Skip to content

trust

πŸ€– AI-Generated Content

This documentation was generated with AI assistance and is still being audited. Some, or potentially a lot, of this information may be inaccurate. Learn more.

flavor.config.trust

Trusted key store for FlavorPack package signature verification.

Functions

compute_key_fingerprint 

compute_key_fingerprint(
    public_key: Ed25519PublicKey,
) -> str

Return the SHA-256 fingerprint of an Ed25519 public key.

The fingerprint is SHA-256 of the raw 32-byte key material, hex-encoded (64 ASCII characters, lowercase).

Source code in flavor/config/trust.py 
27
28
29
30
31
32
33
34
def compute_key_fingerprint(public_key: Ed25519PublicKey) -> str:
    """Return the SHA-256 fingerprint of an Ed25519 public key.

    The fingerprint is SHA-256 of the raw 32-byte key material, hex-encoded
    (64 ASCII characters, lowercase).
    """
    raw = public_key.public_bytes(Encoding.Raw, PublicFormat.Raw)
    return hashlib.sha256(raw).hexdigest()

is_key_trusted 

is_key_trusted(
    fingerprint: str, *, include_system: bool = True
) -> bool | None

Check whether a key fingerprint is in the trusted store.

Returns:

Type Description
bool | None

True β€” fingerprint found in store
bool | None

False β€” store exists but fingerprint not found
bool | None

None β€” no store directories exist (no-op / backwards-compat mode)
Source code in flavor/config/trust.py 
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
def is_key_trusted(fingerprint: str, *, include_system: bool = True) -> bool | None:
    """Check whether a key fingerprint is in the trusted store.

    Returns:
        True  β€” fingerprint found in store
        False β€” store exists but fingerprint not found
        None  β€” no store directories exist (no-op / backwards-compat mode)
    """
    user_keys_dir = get_trusted_keys_dir(system=False)
    system_keys_dir = get_system_config_dir() / "trusted-keys"

    store_exists = user_keys_dir.is_dir() or (include_system and system_keys_dir.is_dir())
    if not store_exists:
        return None

    keys = load_trusted_keys(include_system=include_system)
    return fingerprint in keys

load_trusted_keys 

load_trusted_keys(
    *, include_system: bool = True
) -> dict[str, dict[str, Any]]

Load all trusted keys from user and (optionally) system stores.

Source code in flavor/config/trust.py 
73
74
75
76
77
78
79
80
81
82
83
84
def load_trusted_keys(*, include_system: bool = True) -> dict[str, dict[str, Any]]:
    """Load all trusted keys from user and (optionally) system stores."""
    keys: dict[str, dict[str, Any]] = {}

    if include_system:
        system_keys_dir = get_system_config_dir() / "trusted-keys"
        keys.update(_load_keys_from_dir(system_keys_dir))

    user_keys_dir = get_trusted_keys_dir(system=False)
    keys.update(_load_keys_from_dir(user_keys_dir))

    return keys