ1WXA0aQTfQ+B8P9 OqplV/1ZFRSpnMeHVzLsuQA8nqKQNAPCWMculZmntCCrwsJvBBgBCgAmAhsCFiEE jxd3cRijPdqbpI5iqssyQ2MAUtkFAmBlDRQFCQw6kf4BKQkQqssyQ2MAUtnAXSAE GQEKAAYFAlUjppYACgkQciO1ZnjgJSimlAf/eQTOhj7aSKAgiMYK3JaMXd5Xa8YH Pi1OJKzeYLWEJDQ4/2LW6Ke2r0a36bTkuVJMW4q73VDRjcCsIMA0BtqAOZLtFVKF sg2E9lfsjcIX87z1NvcMoNMJ1oOG546uZOkpfonb1zajlMNtUiMZyNUyy9BDIz+j r/LsNc/wF2TIj97B2wS3y6T1PhWllMFXWKDj33zRjNFrKSlgWg6fQv4xdx//yiQC mO0x6FEjM1F6NhPfTfDVHxd9AgoNZFEYPBBc715VJqLD5nYRsTihE6RjkiZqUP6w rgViezGcrjDc7vh8aVgJ3dDZwCNJJ/JUSpyPK5SiDpaByZZ4ozEJMtmk7wQ+Dp9c 54bDBc1tz6UOzatiXI1wuMGpIvoI+tCtxJ8EwryXidruEU3mt8JtJR1E/ZtK990t 7Q5UWZka8CQES+C8ro0eWZChLuBay30zJXqj+/U2s0gemo6xuJZkzz+vyfSt4GQq ht9Q0+5HpQzjXtJ2T4ZinVNTTvhtMJcMdwrn135oSvFybAvm94BrRk5COJ0Oh7VO oU5hbyrk6bBcPCOgjwQR71KtvdLY36dlhw9Z0jFJssXudfa1Yj7r1q7bJbnWdE8o y4kOm+Y/82qYmnp/iDq57HSQSUDyhfO+eTp3np5giEWGC61uB0u2GAK/U3jduN1+ FG8zGvTbh+b/xF/EAQJMtv9J4BIB0l/zZB7tKvZEJ+WLC/6kCrixO/ZTLE4VwquX qOdK/o9LqILl5BkkT2hXEhSJjFx0wZzCtYliRz7GPPyubInUUWtbxPqmKiK7X/3E 6TAhHEJA5VP/MXVpJ08GA4MSBDQM61ak3M3tHKAYHYRAur5wDzO3spQ2AYNfF64/ zH3dscIwwuUYh/D4xXS8emaroqrGuyvEhanSY+015l8qjSyg+NIoLqfVnRtGk6V3 Paq1CdeDceg2jqcRu+RNZaGP5ZvFrFw+QrjSKo2Wh+WhuADCwm8EGAEKACYCGwIW IQSPF3dxGKM92pukjmKqyzJDYwBS2QUCXLCI3AUJC09JRgEpCRCqyzJDYwBS2cBd IAQZAQoABgUCVSOmlgAKCRByI7VmeOAlKKaUB/95BM6GPtpIoCCIxgrcloxd3ldr xgc+LU4krN5gtYQkNDj/Ytbop7avRrfptOS5UkxbirvdUNGNwKwgwDQG2oA5ku0V UoWyDYT2V+yNwhfzvPU29wyg0wnWg4bnjq5k6Sl+idvXNqOUw21SIxnI1TLL0EMj P6Ov8uw1z/AXZMiP3sHbBLfLpPU+FaWUwVdYoOPffNGM0WspKWBaDp9C/jF3H//K JAKY7THoUSMzUXo2E99N8NUfF30CCg1kURg8EFzvXlUmosPmdhGxOKETpGOSJmpQ /rCuBWJ7MZyuMNzu+HxpWAnd0NnAI0kn8lRKnI8rlKIOloHJlnijMQky2aTvZZoO niqm+87OELpGHg3/DgaXibZ91OA/FrW4JniOeax2eZwoFiaMW98en1u7hA6uFKOK BGiBIOZOxESFOTSNf3AQGawUJRImZ7O4+p0sm7g37p5vVVLbpcjZNZ+3MPtUkX/s uZIqiMJ0khmo6x5Ce0QwjegKXRDu1xXTywnVlzb77OGciP63J0jqpUyf1haEb0rm 4+OEDyB18PjG/8RSqUXHKsg26HlPmvYeeyRhcFAKf1yq9Ozaw0FGZ+UIUb630PA9 DtewUsqnKcRo2TpYl67sxc+7eRvgslK76Zvvih5la7SQBgSLVByRhcIIVxVnvDX0 cvoO16HfxLCZlTlzTi0np44yvqlR+SmzBq8vgJXrvAkVpHlGckdupFDKrA9Awy9a WYO4WSpX8nLdAkf8VvHee+rxYS+RBOs6j4IG4PiHydvTWasNUcnpVxsQ0/GKRzNk Pg2VdW2IrU6hFgnt0U5diq+3KqFVzTHgnYOne12FDTasYk1AwadVZJkkgXBPywe7 HMY8I3HOIuXj8Uk49t8G67x/8MBGx0abHxZ++NnMAzKwlMILkErv+280k5FPv+Vr 8qk6LuZtYtd9twX21j2hm7mk+3lKCABUY7ga6L1PJGP0idNjMsLCbwQYAQoADwIb AgUCWOYjtgUJB4TkIAFACRCqyzJDYwBS2cBdIAQZAQoABgUCVSOmlgAKCRByI7Vm eOAlKKaUB/95BM6GPtpIoCCIxgrcloxd3ldrxgc+LU4krN5gtYQkNDj/Ytbop7av RrfptOS5UkxbirvdUNGNwKwgwDQG2oA5ku0VUoWyDYT2V+yNwhfzvPU29wyg0wnW g4bnjq5k6Sl+idvXNqOUw21SIxnI1TLL0EMjP6Ov8uw1z/AXZMiP3sHbBLfLpPU+ FaWUwVdYoOPffNGM0WspKWBaDp9C/jF3H//KJAKY7THoUSMzUXo2E99N8NUfF30C Cg1kURg8EFzvXlUmosPmdhGxOKETpGOSJmpQ/rCuBWJ7MZyuMNzu+HxpWAnd0NnA I0kn8lRKnI8rlKIOloHJlnijMQky2aTvFiEEjxd3cRijPdqbpI5iqssyQ2MAUtkf uQ6eMKE/5Y+LiZeOuuFy3cmz7X7DBVDrRmIQSuun8j12z2ovl2712UkgDnu+EDzt XKAEK3052ZoVpNsvGki2MMBx2krUmtFwoAhk6MEgpqlGRcfhs5Br5fePHC/nytCm pVPNGsbOzDEwW5cVW44dg9y+2Im+ucC08novx4DE94p21Kf9l4LKztQFH3eSSyjN KFYZ8i5sdwQeyGQRA8rUBAV0h4O/sYa7t8AaTsly2/glzW9D3i/q7m3YdmB+M5Ku CqpIVhIrVnrQwTGn/W3EgNIfw2PgAvnAVwkNEIVpUM+V5Mo9sh5F9uY4EQ5a8t56 005k7Wz8a2g8i08kQbdFIbcmIhMu13SD98i77LInlCp8Hz/t9orplWG4lRg1L5s2 HhDOQN/PdliEenCgUArOh9iw+sMok5dWeNbuQIX2gAIT3e5s2+BjOVN3cMfu4ggl sqdO5dg3Doyf6ei8eomAMwBEVcMzP+HvY3LENbWV1B4LYv6Z6XRZu5d/cZDeFa0A f0TRgaikmH9/4lNxL3g3u7ywkLQVKdJ+gof/vlb9aHhpcAvCGkSF6RwKnpTxKPfU ajxWiOQvtFQahWqxq+s5OKNO7o9lAT9QHiTmq8/Vldf/J5bnBYy0wsJvBBgBCgAP BQJVI6aWAhsCBQkDwmcAAUAJEKrLMkNjAFLZwF0gBBkBCgAGBQJVI6aWAAoJEHIj tWZ44CUoppQH/3kEzoY+2kigIIjGCtyWjF3eV2vGBz4tTiSs3mC1hCQ0OP9i1uin tq9Gt+m05LlSTFuKu91Q0Y3ArCDANAbagDmS7RVShbINhPZX7I3CF/O89Tb3DKDT CdaDhueOrmTpKX6J29c2o5TDbVIjGcjVMsvQQyM/o6/y7DXP8BdkyI/ewdsEt8uk 9T4VpZTBV1ig49980YzRaykpYFoOn0L+MXcf/8okApjtMehRIzNRejYT303w1R8X fQIKDWRRGDwQXO9eVSaiw+Z2EbE4oROkY5ImalD+sK4FYnsxnK4w3O74fGlYCd3Q 2cAjSSfyVEqcjyuUog6WgcmWeKMxCTLZpO8WIQSPF3dxGKM92pukjmKqyzJDYwBS 2SdFDqCQhkxPtU8bSCD034XTNftjRsKAZNTlUf98R38vNRNFAvSozP4wvH8xdbeJ xpAX7Ww94yJIoMBTXG65i3yfelXmCmbXMPT64IEQzOrDDFEYOiMNpGzbUIiBG7q8 JFDcwMWmIkqNiproRe2SJt5NYjrKj3D11Qf46LDSyQ0sX8wnEbC8TvgnUGvam8Gx M648IvQ12TTfbTu4WFGNbLiiepsQnjMD4vrv9hHMIJu1Zu6g66yf2upDCKvRUdsF ybsUi/BbxTf1qXFYkiXOnf/mxEbYurjGZgjLSjEdA1oeufDUo6Pnt3wURZzith5m NM5iSTI5553P1qC6XrPrKRrU48vTtApv6VnkiVzTL5g5K00bp8h+Jei0kFwlAF3I 7F3GCr9oNU6kv0QGnNjirXWhvz1zx6qyiebPxCCjs+KFpMzJelkT9+k8HaEcQb8j Eaxfc5zl/31xwkf8rn+BIpafCej+AfFDJsulpT7L2uEFhYZnPuXPJ9kgXVAgFdpp IMKgqQ00eQrPY2GpdVHMZhWQVTiF2pAIXuuOvCDrchRMjVWBfbWiDAy/WBbpJema F+1IHcH5ym0EFgUY4xaXIoGjRV7sJBA4eDATYnEjnYaCLRIPPZRG88U= =DRsl -----END PGP PUBLIC KEY BLOCK----- """ sequoia-sq-1.3.1/sq-subplot.md000064400000000000000000001471111046102023000143550ustar 00000000000000--- title: "Sequoia-PGP sq" subtitle: "integration tests, requirements, acceptance criteria" authors: "The Sequoia-PGP project" bindings: - subplot/sq-subplot.yaml - lib/files.yaml - lib/runcmd.yaml impls: rust: - subplot/sq-subplot.rs classes: - json ... # Introduction The [Sequoia-PGP][] project is an implementation of the [OpenPGP][] standard for encryption and digital signatures. Sequoia itself is a library for the Rust programming language, as well as the `sq` command line tool for people to use directly. This document captures the requirements and acceptance criteria for the `sq` tool and how they are verified, and at the same time acts as an integration test for the tool. [Sequoia-PGP]: https://sequoia-pgp.org/ [OpenPGP]: https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP ## Testing approach for sq This document explicitly only covers integration and acceptance testing of the `sq` command line tool. It does not try to verify that the underlying library implements OpenPGP correctly: the library has its own test suite for that. Instead, this document concentrates on making sure the `sq` command line tool behaves as it should from an end-user's point of view. We make the following simplifying assumption: we know the `sq` developers as competent developers, and assume that they don't entangle unrelated functionality. By this we mean that we feel we can assume that the code in `sq` that reads input files is separate from the code that compresses it, which in turn is independent of the code that writes output as text or binary data. Thus, we verify each such functionality independently of each other. This drastically cuts down the number of feature combinations we need to test. If this assumption turns out to be incorrect, we will rethink and revise the testing approach as needed. We also know, by inspection, that `sq` uses the well-known, well-respected Rust library `clap` for parsing the command line. Because of this we feel it's not necessary to verify that, for example, `sq` notices that a required argument is missing from the command line, or that it notices that there are extra arguments present. We will concentrate on testing that when invoked with valid arguments results in expected output. ## Using Subplot and this document The acceptance criteria and requirements are explained in prose and when they can be verified in an automated way, that is done using _test scenarios_. Both the prose and the scenarios are meant to be understood and agreed to by all stakeholders in the project. The [Subplot][] tool is used to render this document into human-readable form (HTML or PDF), and to generate a test program that executes the scenarios and checks they all pass. To achieve this, run the following commands: ~~~sh $ git clone https://gitlab.com/sequoia-pgp/sequoia-sq.git $ cd sequoia-sq $ subplot docgen sq-subplot.md -o sq-subplot.html $ subplot docgen sq-subplot.md -o sq-subplot.pdf $ cargo test ~~~ If you only care about generating and running tests, you only need to run `cargo test`. All the dependencies for that are automatically handled via `Cargo.toml`. To generate typeset documents (HTML and PDF), you need the following software installed: * [Subplot][], via cargo install or a Debian package (see its website) * Pandoc * Parts of TeX Live (for PDF) * Graphviz On a Debian system, that means the following packages: > `subplot pandoc pandoc-citeproc lmodern librsvg2-bin graphviz > texlive-latex-base texlive-latex-recommended > texlive-fonts-recommended plantuml` [Subplot]: https://subplot.liw.fi/ # Smoke test _Requirement: We must be able to invoke `sq` at all._ This scenario verifies that we can run `sq` in the simplest possible case: we ask the program for its version. If this works, then we know that the executable program exists, can be invoked, and at least some of its command line parsing code works. If this scenario doesn't work, then we can't expect anything else to work either. ~~~scenario given an installed sq when I run sq version then exit code is 0 then stderr matches regex ^sq \d+\.\d+\.\d+ ~~~ # Key management: `sq key` This chapter covers all key management functionality: the `sq key` subcommands. ## Key generation: `sq key generate` This section covers key generation with `sq`. Keys are somewhat complicated: it is possible to have keys for specify that they can only used for specific operations, or the time period when they are valid. Different cryptographic algorithms have different kinds of keys. We verify these by varying what kind keys we generate and that they look as expected, when inspected. ### Generate a key with defaults _Requirement: We must be able to generate new encryption keys and corresponding certificates._ This scenario generates a new key with `sq` using default settings and inspects it to see if it looks at least vaguely correct. Note that in this scenario we don't verify that the key works, other scenarios take care of that. Here we merely verify that the new key looks OK. ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --userid Alice --output key.pgp --rev-cert key.pgp.rev when I run sq inspect key.pgp then stdout contains "Alice" then stdout contains "Expiration time: 20" then stdout contains "Key flags: certification" then stdout contains "Key flags: signing" then stdout contains "Key flags: authentication" then stdout contains "Key flags: transport encryption, data-at-rest encryption" ~~~ ### Generate key without user identifiers _Requirement: We must be able to generate new encryption keys without any user identifiers._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev then file key.pgp contains "-----BEGIN PGP PRIVATE KEY BLOCK-----" ~~~ ### Generate key with more than one user identifier _Requirement: We must be able to generate new encryption keys with more than one user identifier._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --userid Alice --userid '' --output key.pgp --rev-cert key.pgp.rev then file key.pgp contains "Comment: Alice" then file key.pgp contains "Comment: " ~~~ ### Generate a key for certification only _Requirement: We must be able to generate a key that can only be used for certification, and can't be used for signing, encryption or authentication._ Note that `sq` always creates a key usable for certification. ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev --cannot-sign --cannot-authenticate --cannot-encrypt when I run sq inspect key.pgp then stdout contains "Key flags: certification" then stdout doesn't contain "Key flags: signing" then stdout doesn't contain "Key flags: authentication" then stdout doesn't contain "Key flags: transport encryption, data-at-rest encryption" ~~~ ### Generate a key for encryption only _Requirement: We must be able to generate a key that can only be used for encryption, and can't be used for signing or authentication._ Note that `sq` always creates a key usable for certification. ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev --cannot-sign --cannot-authenticate when I run sq inspect key.pgp then stdout contains "Key flags: certification" then stdout doesn't contain "Key flags: signing" then stdout doesn't contain "Key flags: authentication" then stdout contains "Key flags: transport encryption, data-at-rest encryption" ~~~ ### Generate a key for storage encryption only _Requirement: We must be able to generate a key that can only be used for at-rest (storage) encryption._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev --can-encrypt=storage when I run sq inspect key.pgp then stdout contains "Key flags: certification" then stdout doesn't contain "transport encryption" then stdout contains "Key flags: data-at-rest encryption" ~~~ ### Generate a key for transport encryption only _Requirement: We must be able to generate a key that can only be used for transport encryption._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev --can-encrypt=transport when I run sq inspect key.pgp then stdout contains "Key flags: certification" then stdout contains "Key flags: transport encryption" then stdout doesn't contain "data-at-rest encryption" ~~~ ### Generate a key for signing only _Requirement: We must be able to generate a key that can only be used for signing, and can't be used for encryption._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev --cannot-encrypt --cannot-authenticate when I run sq inspect key.pgp then stdout contains "Key flags: certification" then stdout contains "Key flags: signing" then stdout doesn't contain "Key flags: transport encryption, data-at-rest encryption" then stdout doesn't contain "Key flags: authentication" ~~~ ### Generate a key for authentication only _Requirement: We must be able to generate a key that can only be used for authentication, and can't be used for encryption or signing._ Note that `sq` always creates a key usable for certification. ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev --can-authenticate --cannot-sign --cannot-encrypt when I run sq inspect key.pgp then stdout contains "Key flags: certification" then stdout contains "Key flags: authentication" then stdout doesn't contain "Key flags: signing" then stdout doesn't contain "Key flags: transport encryption, data-at-rest encryption" ~~~ ### Generate a key for encryption and authentication _Requirement: We must be able to generate a key that can only be used for encryption and authentication, and can't be used for signing._ Note that `sq` always creates a key usable for certification. ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev --cannot-sign when I run sq inspect key.pgp then stdout contains "Key flags: certification" then stdout contains "Key flags: authentication" then stdout contains "Key flags: transport encryption, data-at-rest encryption" then stdout doesn't contain "Key flags: signing" ~~~ ### Generate a key for encryption and signing _Requirement: We must be able to generate a key that can only be used for encryption and signing, and can't be used for authentication._ Note that `sq` always creates a key usable for certification. ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev --cannot-authenticate when I run sq inspect key.pgp then stdout contains "Key flags: certification" then stdout contains "Key flags: transport encryption, data-at-rest encryption" then stdout contains "Key flags: signing" then stdout doesn't contain "Key flags: authentication" ~~~ ### Generate a key for signing and authentication _Requirement: We must be able to generate a key that can only be used for signing and authentication, and can't be used for encryption._ Note that `sq` always creates a key usable for certification. ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev --cannot-encrypt when I run sq inspect key.pgp then stdout contains "Key flags: certification" then stdout doesn't contain "Key flags: transport encryption, data-at-rest encryption" then stdout contains "Key flags: signing" then stdout contains "Key flags: authentication" ~~~ ### Generate a key for encryption, authentication and signing _Requirement: We must be able to generate a key that can be used for encryption, authentication and signing._ Note that `sq` always creates a key usable for certification. ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev when I run sq inspect key.pgp then stdout contains "Key flags: certification" then stdout contains "Key flags: authentication" then stdout contains "Key flags: transport encryption, data-at-rest encryption" then stdout contains "Key flags: signing" ~~~ ### Generate a version four elliptic curve key _Requirement: We must be able to generate a v4 Curve25519 key_ This is currently the default key, but we check it separately in case the default ever changes. ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev --cipher-suite=cv25519 --profile=rfc4880 when I run sq inspect key.pgp then stdout contains "Public-key algo: EdDSA" then stdout contains "Public-key size: 256 bits" ~~~ ### Generate a version six elliptic curve key _Requirement: We must be able to generate a v6 Curve25519 key_ This is currently the default key, but we check it separately in case the default ever changes. ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev --cipher-suite=cv25519 --profile=rfc9580 when I run sq inspect key.pgp then stdout contains "Public-key algo: Ed25519" then stdout contains "Public-key size: 256 bits" ~~~ ### Generate a three kilobit RSA key _Requirement: We must be able to generate a 3072-bit RSA key._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev --cipher-suite=rsa3k when I run sq inspect key.pgp then stdout contains "Public-key algo: RSA" then stdout contains "Public-key size: 3072 bits" ~~~ ### Generate four kilobit RSA key _Requirement: We must be able to generate a 4096-bit RSA key._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev --cipher-suite=rsa4k when I run sq inspect key.pgp then stdout contains "Public-key algo: RSA" then stdout contains "Public-key size: 4096 bits" ~~~ ### Generate a key with revocation certificate _Requirement: We must be able to specify where the revocation certificate is store._ When `sq` generates a key, it also generates a revocation certificate. By default, this is written to a file next to the key file. However, we need to able to specify where it goes. This scenario tests various cases. ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev then file key.pgp.rev contains "Comment: Revocation certificate for" when I run sq key generate --own-key --without-password --no-userids --output key2.pgp --rev-cert rev.pgp then file rev.pgp contains "Comment: Revocation certificate for" ~~~ ### Generate a key with default duration _Requirement: By default, generated key expire._ We generate a key with defaults, and check the key expires. ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev when I run sq inspect key.pgp then stdout contains "Expiration time: 20" ~~~ The check for expiration time assumes the scenario is run the 21st century, and will need to be amended in the 2090s or by time travellers running it before about the year 2000. ### Generate a key that expires at a given moment _Requirement: We must be able to generate a key that expires._ Note that the timestamp given to `--expire` is the first second when the key is no longer valid, not the last second it's valid. The inspect output is the last second of validity. ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev --expiration=2038-01-19T03:14:07+00:00 when I run sq inspect key.pgp then stdout contains "Expiration time: 2038-01-19 03:14" when I run sq inspect --time 2038-01-20T00:00:00+00:00 key.pgp then stdout contains "Invalid: The primary key is not live" ~~~ ### Generate a key with a given duration _Requirement: We must be able to generate a key that expires in a given time._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev --expiration=1y when I run sq inspect key.pgp then stdout contains "Expiration time: 20" ~~~ ### Generate a key without password _Requirement: We must be able to generate a that doesn't have a password._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev when I run sq inspect key.pgp then stdout contains "Secret key: Unencrypted" ~~~ ### Generate a key with a password _Requirement: We must be able to generate a that does have a password._ ~~~scenario given an installed sq given file password.txt when I run sq key generate --own-key --no-userids --output key.pgp --rev-cert key.pgp.rev --new-password-file password.txt when I run sq inspect key.pgp then stdout contains "Secret key: Encrypted" ~~~ ### Update a key by adding User IDs _Requirement: We must be able to generate a key and add User IDs to it._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev when I run sq key userid add --cert-file key.pgp --name Juliet --email juliet@example.org --output new.pgp when I run sq inspect new.pgp then stdout contains "UserID: Juliet" then stdout contains "UserID: " ~~~ ## Certificate extraction: `sq key delete` This section covers extraction of certificates from keys: the `sq key delete` subcommand and its variations. ### Extract certificate to the standard output _Requirement: We must be able to extract a certificate to standard output._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev when I run sq key delete --cert-file key.pgp --output - then stdout contains "-----BEGIN PGP PUBLIC KEY BLOCK-----" then stdout contains "-----END PGP PUBLIC KEY BLOCK-----" ~~~ ### Extract certificate to a file _Requirement: We must be able to extract a certificate to a named file._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --output key.pgp --rev-cert key.pgp.rev --userid Alice when I run sq key delete --cert-file key.pgp --output cert.pgp when I run sq inspect cert.pgp then stdout contains "OpenPGP Certificate." then stdout contains "Alice" ~~~ # Keyring management: `sq keyring` This chapter verifies that the various subcommands to manage keyring files work: subcommands of the `sq keyring` command. ## Joining keys into a keyring: `sq keyring merge` The scenarios in this section verify that various ways of joining keys into a keyring work. ### Join two keys into a textual keyring to stdout _Requirement: we can join two keys into a keyring, and have it written to stdout._ This is for secret keys, with the output going to stdout in text form. ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --userid Alice --output alice.pgp --rev-cert alice.pgp.rev when I run sq key generate --own-key --without-password --userid Bob --output bob.pgp --rev-cert bob.pgp.rev when I run sq keyring merge alice.pgp bob.pgp --output ring.pgp when I run sq keyring list ring.pgp then stdout contains "Alice" then stdout contains "Bob" ~~~ ### Join two keys into a textual keyring to a named file _Requirement: we can join two keys into a keyring, and have it written to a named file._ This is for secret keys, with the output going to a file in text form. ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --userid Alice --output alice.pgp --rev-cert alice.pgp.rev when I run sq key generate --own-key --without-password --userid Bob --output bob.pgp --rev-cert bob.pgp.rev when I run sq keyring merge alice.pgp bob.pgp --output ring.pgp then file ring.pgp contains "-----BEGIN PGP PRIVATE KEY BLOCK-----" then file ring.pgp contains "-----END PGP PRIVATE KEY BLOCK-----" when I run sq inspect ring.pgp then stdout contains "Transferable Secret Key." then stdout contains "Alice" then stdout contains "Bob" ~~~ ### Join two keys into a keyring _Requirement: we can join two keys into a keyring form._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --userid Alice --output alice.pgp --rev-cert alice.pgp.rev when I run sq key generate --own-key --without-password --userid Bob --output bob.pgp --rev-cert bob.pgp.rev when I run sq keyring merge alice.pgp bob.pgp --output ring.pgp when I run sq inspect ring.pgp then stdout contains "Transferable Secret Key." then stdout contains "Alice" then stdout contains "Bob" ~~~ ### Join two certificates into a keyring _Requirement: we can join two certificates into a keyring._ This scenario writes the keyring to a named file. We assume the writing operation is independent of the types of items in the keyring, so we don't change writing to stdout separately. ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --userid Alice --output alice.pgp --rev-cert alice.pgp.rev when I run sq key generate --own-key --without-password --userid Bob --output bob.pgp --rev-cert bob.pgp.rev when I run sq key delete --cert-file alice.pgp --output alice-cert.pgp when I run sq key delete --cert-file bob.pgp --output bob-cert.pgp when I run sq keyring merge alice-cert.pgp bob-cert.pgp --output ring.pgp when I run cat ring.pgp then stdout contains "-----BEGIN PGP PUBLIC KEY BLOCK-----" then stdout contains "-----END PGP PUBLIC KEY BLOCK-----" when I run sq inspect ring.pgp then stdout doesn't contain "Transferable Secret Key." then stdout contains "OpenPGP Certificate." then stdout contains "Alice" then stdout contains "Bob" ~~~ ## Filter a keyring: `sq keyring filter` The scenarios in this section verify that various ways of filtering the contents of a keyring work: the `sq keyring filter` subcommand variants. ### We can extract only certificates to named file _Requirement: we can remove private keys from a keyring, leaving only certificates._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --userid Alice --output alice.pgp --rev-cert alice.pgp.rev when I run sq key generate --own-key --without-password --userid Bob --output bob.pgp --rev-cert bob.pgp.rev when I run sq keyring merge alice.pgp bob.pgp --output ring.pgp when I run sq keyring filter --experimental --to-cert ring.pgp --output filtered.pgp when I run sq inspect filtered.pgp then stdout contains "OpenPGP Certificate." then stdout doesn't contain "Transferable Secret Key." then stdout contains "Alice" then stdout contains "Bob" ~~~ ### We can filter to stdout _Requirement: we can get filter output to stdout instead of a named file._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --userid Alice --output alice.pgp --rev-cert alice.pgp.rev when I run sq key generate --own-key --without-password --userid Bob --output bob.pgp --rev-cert bob.pgp.rev when I run sq keyring merge alice.pgp bob.pgp --output ring.pgp when I run sq keyring filter --experimental --to-cert ring.pgp then stdout contains "-----BEGIN PGP PUBLIC KEY BLOCK-----" then stdout contains "-----END PGP PUBLIC KEY BLOCK-----" ~~~ ### We can keep only matching certificates _Requirement: we can remove certificates that don't match filter criteria._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --userid Alice --userid Bob --output alice.pgp --rev-cert alice.pgp.rev when I run sq keyring filter --experimental --prune-certs --name Alice alice.pgp --output filtered.pgp when I run sq inspect filtered.pgp then stdout contains "Alice" then stdout doesn't contain "Bob" ~~~ ### We can filter for specific user id _Requirement: we can extract only keys and certificates with a specific user id._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --userid Alice --output alice.pgp --rev-cert alice.pgp.rev when I run sq key generate --own-key --without-password --userid Bob --output bob.pgp --rev-cert bob.pgp.rev when I run sq keyring merge alice.pgp bob.pgp --output ring.pgp when I run sq keyring filter --experimental --userid Alice ring.pgp --output filtered.pgp when I run sq inspect filtered.pgp then stdout contains "Alice" then stdout doesn't contain "Bob" ~~~ ### We can filter for any of several user ids _Requirement: we can extract only keys and certificates with any of specific user ids._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --userid Alice --output alice.pgp --rev-cert alice.pgp.rev when I run sq key generate --own-key --without-password --userid Bob --output bob.pgp --rev-cert bob.pgp.rev when I run sq keyring merge alice.pgp bob.pgp --output ring.pgp when I run sq keyring filter --experimental --userid Alice --userid Bob ring.pgp --output filtered.pgp when I run sq inspect filtered.pgp then stdout contains "Alice" then stdout contains "Bob" ~~~ ### We can filter for a name _Requirement: we can extract only keys and certificates with a name as part of a user ids._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --userid 'Alice ' --output alice.pgp --rev-cert alice.pgp.rev when I run sq key generate --own-key --without-password --userid 'Bob ' --output bob.pgp --rev-cert bob.pgp.rev when I run sq keyring merge alice.pgp bob.pgp --output ring.pgp when I run sq keyring filter --experimental --name Alice ring.pgp --output filtered.pgp when I run sq inspect filtered.pgp then stdout contains "Alice" then stdout doesn't contain "Bob" ~~~ ### We can filter for several names _Requirement: we can extract only keys and certificates with any of several names as part of the user id._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --userid 'Alice ' --output alice.pgp --rev-cert alice.pgp.rev when I run sq key generate --own-key --without-password --userid 'Bob ' --output bob.pgp --rev-cert bob.pgp.rev when I run sq keyring merge alice.pgp bob.pgp --output ring.pgp when I run sq keyring filter --experimental --name Alice --name Bob ring.pgp --output filtered.pgp when I run sq inspect filtered.pgp then stdout contains "Alice" then stdout contains "Bob" ~~~ ### We can filter for a domain _Requirement: we can extract only keys and certificates with a name as part of a user ids._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --userid 'Alice ' --output alice.pgp --rev-cert alice.pgp.rev when I run sq key generate --own-key --without-password --userid 'Bob ' --output bob.pgp --rev-cert bob.pgp.rev when I run sq keyring merge alice.pgp bob.pgp --output ring.pgp when I run sq keyring filter --experimental --domain example.com ring.pgp --output filtered.pgp when I run sq inspect filtered.pgp then stdout contains "Alice" then stdout doesn't contain "Bob" ~~~ ### We can filter for several domains _Requirement: we can extract only keys and certificates with any of several names as part of the user id._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --userid 'Alice ' --output alice.pgp --rev-cert alice.pgp.rev when I run sq key generate --own-key --without-password --userid 'Bob ' --output bob.pgp --rev-cert bob.pgp.rev when I run sq keyring merge alice.pgp bob.pgp --output ring.pgp when I run sq keyring filter --experimental --domain example.com --domain sequoia-pgp.org ring.pgp --output filtered.pgp when I run sq inspect filtered.pgp then stdout contains "Alice" then stdout contains "Bob" ~~~ ## Listing contents of a keyring: `sq keyring list` The scenarios in this section verify the contents of a keyring can be listed. ### List keys in a keyring _Requirement: we can list the keys in a keyring._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --userid Alice --output alice.pgp --rev-cert alice.pgp.rev when I run sq key generate --own-key --without-password --userid Bob --output bob.pgp --rev-cert bob.pgp.rev when I run sq keyring merge alice.pgp bob.pgp --output ring.pgp when I run sq keyring list ring.pgp then stdout contains "Alice" then stdout contains "Bob" ~~~ ### List keys in a key file _Requirement: we can list the keys in a key file._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --userid Alice --output alice.pgp --rev-cert alice.pgp.rev when I run sq keyring list alice.pgp then stdout contains "Alice" then stdout doesn't contain "Bob" ~~~ ### List all user ids in a key file _Requirement: we can list all user ids._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --userid Alice --userid Bob --output alice.pgp --rev-cert alice.pgp.rev when I run sq keyring list alice.pgp --all-userids then stdout contains "Alice" then stdout contains "Bob" ~~~ ### List keys in keyring read from stdin _Requirement: we can list keys in a keyring that we read from stdin._ This isn't implemented yet, because Subplot needs to add support for redirecting stdin to come from a file first. ## Split a keyring: `sq keyring split` The scenarios in this section verify that splitting a keyring into individual files, one per key: the `sq keyring split` subcommand. Or rather, there will be such scenarios here when Subplot provides tools for dealing with randomly named files. Until then, this section is a placeholder. ~~~ given an installed sq when I run sq key generate --own-key --without-password --userid Alice --output alice.pgp --rev-cert alice.pgp.rev when I run sq key generate --own-key --without-password --userid Bob --output bob.pgp --rev-cert bob.pgp.rev when I run sq keyring merge alice.pgp bob.pgp --output ring.pgp when I run sq keyring split ring.pgp then the resulting files match alice,pgp and bob.pgp ~~~ # Encryption and decryption: `sq encrypt` and `sq decrypt` This chapter has scenarios for verifying that encryption and decryption work. The overall approach is to do round trips: we encrypt, then decrypt, and is the result is identical to the input, all good. ## Encrypt to stdout as ASCII armored _Requirement: We must be able to encrypt a file using a certificate, with output going to stdout. We also verify that the encrypted output doesn't contain the message in cleartext, just in case. ~~~scenario given an installed sq given file hello.txt when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev when I run sq key delete --cert-file key.pgp --output cert.pgp when I run sq encrypt --without-signature --for-file cert.pgp hello.txt then stdout contains "-----BEGIN PGP MESSAGE-----" then stdout doesn't contain "hello, world" ~~~ ## Encrypt to stdout as binary _Requirement: We must be able to encrypt a file using a certificate, with output going to stdout. We also verify that the encrypted output doesn't contain the message in cleartext, just in case. ~~~scenario given an installed sq given file hello.txt when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev when I run sq key delete --cert-file key.pgp --output cert.pgp when I run sq encrypt --without-signature --binary --for-file cert.pgp hello.txt then stdout doesn't contain "-----BEGIN PGP MESSAGE-----" then stdout doesn't contain "hello, world" ~~~ ## Encrypt and decrypt using asymmetric encryption _Requirement: We must be able to encrypt a file using a certificate, and then decrypt it using the corresponding key._ This scenario creates a plain text file, generates a key, encrypts and then decrypts the file. The resulting output must be identical to the original plain text input file. This is a very simplistic scenario and does not even try to test harder cases (binary files, very large files, etc). ~~~scenario given an installed sq given file hello.txt when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev when I run sq key delete --cert-file key.pgp --output cert.pgp when I run sq encrypt --without-signature --output x.pgp --for-file cert.pgp hello.txt when I run sq decrypt --output output.txt --recipient-file key.pgp x.pgp then files hello.txt and output.txt match ~~~ ## Encrypt for multiple recipients _Requirement: We must be able to encrypt a message for multiple recipients at a time._ ~~~scenario given an installed sq given file hello.txt when I run sq key generate --own-key --without-password --no-userids --output alice.pgp --rev-cert alice.pgp.rev when I run sq key delete --cert-file alice.pgp --output alice-cert.pgp when I run sq key generate --own-key --without-password --no-userids --output bob.pgp --rev-cert bob.pgp.rev when I run sq key delete --cert-file bob.pgp --output bob-cert.pgp when I run sq encrypt --without-signature --for-file alice-cert.pgp --for-file bob-cert.pgp hello.txt --output x.pgp when I run sq decrypt --recipient-file alice.pgp --output alice.txt x.pgp then files hello.txt and alice.txt match when I run sq decrypt --recipient-file bob.pgp --output bob.txt x.pgp then files hello.txt and bob.txt match ~~~ ## Encrypt and sign at the same time _Requirement: We must be able to sign and encrypt a message at the same time._ ~~~scenario given an installed sq given file hello.txt when I run sq key generate --own-key --without-password --no-userids --output alice.pgp --rev-cert alice.pgp.rev when I run sq key delete --cert-file alice.pgp --output alice-cert.pgp when I run sq encrypt --for-file alice-cert.pgp --signer-file alice.pgp hello.txt --output x.pgp when I run sq decrypt --recipient-file alice.pgp --output alice.txt x.pgp --signer-file alice-cert.pgp then files hello.txt and alice.txt match ~~~ ## Detect bad signature when decrypting _Requirement: When decrypting a message, if a signature check fails, the output file should be deleted. ~~~scenario given an installed sq given file hello.txt given file empty when I run sq key generate --own-key --without-password --no-userids --output alice.pgp --rev-cert alice.pgp.rev when I run sq key delete --cert-file alice.pgp --output alice-cert.pgp when I run sq key generate --own-key --without-password --no-userids --output bob.pgp --rev-cert bob.pgp.rev when I run sq key delete --cert-file bob.pgp --output bob-cert.pgp when I run sq encrypt --for-file alice-cert.pgp --signer-file alice.pgp hello.txt --output x.pgp when I try to run sq decrypt --recipient-file alice.pgp --output alice.txt x.pgp --signer-file bob-cert.pgp then exit code is 1 then file alice.txt does not exist ~~~ # Certify user identities: `sq pki vouch add` The scenarios in this chapter verify the certification functionality: the subcommand `sq certify` in its various variations. ## Certify an identity as ASCII armor _Requirement: We can certify a user identity on a key._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --userid Alice --output alice.pgp --rev-cert alice.pgp.rev when I run sq key delete --cert-file alice.pgp --output alice-cert.pgp when I run sq key generate --own-key --without-password --userid Bob --output bob.pgp --rev-cert bob.pgp.rev when I run sq key delete --cert-file bob.pgp --output bob-cert.pgp when I run sq inspect bob-cert.pgp then stdout doesn't contain "Certifications:" when I run sq pki vouch add --certifier-file alice.pgp --cert-file bob-cert.pgp --userid Bob --output cert.pgp then file cert.pgp contains "-----BEGIN PGP PUBLIC KEY BLOCK-----" then file cert.pgp contains "-----END PGP PUBLIC KEY BLOCK-----" when I run sq inspect cert.pgp then stdout contains "Certifications: 1," ~~~ ## Certify an identity _Requirement: We can certify a user identity on a key._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --userid Alice --output alice.pgp --rev-cert alice.pgp.rev when I run sq key delete --cert-file alice.pgp --output alice-cert.pgp when I run sq key generate --own-key --without-password --userid Bob --output bob.pgp --rev-cert bob.pgp.rev when I run sq key delete --cert-file bob.pgp --output bob-cert.pgp when I run sq inspect bob-cert.pgp then stdout doesn't contain "Certifications:" when I run sq pki vouch add --certifier-file alice.pgp --cert-file bob-cert.pgp --userid Bob --output cert.pgp when I run sq inspect cert.pgp then stdout contains "Certifications: 1," ~~~ ## Certify an identity matched by email address _Requirement: We can certify a user identity on a cert identified by email address._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --userid "" --output alice.pgp --rev-cert alice.pgp.rev when I run sq key delete --cert-file alice.pgp --output alice-cert.pgp when I run sq key generate --own-key --without-password --userid "" --output bob.pgp --rev-cert bob.pgp.rev when I run sq key delete --cert-file bob.pgp --output bob-cert.pgp when I run sq pki vouch add --certifier-file alice.pgp --cert-file bob-cert.pgp --email bob@example.org --output cert.pgp when I run sq inspect cert.pgp then stdout contains "Certifications: 1," ~~~ ## Certify an identity that is not self-signed _Requirement: We can certify a user identity on a cert, even if that user identity doesn't exist on that cert, and consequently has no self-signature._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --userid Alice --output alice.pgp --rev-cert alice.pgp.rev when I run sq key delete --cert-file alice.pgp --output alice-cert.pgp when I run sq key generate --own-key --without-password --userid Bob --output bob.pgp --rev-cert bob.pgp.rev when I run sq key delete --cert-file bob.pgp --output bob-cert.pgp when I run sq inspect bob-cert.pgp then stdout doesn't contain "Certifications:" when I run sq pki vouch add --certifier-file alice.pgp --cert-file bob-cert.pgp --add-userid "My friend Bob" --output cert.pgp when I run sq inspect cert.pgp then stdout contains "My friend Bob" then stdout contains "Certifications: 1," ~~~ ## Certify an email identity that is not self-signed _Requirement: We can certify an email on a cert, even if that email address doesn't exist on that cert, and consequently has no self-signature._ ~~~scenario given an installed sq when I run sq key generate --own-key --without-password --userid Alice --output alice.pgp --rev-cert alice.pgp.rev when I run sq key delete --cert-file alice.pgp --output alice-cert.pgp when I run sq key generate --own-key --without-password --userid Bob --output bob.pgp --rev-cert bob.pgp.rev when I run sq key delete --cert-file bob.pgp --output bob-cert.pgp when I run sq pki vouch add --certifier-file alice.pgp --cert-file bob-cert.pgp --add-email "bob@example.org" --output cert.pgp when I run sq inspect cert.pgp then stdout contains "" then stdout contains "Certifications: 1," ~~~ # Sign a document and verify the signature: `sq sign` and `sq verify` This chapter verifies that digital signatures work in `sq`. Like with encryption, the verification is based on round trips: we create a signature, and that it matches the signed data. We break this into a number simple cases. ## Create signature to stdout in ASCII armor _Requirement: We can create a signature and have it written to stdout in ASCII armor form._ ~~~scenario given an installed sq given file hello.txt when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev when I run sq sign --message --signer-file key.pgp hello.txt then stdout contains "-----BEGIN PGP MESSAGE-----" then stdout contains "-----END PGP MESSAGE-----" ~~~ ## Create signature to stdout in binary _Requirement: We can create a signature and have it written to stdout in binary form._ ~~~scenario given an installed sq given file hello.txt when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev when I run sq sign --message --signer-file key.pgp --binary hello.txt then stdout doesn't contain "-----BEGIN PGP MESSAGE-----" then stdout doesn't contain "-----END PGP MESSAGE-----" ~~~ ## Create signature to named file _Requirement: We can create a signature and have it written to a named file._ ~~~scenario given an installed sq given file hello.txt when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev when I run sq sign --message --signer-file key.pgp --output signed.pgp hello.txt then file signed.pgp contains "-----BEGIN PGP MESSAGE-----" then file signed.pgp contains "-----END PGP MESSAGE-----" ~~~ ## Signed file can be verified _Requirement: We can sign a file and verify the signature._ ~~~scenario given an installed sq given file hello.txt when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev when I run sq key delete --cert-file key.pgp --output cert.pgp when I run sq sign --message --signer-file key.pgp --output signed.pgp hello.txt when I run sq verify --message --signer-file cert.pgp signed.pgp then stdout contains "hello, world" ~~~ ## File is signed with all required keys _Requirement: We can verify that a file is signed by all required keys._ We verify this by signing a file twice, and verifying there are two signatures. We also verify that if there is only one signature, it's not enough, when we need two. ~~~scenario given an installed sq given file hello.txt when I run sq key generate --own-key --without-password --userid Alice --output alice.pgp --rev-cert alice.pgp.rev when I run sq key delete --cert-file alice.pgp --output alice-cert.pgp when I run sq key generate --own-key --without-password --userid Bob --output bob.pgp --rev-cert bob.pgp.rev when I run sq key delete --cert-file bob.pgp --output bob-cert.pgp when I run sq sign --message --signer-file alice.pgp --output signed1.pgp hello.txt when I try to run sq verify --message --signer-file alice-cert.pgp --signer-file bob-cert.pgp --signatures=2 signed1.pgp then exit code is 1 when I run sq sign --message --append --signer-file bob.pgp --output signed2.pgp signed1.pgp when I run sq verify --message --signer-file alice-cert.pgp --signer-file bob-cert.pgp --signatures=1 signed2.pgp then stdout contains "hello, world" when I run sq verify --message --signer-file alice-cert.pgp --signer-file bob-cert.pgp --signatures=2 signed2.pgp then stdout contains "hello, world" ~~~ ## Signed file cannot be verified if it has been modified _Requirement: We can sign a file and verifying the signature fails if the signed file has been modified._ We modify the signed file by removing the third line of it. The file starts with a line containing "-----BEGIN PGP MESSAGE-----" and then an empty line, and the third line is actual data. If we delete that, the file by definition can't be valid anymore. ~~~scenario given an installed sq given file hello.txt given file sed-in-place when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev when I run sq key delete --cert-file key.pgp --output cert.pgp when I run sq sign --message --signer-file key.pgp --output signed.pgp hello.txt when I run sh sed-in-place 3d signed.pgp when I try to run sq verify --message --signer-file cert.pgp signed.pgp then command fails ~~~ ~~~{#sed-in-place .file .sh} #!/bin/sh set -eu tmp="$(mktemp)" trap 'rm -f "$tmp"' EXIT sed "$1" "$2" > "$tmp" cat "$tmp" > "$2" ~~~ ## Create cleartext signature _Requirement: We can create a signature such that the signed data is included in a readable form._ ~~~scenario given an installed sq given file hello.txt when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev when I run sq key delete --cert-file key.pgp --output cert.pgp when I run sq sign --cleartext --signer-file key.pgp --output signed.txt hello.txt then file signed.txt contains "-----BEGIN PGP SIGNED MESSAGE-----" then file signed.txt contains "hello, world" then file signed.txt contains "-----END PGP SIGNATURE-----" when I run sq verify --cleartext --signer-file cert.pgp signed.txt then stdout contains "hello, world" ~~~ ## Cleartext signature cannot be verified if it has been modified _Requirement: If a cleartext signature is modified, it can't be verified._ ~~~scenario given an installed sq given file hello.txt given file sed-in-place when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev when I run sq key delete --cert-file key.pgp --output cert.pgp when I run sq sign --cleartext --signer-file key.pgp --output signed.txt hello.txt when I run sh sed-in-place s/hello/HELLO/ signed.txt when I try to run sq verify --cleartext --signer-file cert.pgp signed.txt then exit code is 1 ~~~ ## Create a detached signature _Requirement: We can create a signature that is doesn't include the data it signs._ ~~~scenario given an installed sq given file hello.txt when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev when I run sq key delete --cert-file key.pgp --output cert.pgp when I run sq sign --signature-file=hello.txt.sig --signer-file key.pgp hello.txt then file hello.txt.sig contains "-----BEGIN PGP SIGNATURE-----" then file hello.txt.sig contains "-----END PGP SIGNATURE-----" when I run sq verify --signature-file=hello.txt.sig --signer-file=cert.pgp hello.txt then stdout doesn't contain "hello, world" then exit code is 0 ~~~ ## Detached signature cannot be verified if the data has been modified _Requirement: If the file that is signed using a detached signature is modified, the signature can't be verified._ ~~~scenario given an installed sq given file hello.txt given file sed-in-place when I run sq key generate --own-key --without-password --no-userids --output key.pgp --rev-cert key.pgp.rev when I run sq key delete --cert-file key.pgp --output cert.pgp when I run sq sign --signature-file=hello.txt.sig --signer-file key.pgp hello.txt when I run sh sed-in-place s/hello/HELLO/ hello.txt when I try to run sq verify --signature-file=hello.txt.sig --signer-file=cert.pgp hello.txt then exit code is 1 ~~~ ## Append signature to already signed message _Requirement: We must be able to add a signature to an already signed message._ ~~~scenario given an installed sq given file hello.txt when I run sq key generate --own-key --without-password --userid Alice --output alice.pgp --rev-cert alice.pgp.rev when I run sq key delete --cert-file alice.pgp --output alice-cert.pgp when I run sq key generate --own-key --without-password --userid Bob --output bob.pgp --rev-cert bob.pgp.rev when I run sq key delete --cert-file bob.pgp --output bob-cert.pgp when I run sq sign --message --signer-file alice.pgp --output signed1.pgp hello.txt when I run sq sign --message --append --signer-file bob.pgp --output signed2.pgp signed1.pgp when I run sq verify --message signed2.pgp --signer-file alice-cert.pgp --signer-file bob-cert.pgp then stdout contains "hello, world" then stderr matches regex 2.authenticated signatures ~~~ ## Merge signed files _Requirement: We must be able to merge signatures of a file signed twice separately._ ~~~scenario given an installed sq given file hello.txt when I run sq key generate --own-key --without-password --userid Alice --output alice.pgp --rev-cert alice.pgp.rev when I run sq key delete --cert-file alice.pgp --output alice-cert.pgp when I run sq key generate --own-key --without-password --userid Bob --output bob.pgp --rev-cert bob.pgp.rev when I run sq key delete --cert-file bob.pgp --output bob-cert.pgp when I run sq sign --message --signer-file alice.pgp --output signed1.pgp hello.txt when I run sq sign --message --signer-file bob.pgp --output signed2.pgp hello.txt when I run sq sign --message --output merged.pgp --merge=signed2.pgp signed1.pgp when I run sq verify --message --signer-file alice-cert.pgp --signer-file bob-cert.pgp merged.pgp then stdout contains "hello, world" then stderr matches regex 2.authenticated signatures ~~~ # ASCII Armor data representation: `sq packet armor` and `sq packet dearmor` The scenarios in this chapter verify that `sq` can convert data into the "ASCII Armor" representation and back. ## Convert data file to armored format to stdout _Requirement: We must be able to convert a file to armored format to stdout._ ~~~scenario given an installed sq given file hello.txt when I run sq packet armor hello.txt then stdout contains "-----BEGIN PGP ARMORED FILE-----" then stdout contains "-----END PGP ARMORED FILE-----" ~~~ ## Convert data file to armored format to file _Requirement: We must be able to convert a file to armored format to a named file._ ~~~scenario given an installed sq given file hello.txt given file hello.asc when I run sq packet armor hello.txt --output hello.out then files hello.asc and hello.out match ~~~ ## Convert data file to armored format with desired label _Requirement: We must be able to convert a file to armored format with the label we choose._ ~~~scenario given an installed sq given file hello.txt when I run sq packet armor hello.txt --label auto then stdout contains "-----BEGIN PGP ARMORED FILE-----" when I run sq packet armor hello.txt --label message then stdout contains "-----BEGIN PGP MESSAGE-----" when I run sq packet armor hello.txt --label cert then stdout contains "-----BEGIN PGP PUBLIC KEY BLOCK-----" when I run sq packet armor hello.txt --label key then stdout contains "-----BEGIN PGP PRIVATE KEY BLOCK-----" when I run sq packet armor hello.txt --label sig then stdout contains "-----BEGIN PGP SIGNATURE-----" when I run sq packet armor hello.txt --label file then stdout contains "-----BEGIN PGP ARMORED FILE-----" ~~~ ## Convert data file from armored format to stdout _Requirement: We must be able to convert a file from armored format to stdout._ ~~~scenario given an installed sq given file hello.asc when I run sq packet dearmor hello.asc then stdout contains "hello, world" ~~~ ## Convert data file from armored format to file _Requirement: We must be able to convert a file from armored format to a named file._ ~~~scenario given an installed sq given file hello.txt given file hello.asc when I run sq packet dearmor hello.asc --output hello.out then files hello.txt and hello.out match ~~~ ## Armor round trip _Requirement: We must be able to convert data to armored format and back._ ~~~scenario given an installed sq given file hello.txt when I run sq packet armor hello.txt --output hello.tmp when I run sq packet dearmor hello.tmp --output hello.out then files hello.txt and hello.out match ~~~ # Web key directory (WKD) support [Web Key Directory]: https://wiki.gnupg.org/WKD [Internet Draft 14 for WKD]: https://www.ietf.org/archive/id/draft-koch-openpgp-webkey-service-14.html [Web Key Directory][] (WKD) specifies how to locate a certificate for a given email address by constructing HTTPS URLs from the email address. It is specified in [Internet Draft 14 for WKD][]. # Test data file We use this file as an input file in the tests. It is a very short file, and a text file, but this is enough for the current set of requirements and scenarios. ~~~{#hello.txt .file} hello, world ~~~ This is the same content, but in ASCII armored representation. ~~~{#hello.asc .file} -----BEGIN PGP ARMORED FILE----- aGVsbG8sIHdvcmxkCg== =FOuc -----END PGP ARMORED FILE----- ~~~ This is an empty file. ~~~{#empty .file add-newline=no} ~~~ This is a file containing a password. ~~~{#password.txt .file} hunter2 ~~~ sequoia-sq-1.3.1/sq.subplot000064400000000000000000000004311046102023000137500ustar 00000000000000title: "Sequoia-PGP sq" subtitle: "integration tests, requirements, acceptance criteria" authors: - "The Sequoia-PGP project" markdowns: - sq-subplot.md bindings: - subplot/sq-subplot.yaml - lib/files.yaml - lib/runcmd.yaml impls: rust: - subplot/sq-subplot.rs classes: - json sequoia-sq-1.3.1/src/cli/cert/export.rs000064400000000000000000000072211046102023000161010ustar 00000000000000use clap::ArgGroup; use clap::Parser; use crate::cli::types::*; use crate::cli::types::cert_designator::CertUserIDEmailDomainGrepArgs; use crate::cli::types::cert_designator::CertPrefix; use crate::cli::types::cert_designator::OptionalValue; use crate::cli::examples::*; const EXAMPLES: Actions = Actions { actions: &[ Action::setup().command(&[ "sq", "pki", "link", "add", "--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0", "--userid=Alice ", ]).build(), Action::setup().command(&[ "sq", "pki", "link", "add", "--cert=511257EBBF077B7AEDAE5D093F68CB84CE537C9A", "--userid=Bob ", ]).build(), Action::example().comment( "Export certificates with a User ID containing the \ email address." ).command(&[ "sq", "cert", "export", "--cert-email=alice@example.org", ]).build(), Action::example().comment( "Export certificates that contain a User ID with *either* \ (not both!) email address." ).command(&[ "sq", "cert", "export", "--cert-email=alice@example.org", "--cert-email=bob@example.org", ]).build(), Action::example().comment( "Export all certificates." ).command(&[ "sq", "cert", "export", "--all", ]).build(), ], }; test_examples!(sq_cert_export, EXAMPLES); #[derive(Parser, Debug)] #[clap( name = "export", about = "Export certificates from the local certificate store", long_about = "Export certificates from the local certificate store If multiple predicates are specified a certificate is returned if \ at least one of them matches. This does not check the authenticity of the certificates in anyway. \ Before using the certificates, be sure to validate and authenticate \ them. When matching on subkeys or User IDs, the component must have a valid \ self signature according to the policy. Fails if search criteria are specified and none of them matches any \ certificates. Note: this means if the certificate store is empty and \ no search criteria are specified, then this will return success. ", after_help = EXAMPLES, )] #[clap(group(ArgGroup::new("some-designator") .args(&["cert", "cert-userid", "cert-email", "cert-domain", "cert-grep", "all"]) .required(true) .multiple(true)))] pub struct Command { #[clap( default_value_t = FileOrStdout::default(), help = FileOrStdout::HELP_OPTIONAL, long, value_name = FileOrStdout::VALUE_NAME, )] pub output: FileOrStdout, #[clap( long = "local", help = "Export local (non-exportable) signatures", long_help = "\ Export local (non-exportable) signatures By default, non-exportable signatures are not emitted when exporting \ certificates, certificate components that are only bound by \ non-exportable signatures are not emitted, and certificates consisting \ of only non-exportable components are not emitted. This flag enables exporting of non-exportable signatures, components, \ and certs. This is useful for synchronization between ones devices, \ for example.", )] pub local: bool, #[clap( long, conflicts_with_all = [ "cert", "cert-userid", "cert-email", "cert-domain", "cert-grep", ], help = "Export all certificates", )] pub all: bool, #[command(flatten)] pub certs: CertDesignators, } sequoia-sq-1.3.1/src/cli/cert/import.rs000064400000000000000000000012311046102023000160650ustar 00000000000000use std::path::PathBuf; use clap::Parser; use crate::cli::examples; use examples::Action; use examples::Actions; const EXAMPLES: Actions = Actions { actions: &[ Action::example().comment( "Import a certificate." ).command(&[ "sq", "cert", "import", "juliet.pgp", ]).build(), ] }; test_examples!(sq_cert_import, EXAMPLES); #[derive(Parser, Debug)] #[clap( name = "import", about = "Import certificates into the local certificate store", after_help = EXAMPLES, )] pub struct Command { #[clap(value_name = "FILE", help = "Read from FILE or stdin if omitted")] pub input: Vec, } sequoia-sq-1.3.1/src/cli/cert/lint.rs000064400000000000000000000062011046102023000155230ustar 00000000000000//! Command-line parser for `sq cert lint`. use clap::Args; use crate::cli::examples::*; use crate::cli::types::ClapData; use crate::cli::types::FileOrStdout; use crate::cli::types::cert_designator::*; /// Checks for and optionally repairs OpenPGP certificates that use /// SHA-1. #[derive(Debug, Args)] #[clap( about = "Check certificates for issues", long_about = "Check certificates for issues `sq cert lint` checks the supplied certificates for the following \ SHA-1-related issues: - Whether a certificate revocation uses SHA-1. - Whether the current self signature for a non-revoked User ID uses \ SHA-1. - Whether the current subkey binding signature for a non-revoked, \ live subkey uses SHA-1. - Whether a primary key binding signature (\"backsig\") for a \ non-revoked, live subkey uses SHA-1. Diagnostics are printed to stderr. At the end, some statistics are \ shown. This is useful when examining a keyring. If `--fix` is \ specified and at least one issue could be fixed, the fixed \ certificates are printed to stdout. This tool does not currently support smart cards. But, if only the \ subkeys are on a smart card, this tool may still be able to partially \ repair the certificate. In particular, it will be able to fix any \ issues with User ID self signatures and subkey binding signatures for \ encryption-capable subkeys, but it will not be able to generate new \ primary key binding signatures for any signing-capable subkeys. ", after_help = EXAMPLES, )] pub struct Command { /// Attempts to fix certificates, when possible. #[arg(long)] pub fix: bool, #[command(flatten)] pub certs: CertDesignators, #[clap( long, value_name = FileOrStdout::VALUE_NAME, help = "Write to the specified FILE", long_help = "Write to the specified FILE If not specified, and the \ certificate was read from the certificate store, imports the \ modified certificate into the cert store. If not specified, \ and the certificate was read from a file, writes the modified \ certificate to stdout.", )] pub output: Option, } const EXAMPLES: Actions = Actions { actions: &[ Action::setup().command(&[ "sq", "keyring", "merge", "--output=certs.pgp", "bob.pgp", "romeo.pgp", ]).build(), Action::setup().command(&[ "sq", "key", "import", "alice-secret.pgp", ]).build(), Action::example().comment( " Gather statistics on the certificates in a keyring." ).command (&[ "sq", "cert", "lint", "--cert-file", "certs.pgp", ]).build(), Action::example().comment( "Fix a key with known problems." ).command (&[ "sq", "key", "export", "--cert", "EB28F26E2739A4870ECC47726F0073F60FD0CBF0", "|", "sq", "cert", "lint", "--fix", "--cert-file=-", "|", "sq", "cert", "import" ]).build(), ], }; test_examples!(sq_cert_lint, EXAMPLES); sequoia-sq-1.3.1/src/cli/cert/list.rs000064400000000000000000000127261046102023000155410ustar 00000000000000//! Command-line parser for `sq cert list`. use clap::Parser; use crate::cli::examples::Action; use crate::cli::examples::Actions; use crate::cli::pki::CertificationNetworkArg; use crate::cli::pki::GossipArg; use crate::cli::pki::RequiredTrustAmountArg; use crate::cli::pki::ShowPathsArg; use crate::cli::pki::UnusableArg; use crate::cli::types::cert_designator::*; const EXAMPLES: Actions = Actions { actions: &[ Action::setup().command(&[ "sq", "pki", "link", "add", "--cert", "EB28F26E2739A4870ECC47726F0073F60FD0CBF0", "--all", ]).build(), Action::example().comment( "List all bindings for user IDs containing an email address from \ example.org, and that can be authenticated." ).command (&[ "sq", "cert", "list", "@example.org", ]).build(), Action::example().comment( "List all authenticated bindings for User IDs containing a specific email address." ).command (&[ "sq", "cert", "list", "--cert-email=alice@example.org", ]).build(), Action::example().comment( "List all paths to certificates containing a specific email address." ).command (&[ "sq", "cert", "list", "--gossip", "--show-paths", "--cert-email=alice@example.org", ]).build(), ] }; test_examples!(sq_cert_list, EXAMPLES); /// List certificates and user IDs /// /// List certificates and user IDs that match a query, are usable, and /// can be authenticated. By default, bindings (certificate and user /// ID pairs) must be fully authenticated. If no certificates or /// bindings match a query, then the command returns a non-zero exit /// code. /// /// If no queries are provided, then all bindings that are usable, and /// can be authenticated are listed. If there are no such bindings, /// the command still succeeds. /// /// By default, unusable certificates, i.e., those that are not valid /// according to the policy, are revoked, or are not live, are /// skipped. Likewise, user ID self signatures and certifications /// that are not valid according to the policy, and user IDs that are /// revoked are skipped. #[derive(Parser, Debug)] #[clap( name = "list", after_help = EXAMPLES, )] pub struct Command { #[command(flatten)] pub certs: CertDesignators, #[clap( value_name = "FINGERPRINT|KEYID|PATTERN", help = "List certs that match the pattern", long_help = "\ List certs that match the pattern If the pattern appears to be a fingerprint or key ID, it is treated as \ if it were passed to `--cert`, which matches on the certificate's \ fingerprint. Otherwise, it is treated as if it were passed to \ `--cert-grep`, which matches on user IDs.", conflicts_with_all = &["cert", "cert-userid", "cert-email", "cert-domain", "cert-grep"], )] pub pattern: Option, #[command(flatten)] pub show_paths: ShowPathsArg, #[command(flatten)] pub gossip: GossipArg, #[command(flatten)] pub unusable: UnusableArg, #[command(flatten)] pub certification_network: CertificationNetworkArg, #[command(flatten)] pub trust_amount: RequiredTrustAmountArg, } /// Documentation for the cert designators for the cert list. pub struct ListCertDoc {} impl AdditionalDocs for ListCertDoc { fn help(arg: &'static str, _help: &'static str) -> clap::builder::StyledStr { match arg { "cert" => "\ List certificates with the specified fingerprint or key ID".into(), "userid" => "\ List bindings with the specified user ID".into(), "email" => "\ List bindings with user IDs that contain the specified email address".into(), "domain" => "\ List bindings with user IDs that contain an email address in the \ specified domain".into(), "grep" => "\ List bindings with a user ID that contains the pattern".into(), _ => unreachable!(), } } fn long_help(arg: &'static str, _help: &'static str) -> Option { match arg { "cert" => Some(format!("\ {} Note: fingerprints and key IDs are self-authenticating identifiers. As \ such, a certificate with the specified fingerprint or key ID is \ considered authenticated; no user IDs have to be authenticated.", Self::help(arg, "")).into()), "userid" => Some(format!("\ {} The user ID must match exactly.", Self::help(arg, "")).into()), "email" => Some(format!("\ {} Email addresses are first normalized by doing puny-code normalization on \ the domain, and lower casing the local part in the so-called empty \ locale.", Self::help(arg, "")).into()), "domain" => Some(format!("\ {} A user ID's domain is extracted from the email address, if any, and is \ normalized by doing puny-code normalization.", Self::help(arg, "")).into()), "grep" => Some(format!("\ {} Performs a case-insensitive substring search. Case-folding is done in \ the empty locale.", Self::help(arg, "")).into()), _ => { None } } } } sequoia-sq-1.3.1/src/cli/cert.rs000064400000000000000000000016461046102023000145650ustar 00000000000000//! Command-line parser for `sq cert`. use clap::{Parser, Subcommand}; pub mod export; pub mod import; pub mod lint; pub mod list; #[derive(Parser, Debug)] #[clap( name = "cert", about = "Manage certificates", long_about = "Manage certificates We use the term \"certificate\", or \"cert\" for short, to refer to \ OpenPGP keys that do not contain secrets. This subcommand provides \ primitives to generate and otherwise manipulate certs. Conversely, we use the term \"key\" to refer to OpenPGP keys that do \ contain secrets. See `sq key` for operations on keys. ", subcommand_required = true, arg_required_else_help = true, disable_help_subcommand = true, )] pub struct Command { #[clap(subcommand)] pub subcommand: Subcommands, } #[derive(Debug, Subcommand)] pub enum Subcommands { Import(import::Command), Export(export::Command), List(list::Command), Lint(lint::Command), } sequoia-sq-1.3.1/src/cli/config/get.rs000064400000000000000000000021271046102023000156470ustar 00000000000000//! Command-line parser for `sq config get`. use clap::Args; use crate::cli::examples::*; #[derive(Debug, Args)] #[clap( name = "get", about = "Get configuration options", long_about = "\ Get configuration options Retrieves the configuration with the given key. Use `sq config get` \ to see all available options and their values.", after_help = GET_EXAMPLES, )] pub struct Command { #[clap( value_name = "NAME", help = "Get the value of the configuration NAME", )] pub name: Option, } const GET_EXAMPLES: Actions = Actions { actions: &[ Action::Example(Example { comment: "\ List all configuration options.", command: &[ "sq", "config", "get", ], hide: &[], }), Action::Example(Example { comment: "\ Get the default cipher suite for key generation.", command: &[ "sq", "config", "get", "key.generate.cipher-suite", ], hide: &[], }), ] }; test_examples!(sq_config_get, GET_EXAMPLES); sequoia-sq-1.3.1/src/cli/config/inspect/network.rs000064400000000000000000000013611046102023000202250ustar 00000000000000//! Command-line parser for `sq config inspect network`. use clap::Args; use crate::cli::examples::*; #[derive(Debug, Args)] #[clap( name = "network", about = "Inspect the network configuration", long_about = "\ Inspect the network configuration Prints the network configuration. This can be used to gauge the \ metadata leakage resulting from network operations. ", after_help = EXAMPLES, )] pub struct Command { } const EXAMPLES: Actions = Actions { actions: &[ Action::example() .comment("Inspect the network configuration.") .command(&[ "sq", "config", "inspect", "network", ]) .build(), ], }; test_examples!(sq_config_inspect_network, EXAMPLES); sequoia-sq-1.3.1/src/cli/config/inspect/paths.rs000064400000000000000000000013501046102023000176510ustar 00000000000000//! Command-line parser for `sq config inspect paths`. use clap::Args; use crate::cli::examples::*; #[derive(Debug, Args)] #[clap( name = "paths", about = "Inspect relevant paths", long_about = "\ Inspect relevant paths Prints paths that are used by sq, such as the location of the home \ directory, the configuration file, the certificate store, the key \ store, etc. \ ", after_help = EXAMPLES, )] pub struct Command { } const EXAMPLES: Actions = Actions { actions: &[ Action::example() .comment("Inspect relevant paths.") .command(&[ "sq", "config", "inspect", "paths", ]) .build(), ], }; test_examples!(sq_config_inspect_paths, EXAMPLES); sequoia-sq-1.3.1/src/cli/config/inspect/policy.rs000064400000000000000000000014111046102023000200270ustar 00000000000000//! Command-line parser for `sq config inspect policy`. use clap::Args; use crate::cli::examples::*; #[derive(Debug, Args)] #[clap( name = "policy", about = "Inspect the cryptographic policy", long_about = "\ Inspect the cryptographic policy Explains the cryptographic policy that Sequoia uses to \ either accept or reject algorithms and packets outright, \ or at a configured point in time. ", after_help = EXAMPLES, )] pub struct Command { } const EXAMPLES: Actions = Actions { actions: &[ Action::example() .comment("Inspect the cryptographic policy.") .command(&[ "sq", "config", "inspect", "policy", ]) .build(), ], }; test_examples!(sq_config_inspect_policy, EXAMPLES); sequoia-sq-1.3.1/src/cli/config/inspect.rs000064400000000000000000000015141046102023000165340ustar 00000000000000//! Command-line parser for `sq config inspect`. use clap::{ Parser, Subcommand, }; pub mod network; pub mod paths; pub mod policy; #[derive(Debug, Parser)] #[clap( name = "inspect", about = "Inspect effective configuration details", long_about = "\ Inspect effective configuration details This subcommand can be used to inspect various aspects of the \ effective configuration, such as various relevant paths, \ the cryptographic policy, the network configuration, etc. ", subcommand_required = true, arg_required_else_help = true, disable_help_subcommand = true, )] pub struct Command { #[clap(subcommand)] pub subcommand: Subcommands, } #[derive(Debug, Subcommand)] #[non_exhaustive] pub enum Subcommands { Paths(paths::Command), Network(network::Command), Policy(policy::Command), } sequoia-sq-1.3.1/src/cli/config/set.rs000064400000000000000000000046131046102023000156650ustar 00000000000000//! Command-line parser for `sq config`. use clap::Args; use crate::cli::examples::*; // XXX: We don't currently expose the set command. #[derive(Debug, Args)] #[clap( name = "set", about = "Set configuration options", long_about = "\ Set configuration options Changes the configuration with the given key. Use `sq config get` \ to see all existing options and their values. ", after_help = SET_EXAMPLES, )] // XXX: value and delete should be in an argument group, but doing // that messes up the usage: // // Usage: sq config set // // Note how VALUE comes first. I believe this is tracked upstream as // https://github.com/clap-rs/clap/issues/1794 // // For now, we do the validation in the command handler. // //#[clap(group(ArgGroup::new("action").args(&["value", "delete"]).required(true)))] pub struct Command { #[clap( value_name = "NAME", help = "Set the value of the configuration NAME", )] pub name: String, #[clap( value_name = "VALUE", help = "New value for the configuration item", )] pub value: Option, #[clap( long = "delete", help = "Delete the configuration item", conflicts_with = "value", )] pub delete: bool, #[clap( long = "add", help = "Add an item to a list of items", conflicts_with = "delete", )] pub add: bool, } const SET_EXAMPLES: Actions = Actions { actions: &[ Action::Example(Example { comment: "\ Set the default cipher suite for key generation.", command: &[ "sq", "config", "set", "key.generate.cipher-suite", "rsa3k", ], hide: &[], }), Action::Example(Example { comment: "\ Delete the default cipher suite for key generation.", command: &[ "sq", "config", "set", "key.generate.cipher-suite", "--delete", ], hide: &[], }), Action::Example(Example { comment: "\ Add a default key server for network queries.", command: &[ "sq", "config", "set", "network.keyservers", "--add", "hkps://keys.example.org", ], hide: &[], }), ] }; // XXX: We don't currently expose the set command. //test_examples!(sq_config_set, SET_EXAMPLES); sequoia-sq-1.3.1/src/cli/config/template.rs000064400000000000000000000020401046102023000166750ustar 00000000000000//! Command-line parser for `sq config template`. use clap::Args; use crate::cli::{ examples::*, types::{ClapData, FileOrStdout}, }; #[derive(Debug, Args)] #[clap( name = "template", about = "Write a template configuration file", long_about = "\ Write a template configuration file Writes a template containing the default values to the given file or stdout. \ This can be used as a starting point to tweak the configuration.", after_help = TEMPLATE_EXAMPLES, )] pub struct Command { #[clap( long, value_name = FileOrStdout::VALUE_NAME, default_value_t = FileOrStdout::default(), help = FileOrStdout::HELP_OPTIONAL, )] pub output: FileOrStdout, } const TEMPLATE_EXAMPLES: Actions = Actions { actions: &[ Action::Example(Example { comment: "\ Write a template configuration.", command: &[ "sq", "config", "template", ], hide: &[], }), ] }; test_examples!(sq_config_template, TEMPLATE_EXAMPLES); sequoia-sq-1.3.1/src/cli/config.rs000064400000000000000000000110231046102023000150630ustar 00000000000000//! Command-line parser for `sq config`. use std::{ collections::BTreeMap, ffi::OsStr, path::PathBuf, sync::OnceLock, }; use clap::{ Parser, Subcommand, }; use clap_lex::OsStrExt; use sequoia_directories::Home; pub mod get; pub mod inspect; pub mod set; pub mod template; /// Computes the path to the config file even if argument parsing /// failed. /// /// This happens notably if `--help` is given. pub fn find_home() -> Option { let args = std::env::args_os().collect::>(); for (i, arg) in args.iter().enumerate() { if arg == "--" { break; } if arg.starts_with("--home=") { return handle(arg.strip_prefix("--home=")); } if arg == "--home" { if let Some(home) = args.get(i + 1) { return handle(Some(home.as_os_str())); } } } /// Handle the argument to `--home`. fn handle(arg: Option<&OsStr>) -> Option { if let Some(arg) = arg { match arg.to_str() { Some("default") => Home::default().cloned(), Some("none") => None, _ => Home::new(Some(PathBuf::from(arg))).ok(), } } else { // No argument to `--home` is a syntax error. None } } // No `--home` argument, select the default, possibly overridden // by SEQUOIA_HOME. Home::new(None).ok() } /// Values read from the config file to be included in help messages. pub type Augmentations = BTreeMap<&'static str, String>; /// Includes values from the config file in help messages. pub fn augment_help(key: &'static str, text: &str) -> String { if let Some(a) = get_augmentation(key) { format!("{}\n\ \n\ The default can be changed in the configuration \ file using the setting `{}`. \n\ [config: {}] (overrides default)", text.trim_end(), key, a) } else { format!("{}\n\ \n\ The default can be changed in the configuration \ file using the setting `{}`.", text.trim_end(), key) } } /// Returns the value of an augmentation, if any. pub fn get_augmentation(key: &str) -> Option<&str> { AUGMENTATIONS.get().and_then(|a| a.get(key).map(|v| v.as_str())) } /// Includes values from the config file in help messages. pub fn set_augmentations(augmentations: Augmentations) { AUGMENTATIONS.set(augmentations) .expect("augmentations must only be set once"); } /// Values read from the config file to be included in help messages. static AUGMENTATIONS: OnceLock = OnceLock::new(); #[derive(Debug, Parser)] #[clap( name = "config", about = "Query, inspect, and create the configuration file", long_about = format!("\ Query, inspect, and create the configuration file This subcommand can be used to query and inspect the configuration \ file{}, and to create a template that can be edited to your liking. Configuration file: {} ", sequoia_directories::Home::default() .map(|home| { let p = home.config_dir(sequoia_directories::Component::Sq); let p = p.join("config.toml"); let p = p.display().to_string(); if let Some(home) = dirs::home_dir() { let home = home.display().to_string(); if let Some(rest) = p.strip_prefix(&home) { return format!(" (default location: $HOME{})", rest); } } format!(" (default location: {})", p) }) .unwrap_or("".to_string()), find_home() .map(|home| { let p = home.config_dir(sequoia_directories::Component::Sq); let p = p.join("config.toml"); let p = p.display().to_string(); if let Some(home) = dirs::home_dir() { let home = home.display().to_string(); if let Some(rest) = p.strip_prefix(&home) { return format!("$HOME{}", rest); } } p }) .unwrap_or("".to_string())), subcommand_required = true, arg_required_else_help = true, disable_help_subcommand = true, )] pub struct Command { #[clap(subcommand)] pub subcommand: Subcommands, } #[derive(Debug, Subcommand)] #[non_exhaustive] pub enum Subcommands { Get(get::Command), Inspect(inspect::Command), Template(template::Command), } sequoia-sq-1.3.1/src/cli/decrypt.rs000064400000000000000000000074011046102023000152750ustar 00000000000000//! Command-line parser for `sq decrypt`. use std::path::PathBuf; use clap::Parser; use super::types::ClapData; use super::types::FileOrStdin; use super::types::FileOrStdout; use super::types::SessionKey; use super::types::cert_designator::*; use crate::cli::examples; use examples::Action; use examples::Actions; const DECRYPT_EXAMPLES: Actions = Actions { actions: &[ Action::example().comment( "Decrypt a file using a secret key", ).command(&[ "sq", "decrypt", "--recipient-file", "juliet-secret.pgp", "ciphertext.pgp", ]).build(), Action::example().comment( "Decrypt a file verifying signatures", ).command(&[ "sq", "decrypt", "--recipient-file", "juliet-secret.pgp", "--signer-file", "romeo.pgp", "ciphertext.pgp" ]).build(), Action::setup().command(&[ "sq", "key", "import", "juliet-secret.pgp", ]).build(), Action::example().comment( "decrypt a file using the key store", ).command(&[ "sq", "decrypt", "ciphertext.pgp", ]).build(), ], }; test_examples!(sq_decrypt, DECRYPT_EXAMPLES); #[derive(Parser, Debug)] #[clap( name = "decrypt", about = "Decrypt a message", long_about = "Decrypt a message Decrypt a message using either supplied keys, or by prompting for a \ password. If message tampering is detected, an error is returned. \ See below for details. If certificates are supplied using the `--signer-file` option, any \ signatures that are found are checked using these certificates. \ Verification is only successful if there is no bad signature, and the \ number of successfully verified signatures reaches the threshold \ configured with the `--signatures` parameter. If the signature verification fails, or if message tampering is \ detected, the program terminates with an exit status indicating \ failure. and the output file is deleted. If the output was sent \ to stdout, then the last 25 MiB of the message are withheld \ (consequently, if the message is smaller than 25 MiB, no output \ is produced). The converse operation is `sq encrypt`. ", after_help = DECRYPT_EXAMPLES, )] // TODO use usize pub struct Command { #[clap( default_value_t = FileOrStdin::default(), help = FileOrStdin::HELP_OPTIONAL, value_name = FileOrStdin::VALUE_NAME, )] pub input: FileOrStdin, #[clap( default_value_t = FileOrStdout::default(), help = FileOrStdout::HELP_OPTIONAL, long, value_name = FileOrStdout::VALUE_NAME, )] pub output: FileOrStdout, #[clap( long = "signatures", value_name = "N", help = "Set the threshold of valid signatures to N", long_help = "Set the threshold of valid signatures to N The message will only be considered \ verified if this threshold is reached. \ [default: 1 if at least one signer cert file is given, 0 otherwise]", )] pub signatures: Option, #[command(flatten)] pub signers: CertDesignators, #[clap( long = "recipient-file", value_name = "KEY_FILE", help = "Decrypt the message using the key in KEY_FILE", )] pub secret_key_file: Vec, #[clap( long = "dump-session-key", help = "Print the session key to stderr", )] pub dump_session_key: bool, #[clap( long = "session-key", value_name = "SESSION-KEY", help = "Decrypt an encrypted message using SESSION-KEY", )] pub session_key: Vec, } sequoia-sq-1.3.1/src/cli/download.rs000064400000000000000000000054521046102023000154360ustar 00000000000000//! Command-line parser for `sq download`. use clap::{ArgGroup, Parser}; use crate::cli::examples; use examples::Action; use examples::Actions; use super::types::ClapData; use super::types::cert_designator::*; use crate::cli::types::FileOrStdout; const EXAMPLES: Actions = Actions { actions: &[ Action::setup().command(&[ "sq", "cert", "import", "debian/debian-cd-signing-key.pgp", ]).build(), Action::example().comment( "Download and verify the Debian 12 checksum file.", ).command(&[ "sq", "download", "--url=file://debian/SHA512SUMS", "--signature-url=file://debian/SHA512SUMS.sign", "--signer=DF9B9C49EAA9298432589D76DA87E80D6294BE9B", "--output=SHA512SUMS", ]).build(), ], }; test_examples!(sq_download, EXAMPLES); #[derive(Parser, Debug)] #[clap( name = "download", about = "Download and authenticate the data", long_about = "Download and authenticate the data This command downloads the data from the specified URL, checks the signature, and then authenticates the signer. If the signer cannot be authenticated, the data is deleted, if possible. ", after_help = EXAMPLES, )] #[clap(group(ArgGroup::new("kind") .args(&["detached", "message", "cleartext"]).required(true)))] pub struct Command { #[clap( long = "url", value_name = "URL", help = "The data to download", )] pub url: String, #[clap( long = "signature-url", value_name = "URL", help = "URL of the signature", long_help = "\ URL of the signature Use this when the signature is detached from the data. If no signature is specified, then the signature is assumed to be \ inline. ", )] pub detached: Option, #[clap( long = "message", value_name = "SIG", help = "Verify an inline signed message" )] pub message: bool, #[clap( long = "cleartext", value_name = "SIG", help = "Verify a cleartext-signed message" )] pub cleartext: bool, #[command(flatten)] pub signers: CertDesignators, #[clap( long = "signatures", value_name = "N", default_value_t = 1, help = "Set the threshold of valid signatures to N", long_help = "Set the threshold of valid signatures to N If this threshold is not reached, the message \ will not be considered verified.", )] pub signatures: usize, #[clap( help = FileOrStdout::HELP_REQUIRED, long, value_name = FileOrStdout::VALUE_NAME, )] pub output: FileOrStdout, } sequoia-sq-1.3.1/src/cli/encrypt.rs000064400000000000000000000143441046102023000153130ustar 00000000000000//! Command-line parser for `sq encrypt`. use clap::{ValueEnum, Parser}; use super::types::ClapData; use super::types::EncryptPurpose; use super::types::FileOrStdin; use super::types::FileOrStdout; use crate::cli::config; use crate::cli::types::CertDesignators; use crate::cli::types::cert_designator::*; use crate::cli::types::Profile; use crate::cli::examples; use examples::*; /// Key for the help augmentation. pub const ENCRYPT_FOR_SELF: &str = "encrypt.for-self"; const ENCRYPT_EXAMPLES: Actions = Actions { actions: &[ Action::setup().command(&[ "sq", "pki", "link", "add", "--cert", "EB28F26E2739A4870ECC47726F0073F60FD0CBF0", "--email", "alice@example.org", ]).build(), Action::setup().command(&[ "sq", "key", "import", "juliet-secret.pgp", ]).build(), Action::setup().command(&[ "sq", "pki", "link", "add", "--cert=7A58B15E3B9459483D9FFA8D40E299AC5F2B0872", "--email=juliet@example.org", ]).build(), Action::example().comment( "Encrypt a file for a recipient given by fingerprint.", ).command(&[ "sq", "encrypt", "--for=EB28F26E2739A4870ECC47726F0073F60FD0CBF0", "--signer-email=juliet@example.org", "document.txt", ]).build(), Action::example().comment( "Encrypt a file for a recipient given by email.", ).command(&[ "sq", "encrypt", "--for-email=alice@example.org", "--signer-email=juliet@example.org", "document.txt", ]).build(), ] }; test_examples!(sq_encrypt, ENCRYPT_EXAMPLES); #[derive(Parser, Debug)] #[clap( name = "encrypt", about = "Encrypt a message", long_about = "Encrypt a message Encrypt a message for any number of recipients and with any number of \ passwords, optionally signing the message in the process. The converse operation is `sq decrypt`. `sq encrypt` respects the reference time set by the top-level \ `--time` argument. It uses the reference time when selecting \ encryption keys, and it sets the signature's creation time to the \ reference time. ", after_help = ENCRYPT_EXAMPLES, )] pub struct Command { #[clap( default_value_t = FileOrStdin::default(), help = FileOrStdin::HELP_OPTIONAL, value_name = FileOrStdin::VALUE_NAME, )] pub input: FileOrStdin, #[clap( default_value_t = FileOrStdout::default(), help = FileOrStdout::HELP_OPTIONAL, long, value_name = FileOrStdout::VALUE_NAME, )] pub output: FileOrStdout, #[clap( long, help = "Emit binary data", )] pub binary: bool, #[command(flatten)] pub recipients: CertDesignators, #[clap( help = "Set the filename of the encrypted file as metadata", long = "set-metadata-filename", long_help = "Set the filename of the encrypted file as metadata Do note, that this metadata is not signed and as such relying on \ it - on sender or receiver side - is generally considered \ dangerous.", )] pub set_metadata_filename: Option, #[command(flatten)] pub signers: CertDesignators, #[command(flatten)] pub signature_notations: crate::cli::types::SignatureNotationsArg, #[clap( long = "encrypt-for", value_name = "PURPOSE", default_value_t = EncryptPurpose::Universal, help = "Select what kind of keys are considered for encryption", value_enum, )] pub mode: EncryptPurpose, #[clap( long = "compression", value_name = "KIND", default_value_t = CompressionMode::Pad, help = "Select compression scheme to use", value_enum, )] pub compression: CompressionMode, #[clap( long = "use-expired-subkey", help = "Fall back to expired encryption subkeys", long_help = "Fall back to expired encryption subkeys If a certificate has only expired \ encryption-capable subkeys, fall back \ to using the one that expired last", )] pub use_expired_subkey: bool, #[clap( long = "profile", value_name = "PROFILE", default_value_t = Default::default(), help = "Select the default OpenPGP standard for the encryption container", long_help = config::augment_help( "key.generate.profile", "Select the default OpenPGP standard for the encryption container When encrypting for certificates, the encryption container is selected \ based on the stated preferences of the recipients. However, if there \ is no guidance, for example because the message is encrypted only with \ passwords, sq falls back to this profile. As OpenPGP evolves, new versions will become available. This option \ selects the version of OpenPGP to use for encrypting messages if the \ version can not be inferred otherwise. Currently, sq supports two profiles: RFC9580 and RFC4880. Currently, \ the default is RFC4880. However, once support for RFC9580 is rolled \ out further, the default will change in a future version of sq."), value_enum, )] pub profile: Profile, /// Workaround for https://github.com/clap-rs/clap/issues/3846 #[clap(skip)] pub profile_source: Option, } /// Documentation for signer arguments. pub struct SignerDoc {} impl AdditionalDocs for SignerDoc { fn help(arg: &'static str, help: &'static str) -> clap::builder::StyledStr { match arg { "file" => "Sign the message using the key read from PATH" .into(), _ => { debug_assert!(help.starts_with("Use certificates")); help.replace("Use certificates", "Sign the message using the key") .into() }, } } } #[derive(ValueEnum, Debug, Clone)] pub enum CompressionMode { None, Pad, Zip, Zlib, Bzip2 } sequoia-sq-1.3.1/src/cli/examples.rs000064400000000000000000000337011046102023000154430ustar 00000000000000//! A framework to format and check examples. //! //! The help text for subcommands includes examples. That's great. //! But, it is even better when they are tested. This module defines //! data structures to describe the examples, mechanisms to format the //! examples, and infrastructure to execute the examples. use std::collections::BTreeMap; use clap::builder::IntoResettable; use clap::builder::Resettable; /// A command that is executed by the integration test, but not shown /// in the manual pages. pub struct Setup<'a> { pub command: &'a [ &'a str ], } /// Builds up setup actions in an extensible way. pub struct SetupBuilder<'a> { setup: Setup<'a>, } impl<'a> SetupBuilder<'a> { /// Returns a new setup builder. const fn new() -> Self { SetupBuilder { setup: Setup { command: &[], } } } /// Provides the command as slice. /// /// It'd be nice to provide a per-argument interface, but that /// requires some ingenuity for it to stay const. pub const fn command(mut self, command: &'a [&'a str]) -> Self { self.setup.command = command; self } /// Finishes building the setup action. pub const fn build(self) -> Action<'a> { assert!(! self.setup.command.is_empty()); Action::Setup(self.setup) } } /// A command that is executed by the integration test, and shown in /// the manual pages. pub struct Example<'a> { // A human-readable comment. pub comment: &'a str, pub command: &'a [ &'a str ], pub hide: &'a [ &'a str ], } /// Builds up example actions in an extensible way. pub struct ExampleBuilder<'a> { example: Example<'a>, } impl<'a> ExampleBuilder<'a> { /// Returns a new example builder. const fn new() -> Self { ExampleBuilder { example: Example { comment: "", command: &[], hide: &[], }, } } /// Provides the comment. /// /// It'd be nice to provide a per-argument interface, but that /// requires some ingenuity for it to stay const. pub const fn comment(mut self, comment: &'a str) -> Self { self.example.comment = comment; self } /// Provides the command as slice. /// /// It'd be nice to provide a per-argument interface, but that /// requires some ingenuity for it to stay const. pub const fn command(mut self, command: &'a [&'a str]) -> Self { self.example.command = command; self } /// Hides the parameters in the output /// /// Skip these parameters when generating human readable output #[allow(unused)] pub const fn hide(mut self, hide: &'a [&'a str]) -> Self { self.example.hide = hide; self } /// Finishes building the example action. /// /// The example will be executed by the test. pub const fn build(self) -> Action<'a> { assert!(! self.example.comment.is_empty()); assert!(! self.example.command.is_empty()); Action::Example(self.example) } /// Finishes building the example action, marking it for syntax /// checking only. /// /// The example will not be executed by the test, but the syntax /// will be checked using our command line parser. pub const fn syntax_check(self) -> Action<'a> { assert!(! self.example.comment.is_empty()); assert!(! self.example.command.is_empty()); Action::SyntaxCheck(self.example) } } /// An action to execute. #[allow(dead_code)] pub enum Action<'a> { /// A command that is executed by the integration test, but not /// shown in the manual pages. Setup(Setup<'a>), /// A command that is syntax check (but not run) by the /// integration test, and shown in the manual pages. SyntaxCheck(Example<'a>), /// A command that is executed by the integration test, and shown /// in the manual pages. Example(Example<'a>), } impl<'a> Action<'a> { /// Creates a setup action. pub const fn setup() -> SetupBuilder<'a> { SetupBuilder::new() } /// Creates an example action. pub const fn example() -> ExampleBuilder<'a> { ExampleBuilder::new() } /// Return the action's command, if any. #[allow(dead_code)] pub fn command(&self) -> Option<&'a [ &'a str ]> { match self { Action::Setup(Setup { command, .. }) => Some(command), Action::SyntaxCheck(Example { command, .. }) => Some(command), Action::Example(Example { command, .. }) => Some(command), } } } /// A sequence of actions to execute. pub struct Actions<'a> { pub actions: &'a [Action<'a>], } impl<'a> IntoResettable for Actions<'a> { fn into_resettable(self) -> Resettable { // Default width when we aren't connected to a terminal. let default_width = 72; // We prefix lines with either `# `, `$ `, or ` `. const PREFIX_WIDTH: usize = 2; let terminal_size = terminal_size::terminal_size(); let width = if let Some((width, _height)) = terminal_size { let width = width.0 as usize; if width < 40 { // If the terminal is too narrow, then give up and use // the default. default_width } else { std::cmp::max(40, width - PREFIX_WIDTH) } } else { default_width }; let mut lines = vec![ "Examples:".to_string() ]; lines.extend(self.actions .iter() .filter_map(|action| { let example = match action { Action::SyntaxCheck(example) => example, Action::Example(example) => example, // Don't show it. Action::Setup(_) => return None, }; let comment = textwrap::indent( &textwrap::wrap(example.comment, width).join("\n"), "# "); // Our manpage generate complains if an // example is too long: // // warning: Command in example exceeds 64 chars: // // or // // warning: Continuation in example exceeds 57 chars: let command = wrap_command(&example.command, &example.hide, "", width.min(64), " ", width.min(57)); Some(format!("{}\n{}", comment, command)) })); let text = lines.join("\n\n").into(); Resettable::Value(text) } } /// Wraps the given command to width, adding continuation backslashes. /// /// The first line is prefixed with `indent` and wrapped `to_width`, /// any continuations are prefixed with `continuation_indent` and /// wrapped to `continuation_width`. pub fn wrap_command>(command: &[S], hide: &[S], indent: &str, to_width: usize, continuation_indent: &str, continuation_width: usize) -> String { let prompt = platform! { unix => { "$" }, windows => { ">" }, }; let mut hide = BTreeMap::from_iter(hide.iter().map(|s| (s.as_ref(), false))); let result = command .iter() .filter(|&item| { // Remove all of the items in command which are also in // hide. if let Some(used) = hide.get_mut(item.as_ref()) { *used = true; // Don't show it. false } else { // Show it. true } }) .fold(vec![format!("{}{}", indent, prompt)], |mut s, arg| { let first = s.len() == 1; let arg = arg.as_ref(); if arg == "|" { let last = s.last_mut().expect("have one"); *last = format!("{} \\", last); s.push(format!(" {}", arg)); return s; } // Quote the argument, if necessary. let quote = |arg: &str| -> String { if arg.contains(&[ '\"', ]) { format!("'{}'", arg) } else if arg.chars().any(char::is_whitespace) || arg.contains(&[ '`', '#', '$', '&', '*', '(', ')', '\\', '|', '[', ']', '{', '}', ';', '\'', '<', '>', '?', '!', ]) { format!("\"{}\"", arg) } else { arg.to_string() } }; // If we have --foo=bar, then only but bar in quotes. let mut quoted = None; if arg.starts_with("--") { if let Some(i) = arg.find('=') { if arg[0..i].chars().all(|c| { c.is_alphanumeric() || c == '-' }) { quoted = Some(format!("{}={}", &arg[..i], quote(&arg[i + 1..]))); } } } let arg = if let Some(quoted) = quoted { quoted } else { quote(arg) }; let last = s.last_mut().expect("have one"); let last_chars = last.chars().count(); let arg_chars = arg.chars().count(); let max_width = if first { to_width } else { continuation_width }; if last_chars + 1 + arg_chars <= max_width { *last = format!("{} {}", last, arg); } else { *last = format!("{} \\", last); s.push(format!("{}{}", continuation_indent, arg)); } s }) .join("\n"); #[cfg(debug_assertions)] for (arg, used) in hide.into_iter() { if ! used { panic!("Example `{}` includes an argument to hide (`{}`), but the \ argument wasn't used by the example!", command.iter() .map(|arg| arg.as_ref().to_string()) .collect::>() .join(" "), arg); } } result } macro_rules! test_examples { ($ident:ident, $actions:expr) => { #[test] fn $ident() { use std::path::PathBuf; use tempfile::TempDir; use assert_cmd::Command; let fixtures = PathBuf::from(concat!( env!("CARGO_MANIFEST_DIR"), "/tests/data/examples")); let tmp_dir = TempDir::new().unwrap(); let options = fs_extra::dir::CopyOptions::new() .content_only(true); fs_extra::dir::copy(&fixtures, &tmp_dir, &options) .expect(&format!("Copying {:?} to {:?}", fixtures, &tmp_dir)); // Create an empty policy configuration file. We use this // instead of the system-wide policy configuration file, // which might be more strict than what our test vectors // expect. let policy = tmp_dir.path().join("empty-policy.toml"); std::fs::write(&policy, "").unwrap(); let home = tmp_dir.path().join("home"); let cert_store = tmp_dir.path().join("cert-store"); let key_store = tmp_dir.path().join("key-store"); eprintln!("Testing example from {}:{}", file!(), line!()); for (i, action) in $actions.actions.into_iter().enumerate() { let command = if let Some(command) = action.command() { command } else { continue; }; if let Action::SyntaxCheck(_) = &action { // Just syntax check it. eprintln!("Syntax checking: {:?}", command); use clap::Parser; if let Err(err) = $crate::cli::SqCommand::try_parse_from(command.iter()) { eprintln!("example:{}:{}: checking example #{}: {}", file!(), line!(), i + 1, err); panic!("syntax checking example failed"); } continue; } // Handle pipelines by tracking intermediate results. let mut intermediate = None; for command in command.split(|p| *p == "|") { eprintln!("Executing: {:?}", command); let mut cmd = Command::cargo_bin(command[0]).unwrap(); cmd.current_dir(&tmp_dir) .env("RUST_BACKTRACE", "1") .env("RUST_LOG", "trace") .env("SEQUOIA_CRYPTO_POLICY", &policy) .env("SEQUOIA_HOME", &home) .env("SEQUOIA_CERT_STORE", &cert_store) .env("SEQUOIA_KEY_STORE", &key_store) .arg("--batch") .args(&command[1..]); if let Some(prev) = intermediate { cmd.write_stdin(prev); } let res = cmd.assert(); intermediate = Some(res.get_output().stdout.clone()); if let Err(err) = res.try_success() { eprintln!("example:{}:{}: executing example #{}: {}", file!(), line!(), i + 1, err); panic!("executing example failed"); } } } } }; } sequoia-sq-1.3.1/src/cli/inspect.rs000064400000000000000000000055231046102023000152730ustar 00000000000000//! Command-line parser for `sq inspect`. use clap::Parser; use super::types::ClapData; use super::types::FileOrStdin; use super::types::cert_designator::*; use crate::cli::examples; use examples::Action; use examples::Actions; const INSPECT_EXAMPLES: Actions = Actions { actions: &[ Action::example().comment( "Inspect a certificate.", ).command(&[ "sq", "inspect", "juliet.pgp", ]).build(), Action::example().comment( "Show how the certificate looked on July 21, 2013.", ).command(&[ "sq", "inspect", "--time", "20130721", "juliet.pgp", ]).build(), Action::example().comment( "Inspect an encrypted message.", ).command(&[ "sq", "inspect", "message.pgp", ]).build(), Action::example().comment( "Inspect a detached signature.", ).command(&[ "sq", "inspect", "document.sig", ]).build(), ], }; test_examples!(sq_inspect, INSPECT_EXAMPLES); #[derive(Parser, Debug)] #[clap( name = "inspect", about = "Inspect data, like file(1)", long_about = "Inspect data, like file(1) It is often difficult to tell from cursory inspection using cat(1) or \ file(1) what kind of OpenPGP one is looking at. This subcommand \ inspects the data and provides a meaningful human-readable description \ of it. `sq inspect` respects the reference time set by the top-level \ `--time` argument. It uses the reference time when determining what \ binding signatures are active. ", after_help = INSPECT_EXAMPLES, )] pub struct Command { #[clap( default_value_t = FileOrStdin::default(), help = FileOrStdin::HELP_OPTIONAL, value_name = FileOrStdin::VALUE_NAME, conflicts_with_all = ["cert-file", "cert", "cert-userid", "cert-email", "cert-domain", "cert-grep"], )] pub input: FileOrStdin, #[command(flatten)] pub certs: CertDesignators, #[clap( long = "certifications", help = "Print third-party certifications", )] pub certifications: bool, #[clap( long = "dump-bad-signatures", help = "Dump signatures that are definitively bad", )] pub dump_bad_signatures: bool, } /// Documentation for the cert designators for `--inspect`. pub struct ToInspectDoc {} impl AdditionalDocs for ToInspectDoc { fn help(arg: &'static str, help: &'static str) -> clap::builder::StyledStr { let help = help.replace("Use", "Inspect"); match arg { "cert" | "file" => help, _ => format!( "{} (note: User IDs are not authenticated)", help), }.into() } } sequoia-sq-1.3.1/src/cli/key/approvals.rs000064400000000000000000000232731046102023000164270ustar 00000000000000//! Command-line parser for `sq key expire`. use clap::{ Args, ArgGroup, Subcommand, }; use sequoia_openpgp as openpgp; use openpgp::KeyHandle; use crate::cli::types::ClapData; use crate::cli::types::FileOrStdout; use crate::cli::examples::*; use crate::cli::types::cert_designator::*; use crate::cli::types::UserIDDesignators; use crate::cli::types::userid_designator; #[derive(Debug, Subcommand)] #[clap( name = "approvals", about = "Manages certification approvals", long_about = "\ Manages certification approvals Key holders may approve of third-party certifications associated with \ their certificate. This subcommand manages the approvals. To prevent certificate flooding attacks, modern key servers prevent \ uncontrolled distribution of third-party certifications on \ certificates. To allow the key holder to control what information is \ distributed with their certificate, these key servers only distribute \ third-party certifications that the key holder has explicitly \ approved. ", subcommand_required = true, arg_required_else_help = true, disable_help_subcommand = true, )] #[non_exhaustive] pub enum Command { List(ListCommand), Update(UpdateCommand), } const LIST_EXAMPLES: Actions = Actions { actions: &[ Action::Example(Example { comment: "\ Lists the approved certifications on all the user IDs.", command: &[ "sq", "key", "approvals", "list", "--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0", ], hide: &[], }), Action::Example(Example { comment: "\ Lists the unapproved certifications on all the user IDs.", command: &[ "sq", "key", "approvals", "list", "--pending", "--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0", ], hide: &[], }), Action::Example(Example { comment: "\ Lists all unapproved certifications on a given user ID.", command: &[ "sq", "key", "approvals", "list", "--pending", "--email=alice@example.org", "--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0", ], hide: &[], }), ] }; test_examples!(sq_key_approvals_list, LIST_EXAMPLES); #[derive(Debug, Args)] #[clap( name = "list", about = "Lists third-party certifications and their approval status", long_about = "\ Lists third-party certifications and their approval status To prevent certificate flooding attacks, modern key servers prevent \ uncontrolled distribution of third-party certifications on \ certificates. To allow the key holder to control what information is \ distributed with their certificate, these key servers only distribute \ third-party certifications that the key holder has explicitly \ approved. ", after_help = LIST_EXAMPLES, )] pub struct ListCommand { #[command(flatten)] pub cert: CertDesignators, #[command(flatten)] pub userids: UserIDDesignators< userid_designator::PlainByArgs, userid_designator::OptionalValue>, #[clap( long = "pending", help = "List unapproved certifications", )] pub pending: bool, } /// Documentation for the cert designators for the key approvals list /// command. pub struct ApprovalsListDoc {} impl AdditionalDocs for ApprovalsListDoc { fn help(arg: &'static str, help: &'static str) -> clap::builder::StyledStr { match arg { "file" => "List the approvals on the certificate read from PATH" .into(), _ => { debug_assert!(help.starts_with("Use certificates")); help.replace("Use certificates", "List the approvals on the certificate") .into() }, } } } const UPDATE_EXAMPLES: Actions = Actions { actions: &[ Action::setup().command(&[ "sq", "key", "import", "alice-secret.pgp", ]).build(), Action::setup().command(&[ "sq", "key", "import", "bob-secret.pgp", ]).build(), Action::setup().command(&[ "sq", "pki", "vouch", "add", "--certifier=511257EBBF077B7AEDAE5D093F68CB84CE537C9A", "--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0", "--email=alice@example.org", ]).build(), Action::setup().command(&[ "sq", "pki", "link", "add", "--cert=511257EBBF077B7AEDAE5D093F68CB84CE537C9A", "--email=bob@example.org", ]).build(), Action::example().comment("\ Approve of all of the certifications on all of Alice's user IDs." ).command(&[ "sq", "key", "approvals", "update", "--add-all", "--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0", ]).build(), Action::example().comment("\ Approve of all of the certifications on all of Alice's user IDs made by Bob, \ discarding all prior approvals first." ).command(&[ "sq", "key", "approvals", "update", "--remove-all", "--add-by=511257EBBF077B7AEDAE5D093F68CB84CE537C9A", "--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0", ]).build(), Action::example().comment("\ Approve of all of the certifications on a specific user ID by certifiers that \ can be authenticated, discarding all prior approvals first." ).command(&[ "sq", "key", "approvals", "update", "--remove-all", "--add-authenticated", "--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0", "--userid=Alice ", ]).build(), Action::example().comment("\ Remove the approval of Bob's certification on all of Alice's user IDs." ).command(&[ "sq", "key", "approvals", "update", "--remove-by=511257EBBF077B7AEDAE5D093F68CB84CE537C9A", "--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0", ]).build(), ] }; test_examples!(sq_key_approvals_update, UPDATE_EXAMPLES); #[derive(Debug, Args)] #[clap( name = "update", about = "Approves of third-party certifications allowing for their distribution", long_about = "\ Approves of third-party certifications allowing for their distribution To prevent certificate flooding attacks, modern key servers prevent \ uncontrolled distribution of third-party certifications on \ certificates. To allow the key holder to control what information is \ distributed with their certificate, these key servers only distribute \ third-party certifications that the key holder has explicitly \ approved. By default, all user IDs are considered, but if at least one `--name`, \ `--email`, or `--userid` argument is given, only the matching user IDs \ are considered. After the approvals have been changed, the certificate has to be \ distributed, e.g. by uploading it to a key server. ", after_help = UPDATE_EXAMPLES, )] #[clap(group( ArgGroup::new("action") .args(&[ "remove_all", "remove_by", "add_all", "add_by", "add_authenticated", ]) .required(true) .multiple(true)))] pub struct UpdateCommand { #[command(flatten)] pub cert: CertDesignators, #[command(flatten)] pub userids: UserIDDesignators< userid_designator::PlainByArgs, userid_designator::OptionalValue>, #[clap( long = "remove-all", help = "Remove all prior approvals", conflicts_with = "add_all", long_help = "\ Remove all prior approvals By default, this command adds to the set of already approved certifications. If this flag is given, the existing approvals are disregarded, and only the newly selected certifications are approved, if any. ", )] pub remove_all: bool, #[clap( long = "remove-by", value_name = "FINGERPRINT|KEYID", help = "Remove all prior approvals of certifications by this certifier", conflicts_with = "remove_all", )] pub remove_by: Vec, #[clap( long = "add-all", help = "Approve of all pending certifications", conflicts_with_all = ["remove_all", "remove_by"], )] pub add_all: bool, #[clap( long = "add-by", value_name = "FINGERPRINT|KEYID", help = "Approve of all certifications by this certifier", conflicts_with = "add_all", )] pub add_by: Vec, #[clap( long = "add-authenticated", value_name = "AMOUNT", help = "Approve of all certifications by authenticated certifiers", long_help = "\ Approve of all certifications by authenticated certifiers For all pending approvals, try to authenticate any user ID on the certifier, and if any can be authenticated, approve of the certification.", conflicts_with = "add_all", )] pub add_authenticated: bool, #[clap( long, value_name = FileOrStdout::VALUE_NAME, help = "Write to the specified FILE", long_help = "\ Write to the specified FILE If not specified, and the certificate was read from the certificate \ store, imports the modified certificate into the cert store. If not \ specified, and the certificate was read from a file, writes the \ modified certificate to stdout.", )] pub output: Option, } sequoia-sq-1.3.1/src/cli/key/delete.rs000064400000000000000000000045331046102023000156600ustar 00000000000000//! Command-line parser for `sq key delete`. use clap::Args; use crate::cli::types::*; use crate::cli::examples::*; use crate::cli::types::cert_designator::*; #[derive(Debug, Args)] #[clap( name = "delete", about = "Delete a certificate's secret key material", after_help = EXAMPLES, )] pub struct Command { #[command(flatten)] pub cert: CertDesignators, #[clap( long, value_name = FileOrStdout::VALUE_NAME, conflicts_with = "cert", help = "Write the stripped certificate to the specified file", )] pub output: Option, } const EXAMPLES: Actions = Actions { actions: &[ Action::setup().command(&[ "sq", "key", "import", "alice-secret.pgp", ]).build(), Action::example().comment("\ Delete any secret key associated with Alice's certificate." ).command(&[ "sq", "key", "delete", "--cert", "EB28F26E2739A4870ECC47726F0073F60FD0CBF0", ]).build(), Action::setup().command(&[ "sq", "key", "import", "alice-secret.pgp", ]).build(), Action::setup().command(&[ "sq", "pki", "link", "add", "--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0", "--userid=Alice ", ]).build(), Action::example().comment("\ Delete any secret key associated with Alice's certificate \ selected by user ID." ).command(&[ "sq", "key", "delete", "--cert-email=alice@example.org", ]).build(), ] }; test_examples!(sq_key_delete, EXAMPLES); /// Documentation for the cert designators for the key delete. pub struct DeleteKeyDoc {} impl AdditionalDocs for DeleteKeyDoc { fn help(arg: &'static str, help: &'static str) -> clap::builder::StyledStr { match arg { "file" => "Delete the secret key material from the key read from PATH" .into(), _ => { debug_assert!(help.starts_with("Use certificates")); help.replace("Use certificates", "Delete secret key material from the key") }, }.into() } } sequoia-sq-1.3.1/src/cli/key/expire.rs000064400000000000000000000046751046102023000157210ustar 00000000000000//! Command-line parser for `sq key expire`. use clap::Args; use crate::cli::types::ClapData; use crate::cli::types::ExpirationArg; use crate::cli::types::FileOrStdout; use crate::cli::examples::*; use crate::cli::types::cert_designator::*; const EXAMPLES: Actions = Actions { actions: &[ Action::setup().command(&[ "sq", "key", "import", "alice-secret.pgp", ]).build(), Action::example().comment( "Change Alice's certificate to expire in a year." ).command(&[ "sq", "key", "expire", "--expiration", "1y", "--cert", "EB28F26E2739A4870ECC47726F0073F60FD0CBF0", ]).build(), Action::example().comment( "Change Alice's certificate to never expire." ).command(&[ "sq", "key", "expire", "--expiration", "never", "--cert", "EB28F26E2739A4870ECC47726F0073F60FD0CBF0", ]).build(), ], }; test_examples!(sq_key_expire, EXAMPLES); #[derive(Debug, Args)] #[clap( name = "expire", about = "Change a certificate's expiration time", long_about = "Change a certificate's expiration time This subcommand changes a certificate's expiration time. To change \ the expiration time of an individual subkey, use the `sq key subkey \ expire` subcommand. ", after_help = EXAMPLES, )] #[clap(mut_arg("expiration", |arg| { arg.required(true) }))] pub struct Command { #[command(flatten)] pub cert: CertDesignators, #[clap( help = FileOrStdout::HELP_OPTIONAL, long, value_name = FileOrStdout::VALUE_NAME, )] pub output: Option, #[clap(flatten)] pub expiration: ExpirationArg, } /// Documentation for the cert designators for the key expire. pub struct KeyExpireDoc {} impl AdditionalDocs for KeyExpireDoc { fn help(arg: &'static str, help: &'static str) -> clap::builder::StyledStr { match arg { "file" => "Change the expiration of the key \ read from PATH" .into(), _ => { debug_assert!(help.starts_with("Use certificates")); help.replace("Use certificates", "Change the expiration of the key") }, }.into() } } sequoia-sq-1.3.1/src/cli/key/export.rs000064400000000000000000000051311046102023000157320ustar 00000000000000//! Command-line parser for `sq key list`. use clap::Args; use crate::cli::examples::*; use crate::cli::types::*; use crate::cli::types::cert_designator::*; #[derive(Debug, Args)] #[clap( about = "Export keys from the key store", long_about = "\ Export keys from the key store Exports the secret key material associated with a certificate. Note \ that even if secret key material is available, it may not be \ exportable. For instance, secret key material stored on a hardware \ security module usually cannot be exported from the device. Iterate over all of the specified certificates and export \ any keys (primary key and subkeys) with secret key material. \ An error is returned if any specified certificate does not \ contain any secret key material. If you only want to export a particular key and not all keys associate \ with a certificate, use `sq key subkey export`. ", after_help = EXAMPLES, )] pub struct Command { #[command(flatten)] pub certs: CertDesignators, #[clap( default_value_t = FileOrStdout::default(), help = FileOrStdout::HELP_OPTIONAL, long, value_name = FileOrStdout::VALUE_NAME, )] pub output: FileOrStdout, } const EXAMPLES: Actions = Actions { actions: &[ Action::setup().command(&[ "sq", "key", "import", "alice-secret.pgp", ]).build(), Action::setup().command(&[ "sq", "pki", "link", "add", "--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0", "--userid=Alice ", ]).build(), Action::example().comment("\ Export Alice's certificate with all available secret key material." ).command(&[ "sq", "key", "export", "--cert", "EB28F26E2739A4870ECC47726F0073F60FD0CBF0", ]).build(), Action::example().comment("\ Export Alice's certificate with all available secret key material \ identified by email address." ).command(&[ "sq", "key", "export", "--cert-email", "alice@example.org", ]).build(), ] }; test_examples!(sq_key_export, EXAMPLES); /// Documentation for the cert designators for the key export. pub struct ExportKeyDoc {} impl AdditionalDocs for ExportKeyDoc { fn help(_arg: &'static str, help: &'static str) -> clap::builder::StyledStr { debug_assert!(help.starts_with("Use certificates")); help.replace("Use certificates", "Export keys").into() } } sequoia-sq-1.3.1/src/cli/key/generate.rs000064400000000000000000000232631046102023000162110ustar 00000000000000use std::path::PathBuf; use clap::{ArgGroup, Args}; use sequoia_openpgp as openpgp; use openpgp::packet::UserID; use crate::cli::KEY_VALIDITY_DURATION; use crate::cli::KEY_VALIDITY_IN_YEARS; use crate::cli::config; use crate::cli::types::ClapData; use crate::cli::types::EncryptPurpose; use crate::cli::types::Expiration; use crate::cli::types::ExpirationArg; use crate::cli::types::FileOrStdout; use crate::cli::types::Profile; use crate::cli::examples::*; use crate::cli::key::CipherSuite; #[derive(Debug, Args)] #[clap( about = "Generate a new key", long_about = format!( "Generate a new key Generating a key is the prerequisite to receiving encrypted messages \ and creating signatures. There are a few parameters to this process, \ but we provide reasonable defaults for most users. When generating a key, we also generate an emergency revocation \ certificate. This can be used in case the key is lost or compromised. \ It is saved alongside the key. This can be changed using the \ `--rev-cert` argument. By default a key expires after {} years. This can be changed using \ the `--expiration` argument. `sq key generate` respects the reference time set by the top-level \ `--time` argument. It sets the creation time of the primary key, any \ subkeys, and the binding signatures to the reference time. ", KEY_VALIDITY_IN_YEARS, ), after_help = GENERATE_EXAMPLES, )] #[clap(group(ArgGroup::new("cap-sign").args(&["can_sign", "cannot_sign"])))] #[clap(group(ArgGroup::new("cap-authenticate").args(&["can_authenticate", "cannot_authenticate"])))] #[clap(group(ArgGroup::new("cap-encrypt").args(&["can_encrypt", "cannot_encrypt"])))] #[clap(group(ArgGroup::new("cert-userid").args(&["names", "emails", "userid", "no_userids"]).required(true).multiple(true)))] #[clap(group(ArgGroup::new("key-owner") .args(&["own_key", "shared_key"]) .required(true)))] #[clap(mut_arg("expiration", |arg| { arg.default_value(Expiration::from_duration(KEY_VALIDITY_DURATION)) }))] pub struct Command { #[clap( long = "own-key", help = "Mark the key as one's own key", long_help = "Mark the key as one's own key The newly generated key with all of its user IDs will be marked as \ authenticated and as a fully trusted introducer.", )] pub own_key: bool, #[clap( long = "shared-key", help = "Mark the key as a shared key", long_help = "Mark the key as a shared key The newly generated key with all of its user IDs will be marked as \ authenticated, but not as a trusted introducer. Further, the key \ metadata will indicate that this is a shared key. Use this option if you plan to share this key with other people. \ Normally, you shouldn't share keys material. An example of where you \ might want to do this is a shared mailbox." )] pub shared_key: bool, #[clap( long = "name", value_name = "NAME", help = "Add a name as user ID to the key" )] pub names: Vec, #[clap( long = "email", value_name = "ADDRESS", help = "Add an email address as user ID to the key" )] pub emails: Vec, #[clap( long = "userid", value_name = "USERID", help = "Add a user ID to the key", long_help = "\ Add a user ID to the key This user ID can combine name and email address, can optionally \ contain a comment, or even be free-form if \ `--allow-non-canonical-userids` is given. However, user IDs that \ include different information such as name and email address are more \ difficult to reason about, so using distinct user IDs for name and \ email address is preferred nowadays. In doubt, prefer `--name` and `--email`. ", )] pub userid: Vec, #[clap( long = "allow-non-canonical-userids", help = "Don't reject user IDs that are not in canonical form", long_help = "\ Don't reject user IDs that are not in canonical form Canonical user IDs are of the form `Name (Comment) \ `.", )] pub allow_non_canonical_userids: bool, #[clap( long = "no-userids", help = "Create a key without any user IDs", conflicts_with_all = ["names", "emails", "userid"], )] pub no_userids: bool, #[clap( long = "cipher-suite", value_name = "CIPHER-SUITE", default_value_t = Default::default(), help = "Select the cryptographic algorithms for the key", long_help = config::augment_help( "key.generate.cipher-suite", "Select the cryptographic algorithms for the key"), value_enum, )] pub cipher_suite: CipherSuite, /// Workaround for https://github.com/clap-rs/clap/issues/3846 #[clap(skip)] pub cipher_suite_source: Option, #[clap( long = "profile", value_name = "PROFILE", default_value_t = Default::default(), help = "Select the OpenPGP standard for the key", long_help = config::augment_help( "key.generate.profile", "Select the OpenPGP standard for the key As OpenPGP evolves, new versions will become available. This option \ selects the version of OpenPGP to use for the newly generated key. Currently, sq supports two profiles: RFC9580 and RFC4880. Currently, \ the default is RFC4880. However, once support for RFC9580 is rolled \ out further, the default will change in a future version of sq."), value_enum, )] pub profile: Profile, /// Workaround for https://github.com/clap-rs/clap/issues/3846 #[clap(skip)] pub profile_source: Option, #[clap( long = "new-password-file", value_name = "PASSWORD_FILE", help = "\ File containing password to encrypt the secret key material", long_help = "\ File containing password to encrypt the secret key material Note that the entire key file will be used as the password including \ any surrounding whitespace like a trailing newline.", conflicts_with = "without_password", )] pub new_password_file: Option, #[clap( long = "without-password", help = "Don't protect the secret key material with a password", )] pub without_password: bool, #[command(flatten)] pub expiration: ExpirationArg, #[clap( long = "can-sign", help ="Add a signing-capable subkey (default)", )] pub can_sign: bool, #[clap( long = "cannot-sign", help = "Don't add a signing-capable subkey", )] pub cannot_sign: bool, #[clap( long = "can-authenticate", help = "Add an authentication-capable subkey (default)", )] pub can_authenticate: bool, #[clap( long = "cannot-authenticate", help = "Don't add an authentication-capable subkey", )] pub cannot_authenticate: bool, #[clap( long = "can-encrypt", value_name = "PURPOSE", help = "Add an encryption-capable subkey [default: universal]", long_help = "\ Add an encryption-capable subkey [default: universal] Encryption-capable subkeys can be marked as suitable for transport \ encryption, storage encryption, or both, i.e., universal.", value_enum, )] pub can_encrypt: Option, #[clap( long = "cannot-encrypt", help = "Don't add an encryption-capable subkey", )] pub cannot_encrypt: bool, #[clap( long, value_name = FileOrStdout::VALUE_NAME, help = "Write the key to the specified file", long_help = "\ Write the key to the specified file When not specified, the key is saved on the key store.", requires = "rev_cert", )] pub output: Option, #[clap( long = "rev-cert", value_name = "FILE", help = "Write the emergency revocation certificate to FILE", long_help = format!("\ Write the emergency revocation certificate to FILE When the key is stored on the key store, the revocation certificate is \ stored in {} by default. When `--output` is specified, the revocation certificate is written to \ the file specified by `--rev-cert`. If `--output` is `-`, then this option must not also be `-`.", sequoia_directories::Home::default() .map(|home| { let p = home.data_dir(sequoia_directories::Component::Other( "revocation-certificates".into())); let p = p.display().to_string(); if let Some(home) = dirs::home_dir() { let home = home.display().to_string(); if let Some(rest) = p.strip_prefix(&home) { return format!("$HOME{}", rest); } } p }) .unwrap_or("".to_string())) )] pub rev_cert: Option } const GENERATE_EXAMPLES: Actions = Actions { actions: &[ Action::example().comment("\ Generate a key, and save it on the key store." ).command(&[ "sq", "key", "generate", "--own-key", "--without-password", "--name", "Alice", "--email", "alice@example.org", ]) .hide(&["--without-password"]).build(), Action::example().comment("\ Generate a key, and save it in a file instead of in the key store." ).command(&[ "sq", "key", "generate", "--own-key", "--without-password", "--name", "Alice", "--email", "alice@example.org", "--output", "alice-priv.pgp", "--rev-cert", "alice-priv.rev", ]) .hide(&["--without-password"]).build(), ] }; test_examples!(sq_key_generate, GENERATE_EXAMPLES); sequoia-sq-1.3.1/src/cli/key/import.rs000064400000000000000000000012501046102023000157210ustar 00000000000000//! Command-line parser for `sq key import`. use std::path::PathBuf; use clap::Args; use crate::cli::examples::*; #[derive(Debug, Args)] #[clap( about = "Import keys into the key store", after_help = IMPORT_EXAMPLES, )] pub struct Command { #[clap( value_name = "KEY_FILE", help = "Read from KEY_FILE or stdin if omitted", )] pub input: Vec, } const IMPORT_EXAMPLES: Actions = Actions { actions: &[ Action::example().comment("\ Import the keys into the key store." ).command(&[ "sq", "key", "import", "alice-secret.pgp", ]).build(), ] }; test_examples!(sq_key_import, IMPORT_EXAMPLES); sequoia-sq-1.3.1/src/cli/key/list.rs000064400000000000000000000043061046102023000153670ustar 00000000000000//! Command-line parser for `sq key list`. use clap::Args; use crate::cli::examples::*; use crate::cli::types::cert_designator::*; #[derive(Debug, Args)] #[clap( about = "List keys managed by the key store", after_help = EXAMPLES, )] pub struct Command { #[command(flatten)] pub certs: CertDesignators, #[clap( value_name = "FINGERPRINT|KEYID|PATTERN", help = "A pattern to filter the displayed certificates", long_help = "\ A pattern to filter the displayed certificates If the pattern appears to be a fingerprint or key ID, it is treated as \ if it were passed to `--cert`, and matches on the certificate's \ fingerprint. Otherwise, it is treated as if it were passed via \ `--cert-grep`, and matches on user IDs. ", conflicts_with_all = &["cert", "cert-userid", "cert-email", "cert-domain", "cert-grep"], )] pub pattern: Option, } const EXAMPLES: Actions = Actions { actions: &[ Action::setup().command(&[ "sq", "key", "import", "alice-secret.pgp" ]).build(), Action::setup().command(&[ "sq", "pki", "link", "add", "--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0", "--userid=Alice ", ]).build(), Action::example().comment("\ List the keys managed by the keystore server." ).command(&[ "sq", "key", "list", ]).build(), Action::example().comment("\ List the keys managed by the keystore server \ with a user ID in example.org." ).command(&[ "sq", "key", "list", "--cert-domain=example.org", ]).build(), ] }; test_examples!(sq_key_list, EXAMPLES); /// Documentation for the cert designators for the key list. pub struct ListKeyDoc {} impl AdditionalDocs for ListKeyDoc { fn help(_: &'static str, help: &'static str) -> clap::builder::StyledStr { debug_assert!(help.starts_with("Use certificates")); help.replace("Use certificates", "List keys").into() } } sequoia-sq-1.3.1/src/cli/key/password.rs000064400000000000000000000065211046102023000162570ustar 00000000000000//! Command-line parser for `sq key password`. use std::path::PathBuf; use clap::Args; use crate::cli::types::*; use crate::cli::examples::*; use crate::cli::types::cert_designator::*; #[derive(Debug, Args)] #[clap( name = "password", about = "Change the password protecting secret key material", long_about = "\ Change the password protecting secret key material Secret key material can be protected by a password. This subcommand \ changes or clears the password. To strip the password either use `--clear` or supply a zero-length \ password when prompted for the new password. If a key is password protected, and the correct password was not \ supplied using the `--password-file` argument, the user is \ prompted for the password. Likewise, if the new password isn't \ provided, the user is prompted. ", after_help = EXAMPLES, )] pub struct Command { #[command(flatten)] pub cert: CertDesignators, #[clap( long = "new-password-file", value_name = "PASSWORD_FILE", help = "\ File containing password to encrypt the secret key material", long_help = "\ File containing password to encrypt the secret key material Note that the entire key file will be used as the password including \ any surrounding whitespace like a trailing newline." )] pub new_password_file: Option, #[clap( long, help = "Clear the password protecting the secret key material", )] pub clear_password: bool, #[clap( help = FileOrStdout::HELP_OPTIONAL, long, value_name = FileOrStdout::VALUE_NAME, )] pub output: Option, } const EXAMPLES: Actions = Actions { actions: &[ Action::setup().command(&[ "sq", "key", "import", "alice-secret.pgp" ]).build(), Action::example().comment("\ Change the password for all of Alice's keys to the password in the \ specified file." ).command(&[ "sq", "key", "password", "--new-password-file", "password-file.txt", "--cert", "EB28F26E2739A4870ECC47726F0073F60FD0CBF0" ]).build(), Action::example().comment("\ Clear the password protection for all of Alice's keys." ).command(&[ "sq", "key", "password", "--password-file", "password-file.txt", "--clear-password", "--cert", "EB28F26E2739A4870ECC47726F0073F60FD0CBF0" ]).build(), ] }; test_examples!(sq_key_password, EXAMPLES); /// Documentation for the cert designators for the key password. pub struct KeyPasswordDoc {} impl AdditionalDocs for KeyPasswordDoc { fn help(arg: &'static str, help: &'static str) -> clap::builder::StyledStr { match arg { "file" => "Change the password for the secret key material from the key \ read from PATH" .into(), _ => { debug_assert!(help.starts_with("Use certificates")); help.replace("Use certificates", "Change the password for the secret key material \ from the key") }, }.into() } } sequoia-sq-1.3.1/src/cli/key/revoke.rs000064400000000000000000000125501046102023000157070ustar 00000000000000//! Command-line parser for `sq key revoke`. use clap::Args; use crate::cli::types::ClapData; use crate::cli::types::FileOrStdout; use crate::cli::examples::*; use crate::cli::key::KeyReasonForRevocation; use crate::cli::types::cert_designator::*; const REVOKE_EXAMPLES: Actions = Actions { actions: &[ Action::setup().command(&[ "sq", "key", "import", "alice-secret.pgp" ]).build(), Action::example().comment("\ Revoke Alice's key, indicating that there is a new certificate." ).command(&[ "sq", "key", "revoke", "--cert", "EB28F26E2739A4870ECC47726F0073F60FD0CBF0", "--reason", "superseded", "--message", "My new cert is C5999E8191BF7B503653BE958B1F7910D01F86E5", ]).build(), Action::example().comment("\ Revoke the key, indicating that the secret key material was \ compromised." ).command(&[ "sq", "key", "revoke", "--cert", "EB28F26E2739A4870ECC47726F0073F60FD0CBF0", "--reason", "compromised", "--message", "Computer attacked, secret key material compromised", ]).build(), ] }; test_examples!(sq_key_revoke, REVOKE_EXAMPLES); #[derive(Debug, Args)] #[clap( about = "Revoke a certificate", long_about = "\ Revoke a certificate Creates a revocation certificate for a certificate. If `--revoker` or `--revoker-file` is provided, then that key is used \ to create the revocation certificate. If that key is different from \ the certificate that is being revoked, this results in a third-party \ revocation. This is normally only useful if the owner of the \ certificate designated the key to be a designated revoker. `sq key revoke` respects the reference time set by the top-level \ `--time` argument. When set, it uses the specified time instead of \ the current time when determining what keys are valid, and it sets \ the revocation certificate's creation time to the reference time \ instead of the current time. ", after_help = REVOKE_EXAMPLES, )] pub struct Command { #[command(flatten)] pub cert: CertDesignators, #[command(flatten)] pub revoker: CertDesignators, #[clap( long, value_name = "REASON", required = true, help = "The reason for the revocation", long_help = "\ The reason for the revocation If the reason happened in the past, you should specify that using the \ `--time` argument. This allows OpenPGP implementations to more \ accurately reason about artifacts whose validity depends on the validity \ of the certificate.", value_enum, )] pub reason: KeyReasonForRevocation, #[clap( long, value_name = "MESSAGE", required = true, help = "A short, explanatory text", long_help = "\ A short, explanatory text The text is shown to a viewer of the revocation certificate, and \ explains why the certificate has been revoked. For instance, if Alice \ has created a new key, she would generate a `superseded` revocation \ certificate for her old key, and might include the message `I've \ created a new certificate, $FINGERPRINT, please use that in the \ future.`", )] pub message: String, #[command(flatten)] pub signature_notations: crate::cli::types::SignatureNotationsArg, #[clap( long, value_name = FileOrStdout::VALUE_NAME, help = "Write to the specified FILE", long_help = "\ Write to the specified FILE If not specified, and the certificate was read from the certificate \ store, imports the modified certificate into the cert store. If not \ specified, and the certificate was read from a file, writes the \ modified certificate to stdout.", )] pub output: Option, } /// Documentation for the cert designators for the key revoke. pub struct KeyRevokeCertDoc {} impl AdditionalDocs for KeyRevokeCertDoc { fn help(arg: &'static str, help: &'static str) -> clap::builder::StyledStr { match arg { "file" => "Revoke the key read from PATH" .into(), _ => { debug_assert!(help.starts_with("Use certificates")); help.replace("Use certificates", "Revoke the key") }, }.into() } } /// Documentation for the revoker designators for the key revoke. pub struct KeyRevokeRevokerDoc {} impl AdditionalDocs for KeyRevokeRevokerDoc { fn help(_: &'static str, help: &'static str) -> clap::builder::StyledStr { format!("{} to create the revocation certificate", help.replace("certificates", "key")).into() } fn long_help(_: &'static str, help: &'static str) -> Option { Some(format!("{} to create the revocation certificate Sign the revocation certificate using the specified key. By default, \ the certificate being revoked is used. Using this option, it is \ possible to create a third-party revocation.", help.replace("certificates", "key")).into()) } } sequoia-sq-1.3.1/src/cli/key/rotate.rs000064400000000000000000000221731046102023000157140ustar 00000000000000use std::path::PathBuf; use clap::{ArgGroup, Args}; use crate::cli::KEY_ROTATE_RETIRE_IN_DURATION; use crate::cli::KEY_ROTATE_RETIRE_IN_IN_DAYS; use crate::cli::KEY_VALIDITY_DURATION; use crate::cli::KEY_VALIDITY_IN_YEARS; use crate::cli::config; use crate::cli::types::ClapData; use crate::cli::types::EncryptPurpose; use crate::cli::types::Expiration; use crate::cli::types::ExpirationArg; use crate::cli::types::FileOrStdout; use crate::cli::types::Profile; use crate::cli::types::expiration::RetireInKind; use crate::cli::types::CertDesignators; use crate::cli::types::cert_designator; use crate::cli::examples::*; use crate::cli::key::CipherSuite; #[derive(Debug, Args)] #[clap( about = "Rotate a certificate", long_about = format!( "Rotate a certificate Generates a new certificate to replace an existing one. The new certificate will have the same capabilities as the old \ certificate. This can be overridden using the `--can-sign`, \ `--cannot-sign`, etc., arguments. Note: the new certificate may have \ a different shape from the old certificate. For instance, if the old \ certificate's primary key is marked as both certification and signing \ capable, the new certificate's primary key will be certification \ capable, and it will have a signing subkey. By default the certificate expires after {} years. This can be changed \ using the `--expiration` argument. The new certificate will have the same self-signed user IDs as the old \ certificate. Revoked user IDs are ignored. The new certificate and the old certificate will cross certify each \ other as unconstrained trusted introducers. The new certificate will be linked in the same way as the old \ certificate. This can be overridden using the `--own-key`, or \ the `--shared-key` argument. The new certificate will certify the same certificates as the old \ certificate. That is, the old certificate's certifications will be \ replayed. See `sq pki vouch replay` for more information. A revocation certificate indicating that the old certificate is \ retired, and that the new certificate should be instead used will be \ issued. By default, it will go into effect in {} days. This can be \ changed or suppressed using the `--retire-in` argument. When using `--output`, the new certificate as well as all of the \ other updated certificates are written to the specified file. Stable since 1.2.0. ", KEY_VALIDITY_IN_YEARS, KEY_ROTATE_RETIRE_IN_IN_DAYS, ), after_help = ROTATE_EXAMPLES, )] #[clap(group(ArgGroup::new("cap-sign").args(&["can_sign", "cannot_sign"])))] #[clap(group(ArgGroup::new("cap-authenticate").args(&["can_authenticate", "cannot_authenticate"])))] #[clap(group(ArgGroup::new("cap-encrypt").args(&["can_encrypt", "cannot_encrypt"])))] #[clap(mut_arg("expiration", |arg| { arg.default_value(Expiration::from_duration(KEY_VALIDITY_DURATION)) }))] #[clap(mut_arg("retire-in", |arg| { arg.default_value(Expiration::from_duration(KEY_ROTATE_RETIRE_IN_DURATION)) }))] pub struct Command { #[command(flatten)] pub cert: CertDesignators, #[clap( long = "own-key", help = "Mark the key as one's own key", long_help = "Mark the key as one's own key The newly generated key with all of its user IDs will be marked as \ authenticated and as a fully trusted introducer.", )] pub own_key: bool, #[clap( long = "shared-key", help = "Mark the key as a shared key", long_help = "Mark the key as a shared key The newly generated key with all of its user IDs will be marked as \ authenticated, but not as a trusted introducer. Further, the key \ metadata will indicate that this is a shared key. Use this option if you plan to share this key with other people. \ Normally, you shouldn't share keys material. An example of where you \ might want to do this is a shared mailbox." )] pub shared_key: bool, #[clap( long = "cipher-suite", value_name = "CIPHER-SUITE", default_value_t = Default::default(), help = "Select the cryptographic algorithms for the key", long_help = config::augment_help( "key.generate.cipher-suite", "Select the cryptographic algorithms for the key"), value_enum, )] pub cipher_suite: CipherSuite, /// Workaround for https://github.com/clap-rs/clap/issues/3846 #[clap(skip)] pub cipher_suite_source: Option, #[clap( long = "profile", value_name = "PROFILE", default_value_t = Default::default(), help = "Select the OpenPGP standard for the key", long_help = config::augment_help( "key.generate.profile", "Select the OpenPGP standard for the key As OpenPGP evolves, new versions will become available. This option \ selects the version of OpenPGP to use for the newly generated key. Currently, sq supports only one version: RFC4880. Consequently, this \ is the default. However, there is already a newer version of the \ standard: RFC9580. And, the default will change in a future version of \ sq."), value_enum, )] pub profile: Profile, /// Workaround for https://github.com/clap-rs/clap/issues/3846 #[clap(skip)] pub profile_source: Option, #[clap( long = "new-password-file", value_name = "PASSWORD_FILE", help = "\ File containing password to encrypt the secret key material", long_help = "\ File containing password to encrypt the secret key material Note that the entire key file will be used as the password including \ any surrounding whitespace like a trailing newline.", conflicts_with = "without_password", )] pub new_password_file: Option, #[clap( long = "without-password", help = "Don't protect the secret key material with a password", )] pub without_password: bool, #[command(flatten)] pub expiration: ExpirationArg, #[command(flatten)] pub retire_in: ExpirationArg, #[clap( long = "can-sign", help ="Add a signing-capable subkey", )] pub can_sign: bool, #[clap( long = "cannot-sign", help = "Don't add a signing-capable subkey", )] pub cannot_sign: bool, #[clap( long = "can-authenticate", help = "Add an authentication-capable subkey", )] pub can_authenticate: bool, #[clap( long = "cannot-authenticate", help = "Don't add an authentication-capable subkey", )] pub cannot_authenticate: bool, #[clap( long = "can-encrypt", value_name = "PURPOSE", help = "Add an encryption-capable subkey", long_help = "\ Add an encryption-capable subkey Encryption-capable subkeys can be marked as suitable for transport \ encryption, storage encryption, or both, i.e., universal.", value_enum, )] pub can_encrypt: Option, #[clap( long = "cannot-encrypt", help = "Don't add an encryption-capable subkey", )] pub cannot_encrypt: bool, #[clap( long, value_name = FileOrStdout::VALUE_NAME, help = "Write the key to the specified file", long_help = "\ Write the key to the specified file When not specified, the key is saved on the key store.", requires = "rev_cert", )] pub output: Option, #[clap( long = "rev-cert", value_name = "FILE", help = "Write the emergency revocation certificate to FILE", long_help = format!("\ Write the emergency revocation certificate to FILE When the key is stored on the key store, the revocation certificate is \ stored in {} by default. When `--output` is specified, the revocation certificate is written to \ the file specified by `--rev-cert`. If `--output` is `-`, then this option must not also be `-`.", sequoia_directories::Home::default() .map(|home| { let p = home.data_dir(sequoia_directories::Component::Other( "revocation-certificates".into())); let p = p.display().to_string(); if let Some(home) = dirs::home_dir() { let home = home.display().to_string(); if let Some(rest) = p.strip_prefix(&home) { return format!("$HOME{}", rest); } } p }) .unwrap_or("".to_string())) )] pub rev_cert: Option } const ROTATE_EXAMPLES: Actions = Actions { actions: &[ Action::setup().command(&[ "sq", "key", "import", "alice-secret.pgp", ]).build(), Action::example().comment("\ Rotates Alice's certificate." ).command(&[ "sq", "key", "rotate", "--without-password", "--cert", "EB28F26E2739A4870ECC47726F0073F60FD0CBF0", ]) .hide(&["--without-password"]).build(), ], }; test_examples!(sq_key_rotate, ROTATE_EXAMPLES); sequoia-sq-1.3.1/src/cli/key/subkey/add.rs000064400000000000000000000140011046102023000164370ustar 00000000000000use std::path::PathBuf; use clap::Args; use clap::ArgGroup; use crate::cli::examples; use examples::Action; use examples::Actions; use crate::cli::config; use crate::cli::key::CipherSuite; use crate::cli::types::CertDesignators; use crate::cli::types::ClapData; use crate::cli::types::EncryptPurpose; use crate::cli::types::ExpirationArg; use crate::cli::types::FileOrStdout; use crate::cli::types::cert_designator; pub struct AdditionalDocs {} impl cert_designator::AdditionalDocs for AdditionalDocs { fn help(arg: &'static str, help: &'static str) -> clap::builder::StyledStr { match arg { "file" => "Add a subkey to the key read from PATH" .into(), _ => { debug_assert!(help.starts_with("Use certificates")); help.replace("Use certificates", "Add a subkey to the key") .into() }, } } } #[derive(Debug, Args)] #[clap( about = "Add a new subkey to a certificate", long_about = "\ Add a new subkey to a certificate A subkey has one or more capabilities. `--can-sign` sets the signing capability, and means that the key may \ be used for signing. `--can-authenticate` sets the authentication \ capability, and means that the key may be used for authentication \ (e.g., as an SSH key). `--can-certify` sets the certificate \ capability, and means that the key may be used to make third-party \ certifications. These capabilities may be combined. `--can-encrypt=storage` sets the storage encryption capability, and \ means that the key may be used for storage \ encryption. `--can-encrypt=transport` sets the transport encryption \ capability, and means that the key may be used for transport \ encryption. `--can-encrypt=universal` sets both the storage and the \ transport encryption capability, and means that the key may be used \ for both storage and transport encryption. The encryption \ capabilities must not be combined with the signing or authentication \ capability. Normally, `sq` prompts the user for a password to use to encrypt the \ secret key material. The password for the new subkey may be different \ from the other keys. When using `--without-password`, `sq` doesn't \ prompt for a password, and doesn't password-protect the subkey. By default a new subkey doesn't expire on its own. However, its \ validity period is limited by that of the certificate. Using the \ `--expiration` argument allows setting a different expiration time. `sq key subkey add` respects the reference time set by the top-level \ `--time` argument. It sets the creation time of the subkey to the specified \ time. ", after_help = EXAMPLES, )] #[clap(group(ArgGroup::new("authentication-group").args(&["can_authenticate", "can_encrypt"])))] #[clap(group(ArgGroup::new("sign-group").args(&["can_sign", "can_encrypt"])))] #[clap(group(ArgGroup::new("required-group").args(&["can_authenticate", "can_sign", "can_encrypt"]).required(true)))] pub struct Command { #[command(flatten)] pub cert: CertDesignators< cert_designator::CertUserIDEmailFileArgs, cert_designator::CertPrefix, cert_designator::OneValueAndFileRequiresOutput, AdditionalDocs>, #[clap( long, value_name = "CIPHER-SUITE", default_value_t = CipherSuite::Cv25519, help = "Select the cryptographic algorithms for the subkey", long_help = config::augment_help( "key.generate.cipher-suite", "Select the cryptographic algorithms for the subkey"), value_enum, )] pub cipher_suite: CipherSuite, /// Workaround for https://github.com/clap-rs/clap/issues/3846 #[clap(skip)] pub cipher_suite_source: Option, #[command(flatten)] pub expiration: ExpirationArg, #[clap( long, help = "Add a signing-capable subkey", )] pub can_sign: bool, #[clap( long, help = "Add an authentication-capable subkey", )] pub can_authenticate: bool, #[clap( long, value_name = "PURPOSE", help = "Add an encryption-capable subkey [default: universal]", long_help = "\ Add an encryption-capable subkey [default: universal] Encryption-capable subkeys can be marked as suitable for transport \ encryption, storage encryption, or both, i.e., universal.", value_enum, )] pub can_encrypt: Option, #[clap( long = "new-password-file", value_name = "PASSWORD_FILE", help = "\ File containing password to encrypt the secret key material", long_help = "\ File containing password to encrypt the secret key material Note that the entire key file will be used as the password including \ any surrounding whitespace like a trailing newline.", conflicts_with = "without_password", )] pub new_password_file: Option, #[clap( long, help = "Don't protect the subkey's secret key material with a password", )] pub without_password: bool, #[clap( long, value_name = FileOrStdout::VALUE_NAME, help = "Write to the specified FILE", long_help = "\ Write to the specified FILE If not specified, and the certificate was read from the certificate \ store, imports the modified certificate into the key store. If not \ specified, and the certificate was read from a file, writes the \ modified certificate to stdout.", )] pub output: Option, } const EXAMPLES: Actions = Actions { actions: &[ Action::setup().command(&[ "sq", "key", "import", "alice-secret.pgp", ]).build(), Action::example().comment("\ Add a new signing-capable subkey to Alice's key." ).command(&[ "sq", "key", "subkey", "add", "--without-password", "--can-sign", "--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0", ]) .hide(&["--without-password"]).build(), ] }; test_examples!(sq_key_subkey_add, EXAMPLES); sequoia-sq-1.3.1/src/cli/key/subkey/bind.rs000064400000000000000000000140551046102023000166340ustar 00000000000000use clap::Args; use clap::ArgGroup; use sequoia_openpgp as openpgp; use openpgp::KeyHandle; use crate::cli::examples; use examples::Action; use examples::Actions; use crate::cli::types::CertDesignators; use crate::cli::types::ClapData; use crate::cli::types::EncryptPurpose; use crate::cli::types::ExpirationArg; use crate::cli::types::FileOrStdout; use crate::cli::types::Time; use crate::cli::types::cert_designator; pub struct AdditionalDocs {} impl cert_designator::AdditionalDocs for AdditionalDocs { fn help(arg: &'static str, help: &'static str) -> clap::builder::StyledStr { match arg { "file" => "Add the specified subkeys to the key read from PATH" .into(), _ => { debug_assert!(help.starts_with("Use certificates")); help.replace("Use certificates", "Add the specified subkeys on the key") .into() }, } } } #[derive(Debug, Args)] #[clap( name = "bind", about = "Bind keys from one certificate to another", long_about = "\ Bind keys from one certificate to another This command allows the user to attach a primary key or a subkey \ attached to one certificate to another certificate. Say you want to \ transition to a new certificate, but have an authentication subkey on \ your current certificate that you want to keep because it allows access \ a server and updating its configuration is not feasible. This command \ makes it easy to attach the subkey to the new certificate. After the operation, the key is bound both to the old certificate and to \ the new one. To remove secret key material from the old certificate, use \ `sq key subkey delete` or `sq key delete`, as appropriate. To revoke the \ old subkey or key, use `sq key subkey revoke` or `sq key revoke`, \ respectively. ", after_help = EXAMPLES, )] #[clap(group(ArgGroup::new("cap-sign").args(&["can_sign", "cannot_sign"])))] #[clap(group(ArgGroup::new("cap-authenticate").args(&["can_authenticate", "cannot_authenticate"])))] #[clap(group(ArgGroup::new("cap-encrypt").args(&["can_encrypt", "cannot_encrypt"])))] pub struct Command { #[command(flatten)] pub cert: CertDesignators< cert_designator::CertUserIDEmailFileArgs, cert_designator::CertPrefix, cert_designator::OneValueAndFileRequiresOutput, AdditionalDocs>, #[clap( long, value_name = "KEY", required(true), help = "Add the key or subkey KEY to the certificate", )] pub key: Vec, #[clap( long, allow_hyphen_values = true, value_name = "CREATION_TIME", help = "Make bound subkeys have the specified creation time", long_help = "\ Make bound subkeys have the specified creation time Normally, the key's creation time is preserved. The exception is if \ the key's creation time is the Unix epoch. In that case, the current \ time is used. This option allows setting the key's creation time to a specified value. \ Note: changing a key's creation time also changes its fingerprint. \ Changing the fingerprint will make it impossible to look up the key for \ the purpose of signature verification, for example.", )] pub creation_time: Option