ANN: distlib 0.2.6 released on PyPI
I've just released version 0.2.6 of distlib on PyPI [1]. For newcomers,distlib is a library of packaging functionality which is intended to beusable as the basis for third-party packaging tools. The main changes in this release are as follows: * Fixed #99: Updated to handle a case where sys.getfilesystemencoding() returns None. * Fixed #97: Eliminated a crash in EggInfoDistribution.list_distinfo_files() which was caused by trying to open a non-existent file. * Fixed #96: SimpleScrapingLocator no longer fails prematurely when scraping links due to invalid versions. * Improved error messages issued when interpreting markers. * Improved the shebangs written into installed scripts when the interpreter path is very long or contains spaces (to cater for a limitation in shebang line parsing on Linux). * Updated launcher binaries. A more detailed change log is available at [2]. Please try it out, and if you find any problems or have any suggestions forimprovements, please give some feedback using the issue tracker! [3] Regards, Vinay Sajip [1] https://pypi.python.org/pypi/distlib/0.2.6[2] https://goo.gl/M3kQzR[3] https://bitbucket.org/pypa/distlib/issues/new -- https://mail.python.org/mailman/listinfo/python-list
ANN: A new version (0.4.9) of python-gnupg has been released.
What Changed? = This is an enhancement and bug-fix release, and all users are encouraged to upgrade. Brief summary: * Fixed #161: Added a status attribute to the returned object from gen_key() which is set to 'ok' if a key was successfully created, or 'key not created' if that was reported by gpg, or None in any other case. * Fixed #164: Provided the ability to add subkeys. Thanks to Daniel Kilimnik for the feature request and patch. * Fixed #166: Added keygrip values to the information collected when keys are listed. Thanks to Daniel Kilimnik for the feature request and patch. * Fixed #173: Added extra_args to send_keys(), recv_keys() and search_keys() to allow passing options relating to key servers. This release [2] has been signed with my code signing key: Vinay Sajip (CODE SIGNING KEY) Fingerprint: CA74 9061 914E AC13 8E66 EADB 9147 B477 339A 9B86 Recent changes to PyPI don't show the GPG signature with the download links. The source code repository is at [1]. An alternative download source where the signatures are available is at [4]. Documentation is available at [5]. As always, your feedback is most welcome (especially bug reports [3], patches and suggestions for improvement, or any other points via this group). Enjoy! Cheers Vinay Sajip [1] https://github.com/vsajip/python-gnupg [2] https://pypi.org/project/python-gnupg/0.4.9 [3] https://github.com/vsajip/python-gnupg/issues [4] https://github.com/vsajip/python-gnupg/releases/ [5] https://docs.red-dove.com/python-gnupg/ -- https://mail.python.org/mailman/listinfo/python-list
ANN: distlib 0.3.5 released on PyPI
I've recently released version 0.3.5 of distlib on PyPI [1]. For newcomers, distlib is a library of packaging functionality which is intended to be usable as the basis for third-party packaging tools. The main changes in this release are as follows: * Fixed #161: Updated test case. * Fixed #164: Improved support for reproducible builds by allowing a fixed date/time to be inserted into created .exe files. Thanks to Somber Night for the patch. * Fixed #169: Removed usage of deprecated imp module in favour of importlib. * Fixed #170: Corrected implementation of ``get_required_dists()``. * Fixed #172: Compute ABI correctly for Python < 3.8. * Changed the default locator configuration. * Made updates in support of PEP 643 / Metadata 2.2. * Updated launcher executables. Thanks to Michael Bikovitsky for his help with the launcher changes. * Updated to write archive path of RECORD to RECORD instead of staging path. Thanks to Pieter Pas for the patch. A more detailed change log is available at [2]. Please try it out, and if you find any problems or have any suggestions for improvements, please give some feedback using the issue tracker! [3] Regards, Vinay Sajip [1] https://pypi.org/project/distlib/0.3.5/ [2] https://distlib.readthedocs.io/en/0.3.5/ [3] https://github.com/pypa/distlib/issues/new/choose -- https://mail.python.org/mailman/listinfo/python-list
ANN: A new version (0.5.0) of python-gnupg has been released.
What Changed? = This is an enhancement and bug-fix release, and all users are encouraged to upgrade. Brief summary: * Fixed #181: Added the ability to pass file paths to encrypt_file, decrypt_file, sign_file, verify_file, get_recipients_file and added import_keys_file. * Fixed #183: Handle FAILURE and UNEXPECTED conditions correctly. Thanks to sebbASF for the patch. * Fixed #185: Handle VALIDSIG arguments more robustly. * Fixed #188: Remove handling of DECRYPTION_FAILED from Verify code, as not required there. Thanks to sebbASF for the patch. * Fixed #190: Handle KEY_CREATED more robustly. * Fixed #191: Handle NODATA messages during verification. * Fixed #196: Don't log chunk data by default, as it could contain sensitive information (during decryption, for example). * Added the ability to pass an environment to the gpg executable. Thanks to Edvard Rejthar for the patch. This release [2] has been signed with my code signing key: Vinay Sajip (CODE SIGNING KEY) Fingerprint: CA74 9061 914E AC13 8E66 EADB 9147 B477 339A 9B86 Recent changes to PyPI don't show the GPG signature with the download links. The source code repository is at [1]. An alternative download source where the signatures are available is at [4]. Documentation is available at [5]. As always, your feedback is most welcome (especially bug reports [3], patches and suggestions for improvement, or any other points via this group). Enjoy! Cheers Vinay Sajip [1] https://github.com/vsajip/python-gnupg [2] https://pypi.org/project/python-gnupg/0.5.0 [3] https://github.com/vsajip/python-gnupg/issues [4] https://github.com/vsajip/python-gnupg/releases/ [5] https://docs.red-dove.com/python-gnupg/ -- https://mail.python.org/mailman/listinfo/python-list
Announcement: distlib 0.3.7 released on PyPI
Version 0.3.7 of distlib has recently been released on PyPI [1]. For newcomers, distlib is a library of packaging functionality which is intended to be usable as the basis for third-party packaging tools. The main changes in this release are as follows: * Handle bare newlines when parsing metadata. * Use version comparison logic for python_full_version. * Fix shebang computation for source builds of Python. * Extract tarfiles more safely by incorporating tarfile filters. * Check for 'has_cert' attribute before using it. * Fix #200: Improve conformance to PEP440. * Fix #203: Handle parsing of export entries to allow script names such as "," or ",foo". A more detailed change log is available at [2]. Please try it out, and if you find any problems or have any suggestions for improvements, please give some feedback using the issue tracker at [3]. Regards, Vinay Sajip [1] https://pypi.org/project/distlib/0.3.7/ [2] https://distlib.readthedocs.io/en/0.3.7/overview.html#change-log-for-distlib [3] https://github.com/pypa/distlib/issues/new/choose -- https://mail.python.org/mailman/listinfo/python-list
ANN: A new version (0.5.1) of python-gnupg has been released.
What Changed? = This is an enhancement and bug-fix release, and all users are encouraged to upgrade. Brief summary: * Added TRUST_EXPIRED to trust_keys. * Fix #206: Remove deprecated --always-trust in favour of --trust-model always * Fix #208: Add status_detail attribute to result objects which is populated when the status is 'invalid recipient' (encryption/decryption) or 'invalid signer' (signing). This attribute will be set when the result object's status attribute is set to 'invalid recipient' and will contain more information about the failure in the form of reason:ident where reason is a text description of the reason, and ident identifies the recipient key. * Add scan_keys_mem() function to scan keys in a string. * Fix #214: Handle multiple signatures when one of them is invalid or unverified. * A problems attribute was added which holds problems reported by gpg during verification. This is a list of dictionaries, one for each reported problem. Each dictionary will have status and keyid keys indicating the problem and the corresponding key; other information in the dictionaries will be error specific. * Fix #217: Use machine-readable interface to query the gpg version. * Added the ability to export keys to a file. This release [2] has been signed with my code signing key: Vinay Sajip (CODE SIGNING KEY) Fingerprint: CA74 9061 914E AC13 8E66 EADB 9147 B477 339A 9B86 Recent changes to PyPI don't show the GPG signature with the download links. An alternative download source where the signatures are available is at [4]. The source code repository is at [1]. Documentation is available at [5]. As always, your feedback is most welcome (especially bug reports [3], patches and suggestions for improvement, or any other points via this group). Enjoy! Cheers Vinay Sajip [1] https://github.com/vsajip/python-gnupg [2] https://pypi.org/project/python-gnupg/0.5.1 [3] https://github.com/vsajip/python-gnupg/issues [4] https://github.com/vsajip/python-gnupg/releases/ [5] https://docs.red-dove.com/python-gnupg/ -- https://mail.python.org/mailman/listinfo/python-list
ANN: distlib 0.3.2 released on PyPI
I've recently released version 0.3.2 of distlib on PyPI [1]. For newcomers, distlib is a library of packaging functionality which is intended to be usable as the basis for third-party packaging tools. The main changes in this release are as follows: * Fixed #139: improved handling of errors related to the test PyPI server. * Fixed #140: allowed "Obsoletes" in more scenarios, to better handle faulty metadata already on PyPI. * Fixed #141: removed unused regular expression. * Fixed #143: removed normcase() to avoid some problems on Windows. * Fixed #146: added entry for SourcelessFileLoader to the finder registry. * Fixed #147: permission bits are now preserved on POSIX when installing from a wheel. * Made the generation of scripts more configurable. * Added support for manylinux wheel tags. A more detailed change log is available at [2]. Please try it out, and if you find any problems or have any suggestions for improvements, please give some feedback using the issue tracker! [3] Regards, Vinay Sajip [1] https://pypi.org/project/distlib/0.3.2/ [2] https://distlib.readthedocs.io/en/0.3.2/ [3] https://bitbucket.org/pypa/distlib/issues/new -- https://mail.python.org/mailman/listinfo/python-list
ANN: Version 0.5.1 of the Python config module has been released.
What Does It Do? The CFG configuration format is a text format for configuration files which is similar to, and a superset of, the JSON format.It has the following aims: * Allow a hierarchical configuration scheme with support for key-value mappings and lists. * Support cross-references between one part of the configuration and another. * Provide a string interpolation facility to easily build up configuration values from other configuration values. * Provide the ability to compose configurations (using include and merge facilities). * Provide the ability to access real application objects safely. * Be completely declarative. It overcomes a number of drawbacks of JSON when used as a configuration format: * JSON is more verbose than necessary. * JSON doesn’t allow comments. * JSON doesn’t provide first-class support for dates and multi-line strings. * JSON doesn’t allow trailing commas in lists and mappings. * JSON doesn’t provide easy cross-referencing, interpolation, or composition. The Python config module provides an interface to work with configuration files written in the CFG format. Comprehensive documentation is available at https://docs.red-dove.com/cfg/index.html and you can report issues / enhancement requests at https://github.com/vsajip/py-cfg-lib/issues As always, your feedback is most welcome (especially bug reports, patches and suggestions for improvement). Enjoy! Cheers, Vinay Sajip -- https://mail.python.org/mailman/listinfo/python-list
Re: ANN: Version 0.5.1 of the Python config module has been released.
Many of those 4.8K "users" might be using indirectly via some other dependency - I'm not sure how GitHub calculates "used by", but even if it were a direct dependency, one has no idea if it's actually being used or not. so I tend not to worry about such things. My distlib library has only 2 stars, and is used by pip and therefore by many developers every day, and yet it doesn't merit a "used by" according to GitHub. I've had a few users contact me about the config library and they're happy with it and they find it useful, and that's good enough for me :-) On Sunday, 12 September 2021, 18:11:21 BST, Abdur-Rahmaan Janhangeer wrote: Used by 4.8k but only ... 4 stars -- https://mail.python.org/mailman/listinfo/python-list
ANN: distlib 0.3.3 released on PyPI
I've recently released version 0.3.3 of distlib on PyPI [1]. For newcomers, distlib is a library of packaging functionality which is intended to be usable as the basis for third-party packaging tools. The main changes in this release are as follows: * Fixed #152: Removed splituser() function which wasn't used and is deprecated. * Fixed #149: Handle version comparisons correctly in environment markers. * Add ARM-64 launchers and support code to use them. Thanks to Niyas Sait and Adrian Vladu for their contributions. * Fixed #148: Handle a single trailing comma following a version. Thanks to Blazej Floch for the report and suggested fix. * Fixed #150: Fix incorrect handling of epochs. * Reverted handling of tags for Python >= 3.10 (use 310 rather than 3_10). This is because PEP 641 was rejected. * Added a GitHub Actions workflow to perform tests. A more detailed change log is available at [2]. Please try it out, and if you find any problems or have any suggestions for improvements, please give some feedback using the issue tracker! [3] Regards, Vinay Sajip [1] https://pypi.org/project/distlib/0.3.3/ [2] https://distlib.readthedocs.io/en/0.3.3/ [3] https://bitbucket.org/pypa/distlib/issues/new -- https://mail.python.org/mailman/listinfo/python-list
ANN: A new library for encryption and signing has been released.
A new library called pagesign (Python-age-sign) has been released on PyPI [1]. It covers similar functionality to python-gnupg, but uses the modern encryption tool age [2] and the modern signing tool minisign [3]. The initial release allows you to: * Create and manage identities (which are containers for the keys used for encryption/decryption and signing/verification). * Encrypt and decrypt files to multiple recipients. * Sign files and verify signatures. This release has been signed with my code signing key: Vinay Sajip (CODE SIGNING KEY) Fingerprint: CA74 9061 914E AC13 8E66 EADB 9147 B477 339A 9B86 Recent changes to PyPI don't show the GPG signature with the download links. An alternative download source where the signatures are available is at [4]. Documentation is available at [5]. As always, your feedback is most welcome (especially bug reports [6], patches and suggestions for improvement, or any other points). Enjoy! Cheers Vinay Sajip [1] https://pypi.org/project/pagesign/0.1.0/ [2] https://age-encryption.org/ [3] https://jedisct1.github.io/minisign/ [4] https://bitbucket.org/vinay.sajip/pagesign/downloads/ [5] https://docs.red-dove.com/pagesign/ [6] https://github.com/vsajip/pagesign/issues/new/choose -- https://mail.python.org/mailman/listinfo/python-list
ANN: distlib 0.3.4 released on PyPI
I've recently released version 0.3.4 of distlib on PyPI [1]. For newcomers, distlib is a library of packaging functionality which is intended to be usable as the basis for third-party packaging tools. The main changes in this release are as follows: * Fixed #153: Raise warnings in get_distributions() if bad metadata seen, but keep going. * Fixed #154: Determine Python versions correctly for Python >= 3.10. * Updated launcher executables with changes to handle duplication logic. Code relating to support for Python 2.6 was also removed (support for Python 2.6 was dropped in an earlier release, but supporting code wasn't removed until now). A more detailed change log is available at [2]. Please try it out, and if you find any problems or have any suggestions for improvements, please give some feedback using the issue tracker! [3] Regards, Vinay Sajip [1] https://pypi.org/project/distlib/0.3.4/ [2] https://distlib.readthedocs.io/en/0.3.4/ [3] https://bitbucket.org/pypa/distlib/issues/new -- https://mail.python.org/mailman/listinfo/python-list
ANN: distlib 0.2.4 released on PyPI
I've just released version 0.2.4 of distlib on PyPI [1]. For newcomers, distlib is a library of packaging functionality which is intended to be usable as the basis for third-party packaging tools. The main changes in this release are as follows: * Updated to not fail during import if SSL is not available. * Changed project name comparisons to follow PEP 503. * Changed manifest and resources logic to work correctly under (upcoming) Python 3.6. * Updated Windows launchers with fixes to bugs related to argument-passing in shebang lines. A more detailed change log is available at [2]. Please try it out, and if you find any problems or have any suggestions for improvements, please give some feedback using the issue tracker! [3] Regards, Vinay Sajip [1] https://pypi.python.org/pypi/distlib/0.2.4 [2] https://goo.gl/M3kQzR [3] https://bitbucket.org/pypa/distlib/issues/new -- https://mail.python.org/mailman/listinfo/python-list
ANN: A new version (0.4.0) of python-gnupg has been released.
A new version of the Python module which wraps GnuPG has been released.
What Changed?
=
This is an enhancement and bug-fix release, and all users are encouraged to
upgrade.
See the project website [1] for more information.
Brief summary:
* Added support for ``KEY_CONSIDERED`` in more places - encryption /
decryption, signing, key generation and key import.
* Partial fix for #32 (GPG 2.1 compatibility). Unfortunately, better
support cannot be provided at this point, unless there are certain
changes (relating to pinentry popups) in how GPG 2.1 works.
* Fixed #60: An IndexError was being thrown by ``scan_keys()``.
* Ensured that utf-8 encoding is used when the ``--with-column`` mode is
used. Thanks to Yann Leboulanger for the patch.
* ``list_keys()`` now uses ``--fixed-list-mode``. Thanks to Werner Koch
for the pointer.
This release [2] has been signed with my code signing key:
Vinay Sajip (CODE SIGNING KEY)
Fingerprint: CA74 9061 914E AC13 8E66 EADB 9147 B477 339A 9B86
What Does It Do?
The gnupg module allows Python programs to make use of the
functionality provided by the Gnu Privacy Guard (abbreviated GPG or
GnuPG). Using this module, Python programs can encrypt and decrypt
data, digitally sign documents and verify digital signatures, manage
(generate, list and delete) encryption keys, using proven Public Key
Infrastructure (PKI) encryption technology based on OpenPGP.
This module is expected to be used with Python versions >= 2.4, as it
makes use of the subprocess module which appeared in that version of
Python. This module is a newer version derived from earlier work by
Andrew Kuchling, Richard Jones and Steve Traugott.
A test suite using unittest is included with the source distribution.
Simple usage:
>>> import gnupg
>>> gpg = gnupg.GPG(gnupghome='/path/to/keyring/directory')
>>> gpg.list_keys()
[{
...
'fingerprint': 'F819EE7705497D73E3CCEE65197D5DAC68F1AAB2',
'keyid': '197D5DAC68F1AAB2',
'length': '1024',
'type': 'pub',
'uids': ['', 'Gary Gross (A test user) ']},
{
...
'fingerprint': '37F24DD4B918CC264D4F31D60C5FEFA7A921FC4A',
'keyid': '0C5FEFA7A921FC4A',
'length': '1024',
...
'uids': ['', 'Danny Davis (A test user) ']}]
>>> encrypted = gpg.encrypt("Hello, world!", ['0C5FEFA7A921FC4A'])
>>> str(encrypted)
'-BEGIN PGP MESSAGE-\nVersion: GnuPG v1.4.9 (GNU/Linux)\n
\nhQIOA/6NHMDTXUwcEAf
.
-END PGP MESSAGE-\n'
>>> decrypted = gpg.decrypt(str(encrypted), passphrase='secret')
>>> str(decrypted)
'Hello, world!'
>>> signed = gpg.sign("Goodbye, world!", passphrase='secret')
>>> verified = gpg.verify(str(signed))
>>> print "Verified" if verified else "Not verified"
'Verified'
As always, your feedback is most welcome (especially bug reports [3],
patches and suggestions for improvement, or any other points via the
mailing list/discussion group [4]).
Enjoy!
Cheers
Vinay Sajip
Red Dove Consultants Ltd.
[1] https://bitbucket.org/vinay.sajip/python-gnupg
[2] https://pypi.python.org/pypi/python-gnupg/0.4.0
[3] https://bitbucket.org/vinay.sajip/python-gnupg/issues
[4] https://groups.google.com/forum/#!forum/python-gnupg
--
https://mail.python.org/mailman/listinfo/python-list
ANN: A new version (0.4.2) of python-gnupg has been released.
A new version of the Python module which wraps GnuPG has been released.
What Changed? = This is an enhancement and bug-fix release, and all
users are encouraged to upgrade. See the project website [1] for more
information.
Brief summary:
* Subkey information is now collected and returned in a subkey_info dictionary
keyed by the subkey's ID.
* GPG2 version is now correctly detected on OS X.
* Added expect_passphrase keyword argument for use on GnuPG >= 2.1 when
passing passphrase to gpg via pinentry.
* Provided a trust_keys method to allow setting the trust level for keys.
Thanks to William Foster for a suggested implementation.
* Made the exception message when the gpg executable is not found contain the
path of the executable that was tried. Thanks to Kostis Anagnostopoulos for
the suggestion.
* Made the error message less categorical in the case of a failure with an
unspecified reason, adding some information from gpg error codes when
available.
This release [2] has been signed with my code signing key:
Vinay Sajip (CODE SIGNING KEY) Fingerprint: CA74 9061
914E AC13 8E66 EADB 9147 B477 339A 9B86
What Does It Do? The gnupg module allows Python programs to
make use of the functionality provided by the Gnu Privacy Guard (abbreviated
GPG or GnuPG). Using this module, Python programs can encrypt and decrypt data,
digitally sign documents and verify digital signatures, manage (generate, list
and delete) encryption keys, using proven Public Key Infrastructure (PKI)
encryption technology based on OpenPGP.
This module is expected to be used with Python versions >= 2.4, as it makes use
of the subprocess module which appeared in that version of Python. This module
is a newer version derived from earlier work by Andrew Kuchling, Richard Jones
and Steve Traugott.
A test suite using unittest is included with the source distribution.
Simple usage:
>>> import gnupg >>> gpg = gnupg.GPG(gnupghome='/path/to/keyring/directory')
>>> >>> gpg.list_keys()
[{ ... 'fingerprint': 'F819EE7705497D73E3CCEE65197D5DAC68F1AAB2', 'keyid':
'197D5DAC68F1AAB2', 'length': '1024', 'type': 'pub', 'uids': ['', 'Gary Gross
(A test user) ']}, { ... 'fingerprint':
'37F24DD4B918CC264D4F31D60C5FEFA7A921FC4A', 'keyid': '0C5FEFA7A921FC4A',
'length': '1024', ... 'uids': ['', 'Danny Davis (A test user) ']}] >>> encrypted = gpg.encrypt("Hello, world!",
['0C5FEFA7A921FC4A']) >>> str(encrypted)
'-BEGIN PGP MESSAGE-\nVersion: GnuPG v1.4.9 (GNU/Linux)\n
\nhQIOA/6NHMDTXUwcEAf . -END PGP MESSAGE-\n' >>> decrypted =
gpg.decrypt(str(encrypted), passphrase='secret') >>> str(decrypted)
'Hello, world!' >>> signed = gpg.sign("Goodbye, world!", passphrase='secret')
>>> verified = gpg.verify(str(signed)) >>> print "Verified" if verified else
"Not verified"
'Verified'
As always, your feedback is most welcome (especially bug reports [3], patches
and suggestions for improvement, or any other points via the mailing
list/discussion group [4]).
Please refer to the documentation [5] for more information.
Enjoy!
Cheers
Vinay Sajip Red Dove Consultants Ltd.
[1] https://bitbucket.org/vinay.sajip/python-gnupg [2]
https://pypi.python.org/pypi/python-gnupg/0.4.2 [3]
https://bitbucket.org/vinay.sajip/python-gnupg/issues [4]
https://groups.google.com/forum/#!forum/python-gnupg [5]
https://gnupg.readthedocs.io/en/latest/
--
https://mail.python.org/mailman/listinfo/python-list
ANN: distlib 0.2.7 released on PyPI
I've just released version 0.2.7 of distlib on PyPI [1]. For newcomers, distlib is a library of packaging functionality which is intended to be usable as the basis for third-party packaging tools. The main changes in this release are as follows: * Addressed #102: InstalledDistributions now have a modules attribute which is a list of top-level modules as read from top_level.txt, if that is in the distribution info. * Fixed #103: Now https downloads are preferred to those over http. Thanks to Saulius Žemaitaitis for the patch. * Fixed #104: Updated launcher binaries to properly handle interpreter paths with spaces. Thanks to Atsushi Odagiri for the diagnosis and fix. * Fixed #105: cache_from_source is now imported from importlib.util where available. * Added support for PEP 566 / Metadata 2.1. A more detailed change log is available at [2]. Please try it out, and if you find any problems or have any suggestions for improvements, please give some feedback using the issue tracker! [3] Regards, Vinay Sajip [1] https://pypi.org/project/distlib/0.2.7/ [2] https://goo.gl/M3kQzR [3] https://bitbucket.org/pypa/distlib/issues/new -- https://mail.python.org/mailman/listinfo/python-list
ANN: A new version (0.4.3) of python-gnupg has been released. It contains a security-related change - please update to this version
A new version of the Python module which wraps GnuPG has been released.
What Changed?=This is a security-fix release, and all users are
strongly encouraged to upgrade.This fix mitigates against CVE-2018-12020. See
the discoverer's blog post [6] formore information.
Brief summary:
* Added --no-verbose to the gpg command line, in case verbose is specified in
gpg.conf - we don't need verbose output.
This release [2] has been signed with my code signing key:
Vinay Sajip (CODE SIGNING KEY) Fingerprint: CA74
9061 914E AC13 8E66 EADB 9147 B477 339A 9B86
Recent changes to PyPI don't show the GPG signature with the download links.An
alternative download source where the signatures are available is the
project'sown downloads page [5].
What Does It Do?The gnupg module allows Python programs to make
use of thefunctionality provided by the Gnu Privacy Guard (abbreviated GPG
orGnuPG). Using this module, Python programs can encrypt and decryptdata,
digitally sign documents and verify digital signatures, manage(generate, list
and delete) encryption keys, using proven Public KeyInfrastructure (PKI)
encryption technology based on OpenPGP.
This module is expected to be used with Python versions >= 2.4, as itmakes use
of the subprocess module which appeared in that version ofPython. This module
is a newer version derived from earlier work byAndrew Kuchling, Richard Jones
and Steve Traugott.
A test suite using unittest is included with the source distribution.
Simple usage:
>>> import gnupg>>> gpg = gnupg.GPG(gnupghome='/path/to/keyring/directory')>>>
>>> gpg.list_keys()
[{...'fingerprint': 'F819EE7705497D73E3CCEE65197D5DAC68F1AAB2','keyid':
'197D5DAC68F1AAB2','length': '1024','type': 'pub','uids': ['', 'Gary Gross (A
test user) ']},{...'fingerprint':
'37F24DD4B918CC264D4F31D60C5FEFA7A921FC4A','keyid':
'0C5FEFA7A921FC4A','length': '1024',...'uids': ['', 'Danny Davis (A test user)
']}]>>> encrypted = gpg.encrypt("Hello, world!",
['0C5FEFA7A921FC4A'])>>> str(encrypted)
'-BEGIN PGP MESSAGE-\nVersion: GnuPG v1.4.9
(GNU/Linux)\n\nhQIOA/6NHMDTXUwcEAf.-END PGP MESSAGE-\n'>>> decrypted =
gpg.decrypt(str(encrypted), passphrase='secret')>>> str(decrypted)
'Hello, world!'>>> signed = gpg.sign("Goodbye, world!", passphrase='secret')>>>
verified = gpg.verify(str(signed))>>> print "Verified" if verified else "Not
verified"
'Verified'
As always, your feedback is most welcome (especially bug reports [3],patches
and suggestions for improvement, or any other points via themailing
list/discussion group [4]).
Enjoy!
Cheers
Vinay SajipRed Dove Consultants Ltd.
[1] https://bitbucket.org/vinay.sajip/python-gnupg[2]
https://pypi.python.org/pypi/python-gnupg/0.4.3[3]
https://bitbucket.org/vinay.sajip/python-gnupg/issues[4]
https://groups.google.com/forum/#!forum/python-gnupg[5]
https://bitbucket.org/vinay.sajip/python-gnupg/downloads/[6]
https://neopg.io/blog/gpg-signature-spoof/
--
https://mail.python.org/mailman/listinfo/python-list
ANN: Version 0.1.5 of sarge (a subprocess wrapper library) has been released.
Version 0.1.5 of Sarge, a cross-platform library which wraps the
subprocessmodule in the standard library, has been released.
What changed?-
- Fixed #37: Instead of an OSError with a "no such file or directory" message,
a ValueError is raised with a more informative "Command not found" message.
- Fixed #38: Replaced ``async`` keyword argument with ``async_``, as ``async``
has become a keyword in Python 3.7.
- Fixed #39: Updated tutorial example on progress monitoring.
What does Sarge do?---
Sarge tries to make interfacing with external programs from yourPython
applications easier than just using subprocess alone.
Sarge offers the following features:
* A simple way to run command lines which allows a rich subset of Bash-style
shell command syntax, but parsed and run by sarge so that youcan run on Windows
without cygwin (subject to having those commandsavailable):
>>> from sarge import capture_stdout>>> p = capture_stdout('echo foo | cat;
>>> echo bar')>>> for line in p.stdout: print(repr(line))...'foo\n''bar\n'
* The ability to format shell commands with placeholders, such thatvariables
are quoted to prevent shell injection attacks.
* The ability to capture output streams without requiring you toprogram your
own threads. You just use a Capture object and then youcan read from it as and
when you want.
* The ability to look for patterns in captured output and to
interactaccordingly with the child process.
Advantages over subprocess---
Sarge offers the following benefits compared to using subprocess:
* The API is very simple.
* It's easier to use command pipelines - using subprocess out of thebox often
leads to deadlocks because pipe buffers get filled up.
* It would be nice to use Bash-style pipe syntax on Windows, butWindows shells
don't support some of the syntax which is useful, like&&, ||, |& and so on.
Sarge gives you that functionality on Windows,without cygwin.
* Sometimes, subprocess.Popen.communicate() is not flexible enough forone's
needs - for example, when one needs to process output a line ata time without
buffering the entire output in memory.
* It's desirable to avoid shell injection problems by having theability to
quote command arguments safely.
* subprocess allows you to let stderr be the same as stdout, but notthe other
way around - and sometimes, you need to do that.
Python version and platform
compatibility-
Sarge is intended to be used on any Python version >= 2.6 and istested on
Python versions 2.6, 2.7, 3.3, 3.4, 3.5, 3.6 and 3.7 on Linux,Windows, and Mac
OS X (not all versions are tested on all platforms,but sarge is expected to
work correctly on all these versions on allthese platforms).
Finding out more
You can read the documentation at
http://sarge.readthedocs.org/
There's a lot more information, with examples, than I can put intothis post.
You can install Sarge using "pip install sarge" to try it out. Theproject is
hosted on BitBucket at
https://bitbucket.org/vinay.sajip/sarge/
And you can leave feedback on the issue tracker there.
I hope you find Sarge useful!
Regards,
Vinay Sajip
--
https://mail.python.org/mailman/listinfo/python-list
ANN: distlib 0.2.8 released on PyPI
I've recently released version 0.2.8 of distlib on PyPI [1]. For newcomers,distlib is a library of packaging functionality which is intended to beusable as the basis for third-party packaging tools. The main changes in this release are as follows: * Fixed #107: Updated documentation on testing to include information on setting PYTHONHASHSEED. * Fixed #108: Updated metadata scan to look for the METADATA file as well as the JSON formats. * Fixed #109: Removed existing files (which might have been symlinks) before overwriting. * Fixed #111: Avoided unnecessary newlines in script preambles, which caused problems with detecting encoding declarations. Thanks to Wim Glenn for the report and patch. * Fixed #112: Handled wheel tags and platform-dependent downloads correctly in SimpleScrapingLocator. A more detailed change log is available at [2]. Please try it out, and if you find any problems or have any suggestions for improvements,please give some feedback using the issue tracker! [3] Regards, Vinay Sajip [1] https://pypi.org/project/distlib/0.2.8/[2] https://goo.gl/tVzKUc[3] https://bitbucket.org/pypa/distlib/issues/new -- https://mail.python.org/mailman/listinfo/python-list
ANN: A new version (0.4.4) of python-gnupg has been released. It contains a security-related change - please update to this version
A new version of the Python module which wraps GnuPG has been released.
What Changed?=This is an enhancement and security-fix release, and
all users are stronglyencouraged to upgrade.
Brief summary:
* Fixed #108: Changed how any return value from the on_data callable is
processed. In earlier versions, the return value was ignored. In this version,
if the return value is False, the data received from gpg is not buffered.
Otherwise (if the value is None or True, for example), the data is buffered as
normal. This functionality can be used to do your own buffering, or to prevent
buffering altogether.
The on_data callable is also called once with an empty byte-string to signal
the end of data from gpg.
* Fixed #97: Added an additional attribute check_fingerprint_collisions to GPG
instances, which defaults to False. It seems that gpg is happy to have
duplicate keys and fingerprints in a keyring, so we can't be too strict. A
user can set this attribute of an instance to True to trigger a check for
collisions.
* Fixed #111: With GnuPG 2.2.7 or later, provide the fingerprint of a signing
key for a failed signature verification, if available.
* Fixed #21: For verification where multiple signatures are involved, a
mapping of signature_ids to fingerprint, keyid, username, creation date,
creation timestamp and expiry timestamp is provided.
* Added a check to disallow certain control characters ('\r', '\n', NUL) in
passphrases. This fix mitigates against CVE-2019-6690.
This release [2] has been signed with my code signing key:
Vinay Sajip (CODE SIGNING KEY) Fingerprint: CA74
9061 914E AC13 8E66 EADB 9147 B477 339A 9B86
Recent changes to PyPI don't show the GPG signature with the download links.An
alternative download source where the signatures are available is the
project'sown downloads page [5].
What Does It Do?The gnupg module allows Python programs to make
use of thefunctionality provided by the Gnu Privacy Guard (abbreviated GPG
orGnuPG). Using this module, Python programs can encrypt and decryptdata,
digitally sign documents and verify digital signatures, manage(generate, list
and delete) encryption keys, using proven Public KeyInfrastructure (PKI)
encryption technology based on OpenPGP.
This module is expected to be used with Python versions >= 2.4, as itmakes use
of the subprocess module which appeared in that version ofPython. This module
is a newer version derived from earlier work byAndrew Kuchling, Richard Jones
and Steve Traugott.
A test suite using unittest is included with the source distribution.
Simple usage:
>>> import gnupg>>> gpg = gnupg.GPG(gnupghome='/path/to/keyring/directory')>>>
>>> gpg.list_keys()
[{...'fingerprint': 'F819EE7705497D73E3CCEE65197D5DAC68F1AAB2','keyid':
'197D5DAC68F1AAB2','length': '1024','type': 'pub','uids': ['', 'Gary Gross (A
test user) ']},{...'fingerprint':
'37F24DD4B918CC264D4F31D60C5FEFA7A921FC4A','keyid':
'0C5FEFA7A921FC4A','length': '1024',...'uids': ['', 'Danny Davis (A test user)
']}]>>> encrypted = gpg.encrypt("Hello, world!",
['0C5FEFA7A921FC4A'])>>> str(encrypted)
'-BEGIN PGP MESSAGE-\nVersion: GnuPG v1.4.9
(GNU/Linux)\n\nhQIOA/6NHMDTXUwcEAf.-END PGP MESSAGE-\n'>>> decrypted =
gpg.decrypt(str(encrypted), passphrase='secret')>>> str(decrypted)
'Hello, world!'>>> signed = gpg.sign("Goodbye, world!", passphrase='secret')>>>
verified = gpg.verify(str(signed))>>> print "Verified" if verified else "Not
verified"
'Verified'
As always, your feedback is most welcome (especially bug reports [3],patches
and suggestions for improvement, or any other points via themailing
list/discussion group [4]).
Enjoy!
Cheers
Vinay SajipRed Dove Consultants Ltd.
[1] https://bitbucket.org/vinay.sajip/python-gnupg[2]
https://pypi.python.org/pypi/python-gnupg/0.4.4[3]
https://bitbucket.org/vinay.sajip/python-gnupg/issues[4]
https://groups.google.com/forum/#!forum/python-gnupg[5]
https://bitbucket.org/vinay.sajip/python-gnupg/downloads/
--
https://mail.python.org/mailman/listinfo/python-list
ANN: distlib 0.2.9 released on PyPI
I've recently released version 0.2.9 of distlib on PyPI [1]. For newcomers,distlib is a library of packaging functionality which is intended to beusable as the basis for third-party packaging tools. The main changes in this release are as follows: * Updated default PyPI URL to https://pypi.org/pypi. * Relaxed metadata format checks to ignore 'Provides'. * Fixed #33, #34: simplified script template. * Fixed #115: Relaxed check for '..' in wheel archive entries by not checking filename parts, only directory segments. * Fixed #116: Corrected parsing of credentials from URLs. * Fixed #122: Skipped entries in archive entries ending with '/' (directories) when verifying or installing. * Commented out Disqus comment section in documentation. A more detailed change log is available at [2]. Please try it out, and if you find any problems or have any suggestions for improvements,please give some feedback using the issue tracker! [3] Regards, Vinay Sajip [1] https://pypi.org/project/distlib/0.2.9/[2] https://distlib.readthedocs.io/en/latest/overview.html#change-log-for-distlib[3] https://bitbucket.org/pypa/distlib/issues/new -- https://mail.python.org/mailman/listinfo/python-list
ANN: A new version (0.4.5) of python-gnupg has been released.
A new version of the Python module which wraps GnuPG has been released.
What Changed?=
This is an enhancement and bug-fix release, and all users are encouraged
toupgrade.
Brief summary:
* Fixed #107: Improved documentation.
* Fixed #112: Raised a ValueError if a gnupghome is specified which is not an
existing directory.
* Fixed #113: Corrected stale link in the documentation.
* Fixed #116: Updated documentation to clarify when spurious key-expired/
signature-expired messages might be seen.
* Fixed #119: Added --yes to avoid pinentry when deleting secret keys with
GnuPG >= 2.1.
* A warning is logged if gpg returns a non-zero return code.
* Added ``extra_args`` to ``import_keys``.
* Added support for CI using AppVeyor.
This release [2] has been signed with my code signing key:
Vinay Sajip (CODE SIGNING KEY) Fingerprint: CA74
9061 914E AC13 8E66 EADB 9147 B477 339A 9B86
Recent changes to PyPI don't show the GPG signature with the download links.An
alternative download source where the signatures are available is the
project'sown downloads page [5].
What Does It Do?The gnupg module allows Python programs to make
use of thefunctionality provided by the Gnu Privacy Guard (abbreviated GPG
orGnuPG). Using this module, Python programs can encrypt and decryptdata,
digitally sign documents and verify digital signatures, manage(generate, list
and delete) encryption keys, using proven Public KeyInfrastructure (PKI)
encryption technology based on OpenPGP.
This module is expected to be used with Python versions >= 2.4, as itmakes use
of the subprocess module which appeared in that version ofPython. This module
is a newer version derived from earlier work byAndrew Kuchling, Richard Jones
and Steve Traugott.
A test suite using unittest is included with the source distribution.
Simple usage:
>>> import gnupg>>> gpg = gnupg.GPG(gnupghome='/path/to/keyring/directory')>>>
>>> gpg.list_keys()
[{...'fingerprint': 'F819EE7705497D73E3CCEE65197D5DAC68F1AAB2','keyid':
'197D5DAC68F1AAB2','length': '1024','type': 'pub','uids': ['', 'Gary Gross (A
test user) ']},{...'fingerprint':
'37F24DD4B918CC264D4F31D60C5FEFA7A921FC4A','keyid':
'0C5FEFA7A921FC4A','length': '1024',...'uids': ['', 'Danny Davis (A test user)
']}]>>> encrypted = gpg.encrypt("Hello, world!",
['0C5FEFA7A921FC4A'])>>> str(encrypted)
'-BEGIN PGP MESSAGE-\nVersion: GnuPG v1.4.9
(GNU/Linux)\n\nhQIOA/6NHMDTXUwcEAf.-END PGP MESSAGE-\n'>>> decrypted =
gpg.decrypt(str(encrypted), passphrase='secret')>>> str(decrypted)
'Hello, world!'>>> signed = gpg.sign("Goodbye, world!", passphrase='secret')>>>
verified = gpg.verify(str(signed))>>> print "Verified" if verified else "Not
verified"
'Verified'
As always, your feedback is most welcome (especially bug reports [3],patches
and suggestions for improvement, or any other points via themailing
list/discussion group [4]).
Enjoy!
Cheers
Vinay SajipRed Dove Consultants Ltd.
[1] https://bitbucket.org/vinay.sajip/python-gnupg[2]
https://pypi.org/project/python-gnupg/0.4.5[3]
https://bitbucket.org/vinay.sajip/python-gnupg/issues[4]
https://groups.google.com/forum/#!forum/python-gnupg[5]
https://bitbucket.org/vinay.sajip/python-gnupg/downloads/--
--
https://mail.python.org/mailman/listinfo/python-list
ANN: distlib 0.3.0 released on PyPI
I've recently released version 0.3.0 of distlib on PyPI [1]. For newcomers,distlib is a library of packaging functionality which is intended to beusable as the basis for third-party packaging tools. The main changes in this release are as follows: * Partially addressed #102: modules attribute of InstalledDistribution was incorrectly computed as a list of bytes, rather than a list of str. This has now been corrected. * Updated Locator._get_digest to check PyPI JSON responses for a "digests" dictionary before trying "algo_digest" keys. Thanks to Jeffery To for the patch. * Fixed #123: Improved error message if a resource isn't found. * Fixed #124: Stopped norm-casing the executable written into shebangs, as it doesn't work for some non-ASCII paths. * Fixed #125: Updated launchers with versions that correctly report errors containing non-ASCII characters. The updated launchers now also support relative paths (see http://bit.ly/2JxmOoi for more information). * Fixed #127: Allowed hyphens in flags in export specifications. * Changed Python version handling to accommodate versions like e.g. 3.10 (no longer assume a version X.Y where X and Y are single digits). A more detailed change log is available at [2]. Please try it out, and if you find any problems or have any suggestions for improvements,please give some feedback using the issue tracker! [3] Regards, Vinay Sajip [1] https://pypi.org/project/distlib/0.3.0/[2] https://distlib.readthedocs.io/en/0.3.0/[3] https://bitbucket.org/pypa/distlib/issues/new -- https://mail.python.org/mailman/listinfo/python-list
ANN: distlib 0.3.1 released on PyPI
I've recently released version 0.3.1 of distlib on PyPI [1]. For newcomers, distlib is a library of packaging functionality which is intended to be usable as the basis for third-party packaging tools. The main changes in this release are as follows: * Fixed #132: Added documentation to help with relative interpreter paths. Thanks to Paul Kienzle for the patch. * Fixed #134: Allowed specifying a different target Python version when generating scripts. * Fixed #135: Exposed the ``enquote_executable`` function previously implemented as an internal function. * Addressed #138: Improved metadata support for newer metadata versions. Thanks to James Tocknell for the patch. * Changed the output of flags in entry point definitions in wheels. Thanks to frostming (明希) for the patch. * Stopped writing JSON metadata. Only old-style metadata is written now. A more detailed change log is available at [2]. Please try it out, and if you find any problems or have any suggestions for improvements, please give some feedback using the issue tracker! [3] Note: Mailman3 might mishandle some of the links below. In that case, just copy and paste the links into your browser address bar - that should work. Regards, Vinay Sajip [1] https://pypi.org/project/distlib/0.3.1/ [2] https://distlib.readthedocs.io/en/0.3.1/ [3] https://bitbucket.org/pypa/distlib/issues/new -- https://mail.python.org/mailman/listinfo/python-list
ANN: Version 0.1.6 of sarge (a subprocess wrapper library) has been released.
Version 0.1.6 of Sarge, a cross-platform library which wraps the subprocess
module in the standard library, has been released.
What changed?
-
- Fixed #44: Added an optional timeout to Command.wait() and Pipeline.wait(),
which
only takes effect on Python >= 3.3.
- Fixed #47: Added the ``replace_env`` keyword argument which allows a complete
replacement for ``os.environ`` to be passed.
- Fixed #51: Improved error handling around a Popen call.
What does Sarge do?
---
Sarge tries to make interfacing with external programs from your
Python applications easier than just using subprocess alone.
Sarge offers the following features:
* A simple way to run command lines which allows a rich subset of Bash-
style shell command syntax, but parsed and run by sarge so that you
can run on Windows without cygwin (subject to having those commands
available):
>>> from sarge import capture_stdout
>>> p = capture_stdout('echo foo | cat; echo bar')
>>> for line in p.stdout: print(repr(line))
...
'foo\n'
'bar\n'
* The ability to format shell commands with placeholders, such that
variables are quoted to prevent shell injection attacks.
* The ability to capture output streams without requiring you to
program your own threads. You just use a Capture object and then you
can read from it as and when you want.
* The ability to look for patterns in captured output and to interact
accordingly with the child process.
Advantages over subprocess
---
Sarge offers the following benefits compared to using subprocess:
* The API is very simple.
* It's easier to use command pipelines - using subprocess out of the
box often leads to deadlocks because pipe buffers get filled up.
* It would be nice to use Bash-style pipe syntax on Windows, but
Windows shells don't support some of the syntax which is useful, like
&&, ||, |& and so on. Sarge gives you that functionality on Windows,
without cygwin.
* Sometimes, subprocess.Popen.communicate() is not flexible enough for
one's needs - for example, when one needs to process output a line at
a time without buffering the entire output in memory.
* It's desirable to avoid shell injection problems by having the
ability to quote command arguments safely.
* subprocess allows you to let stderr be the same as stdout, but not
the other way around - and sometimes, you need to do that.
Python version and platform compatibility
-
Sarge is intended to be used on any Python version >= 2.6 and is
tested on Python versions 2.6, 2.7, 3.3, 3.4, 3.5, 3.6, 3.7 and 3.8 on Linux,
Windows, and Mac OS X (not all versions are tested on all platforms,
but sarge is expected to work correctly on all these versions on all
these platforms).
Finding out more
You can read the documentation at
http://sarge.readthedocs.org/
There's a lot more information, with examples, than I can put into
this post.
You can install Sarge using "pip install sarge" to try it out. The
project is hosted on BitBucket at
https://bitbucket.org/vinay.sajip/sarge/
And you can leave feedback on the issue tracker there.
I hope you find Sarge useful!
Regards,
Vinay Sajip
--
https://mail.python.org/mailman/listinfo/python-list
Announcement: distlib 0.3.8 released on PyPI
Version 0.3.8 of distlib has recently been released on PyPI [1]. For newcomers, distlib is a library of packaging functionality which is intended to be usable as the basis for third-party packaging tools. The main changes in this release are as follows: * Fix #204: use symlinks in venv creation during test. * Fix #208: handle deprecation removals in Python 3.13. * Fix #209: use legacy version implementation for Python versions. A more detailed change log is available at [2]. Please try it out, and if you find any problems or have any suggestions for improvements, please give some feedback using the issue tracker at [3]. Regards, Vinay Sajip [1] https://pypi.org/project/distlib/0.3.8/ [2] https://distlib.readthedocs.io/en/latest/overview.html#change-log-for-distlib [3] https://github.com/pypa/distlib/issues/new/choose -- https://mail.python.org/mailman/listinfo/python-list
ANN: A new version (0.5.2) of python-gnupg has been released.
What Changed?= This is an enhancement and bug-fix release, and all users are encouraged to upgrade. Brief summary: * Fix #228: Clarify documentation for encryption/decryption. * Make I/O buffer size configurable via buffer_size attribute on a GPG instance. This release [2] has been signed with my code signing key: Vinay Sajip (CODE SIGNING KEY) Fingerprint: CA74 9061 914E AC13 8E66 EADB 9147 B477 339A 9B86 Recent changes to PyPI don't show the GPG signature with the download links. An alternative download source where the signatures are available is at [4]. The source code repository is at [1]. Documentation is available at [5]. As always, your feedback is most welcome (especially bug reports [3], patches and suggestions for improvement, or any other points via this group). Enjoy! Cheers Vinay Sajip [1] https://github.com/vsajip/python-gnupg [2] https://pypi.org/project/python-gnupg/0.5.2 [3] https://github.com/vsajip/python-gnupg/issues [4] https://github.com/vsajip/python-gnupg/releases/ [5] https://docs.red-dove.com/python-gnupg/ -- https://mail.python.org/mailman/listinfo/python-list
ANN: distlib 0.2.5 released on PyPI
I've just released version 0.2.5 of distlib on PyPI [1]. For newcomers, distlib is a library of packaging functionality which is intended to be usable as the basis for third-party packaging tools. The main changes in this release are as follows: * Changed regular expressions to be compatible with 3.6 as regards escape sequences. * Closed some resource leaks related to XML-RPC proxies. * Changed wheel processing to look for metadata in metadata.json as well as pydist.json. * Updated requirement and marker parsing to be compatible with PEP 508. * Made downloadability a factor in scoring URLs for preferences. * Removed Python 2.6 from the support list. A more detailed change log is available at [2]. Please try it out, and if you find any problems or have any suggestions for improvements, please give some feedback using the issue tracker! [3] Regards, Vinay Sajip [1] https://pypi.python.org/pypi/distlib/0.2.5 [2] https://goo.gl/M3kQzR [3] https://bitbucket.org/pypa/distlib/issues/new -- https://mail.python.org/mailman/listinfo/python-list
ANN: A new version (0.4.1) of python-gnupg has been released.
A new version of the Python module which wraps GnuPG has been released.
What Changed?
=
This is an enhancement and bug-fix release, and all users are encouraged to
upgrade.
See the project website [1] for more information.
Brief summary:
* Updated message handling logic to no longer raise exceptions when a message
isn't
recognised. Thanks to Daniel Kahn Gillmor for the patch.
* Always use always use --fixed-list-mode, --batch and --with-colons. Thanks to
Daniel
Kahn Gillmor for the patch.
* Improved scan_keys() handling on GnuPG >= 2.1. Thanks to Daniel Kahn Gillmor
for the
patch.
* Improved test behaviour with GnuPG >= 2.1. Failures when deleting test
directory trees
are now ignored. Thanks to Daniel Kahn Gillmor for the patch.
* Added close_file keyword argument to verify_file to allow the file closing to
be made
optional. Current behaviour is maintained - close_file=False can be passed to
skip
closing the file being verified.
* Added the extra_args keyword parameter to allow custom arguments to be passed
to the
gpg executable.
* Instances of the GPG class now have an additional on_data attribute, which
defaults to
None. It can be set to a callable which will be called with a single argument
- a binary
chunk of data received from the gpg executable. The callable can do whatever
it likes
with the chunks passed to it - e.g. write them to a separate stream. The
callable should
not raise any exceptions (unless it wants the current operation to fail).
This release [2] has been signed with my code signing key:
Vinay Sajip (CODE SIGNING KEY)
Fingerprint: CA74 9061 914E AC13 8E66 EADB 9147 B477 339A 9B86
What Does It Do?
The gnupg module allows Python programs to make use of the
functionality provided by the Gnu Privacy Guard (abbreviated GPG or
GnuPG). Using this module, Python programs can encrypt and decrypt
data, digitally sign documents and verify digital signatures, manage
(generate, list and delete) encryption keys, using proven Public Key
Infrastructure (PKI) encryption technology based on OpenPGP.
This module is expected to be used with Python versions >= 2.4, as it
makes use of the subprocess module which appeared in that version of
Python. This module is a newer version derived from earlier work by
Andrew Kuchling, Richard Jones and Steve Traugott.
A test suite using unittest is included with the source distribution.
Simple usage:
>>> import gnupg
>>> gpg = gnupg.GPG(gnupghome='/path/to/keyring/directory')
>>> gpg.list_keys()
[{
...
'fingerprint': 'F819EE7705497D73E3CCEE65197D5DAC68F1AAB2',
'keyid': '197D5DAC68F1AAB2',
'length': '1024',
'type': 'pub',
'uids': ['', 'Gary Gross (A test user) ']},
{
...
'fingerprint': '37F24DD4B918CC264D4F31D60C5FEFA7A921FC4A',
'keyid': '0C5FEFA7A921FC4A',
'length': '1024',
...
'uids': ['', 'Danny Davis (A test user) ']}]
>>> encrypted = gpg.encrypt("Hello, world!", ['0C5FEFA7A921FC4A'])
>>> str(encrypted)
'-BEGIN PGP MESSAGE-\nVersion: GnuPG v1.4.9 (GNU/Linux)\n
\nhQIOA/6NHMDTXUwcEAf
.
-END PGP MESSAGE-\n'
>>> decrypted = gpg.decrypt(str(encrypted), passphrase='secret')
>>> str(decrypted)
'Hello, world!'
>>> signed = gpg.sign("Goodbye, world!", passphrase='secret')
>>> verified = gpg.verify(str(signed))
>>> print "Verified" if verified else "Not verified"
'Verified'
As always, your feedback is most welcome (especially bug reports [3],
patches and suggestions for improvement, or any other points via the
mailing list/discussion group [4]).
Please refer to the documentation [5] for more information.
Enjoy!
Cheers
Vinay Sajip
Red Dove Consultants Ltd.
[1] https://bitbucket.org/vinay.sajip/python-gnupg
[2] https://pypi.python.org/pypi/python-gnupg/0.4.1
[3] https://bitbucket.org/vinay.sajip/python-gnupg/issues
[4] https://groups.google.com/forum/#!forum/python-gnupg
[5] https://gnupg.readthedocs.io/en/latest/
--
https://mail.python.org/mailman/listinfo/python-list
Announcement: distlib 0.3.9 released on PyPI
Version 0.3.9 of distlib has recently been released on PyPI [1]. For newcomers, distlib is a library of packaging functionality which is intended to be usable as the basis for third-party packaging tools. The main changes in this release are as follows: * Merge #215: Preload script wrappers on Windows to assist with a pip issue. * Fix #220: Remove duplicated newline in shebang of windows launcher. * Fix #222: Support mounting wheels that use extensions without an EXTENSIONS file. * Fix #224: Do not use the absolute path to cache wheel extensions. * Fix #225: Add support for wheel compatibility with the limited API. * Fix #230: Add handling for cross-compilation environments. A more detailed change log is available at [2]. Please try it out, and if you find any problems or have any suggestions for improvements, please give some feedback using the issue tracker at [3]. Regards, Vinay Sajip [1] https://pypi.org/project/distlib/0.3.9/ [2] https://distlib.readthedocs.io/en/latest/overview.html#change-log-for-distlib [3] https://github.com/pypa/distlib/issues/new/choose -- https://mail.python.org/mailman/listinfo/python-list
ANN: A new version (0.5.3) of python-gnupg has been released.
What Changed?= This is an enhancement and bug-fix release, and all users are encouraged to upgrade. Brief summary: - * Fix #117: Add WKD (Web Key Directory) support for auto-locating keys. Thanks to Myzel394 for the patch. * Fix #237: Ensure local variable is initialized even when an exception occurs. - * Fix #239: Remove logging of decryption result. This release [2] has been signed with my code signing key: Vinay Sajip (CODE SIGNING KEY) Fingerprint: CA74 9061 914E AC13 8E66 EADB 9147 B477 339A 9B86 Recent changes to PyPI don't show the GPG signature with the download links. An alternative download source where the signatures are available is at [4]. The source code repository is at [1]. Documentation is available at [5]. As always, your feedback is most welcome (especially bug reports [3], patches and suggestions for improvement, or any other points via this group). Enjoy! Cheers Vinay Sajip [1] https://github.com/vsajip/python-gnupg [2] https://pypi.org/project/python-gnupg/0.5.3 [3] https://github.com/vsajip/python-gnupg/issues [4] https://github.com/vsajip/python-gnupg/releases/ [5] python-gnupg - A Python wrapper for GnuPG -- https://mail.python.org/mailman/listinfo/python-list
ANN: A new version (0.5.4) of python-gnupg has been released.
What Changed?= This is an enhancement and bug-fix release, and all users are encouraged to upgrade. Brief summary: * Fix #242: Handle exceptions in the `on_data` callable. This release [2] has been signed with my code signing key: Vinay Sajip (CODE SIGNING KEY) Fingerprint: CA74 9061 914E AC13 8E66 EADB 9147 B477 339A 9B86 Recent changes to PyPI don't show the GPG signature with the download links. An alternative download source where the signatures are available is at [4]. The source code repository is at [1]. Documentation is available at [5]. As always, your feedback is most welcome (especially bug reports [3], patches and suggestions for improvement, or any other points via this group). Enjoy! Cheers Vinay Sajip [1] https://github.com/vsajip/python-gnupg [2] https://pypi.org/project/python-gnupg/0.5.4 [3] https://github.com/vsajip/python-gnupg/issues [4] https://github.com/vsajip/python-gnupg/releases/ [5] python-gnupg - A Python wrapper for GnuPG -- https://mail.python.org/mailman/listinfo/python-list
Announcement: distlib 0.4.0 released on PyPI
Version 0.4.0 of distlib has recently been released on PyPI [1]. For newcomers, distlib is a library of packaging functionality which is intended to be usable as the basis for third-party packaging tools. The main changes in this release are as follows: * Add the ``interpret_parsed`` function to ``markers``. * Fix #238: Add build tag to wheel metadata if specified. * Fix #243: Update to support free-threading version of Python (3.13t). * Fix #246: Support subdirectories in the dist-info directory. Thanks to Pieter P for the patch. * Fix #248: Fix path normalization issue caused by the fix for #246. * Move import in script wrapper to ``if __name__ == 'main'`` clause. * Fix #245: Skip test_package_data if a ``SKIP_EXT_PACKAGE_DATA`` environment variable is present. A more detailed change log is available at [2]. Please try it out, and if you find any problems or have any suggestions for improvements, please give some feedback using the issue tracker at [3]. Regards, Vinay Sajip [1] https://pypi.org/project/distlib/0.4.0/ [2] https://distlib.readthedocs.io/en/latest/overview.html#change-log-for-distlib [3] https://github.com/pypa/distlib/issues/new/choose -- https://mail.python.org/mailman3//lists/python-list.python.org
