This has been [suggested by @klausenbusk][0].

[0]: #20 (comment 201743)

Fixes: #20


Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>

Add `publish` stage and add `crates_publish` job to it to publish to
crates.io.
Use the `ci-publish` just recipe to publish to crates.io when
in tag pipeline (`CI_COMMIT_TAG` is set) and a crates.io token
(`CARGO_REGISTRY_TOKEN`) is present.

Fixes #55



Signed-off-by: David Runge <dvzrv@archlinux.org>

Add `ci-publish` recipe to allow publishing a workspace member from
GitLab CI to crates.io.
Ensures that `CARGO_REGISTRY_TOKEN` is set to provide an auth token for
crates.io, that the tag provided by `CI_COMMIT_TAG` contains a valid
workspace member and that the version matches the workspace member's
metadata.

Signed-off-by: David Runge <dvzrv@archlinux.org>

Add the `is-workspace-member` recipe to pass in a package name and
ensure that it is in fact a workspace member, according to existing
metadata.

Signed-off-by: David Runge <dvzrv@archlinux.org>

Name new just recipes used for release preparation and tagging.
Mention that releasing to crates.io is taking place in a pipeline job.

Signed-off-by: David Runge <dvzrv@archlinux.org>

Add just recipe to create tags for current version of a workspace member
and push the tag.
If the tag exists already, exit early.

Signed-off-by: David Runge <dvzrv@archlinux.org>

Add just recipe to extract the current version of a workspace member
by name.

Signed-off-by: David Runge <dvzrv@archlinux.org>

As the recipe uses bash, make sure to check it with shellcheck in the
`lint` recipe.

Signed-off-by: David Runge <dvzrv@archlinux.org>

Add just recipe for preparing a release.
Add just recipe for tagging based on a package version.

Signed-off-by: David Runge <dvzrv@archlinux.org>

Instead of relying on the private type `openpgp::KeyUsageFlags`, use the
publicly exported type alias `OpenPgpKeyUsageFlags`.

Signed-off-by: David Runge <dvzrv@archlinux.org>

The function `NetHsm::add_openpgp_cert` only creates an OpenPGP
certificate and does not in fact persist the resulting certificate in
the NetHSM.
Persisting the certificate using `NetHsm::import_key_certificate` would
require switching to a user in the Administrator role and the function
would therefore require using both users in the Operator and in the
Administrator role.
Renaming the function to `NetHsm::create_openpgp_cert` and adapting
its documentation is the more future-proof solution, as it narrows the
permission scope and reflects the current implementation properly.

Signed-off-by: David Runge <dvzrv@archlinux.org>

Clarify, that we are returning X.509 PEM format.

Fixes #46



Signed-off-by: David Runge <dvzrv@archlinux.org>

Document, that no authentication with a user is required when calling
`unlock`.

Relates to #26



Signed-off-by: David Runge <dvzrv@archlinux.org>

Split tests for retrieval of TLS public key, as using two separate
fixtures that provide a running container may lead to a blocking test
on faster machines.

Signed-off-by: David Runge <dvzrv@archlinux.org>

This PR adds two commands to the `justfile`:
  - `just generate shell_completions nethsm-cli`
  - `just generate manpages nethsm-cli`

It also makes the `nethsm-cli` expose a minimal set of APIs for
exposing CLI interface for `clap_allgen`.

Fixes: #45


Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>

Fixes: #47
See: https://nethsmdemo.nitrokey.com/api_docs/index.html#/default/get_keys__KeyID__cert


Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>

Signed-off-by: renovate <renovate@archlinux.org>

Fixes: #36


Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>

Fixes: #37


Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>

Fixes: #19
Fixes: #37


Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>

See: https://docs.rs/nethsm/latest/nethsm/struct.NetHsm.html#method.get_key_certificate


Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>

Fixes #14



Signed-off-by: David Runge <dvzrv@archlinux.org>

The md-5 dependency is in fact used, but cargo-machete appears to not be
able to detect its use correctly.

Signed-off-by: David Runge <dvzrv@archlinux.org>

Add cargo-machete and jq to `PACMAN_PACKAGES` as they are both required
for detecting unused dependencies.

Signed-off-by: David Runge <dvzrv@archlinux.org>

Add `get-workspace-members` recipe to get the names of all workspace
members.
Add `check-unused-deps` recipe to detect unused dependencies using
`cargo-machete`.

Signed-off-by: David Runge <dvzrv@archlinux.org>

According to upstream documentation, a user in the Backup not in the
Administrator role is required:
https://docs.nitrokey.com/nethsm/administration#backup

Fixes #40



Signed-off-by: David Runge <dvzrv@archlinux.org>

Fixes: #26


Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>

Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>

Fixes: #15


Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>

Unfortunately due to `just` limitations it is not possible to cleanly
extract all bash code fragments so we check only the most significant tasks.

See: https://github.com/casey/just/issues/1456#issuecomment-1937883004
Fixes: #30


Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>

See: #30


Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>

Signed-off-by: renovate <renovate@archlinux.org>

We are experiencing issues with uploading of update files never
returning.
This is due to us reusing nethsm-py-sdk's dummy update file, which is
now too old to be able to update the container.
Changes to the tagging scheme, as well as a central, versioned location
for testing update files have been requested upstream in
https://github.com/Nitrokey/nethsm/issues/8

Fixes #32



Signed-off-by: David Runge <dvzrv@archlinux.org>

This patch introduces a commented-out section which waits for the
NetHSM device to be operational before continuing. This makes the
venerable `sleep 2` call unnecessary and uses a more granular `sleep
1` call instead.

Fixes: #23


Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>

renovate authored 8 months ago and David Runge committed 8 months ago

Signed-off-by: renovate <renovate@archlinux.org>

Although multipart is unmaintained, upstream nethsm-sdk-rs still relies
on it until a better alternative is found:
https://github.com/Nitrokey/nethsm-sdk-rs/issues/29



Signed-off-by: David Runge <dvzrv@archlinux.org>

Use the admin user credentials before calling the `restore` function,
which allows for the restore to succeed.

Fixes #8



Signed-off-by: David Runge <dvzrv@archlinux.org>

Signed-off-by: renovate <renovate@archlinux.org>

Add information on documentation licensing under CC-BY-SA-4.0.
Add information on reuse configuration and that individual contributors
are summarized as "Signstar Contributors" instead of being attributed
individually.

Signed-off-by: David Runge <dvzrv@archlinux.org>

The top-level MIT-only license file is superseded by the more granular
license setup using reuse.

Signed-off-by: David Runge <dvzrv@archlinux.org>