Merge pull request #4 from conda/repo_rename

Repo rename car -> conda-content-trust

README.rst

@@ -7,7 +7,7 @@
 
 
 ##############################################################################
-car: Conda Authentication Resources: Signing and verification tools for Conda
+car: Conda Content Trust: Signing and verification tools for Conda
 ##############################################################################
 
 
@@ -18,9 +18,9 @@ Installation
 Installation can be accomplished by:
 
 1. obtaining this code (download a zip and expand it or git clone the repository). e.g.:
-    ``git clone https://github.com/conda/conda-authentication-resources``
+    ``git clone https://github.com/conda/conda-content-trust``
 
-2. ``cd conda-authentication-resources``
+2. ``cd conda-content-trust``
 
 3. ``pip install .``
 

appveyor.yml

@@ -41,7 +41,7 @@ install:
   - conda info
   # this is to ensure dependencies
   - conda build conda.recipe --no-test
-  - conda install --use-local car
+  - conda install --use-local conda-content-trust
 
 
 # Not a .NET project, we build package in the install step instead

conda_content_trust/__main__.py

@@ -0,0 +1,3 @@
+from conda_content_trust import cli
+
+cli.cli()

car/authentication.py → conda_content_trust/authentication.py

@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 
 
-""" car.authentication
+""" conda_content_trust.authentication
 This module contains functions that verify signatures and thereby authenticate
 data.
 
@@ -519,7 +519,7 @@ def verify_gpg_signature(signature, key_value, data):
     checkformat_gpg_signature(signature)
     checkformat_hex_key(key_value)
     checkformat_byteslike(data)
-    # if not isinstance(data, bytes):   # TODO: ✅ use the byteslike checker in car.common.
+    # if not isinstance(data, bytes):   # TODO: ✅ use the byteslike checker in conda_content_trust.common.
     #     raise TypeError()
 
     public_key = PublicKey.from_hex(key_value)

car/cli.py → conda_content_trust/cli.py

@@ -1,7 +1,7 @@
-# -*- coding: utf-8 -*- 
+# -*- coding: utf-8 -*-
 
-""" car.cli
-This module provides the CLI interface for conda-authentication-resources.
+""" conda_content_trust.cli
+This module provides the CLI interface for conda-content-trust.
 This is intended to provide a command-line signing and metadata update
 interface.
 """
@@ -13,15 +13,15 @@
 from argparse import ArgumentParser
 import copy
 
-from car.common import (
+from conda_content_trust.common import (
         canonserialize, load_metadata_from_file, write_metadata_to_file,
-        CAR_Error, PrivateKey, is_gpg_fingerprint, is_hex_key)
+        CCT_Error, PrivateKey, is_gpg_fingerprint, is_hex_key)
 
-from car import __version__
-import car.root_signing
-import car.signing
-import car.authentication
-import car.metadata_construction
+from conda_content_trust import __version__
+import conda_content_trust.root_signing as cct_root_signing
+import conda_content_trust.signing as cct_signing
+import conda_content_trust.authentication as cct_authentication
+import conda_content_trust.metadata_construction as cct_metadata_construction
 
 # In Python2, input() performs evaluation and raw_input() does not.  In
 # Python3, input() does not perform evaluation and there is no raw_input().
@@ -48,8 +48,8 @@ def cli(args=None):
     p.add_argument(
         '-V', '--version',
         action='version',
-        help='Show the conda-authentication-resources version number and exit.',
-        version="car %s" % __version__,
+        help='Show the conda-content-trust version number and exit.',
+        version="conda-content-trust %s" % __version__,
     )
 
     # Create separate parsers for the subcommands.
@@ -106,7 +106,7 @@ def cli(args=None):
     # If we're missing optional requirements for the next few options, note
     # that in their help strings.
     opt_reqs_str = ''
-    if not car.root_signing.SSLIB_AVAILABLE:
+    if not cct_root_signing.SSLIB_AVAILABLE:
         opt_reqs_str = ('[Unavailable]: Requires optional '
                 'dependencies: securesystemslib and gpg.  ')
 
@@ -149,21 +149,21 @@ def cli(args=None):
         # so this is necessary for convenience.
         gpg_key_fingerprint = ''.join(args.gpg_key_fingerprint.split()).lower()
 
-        car.root_signing.sign_root_metadata_via_gpg(
+        cct_root_signing.sign_root_metadata_via_gpg(
                 args.filename, gpg_key_fingerprint)
 
 
 
     elif args.subcommand_name == 'sign-artifacts':
 
-        car.signing.sign_all_in_repodata(
+        cct_signing.sign_all_in_repodata(
                 args.repodata_fname, args.private_key_hex)
 
 
 
     elif args.subcommand_name == 'gpg-key-lookup':
         gpg_key_fingerprint = ''.join(args.gpg_key_fingerprint.split()).lower()
-        keyval = car.root_signing.fetch_keyval_from_gpg(gpg_key_fingerprint)
+        keyval = cct_root_signing.fetch_keyval_from_gpg(gpg_key_fingerprint)
         print('Underlying ed25519 key value: ' + str(keyval))
 
 
@@ -189,7 +189,7 @@ def cli(args=None):
 
         old_metadata = load_metadata_from_file(args.metadata_filename)
 
-        # new_metadata = car.metadata_construction.interactive_modify_metadata(old_metadata)
+        # new_metadata = cct_metadata_construction.interactive_modify_metadata(old_metadata)
         # if new_metadata is not None and new_metadata:
         #     write_metadata_to_file(new_metadata, args.metadata_filename)
 
@@ -203,7 +203,7 @@ def cli(args=None):
         # `car verify-metadata <trusted delegating metadata> <untrusted
         # metadata> <(optional) role name>`
 
-        # underlying functions: car.authentication.verify_delegation,
+        # underlying functions: cct_authentication.verify_delegation,
         # load_metadata_from_file
 
         # takes two metadata files, the first being a trusted file that should
@@ -233,26 +233,26 @@ def cli(args=None):
         if metadata_type == 'root':
             # Verifying root has additional steps beyond verify_delegation.
             try:
-                car.authentication.verify_root(trusted_metadata, untrusted_metadata)
+                cct_authentication.verify_root(trusted_metadata, untrusted_metadata)
                 print('Root metadata verification successful.')
                 return 0 # success
 
-            except CAR_Error as e:
+            except CCT_Error as e:
                 errorcode = 10
                 errorstring = str(e)
 
         else:
             # Verifying anything other than root just uses verify_delegation
             # directly.
             try:
-                car.authentication.verify_delegation(
+                cct_authentication.verify_delegation(
                         delegation_name=metadata_type,
                         untrusted_delegated_metadata=untrusted_metadata,
                         trusted_delegating_metadata=trusted_metadata)
                 print('Metadata verification successful.')
                 return 0 # success
 
-            except CAR_Error as e:
+            except CCT_Error as e:
                 errorcode = 20
                 errorstring = str(e)
 
@@ -332,7 +332,7 @@ def fn_abort():
         return 1
 
     def fn_addsig():
-        if not car.root_signing.SSLIB_AVAILABLE:
+        if not cct_root_signing.SSLIB_AVAILABLE:
             print(F_OPTS + 'Signing.  ' + RED + 'Please ABORT (control-c) if '
                     'the metadata above is not EXACTLY what you want to sign!'
                     + ENDC)
@@ -347,12 +347,12 @@ def fn_addsig():
 
         if is_hex_key(key):
             private_key = PrivateKey.from_hex(key)
-            car.signing.sign_signable(metadata, private_key)
+            cct_signing.sign_signable(metadata, private_key)
             print(F_OPTS + '\n\n--- Successfully signed!  Please save.' + ENDC)
 
         elif is_gpg_fingerprint(key):
             try:
-                car.root_signing.sign_root_metadata_dict_via_gpg(metadata, key)
+                cct_root_signing.sign_root_metadata_dict_via_gpg(metadata, key)
             except:
                 print(F_OPTS + '\n\n--- ' + RED + 'Signing FAILED.'
                         + F_OPTS + '  Do you have this key loaded in GPG on '

car/common.py → conda_content_trust/common.py

@@ -1,10 +1,10 @@
 # -*- coding: utf-8 -*-
 
-""" car.common
+""" conda_content_trust.common
 
 This module contains functions that provide format validation, serialization,
 and some key transformations for the pyca/cryptography library.  These are used
-across CAR modules.
+across conda_content_trust modules.
 
 Function Manifest for this Module, by Category
 
@@ -45,7 +45,7 @@
    x keyfiles_to_bytes
 
 Exceptions:
-    CAR_Error
+    CCT_Error
         SignatureError
         MetadataVerificationError
         UnknownRoleError
@@ -65,8 +65,7 @@
 import cryptography.hazmat.primitives.hashes
 import cryptography.hazmat.backends.openssl.ed25519
 
-# specification version for the metadata produced by
-# conda-authentication-resources
+# specification version for the metadata produced by conda-content-trust
 # Details in the Conda Security Metadata Specification.  Note that this
 # version string is parsed via setuptools's packaging.version library, and so
 # supports PEP 440; however, we should use a limited subset that is numerical
@@ -98,27 +97,27 @@
 
 
 
-class CAR_Error(Exception):
+class CCT_Error(Exception):
     """
     All errors we raise that are not ValueErrors, TypeErrors, or
     certain errors from securesystemslib should be instances of this class or
     of subclasses of this class.
     """
 
-class SignatureError(CAR_Error):
+class SignatureError(CCT_Error):
     """
     Indicates that a signable cannot be verified due to issues with the
     signature(s) inside it.
     """
 
-class MetadataVerificationError(CAR_Error):
+class MetadataVerificationError(CCT_Error):
     """
     Indicates that a chain of authority metadata cannot be verified (e.g.
     a metadata update is found on the repository, but could not be
     authenticated).
     """
 
-class UnknownRoleError(CAR_Error):
+class UnknownRoleError(CCT_Error):
     """
     Indicates that a piece of role metadata (like root.json, or key_mgr.json)
     was expected but not found.
@@ -269,7 +268,7 @@ def from_bytes(cls, key_value_in_bytes):
         # #
         # # Before the next two lines are run, this is the situation:
         # # > cls.__bases__
-        # #    (<class 'car.common.MixinKey'>,
+        # #    (<class 'conda_content_trust.common.MixinKey'>,
         # #     <class 'cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey'>)
         # # > new_object.__class__
         # #    <class 'cryptography.hazmat.backends.openssl.ed25519._Ed25519PrivateKey'>
@@ -756,10 +755,10 @@ def checkformat_gpg_signature(signature_obj):
 def is_a_signature(signature_obj):
     """
     Returns True if signature_obj is a dictionary representing an ed25519
-    signature, either in the conda-authentication-resources normal format, or
+    signature, either in the conda-content-trust normal format, or
     the format for a GPG signature.
 
-    See car.common.checkformat_signature() docstring for more details.
+    See conda_content_trust.common.checkformat_signature() docstring for more details.
     """
     try:
         checkformat_signature(signature_obj)
@@ -1244,7 +1243,7 @@ def iso8601_time_plus_delta(delta):
 # made (just a few adjustments).
 # def _gpgsig_to_sslgpgsig(gpg_sig):
 #
-#     car.common.checkformat_gpg_signature(gpg_sig)
+#     conda_content_trust.common.checkformat_gpg_signature(gpg_sig)
 #
 #     return {
 #             'keyid': copy.deepcopy(gpg_sig['key_fingerprint']),

car/metadata_construction.py → conda_content_trust/metadata_construction.py

@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 
-""" car.metadata_construction
+""" conda_content_trust.metadata_construction
 
 This module contains functions that construct metadata and generate signing
 keys.
@@ -197,9 +197,9 @@ def gen_keys():
     Generate an ed25519 key pair and return it (private key, public key).
 
     Returns two objects:
-      - a car.common.PrivateKey, a subclass of
+      - a conda_content_trust.common.PrivateKey, a subclass of
         cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey
-      - a car.common.PublicKey, a subclass of
+      - a conda_content_trust.common.PublicKey, a subclass of
         cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey
     """
     # Create an ed25519 key pair, employing OS random generation.

car/root_signing.py → conda_content_trust/root_signing.py

@@ -1,10 +1,10 @@
 # -*- coding: utf-8 -*-
 
-""" car.root_signing
+""" conda_content_trust.root_signing
 This module contains functions that sign data in an OpenPGP-compliant (i.e.
 GPG-friendly) way.  Root metadata may be signed in this manner.  Functions that
 perform simpler, direct signing using raw ed25519 keys are provided in
-car.signing instead.
+conda_content_trust.signing instead.
 
 This library takes advantage of the securesystemslib library for its gpg
 signing interface.
@@ -19,7 +19,7 @@
     _gpg_pubkey_in_ssl_format
     _verify_gpg_sig_using_ssl     # requires securesystemslib
 
-Note that there is a function in car.authentication that verifies these
+Note that there is a function in conda_content_trust.authentication that verifies these
 signatures without requiring securesystemslib.
 """
 
@@ -62,7 +62,7 @@ def sign_via_gpg(data_to_sign, gpg_key_fingerprint, include_fingerprint=False):
     """
     <Purpose>
 
-        This is an alternative to the car.common.PrivateKey.sign() method, for
+        This is an alternative to the conda_content_trust.common.PrivateKey.sign() method, for
         use with OpenPGP keys, allowing us to use protected keys in YubiKeys
         (which provide an OpenPGP interface) to sign data.
 
@@ -133,7 +133,7 @@ def sign_via_gpg(data_to_sign, gpg_key_fingerprint, include_fingerprint=False):
             'signature':        <ed25519 signature, 64 bytes as 128 hex chars>}
 
 
-        This is unlike car.signing.sign(), which simply returns 64 bytes of raw
+        This is unlike conda_content_trust.signing.sign(), which simply returns 64 bytes of raw
         ed25519 signature.
 
 
@@ -333,7 +333,7 @@ def fetch_keyval_from_gpg(fingerprint):
     if not SSLIB_AVAILABLE:
         # TODO✅: Consider a missing-optional-dependency exception class.
         raise Exception(
-                'sign_root_metadata_via_gpg requires the securesystemslib library, which '
+                'fetch_keyval_from_gpg requires the securesystemslib library, which '
                 'appears to be unavailable.')
 
     checkformat_gpg_fingerprint(fingerprint)
@@ -347,7 +347,7 @@ def fetch_keyval_from_gpg(fingerprint):
 def _verify_gpg_sig_using_ssl(signature, gpg_key_fingerprint, key_value, data):
     """
     THIS IS PROVIDED ONLY FOR TESTING PURPOSES.
-    We will verify signatures using our own code in car.authentication, not
+    We will verify signatures using our own code in conda_content_trust.authentication, not
     by using the securesystemslib.gpg.functions.verify_signature call that
     sits here.
 
@@ -434,7 +434,7 @@ def _gpg_pubkey_in_ssl_format(fingerprint, q):
 
 # def _gpgsig_to_sslgpgsig(gpg_sig):
 #
-#     car.common.checkformat_gpg_signature(gpg_sig)
+#     conda_content_trust.common.checkformat_gpg_signature(gpg_sig)
 #
 #     return {
 #             'keyid': copy.deepcopy(gpg_sig['key_fingerprint']),