v1.0.4
1.0.4 (26NOV19)
- Maintenance release.
- changed CI setup to use github actions. No end-user facing changes. #10
1.0.3 (21NOV19)
- Added the capability to change the
requirements.txt
path in the generatedpackage_info.json
. Thanks to @bastiaanbeijer
1.0.2 (19JUN19)
- fixed compatibility issue with GPG installation on windows. Now we do find the correct gpg.exe on your windows harddisk if you installed it through https://gpg4win.org/index.html.
1.0.1 (31MAY19)
Today we release Version 1.0 of the kecpkg-tools as in the past year no updates were deemed necessary. It is heavily used internally by KE-works BV and at customers to manage ke-chain script packages (KECPKG's). The major additional features of this release are the package signing ability (Python 3 only).
- Added the ability to manage signatures and keys. We built a Publik Key Infrastructure to sign packages and have the ability to trust packages signed with a developer key. The process of creating and submitting a key to be included in the trusted keyring of KE-chain will be on our support portal later when it is all available in KE-chain production. Please check out the documentation of the commandline interface using
kecpkg sign --help
for further information. - The build process is does now provide a list of artifacts (ARTIFACTS) that are included in a kecpkg. The list of artifacts consist out of the (relative pathname), the hash of the file (normally sha256) and the filesize. KE-chain is able to check the contents of the kecpkgs after upload against this file and will determine of the kecpkgs is untempered on disk.
- The build process also now provides an optional
kecpkg build --sign
command flag to include a signature inside the keckpg. When package signing is enabled using the--sign
flag, the list of artifacts (ARTIFACTS file) is signed with the cryptographic signature of the developer (ARTIFACTS.SIG). This signature can be checked by KE-chain after upload when the public key of the developer is known and trusted by KE-chain. This might enable running the contained scripts on higher than scope manager permissions. - Adding dependent permissions on GPG on linux or windows in order to enable the package signing features.
- Added dependent packages
tabulate
,appdirs
andpython-gnupg
.
1.0.0 (28MAY19)
Retracted release