smallstep · dopey · Jul 12, 2024 · Jul 12, 2024
diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml
@@ -0,0 +1,17 @@
+name: Lint GitHub Actions workflows
+on:
+  push:
+  workflow_call:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  actionlint:
+    uses: smallstep/workflows/.github/workflows/actionlint.yml@main
+    secrets: inherit
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -26,6 +26,23 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ---
 
+## [0.27.0] - 2024-07-11
+
+### Changed
+
+- Makefile: install to /usr/local/bin, not /usr/bin (smallstep/cli#1214)
+
+### Fixed
+
+- Set proper JOSE algorithm for Ed25519 keys (smallstep/cli#1208)
+- Makefile: usage of install command line flags on MacOS (smallstep/cli#1212)
+- Restore operation of '--bundle' flag in certificate inspect (smallstep/cli#1215)
+- Fish completion (smallstep/cli#1222)
+- Restore operation of inspect CSR from STDIN (smallstep/cli#1232)
+
+### Security
+
+
 ## [0.26.2] - 2024-06-13
 
 ### Added

diff --git a/command/certificate/inspect.go b/command/certificate/inspect.go
@@ -11,6 +11,7 @@
 	"github.com/pkg/errors"
 	"github.com/smallstep/certinfo"
 	"github.com/smallstep/cli/flags"
+	"github.com/smallstep/cli/utils"
 	zx509 "github.com/smallstep/zcrypto/x509"
 	"github.com/urfave/cli"
 	"go.step.sm/cli-utils/errs"
@@ -218,17 +219,22 @@
 		}
 		return inspectCertificates(ctx, peerCertificates[:1], os.Stdout)
 	default: // is not URL
+		b, err := utils.ReadFile(crtFile)
+		if err != nil {
+			return errors.Wrapf(err, "error reading file %s", crtFile)
+		}
+
 		var pemError *pemutil.InvalidPEMError
-		crts, err := pemutil.ReadCertificateBundle(crtFile)
+		crts, err := pemutil.ParseCertificateBundle(b)
 		switch {
 		case errors.As(err, &pemError) && pemError.Type == pemutil.PEMTypeCertificate:
-			csr, err := pemutil.ReadCertificateRequest(crtFile)
+			csr, err := pemutil.ParseCertificateRequest(b)
 			if err != nil {
 				return errors.Errorf("file %s does not contain any valid CERTIFICATE or CERTIFICATE REQUEST blocks", crtFile)
 			}
 			return inspectCertificateRequest(ctx, csr, os.Stdout)
 		case err != nil:
-			return err
+			return fmt.Errorf("error parsing %s: %w", crtFile, err)
 		default:
 			if bundle {
 				return inspectCertificates(ctx, crts, os.Stdout)

diff --git a/go.mod b/go.mod
@@ -26,7 +26,7 @@ require (
 	github.com/urfave/cli v1.22.15
 	go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352
 	go.step.sm/cli-utils v0.9.0
-	go.step.sm/crypto v0.49.0
+	go.step.sm/crypto v0.50.0
 	go.step.sm/linkedca v0.22.1
 	golang.org/x/crypto v0.25.0
 	golang.org/x/sys v0.22.0

diff --git a/go.sum b/go.sum
@@ -473,8 +473,8 @@ go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y
 go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
 go.step.sm/cli-utils v0.9.0 h1:55jYcsQbnArNqepZyAwcato6Zy2MoZDRkWW+jF+aPfQ=
 go.step.sm/cli-utils v0.9.0/go.mod h1:Y/CRoWl1FVR9j+7PnAewufAwKmBOTzR6l9+7EYGAnp8=
-go.step.sm/crypto v0.49.0 h1:J4qW5/ODYeHJFAM4PuNLSHKBMGWh4iwX6Tcrsp42r+U=
-go.step.sm/crypto v0.49.0/go.mod h1:NCFMhLS6FJXQ9sD9PP282oHtsBWLrI6wXZY0eOkq7t8=
+go.step.sm/crypto v0.50.0 h1:BqI9sEgocoHDLLHiZnFqdqXl5FjdMvOWKMm/fKL/lrw=
+go.step.sm/crypto v0.50.0/go.mod h1:NCFMhLS6FJXQ9sD9PP282oHtsBWLrI6wXZY0eOkq7t8=
 go.step.sm/linkedca v0.22.1 h1:GvprpH9P4Sv9U+eZ3bxDgRSSpW14cFDYpe1kS6yWLkw=
 go.step.sm/linkedca v0.22.1/go.mod h1:dOKdF4HSn73YUEkfS5/FECngZmBtj2Il5DTKWXY4S6Y=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=