ansible_sign.checksum.differ package

Submodules

ansible_sign.checksum.differ.base module

class ansible_sign.checksum.differ.base.ChecksumFileExistenceDiffer(root)

Bases: object

When checking checksum files, it can be important to ensure not only that the files listed have correct hashes, but that no files were added that are not listed.

This is particularly important in situations where files might get “wildcard-included” – whereby an extra file slipping in could present a security risk.

This class, and subclasses of it, provide an implementation that ChecksumFileValidator instances can use to list all “interesting” files that should be listed in the checksum file.

always_added_files = {}

compare_filelist(checksum_paths)

Given a set of paths (from a checksum file), see if files have since been added or removed from the root directory and any deeper directories.

The given set of paths is used as the source of truth and additions and deletions are list with respect to it.

gather_files(verifying=False)

ignored_paths = {'.ansible-sign', '.ansible-sign/**'}

list_files(verifying)

Return a (sorted, normalized) list of files.

Individual differs can implement logic based on whether we are using this to generate a manifest or to verify one, and ‘verifying’ is what is used to toggle this logic.

warnings = {}

ansible_sign.checksum.differ.distlib_manifest module

class ansible_sign.checksum.differ.distlib_manifest.DistlibManifestChecksumFileExistenceDiffer(root)

Bases: ChecksumFileExistenceDiffer

Read in a MANIFEST.in file and process it. Use the results for comparing what is listed in the checksum file with what is “reality”.

always_added_files = {'MANIFEST.in'}

gather_files(verifying=False)

Module contents