- MDQT now requires Ruby 3.0 or later, due to updated dependencies and their requirements
- MDQT now installs XML handling gems automatically - Nokogiri and XMLDSig are no longer optional. Nokogiri seems to be less troublesome to install now and is needed by some useful current and planned features. Please let me know if this causes you any problems.
- New HTTP library means caching should be slightly faster and HTTP2 is now supported
- MDQ base URLs should end with a slash, so slashless URLs are now normalised to include one.
- URLs for MDQ entity records now properly support paths - previously only MDQ services at the root path would work
mdqt checkcan now (I think) cope with SAML metadata from Microsoft AD/ADFS services full of WS-* extensions.- Tested with Ruby 3.2.0:
File.exists?has been removed from 3.2.0 (it's been deprecated for years and I used it out of habit) so this has been replaced in MDQT withFile.exist?- as a result Ruby 3.2.0 onwards will work, but Ruby older than v2.2 will no longer work.
- The inline help synopsis for
mdqt checkhas been corrected.
- Running mdqt without STDIN available (outside of a normal shell environment) can cause it to freeze unless
export MDQT_STDIN=offis set. See Issue 8 - Checking signatures on very large aggregate XML files can sometimes fail on M1/M2 MacOS and trying to work out why has made me slightly balder and a lot more puzzled. See Issue 9
- STDIN and pipes: Arguments (such as filenames and entity IDs) can now be piped into mdqt. This enables pipelining, so you can chain commands together.
- The
renamecommand now has a--linkoption that creates a symlink from the original filename to the renamed file. - The
getcommand now has a--listoption that works when--save-tois used, to list filenames being written to disk.
- Emacs backup files (so called turd files) ending with ~ and files ending with .bak are now ignored.
-
linkandrenamenow require files to be specified: you now cannot runmdqt renameto rename everything in the current directory. -
The
--link_idoption forgetsaved a link to each downloaded file that is almost the same as the filename - maybe this made sense in mdqt 0.1.0 but it's quite useless now. If anyone can remember what it was actually for I'll put it back.
- New
entitiescommand extracts entity IDs and sha1 hashes from metadata files on disk - New
lncommand will create symlinks to files using their sha1 hashes - New
lscommand will list the entity IDs of metadata files - New
listcommand lists all entity IDs available from the MDQ service - New
servicescommand shows known MDQ services and aliases - New
renamecommand renames metadata files to use their sha1 hash as a name - New
urlcommand shows the full url for an entity at the MDQ service
- Known MDQ services can be specified using simple aliases as well as URLs
- Caching is now on by default
--refreshoptions forces downloads and ignores cached data- Cache is cleaned whenever
getis used, to remove expired files - Added default service details for DFN
- Tidier output when stopped with ctrl-c
- Compatible with Ruby 3
- Updated dependencies to latest versions
- Improved test reliability and added more tests
- Extended timeouts to better handle slow networks
- The
checkcommand will validate XML files against SAML metadata schema and verify signatures - A
--validateswitch forgetforces XML validation, using basic SAML2 metadata schema - A
--tls-riskyswitch forgetdisables verification of TLS certificates
- Connection failures now show an explanation (such as TLS problems)
- "Not Required" was shown when using commands that don't interact with an MDQ server
- A missing xmldsig gem is now handled properly everywhere. Hopefully.
- Signature verification (at last!) using
--verify-withoption for get command - A
resetcommand to clear all cached metadata - A
transformcommand to convert entityID URIs to {sha1} identifiers - The
--explainoption forgetwill show header information - The
--save-tooption forgetwill write metadata to disk - The
--link-idoption forget --save-towill create aliases
- Coloured feedback
- Improved README documentation
- Servers' 304 responses for cached files are handled correctly
- Invalid SHA1 transformed identitifiers can't be sent
- 500 errors at the server will be shown correctly
- Verbose mode shows MDQT version
- Don't show empty identifier in OK message after downloading aggregate
- Cache status in introduction text is now correct
- Send Accept header rather than Content-Type header 🙄
- Option to cache HTTP requests to the MDQ service
- Supports Gzip compression by default
- Default MDQ service selection (rather crude, maybe not a good idea at all)
- Supports redirect responses
- Helpful error messages and status messages
- Verbose mode will show successful connection information
- Warnings about unspecified MDQ service
- Catch bad URLs for the MDQ service and fail with a better error message
- Aggregates are now requested with /entities not /entities/, as per spec
- First few Cucumber features to define and test the executable
- Beginning of an RSpec suit to define the API
- Minimum version of Ruby is now 2.1, but only 2.2+ is tested using CI
- Bug that prevented the mdqt executable from running outside a Bundler environment
- Initial release