doc: rewrite TRC ceremony documentation to include scion-pki (#4615)

Rewrite the TRC ceremony documentation to include the scion-pki tool
which is a lot more ergonomic than openssl based approach. The openssl
based approach is still kept such that people do not need to trust the
distributed scion-pki tool.

Furthermore, the documentation and tests are updated to use openssl
3.0.14.

And finally, the scion-pki tool is extended to support RFC3339 based
timestamps when creating TRC payloads for both NotBefore and NotAfter
fields. The legacy unix timestamp and duration based validity time are
still supported.

Makefile

@@ -86,6 +86,7 @@ mocks:
 
 gazelle: go_deps.bzl
 	bazel run //:gazelle --verbose_failures --config=quiet
+	./tools/buildrill/go_integration_test_sync
 
 licenses:
 	tools/licenses.sh

doc/command/scion-pki/scion-pki_trc.rst

@@ -27,7 +27,7 @@ SEE ALSO
 * :ref:`scion-pki trc combine <scion-pki_trc_combine>` 	 - Combine partially signed TRCs
 * :ref:`scion-pki trc extract <scion-pki_trc_extract>` 	 - Extract parts of a signed TRC
 * :ref:`scion-pki trc format <scion-pki_trc_format>` 	 - Reformat a TRC or TRC payload
-* :ref:`scion-pki trc inspect <scion-pki_trc_inspect>` 	 - Represent TRC in a human readable form
+* :ref:`scion-pki trc inspect <scion-pki_trc_inspect>` 	 - Print TRC details in a human readable format
 * :ref:`scion-pki trc payload <scion-pki_trc_payload>` 	 - Generate new TRC payload
 * :ref:`scion-pki trc sign <scion-pki_trc_sign>` 	 - Sign a TRC
 * :ref:`scion-pki trc verify <scion-pki_trc_verify>` 	 - Verify a TRC chain

doc/command/scion-pki/scion-pki_trc_inspect.rst

@@ -5,13 +5,13 @@
 scion-pki trc inspect
 ---------------------
 
-Represent TRC in a human readable form
+Print TRC details in a human readable format
 
 Synopsis
 ~~~~~~~~
 
 
-'human' outputs the TRC contents in a human readable form.
+'inspect' prints the details of a TRC a human-readable fromat.
 
 The input file can either be a TRC payload, or a signed TRC.
 The output can either be in yaml, or json.
@@ -29,8 +29,8 @@ Examples
 
 ::
 
-    scion-pki trc human ISD1-B1-S1.pld.der
-    scion-pki trc human ISD1-B1-S1.trc
+    scion-pki trc inspect ISD1-B1-S1.pld.der
+    scion-pki trc inspect ISD1-B1-S1.trc
 
 Options
 ~~~~~~~

doc/conf.py

@@ -7,9 +7,9 @@
 
 # -- Project information -----------------------------------------------------
 
-project = 'SCION'
-copyright = '2023, Anapaya Systems, ETH Zurich, SCION Association'
-author = 'Anapaya Systems, ETH Zurich, SCION Association'
+project = "SCION"
+copyright = "2023, Anapaya Systems, ETH Zurich, SCION Association"
+author = "Anapaya Systems, ETH Zurich, SCION Association"
 
 
 # -- General configuration ---------------------------------------------------
@@ -18,32 +18,37 @@
 # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
 # ones.
 extensions = [
-    'recommonmark',
-    'sphinx_rtd_theme',
-    'sphinx.ext.extlinks',
-    'sphinxcontrib.openapi',
-    'sphinx_copybutton',
+    "recommonmark",
+    "sphinx_copybutton",
+    "sphinx_design",
+    "sphinx_rtd_theme",
+    "sphinx.ext.extlinks",
+    "sphinxcontrib.openapi",
 ]
 
-copybutton_prompt_text = r'\w*\$ '  # matches e.g. <hostname>$
+copybutton_prompt_text = r"\w*\$ "  # matches e.g. <hostname>$
 copybutton_prompt_is_regexp = True
 copybutton_only_copy_prompt_lines = True
 
 
 # Add any paths that contain templates here, relative to this directory.
-templates_path = ['_templates']
+templates_path = ["_templates"]
 
 # List of patterns, relative to source directory, that match files and
 # directories to ignore when looking for source files.
 # This pattern also affects html_static_path and html_extra_path.
 exclude_patterns = [
-    'venv', 'requirements.in', 'requirements.txt',
-    '_build', 'Thumbs.db', '.DS_Store',
-    'manuals/*/*',  # manuals/<x>.rst uses "include" directive to compose files from subdirectories
-    'dev/design/TEMPLATE.rst',
+    "venv",
+    "requirements.in",
+    "requirements.txt",
+    "_build",
+    "Thumbs.db",
+    ".DS_Store",
+    "manuals/*/*",  # manuals/<x>.rst uses "include" directive to compose files from subdirectories
+    "dev/design/TEMPLATE.rst",
 ]
 
-master_doc = 'index'
+master_doc = "index"
 
 nitpicky = True
 
@@ -55,25 +60,27 @@
 # Note: somewhat obviously, these links will only work if the current rev has been pushed.
 try:
     file_ref_commit = subprocess.run(
-        ['git', 'rev-parse', "HEAD"],
-        capture_output=True, text=True, check=True
+        ["git", "rev-parse", "HEAD"], capture_output=True, text=True, check=True
     ).stdout.strip()
 except subprocess.CalledProcessError:
     file_ref_commit = "master"  # only used on unexpected problem with executing git
 
 extlinks = {
     # :issue:`123` is an issue link displayed as "#123"
-    'issue': ('https://github.com/scionproto/scion/issues/%s', '#%s'),
+    "issue": ("https://github.com/scionproto/scion/issues/%s", "#%s"),
     # :file-ref:`foo/bar.go` is a link to a file in the repo, displayed as "foo/bar.go"
-    'file-ref': ('https://github.com/scionproto/scion/blob/'+file_ref_commit+'/%s', '%s'),
+    "file-ref": (
+        "https://github.com/scionproto/scion/blob/" + file_ref_commit + "/%s",
+        "%s",
+    ),
 }
 
 # -- Options for HTML output -------------------------------------------------
 
 # The theme to use for HTML and HTML Help pages.  See the documentation for
 # a list of builtin themes.
 #
-html_theme = 'sphinx_rtd_theme'
+html_theme = "sphinx_rtd_theme"
 
 html_theme_options = dict(
     style_external_links=True,
@@ -85,8 +92,8 @@
 # Add any paths that contain custom static files (such as style sheets) here,
 # relative to this directory. They are copied after the builtin static files,
 # so a file named "default.css" will overwrite the builtin "default.css".
-html_static_path = ['']
+html_static_path = [""]
 
 html_css_files = [
-    'css/custom.css',
+    "css/custom.css",
 ]