diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml new file mode 100644 index 000000000..8e9248e08 --- /dev/null +++ b/.github/workflows/actionlint.yml @@ -0,0 +1,17 @@ +name: Lint GitHub Actions workflows +on: + push: + workflow_call: + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +permissions: + contents: write + pull-requests: write + +jobs: + actionlint: + uses: smallstep/workflows/.github/workflows/actionlint.yml@main + secrets: inherit diff --git a/CHANGELOG.md b/CHANGELOG.md index 016307515..23a0846ee 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,23 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. --- +## [0.27.0] - 2024-07-11 + +### Changed + +- Makefile: install to /usr/local/bin, not /usr/bin (smallstep/cli#1214) + +### Fixed + +- Set proper JOSE algorithm for Ed25519 keys (smallstep/cli#1208) +- Makefile: usage of install command line flags on MacOS (smallstep/cli#1212) +- Restore operation of '--bundle' flag in certificate inspect (smallstep/cli#1215) +- Fish completion (smallstep/cli#1222) +- Restore operation of inspect CSR from STDIN (smallstep/cli#1232) + +### Security + + ## [0.26.2] - 2024-06-13 ### Added diff --git a/command/certificate/inspect.go b/command/certificate/inspect.go index 1c4253ecd..1f56443f8 100644 --- a/command/certificate/inspect.go +++ b/command/certificate/inspect.go @@ -11,6 +11,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certinfo" "github.com/smallstep/cli/flags" + "github.com/smallstep/cli/utils" zx509 "github.com/smallstep/zcrypto/x509" "github.com/urfave/cli" "go.step.sm/cli-utils/errs" @@ -218,17 +219,22 @@ func inspectAction(ctx *cli.Context) error { } return inspectCertificates(ctx, peerCertificates[:1], os.Stdout) default: // is not URL + b, err := utils.ReadFile(crtFile) + if err != nil { + return errors.Wrapf(err, "error reading file %s", crtFile) + } + var pemError *pemutil.InvalidPEMError - crts, err := pemutil.ReadCertificateBundle(crtFile) + crts, err := pemutil.ParseCertificateBundle(b) switch { case errors.As(err, &pemError) && pemError.Type == pemutil.PEMTypeCertificate: - csr, err := pemutil.ReadCertificateRequest(crtFile) + csr, err := pemutil.ParseCertificateRequest(b) if err != nil { return errors.Errorf("file %s does not contain any valid CERTIFICATE or CERTIFICATE REQUEST blocks", crtFile) } return inspectCertificateRequest(ctx, csr, os.Stdout) case err != nil: - return err + return fmt.Errorf("error parsing %s: %w", crtFile, err) default: if bundle { return inspectCertificates(ctx, crts, os.Stdout) diff --git a/go.mod b/go.mod index 823d369d1..6dff6584c 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/urfave/cli v1.22.15 go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 go.step.sm/cli-utils v0.9.0 - go.step.sm/crypto v0.49.0 + go.step.sm/crypto v0.50.0 go.step.sm/linkedca v0.22.1 golang.org/x/crypto v0.25.0 golang.org/x/sys v0.22.0 diff --git a/go.sum b/go.sum index bc3d4d323..9450ca069 100644 --- a/go.sum +++ b/go.sum @@ -473,8 +473,8 @@ go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU= go.step.sm/cli-utils v0.9.0 h1:55jYcsQbnArNqepZyAwcato6Zy2MoZDRkWW+jF+aPfQ= go.step.sm/cli-utils v0.9.0/go.mod h1:Y/CRoWl1FVR9j+7PnAewufAwKmBOTzR6l9+7EYGAnp8= -go.step.sm/crypto v0.49.0 h1:J4qW5/ODYeHJFAM4PuNLSHKBMGWh4iwX6Tcrsp42r+U= -go.step.sm/crypto v0.49.0/go.mod h1:NCFMhLS6FJXQ9sD9PP282oHtsBWLrI6wXZY0eOkq7t8= +go.step.sm/crypto v0.50.0 h1:BqI9sEgocoHDLLHiZnFqdqXl5FjdMvOWKMm/fKL/lrw= +go.step.sm/crypto v0.50.0/go.mod h1:NCFMhLS6FJXQ9sD9PP282oHtsBWLrI6wXZY0eOkq7t8= go.step.sm/linkedca v0.22.1 h1:GvprpH9P4Sv9U+eZ3bxDgRSSpW14cFDYpe1kS6yWLkw= go.step.sm/linkedca v0.22.1/go.mod h1:dOKdF4HSn73YUEkfS5/FECngZmBtj2Il5DTKWXY4S6Y= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=