Skip to content

v1.0.4

Compare
Choose a tag to compare
@jberends jberends released this 26 Nov 09:31
bdcd0e3

1.0.4 (26NOV19)

  • Maintenance release.
  • changed CI setup to use github actions. No end-user facing changes. #10

1.0.3 (21NOV19)

  • Added the capability to change the requirements.txt path in the generated package_info.json. Thanks to @bastiaanbeijer

1.0.2 (19JUN19)

  • fixed compatibility issue with GPG installation on windows. Now we do find the correct gpg.exe on your windows harddisk if you installed it through https://gpg4win.org/index.html.

1.0.1 (31MAY19)

Today we release Version 1.0 of the kecpkg-tools as in the past year no updates were deemed necessary. It is heavily used internally by KE-works BV and at customers to manage ke-chain script packages (KECPKG's). The major additional features of this release are the package signing ability (Python 3 only).

  • Added the ability to manage signatures and keys. We built a Publik Key Infrastructure to sign packages and have the ability to trust packages signed with a developer key. The process of creating and submitting a key to be included in the trusted keyring of KE-chain will be on our support portal later when it is all available in KE-chain production. Please check out the documentation of the commandline interface using kecpkg sign --help for further information.
  • The build process is does now provide a list of artifacts (ARTIFACTS) that are included in a kecpkg. The list of artifacts consist out of the (relative pathname), the hash of the file (normally sha256) and the filesize. KE-chain is able to check the contents of the kecpkgs after upload against this file and will determine of the kecpkgs is untempered on disk.
  • The build process also now provides an optional kecpkg build --sign command flag to include a signature inside the keckpg. When package signing is enabled using the --sign flag, the list of artifacts (ARTIFACTS file) is signed with the cryptographic signature of the developer (ARTIFACTS.SIG). This signature can be checked by KE-chain after upload when the public key of the developer is known and trusted by KE-chain. This might enable running the contained scripts on higher than scope manager permissions.
  • Adding dependent permissions on GPG on linux or windows in order to enable the package signing features.
  • Added dependent packages tabulate, appdirs and python-gnupg.

1.0.0 (28MAY19)

Retracted release