build and sign artifacts feature (#9)

* adding sign command
* creating custom trust store/keystore for gnupg for kecpkg exclusive
* refactoring a lot, moving util functions from command/utils to utils
* adding gpg.py for gpg support
* adding platform aware gpg support (find binary)
* creating sign create key command!
* more rubust implementation of get_pacakge_dir
* adding export key and tests
* adding package verification
* improvements in sign --build.
* Will show the list of keys available to sign with and autofill emal addres when available.
* added python 3.6 and 3.7 option
* added get and set keys in config. Better display of configsettings.

.travis.yml

@@ -5,6 +5,7 @@ python:
   - "2.7"
   - "3.5"
   - "3.6"
+  - "3.7-dev"
   - "pypy"
   - "pypy3"
 

CHANGELOG.md

@@ -1,5 +1,15 @@
 # Changelog
 
+## 1.0.0 (28MAY19)
+Version 1.0.0 release of the `kecpkg-tools` as in the past year no updates were deemed necessary and it is heavily used internally by KE-works BV and at customers to manage ke-chain script packages (KECPKG's). Package signing is only available for Python 3. 
+
+ * Added the ability to manage signatures and keys. We built a Publick Key Infrastructure to sign packages and have the ability to trust packages signed with a developer key. The process of creating and submitting a key to be included in the trusted keyring of KE-chain will be on our [support portal](https://support.ke-chain.com) later when it is all available in KE-chain production. Please check out the documentation of the commandline interface using `kecpkg sign --help` for further information.
+ * The build process is does now provide a list of artifacts (ARTIFACTS) that are included in a kecpkg. The list of artifacts consist out of the (relative pathname), the hash of the file (normally sha256) and the filesize. KE-chain is able to check the contents of the kecpkgs after upload against this file and will determine of the kecpkgs is untempered on disk.
+ * The build process also now provides an optional `kecpkg build --sign` command flag to include a signature inside the keckpg. When package signing is enabled using the `--sign` flag, the list of artifacts (ARTIFACTS file) is signed with the cryptographic signature of the developer (ARTIFACTS.SIG). This signature can be checked by KE-chain after upload when the public key of the developer is known and trusted by KE-chain. This might enable running the contained scripts on higher than scope manager permissions.
+ * Adding dependent permission on GPG on linux or windows in order to enable the package signing features.
+ * Added dependent packages tabulate, appdirs and python-gnupg.
+
+
 ## 0.9.0 (16JAN18)
  * added the ability to add multiple configurations. You can use this to create multiple settings files and build for each setting file another kecpkg. Use `kecpkg build --settings <anothersettings.json>` to create a new kecpkg in the `dist` directory. The `package-info.json` will be recreated based on what is set in the `settings` and stored inside the kecpkg. Use `kecpkg upload --settings <anothersettings.json>` to upload this kecpkg to KE-chain. You can now use a cmd or batch script with multiple setting files to create a multitude of kecpkgs and automatically upload (and even replace) them in a KE-chain project.
  * added `--update` and `--no-update` flags to `kecpkg build`. The `package-info.json` file is needed for the KE-crunch server to understand what module and what function inside the kecpkg to execute. Normally this is re-rendered (updated) in each build sessions based on the contents of the settings file. If you have a custom `package-info.json`, you can use the `--no-update` flag on `kecpkg build --no-update` to prevent the updating the `package-info.json`. You might want to consider updating the settings file with the correct values for the `package-info.json` instead.

MANIFEST.in

@@ -1,16 +1,18 @@
-include README.rst
+include README.md
 include LICENSE
 include CONTRIBUTED
 include CHANGELOG.md
 include requirements.txt
+include Pipfile
 include tox.ini
-include pyproject.toml
 include .coveragerc
 
 graft tests
 graft kecpkg
 prune .idea
 prune .env*
+prune *.depr
+exclude build_release.sh
 recursive-include kecpkg *.template
 
 global-exclude *.pyc

Pipfile

@@ -0,0 +1,24 @@
+[[source]]
+name = "pypi"
+url = "https://pypi.org/simple"
+verify_ssl = true
+
+[dev-packages]
+twine = "*"
+tox = "*"
+pytest = "*"
+
+
+[packages]
+kecpkg-tools = {editable = true,file = "file:///Users/jochem/dev/kecpkg-tools"}
+click = "*"
+atomicwrites = "*"
+pykechain = ">=2.0.0"
+appdirs = "*"
+python-gnupg = "*"
+tabulate = "*"
+toml = "*"
+Jinja2 = "*"
+
+[requires]
+python_version = "3"

README.md

@@ -0,0 +1,49 @@
+kecpkg-tools
+============
+
+[![PyPI](https://img.shields.io/pypi/v/kecpkg-tools.svg)](https://pypi.python.org/pypi/kecpkg-tools)
+[![PyPI - Status](https://img.shields.io/pypi/status/kecpkg-tools.svg)](https://pypi.python.org/pypi/kecpkg-tools)
+![PyPI - Python Version](https://img.shields.io/pypi/pyversions/kecpkg-tools.svg)
+[![Travis Build](https://travis-ci.org/KE-works/kecpkg-tools.svg?branch=master)](https://travis-ci.org/KE-works/kecpkg-tools)
+[![Join the chat at https://gitter.im/KE-works/pykechain](https://badges.gitter.im/KE-works/pykechain.svg)](https://gitter.im/KE-works/pykechain?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+
+Usage
+-----
+
+kecpkg-tools provide a set of tools to easily create KE-chain packages.
+These are executable python scripts aimed for execution on the KE-chain
+SIM platform.
+
+It requires normal user access to a [KE-chain](http://www.ke-chain.com)
+instance for it to work. KE-chain is the flexible engineering platform
+of [KE-works](http://www.ke-works.com).
+
+See Also
+--------
+
+KE-chain packages for SIM are used in combination with
+[pykechain](https://github.com/KE-works/pykechain), the open source
+KE-chain python api.
+
+Installation
+------------
+
+kecpkg-tools is distributed on [PyPI](https://pypi.org) as a universal
+wheel and is available on Linux/macOS and Windows and supports Python
+2.7/3.4+ and PyPy.
+
+``` {.sourceCode .bash}
+$ pip install --user --upgrade kecpkg-tools
+```
+
+or when pip is not installed on the system
+
+``` {.sourceCode .bash}
+$ python3 -m pip install --user --upgrade kecpkg-tools
+```
+
+License
+-------
+
+kecpkg-tools is distributed under the terms of the [Apache License,
+Version 2.0](https://choosealicense.com/licenses/apache-2.0).

README.rst

@@ -44,7 +44,14 @@ Python 2.7/3.5+ and PyPy.
 
 .. code-block:: bash
 
-    $ pip install kecpkg-tools
+    $ pip install --user --upgrade kecpkg-tools
+
+or when pip is not installed on the system
+
+.. code-block:: bash
+
+    $ python3 -m pip install --user --upgrade kecpkg-tools
+
 
 License
 -------

build_release.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+rm -rf ./build ./dist
+python setup.py bdist_wheel --universal
+twine upload dist/kecpkg_tools-*.whl

kecpkg/__init__.py

@@ -1 +1 @@
-__version__ = '0.9.0'
+__version__ = '1.0.1'

kecpkg/cli.py

@@ -4,6 +4,7 @@
 from kecpkg.commands.new import new
 from kecpkg.commands.prune import prune
 from kecpkg.commands.purge import purge
+from kecpkg.commands.sign import sign
 from kecpkg.commands.upload import upload
 from kecpkg.commands.config import config
 from kecpkg.commands.utils import CONTEXT_SETTINGS
@@ -28,3 +29,4 @@ def kecpkg():
 kecpkg.add_command(purge)
 kecpkg.add_command(prune)
 kecpkg.add_command(config)
+kecpkg.add_command(sign)