Kecpkg-tools

Latest version: v1.1.0

Safety actively analyzes 683322 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 3

1.1.0

* :shield: Maintenance release. Deprecation of python 2.7 and all python version upto and included 3.6 as these versions are out of support.

1.0.4

* Maintenance release.
* changed CI setup to use github actions. No end-user facing changes. 10

1.0.3

* Added the capability to change the `requirements.txt` path in the generated `package_info.json`. Thanks to bastiaanbeijer

1.0.2

* fixed compatibility issue with GPG installation on windows. Now we do find the correct gpg.exe on your windows harddisk if you installed it through https://gpg4win.org/index.html.

1.0.1

Today we release Version 1.0 of the kecpkg-tools as in the past year no updates were deemed necessary. It is heavily used internally by KE-works BV and at customers to manage ke-chain script packages (KECPKG's). The major additional features of this release are the package signing ability (Python 3 only).

* Added the ability to manage signatures and keys. We built a Publik Key Infrastructure to sign packages and have the ability to trust packages signed with a developer key. The process of creating and submitting a key to be included in the trusted keyring of KE-chain will be on our [support portal](https://support.ke-chain.com) later when it is all available in KE-chain production. Please check out the documentation of the commandline interface using `kecpkg sign --help` for further information.
* The build process is does now provide a list of artifacts (ARTIFACTS) that are included in a kecpkg. The list of artifacts consist out of the (relative pathname), the hash of the file (normally sha256) and the filesize. KE-chain is able to check the contents of the kecpkgs after upload against this file and will determine of the kecpkgs is untempered on disk.
* The build process also now provides an optional `kecpkg build --sign` command flag to include a signature inside the keckpg. When package signing is enabled using the `--sign` flag, the list of artifacts (ARTIFACTS file) is signed with the cryptographic signature of the developer (ARTIFACTS.SIG). This signature can be checked by KE-chain after upload when the public key of the developer is known and trusted by KE-chain. This might enable running the contained scripts on higher than scope manager permissions.
* Adding dependent permissions on GPG on linux or windows in order to enable the package signing features.
* Added dependent packages `tabulate`, `appdirs` and `python-gnupg`.

1.0.0

Retracted release

Page 1 of 3

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.