vcswatch reports that
this package seems to have new commits in its VCS but has
not yet updated debian/changelog. You should consider updating
the Debian changelog and uploading this new version into the archive.
Here are the relevant commit logs:
commit 67f26da9c26e544b723ac73ac67383519c873e30
Author: Jonathan McDowell <noodles@earth.li>
Date: Sun Jul 3 11:16:14 2022 +0100
Fix deletion of keys with PostgreSQL backend
In pg_delete_key() we deleted the key from onak_keys as the first
action, which would fail because the other tables had a reference to
that object via a foreign key relation. The correct approach is to
delete the key itself last, after the signature and UID tables have had
their entries deleted.
commit 30a4eee133c15503dad435c8ce41953d94492c28
Author: Jonathan McDowell <noodles@earth.li>
Date: Sat May 28 19:12:28 2022 +0100
Use an onak subdir for the keyd socket
Instead of putting keyd.sock file directly in /run create a /run/onak
which can then be owned by the onak user. Otherwise keyd will have
problems creating the socket when activated directly instead of via the
socket unit file.
commit 58ed9a0076feb9604154b99da6ed1907ca7df089
Author: Jonathan McDowell <noodles@earth.li>
Date: Thu Feb 3 19:07:58 2022 +0000
Fix handling of other signature requirement
Two fixes related to the check that a key has another signature on it.
Firstly, if any of the UIDs has a signature from another key then allow
all of them. Otherwise it's not possible to add a new UID to an existing
key. Our primary concern is that the key is linked into the WoT, rather
than policing individual UIDs.
Secondly, if a key is already present in the backend database then don't
perform the other signature check. If we've added to the backend and all
of the cross signatures are removed then it would be no longer possible
to update the key, which isn't what we want. If we've trusted it at some
point and added it then we should allow verifiable updates, even if
there are no valid cross signatures left.
commit b817e792ee453485b117eefad128971c59ea576f
Author: Jonathan McDowell <noodles@earth.li>
Date: Sat Jan 2 11:31:27 2021 +0000
Don't take creation time from unhashed subpackets
When looking at the subpackets for a signature don't use the unhashed
set to obtain the creation time, and only use them for the keyid if it
wasn't present in the hashed section.
Fixes #3
commit 97be85bfba76b9ed0aa6ad01afc7c6efc4b370d5
Author: Jonathan McDowell <noodles@earth.li>
Date: Sat Jan 2 11:18:55 2021 +0000
Switch to re-entrant versions of *time functions
We're not running these in a multi-threaded scenario at present, but it
makes sense to avoid them.
commit 743957a08f068529d3add3e8485678b4e5034195
Author: Jonathan McDowell <noodles@earth.li>
Date: Sat Jan 2 11:05:46 2021 +0000
Remove dead store in generic_fetch_key
We don't use curkey once we've found the key, so there's no need to set
it here.
commit 8e4c1600cae6c6d71ec0c8843d11354842a4feba
Author: Jonathan McDowell <noodles@earth.li>
Date: Sat Jan 2 11:04:33 2021 +0000
Fix missing break in ECDSA/SHA1 sigcheck
We were mistakenly falling through to the ECDSA/SHA256 check.
commit 5d606c2c010784f3d7ceaa4fd9a604b1147fa18d
Author: Jonathan McDowell <noodles@earth.li>
Date: Sun Sep 13 12:11:45 2020 +0100
Update Debian changelog for 0.6.1-1 package
commit 7c7a806438437e48ce07033fdaad06d3af411c8a
Author: Jonathan McDowell <noodles@earth.li>
Date: Sun Sep 13 12:08:08 2020 +0100
Reformat debian/NEWS file appropriately
commit d8947462f94fabc9181b546081fec58cf730b025
Author: Jonathan McDowell <noodles@earth.li>
Date: Sun Sep 13 12:04:18 2020 +0100
Bump Debian Standards-Version to 4.5.0
commit aeb10ae51866188f242025821d10ad4735fea9c7
Author: Jonathan McDowell <noodles@earth.li>
Date: Sun Sep 13 11:59:29 2020 +0100
Rename debian/NEWS.Debian to debian/NEWS
Lintian inspired cleanup.
commit de18b56efecadc4b5d2473904828db9c08cd2162
Author: Jonathan McDowell <noodles@earth.li>
Date: Sun Sep 13 11:57:56 2020 +0100
Remove --with-systemd option to dh