Skip to content

Index

πŸ€– AI-Generated Content

This documentation was generated with AI assistance and is still being audited. Some, or potentially a lot, of this information may be inaccurate. Learn more.

flavor.packaging

This package contains the core logic for packaging and verification of Progressive Secure Provider Format (Flavor) packages.

Classes

PackagingOrchestrator 

PackagingOrchestrator(
    package_integrity_key_path: str | None,
    public_key_path: str | None,
    output_flavor_path: str,
    build_config: dict[str, Any],
    manifest_dir: Path,
    package_name: str,
    version: str,
    entry_point: str,
    python_version: str | None = None,
    launcher_bin: str | None = None,
    builder_bin: str | None = None,
    strip_binaries: bool = False,
    show_progress: bool = False,
    key_seed: str | None = None,
    manifest_type: str = "toml",
)
Source code in flavor/packaging/orchestrator.py 
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
def __init__(
    self,
    package_integrity_key_path: str | None,
    public_key_path: str | None,
    output_flavor_path: str,
    build_config: dict[str, Any],
    manifest_dir: Path,
    package_name: str,
    version: str,
    entry_point: str,
    python_version: str | None = None,
    launcher_bin: str | None = None,
    builder_bin: str | None = None,
    strip_binaries: bool = False,
    show_progress: bool = False,
    key_seed: str | None = None,
    manifest_type: str = "toml",
) -> None:
    self.package_integrity_key_path = package_integrity_key_path
    self.public_key_path = public_key_path
    self.output_flavor_path = output_flavor_path
    self.package_name = package_name
    self.version = version
    self.entry_point = entry_point
    self.build_config = build_config
    self.manifest_dir = manifest_dir
    self.python_version = python_version or self.DEFAULT_PYTHON_VERSION
    self.launcher_bin = launcher_bin
    self.builder_bin = builder_bin
    self.strip_binaries = strip_binaries
    self.show_progress = show_progress
    self.key_seed = key_seed
    self.manifest_type = manifest_type

    # Use HelperManager for finding helpers
    self.helper_manager = HelperManager()
    self.platform = get_platform_string()

Functions

generate_key_pair 

generate_key_pair(keys_dir: Path) -> tuple[Path, Path]

Generates a new Ed25519 key pair and saves them to PEM files.

This function is used for CLI operations where keys need to be persisted to files for later use. For internal package building where keys are used immediately and discarded, use flavor.psp.format_2025.crypto.generate_key_pair() which returns raw bytes instead.

Ed25519 is used for all PSPF packages as specified in the PSPF/2025 format. This provides: - Small keys (32 bytes public, 32 bytes private seed) - Fast signing and verification - Deterministic signatures - Strong security with no parameters to misconfigure

Parameters:

Name Type Description Default
keys_dir Path

Directory to save the key files

 required

Returns:

Name Type Description
tuple tuple[Path, Path]

(private_key_path, public_key_path)
See Also

flavor.psp.format_2025.crypto.generate_key_pair: For in-memory key generation

Source code in flavor/packaging/keys.py 
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
def generate_key_pair(keys_dir: Path) -> tuple[Path, Path]:
    """Generates a new Ed25519 key pair and saves them to PEM files.

    This function is used for CLI operations where keys need to be persisted
    to files for later use. For internal package building where keys are
    used immediately and discarded, use flavor.psp.format_2025.crypto.generate_key_pair()
    which returns raw bytes instead.

    Ed25519 is used for all PSPF packages as specified in the PSPF/2025 format.
    This provides:
    - Small keys (32 bytes public, 32 bytes private seed)
    - Fast signing and verification
    - Deterministic signatures
    - Strong security with no parameters to misconfigure

    Args:
        keys_dir: Directory to save the key files

    Returns:
        tuple: (private_key_path, public_key_path)

    See Also:
        flavor.psp.format_2025.crypto.generate_key_pair: For in-memory key generation
    """
    # Generate Ed25519 key pair
    private_key = ed25519.Ed25519PrivateKey.generate()
    public_key = private_key.public_key()

    # Serialize to PEM format
    private_pem = private_key.private_bytes(
        encoding=serialization.Encoding.PEM,
        format=serialization.PrivateFormat.PKCS8,
        encryption_algorithm=serialization.NoEncryption(),
    )
    public_pem = public_key.public_bytes(
        encoding=serialization.Encoding.PEM,
        format=serialization.PublicFormat.SubjectPublicKeyInfo,
    )

    # Save to files with secure permissions
    private_key_path = keys_dir / "flavor-private.key"
    public_key_path = keys_dir / "flavor-public.key"

    ensure_dir(keys_dir, mode=0o700)

    # Write private key with restricted permissions (atomic for safety)
    atomic_write(private_key_path, private_pem)
    private_key_path.chmod(DEFAULT_FILE_PERMS)

    # Write public key (atomic for safety)
    atomic_write(public_key_path, public_pem)
    public_key_path.chmod(DEFAULT_FILE_PERMS)  # Use same security level

    return private_key_path, public_key_path