signing-tool 3.6.1__tar.gz

signing_tool-3.6.1/LICENSE

@@ -0,0 +1,5 @@
+Copyright (c) 2026 Laavat Oy
+
+All rights reserved.
+
+This software is the proprietary work of Laavat Oy. Use, reproduction, or distribution of this software, in whole or in part, is prohibited without the express prior written permission of Laavat Oy.

signing_tool-3.6.1/LICENSES/certifi.txt

@@ -0,0 +1,10 @@
+This product includes software developed by Kenneth Reitz.
+
+certifi is available under the Mozilla Public License 2.0 (MPL 2.0)
+https://github.com/certifi/python-certifi
+
+Copyright (c) 2017 Kenneth Reitz
+
+This Source Code Form is subject to the terms of the Mozilla Public
+License, v. 2.0. If a copy of the MPL was not distributed with this
+file, You can obtain one at http://mozilla.org/MPL/2.0/.

signing_tool-3.6.1/LICENSES/configparser.txt

@@ -0,0 +1,24 @@
+This product includes software developed by Łukasz Langa.
+
+configparser is available under the MIT License
+https://github.com/jaraco/configparser
+
+Copyright (c) 2011-2021 Łukasz Langa and contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

signing_tool-3.6.1/LICENSES/cryptography.txt

@@ -0,0 +1,20 @@
+This product includes software developed by The cryptography project.
+
+cryptography is available under the Apache Software License 2.0 and BSD License
+https://github.com/pyca/cryptography
+
+Copyright (c) 2013-2021 The cryptography project contributors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).

signing_tool-3.6.1/LICENSES/jwcrypto.txt

@@ -0,0 +1,18 @@
+This product includes software developed by Simo Sorce.
+
+jwcrypto is available under the Apache Software License 2.0
+https://github.com/latchset/jwcrypto
+
+Copyright (c) 2017 Red Hat, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

signing_tool-3.6.1/LICENSES/python-dateutil.txt

@@ -0,0 +1,18 @@
+This product includes software developed by Gustavo Niemeyer.
+
+python-dateutil is available under the Apache Software License 2.0
+https://github.com/dateutil/dateutil
+
+Copyright (c) 2003-2021 - Gustavo Niemeyer <gustavo@niemeyer.com>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

signing_tool-3.6.1/LICENSES/requests.txt

@@ -0,0 +1,18 @@
+This product includes software developed by Kenneth Reitz.
+
+requests is available under the Apache Software License 2.0
+https://github.com/psf/requests
+
+Copyright (c) 2011-2021 Kenneth Reitz
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

signing_tool-3.6.1/LICENSES/six.txt

@@ -0,0 +1,24 @@
+This product includes software developed by Benjamin Peterson.
+
+six is available under the MIT License
+https://github.com/benjaminp/six
+
+Copyright (c) 2010-2020 Benjamin Peterson
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

signing_tool-3.6.1/LICENSES/urllib3.txt

@@ -0,0 +1,24 @@
+This product includes software developed by Andrey Petrov.
+
+urllib3 is available under the MIT License
+https://github.com/urllib3/urllib3
+
+Copyright (c) 2008-2021 Andrey Petrov and contributors (see CONTRIBUTORS.txt)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

signing_tool-3.6.1/MANIFEST.in

@@ -0,0 +1,11 @@
+include README.md
+include LICENSE
+include RELEASE-NOTES.md
+include sbom.json
+recursive-include LICENSES *
+graft signingtool
+global-exclude __pycache__
+global-exclude *.py[cod]
+global-exclude *.so
+global-exclude *.dylib
+global-exclude *.pyd

signing_tool-3.6.1/PKG-INFO

@@ -0,0 +1,131 @@
+Metadata-Version: 2.4
+Name: signing-tool
+Version: 3.6.1
+Summary: Laavat Signing Solution CLI Tool
+Author-email: Laavat Oy <contact@laavat.com>
+License: Copyright (c) 2026 Laavat Oy
+        
+        All rights reserved.
+        
+        This software is the proprietary work of Laavat Oy. Use, reproduction, or distribution of this software, in whole or in part, is prohibited without the express prior written permission of Laavat Oy.
+        
+Project-URL: Documentation, https://docs.laavat.io/democlient/usage/
+Project-URL: Homepage, https://docs.laavat.io/
+Keywords: signing,cli,pki,certificate,signing-tool,laavat
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: Other/Proprietary License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+License-File: LICENSES/certifi.txt
+License-File: LICENSES/configparser.txt
+License-File: LICENSES/cryptography.txt
+License-File: LICENSES/jwcrypto.txt
+License-File: LICENSES/python-dateutil.txt
+License-File: LICENSES/requests.txt
+License-File: LICENSES/six.txt
+License-File: LICENSES/urllib3.txt
+Requires-Dist: certifi>=2017.4.17
+Requires-Dist: python-dateutil>=2.1
+Requires-Dist: six>=1.10
+Requires-Dist: urllib3>=1.23
+Requires-Dist: requests>=2.25.1
+Requires-Dist: jwcrypto>=1.0
+Requires-Dist: configparser>=5.0.2
+Requires-Dist: cryptography>=3.4
+Provides-Extra: dev
+Requires-Dist: autopep8>=1.5.7; extra == "dev"
+Requires-Dist: pycodestyle>=2.7.0; extra == "dev"
+Dynamic: license-file
+
+# Laavat Signing Solution CLI Tool
+
+> ⚠️ **Reference Implementation Only** — This is a reference implementation and should **not be used in production**. Security improvements are planned before this tool is productized. Use this for evaluation and development purposes only.
+
+The `signing-tool` package provides the Laavat Signing Solution command-line client.
+It supports client registration, product management, image signing, secrets management, and more via the SaaS API.
+
+## Installation
+
+Install from PyPI when released:
+
+```bash
+pip install signing-tool
+```
+
+Install from source during development:
+
+```bash
+cd clients/python3
+python3 -m pip install .
+```
+
+## Quick Start
+
+Display help:
+
+```bash
+signing-tool --help
+```
+
+### Recommended usage
+
+Use a configuration file to keep credentials out of command history and logs. Create the file with `config-init`, then run the CLI using the `-n` option.
+
+```bash
+config-init -n test.ini -t "$TOKEN" -s -a https://app.laavat.io/<CustomerName>/api/v1
+signing-tool -n test.ini product getall
+```
+
+### Alternative usage
+
+You can also pass settings directly on the command line, but this is less secure because tokens may become visible in shell history or process listings.
+
+```bash
+signing-tool -c -t "$TOKEN" -a https://app.laavat.io/<CustomerName>/api/v1 product getall
+```
+
+## Configuration Options
+
+Option 1: create an ini config file using `config-init`:
+
+```bash
+config-init -n test.ini -t "$TOKEN" -s -a https://app.laavat.io/<CustomerName>/api/v1
+signing-tool -n test.ini product getall
+```
+
+Option 2: pass settings directly on the command line (not recommended for secrets):
+
+```bash
+signing-tool -c -t "$TOKEN" -a https://app.laavat.io/<CustomerName>/api/v1 product getall
+```
+
+## Example Signing Commands
+
+HAB image signing with config file:
+
+```bash
+signing-tool -n test.ini imagesigning add SignHABIMG -P <product-id> --operid <operator-id> -p <payload>
+```
+
+OCI signing with token and API address:
+
+```bash
+signing-tool -c -t "$TOKEN" -a https://app.laavat.io/<CustomerName>/api/v1 imagesigning add SignOCI -P <product-id> --operid <operator-id> -A <artifact>
+```
+
+## Requirements
+
+- Python 3.8 or newer
+
+## Packaging
+
+This package is configured for PyPI distribution using `pyproject.toml` and `setuptools`.
+Read the `pyproject.toml` file for package metadata and published package configuration.

signing_tool-3.6.1/README.md

@@ -0,0 +1,84 @@
+# Laavat Signing Solution CLI Tool
+
+> ⚠️ **Reference Implementation Only** — This is a reference implementation and should **not be used in production**. Security improvements are planned before this tool is productized. Use this for evaluation and development purposes only.
+
+The `signing-tool` package provides the Laavat Signing Solution command-line client.
+It supports client registration, product management, image signing, secrets management, and more via the SaaS API.
+
+## Installation
+
+Install from PyPI when released:
+
+```bash
+pip install signing-tool
+```
+
+Install from source during development:
+
+```bash
+cd clients/python3
+python3 -m pip install .
+```
+
+## Quick Start
+
+Display help:
+
+```bash
+signing-tool --help
+```
+
+### Recommended usage
+
+Use a configuration file to keep credentials out of command history and logs. Create the file with `config-init`, then run the CLI using the `-n` option.
+
+```bash
+config-init -n test.ini -t "$TOKEN" -s -a https://app.laavat.io/<CustomerName>/api/v1
+signing-tool -n test.ini product getall
+```
+
+### Alternative usage
+
+You can also pass settings directly on the command line, but this is less secure because tokens may become visible in shell history or process listings.
+
+```bash
+signing-tool -c -t "$TOKEN" -a https://app.laavat.io/<CustomerName>/api/v1 product getall
+```
+
+## Configuration Options
+
+Option 1: create an ini config file using `config-init`:
+
+```bash
+config-init -n test.ini -t "$TOKEN" -s -a https://app.laavat.io/<CustomerName>/api/v1
+signing-tool -n test.ini product getall
+```
+
+Option 2: pass settings directly on the command line (not recommended for secrets):
+
+```bash
+signing-tool -c -t "$TOKEN" -a https://app.laavat.io/<CustomerName>/api/v1 product getall
+```
+
+## Example Signing Commands
+
+HAB image signing with config file:
+
+```bash
+signing-tool -n test.ini imagesigning add SignHABIMG -P <product-id> --operid <operator-id> -p <payload>
+```
+
+OCI signing with token and API address:
+
+```bash
+signing-tool -c -t "$TOKEN" -a https://app.laavat.io/<CustomerName>/api/v1 imagesigning add SignOCI -P <product-id> --operid <operator-id> -A <artifact>
+```
+
+## Requirements
+
+- Python 3.8 or newer
+
+## Packaging
+
+This package is configured for PyPI distribution using `pyproject.toml` and `setuptools`.
+Read the `pyproject.toml` file for package metadata and published package configuration.

signing_tool-3.6.1/RELEASE-NOTES.md

@@ -0,0 +1,61 @@
+# Release Notes
+
+## v3.6.1 (2026-06-03)
+
+**This is a patch release**
+
+Following changes and improvements in this release:
+- PyPI package release with reference implementation status
+- Added PyPI metadata: README, LICENSE, and third-party license attribution
+- Added reference implementation warning in README
+- Improved package distribution configuration
+
+## v3.6.0 (2026-06-03)
+
+**This is a minor release**
+
+Following changes and improvements in this release:
+- Added support for providing metadata to imagesigning request. JSON keyvalue pairs.
+
+## v3.5.0 (2026-05-05)
+
+**This is a minor release**
+
+Following changes and improvements in this release:
+- Added support for EncryptImageWithAES operation type
+
+## v3.4.0 (2026-04-30)
+
+**This is a minor release**
+
+Following changes and improvements in this release:
+- Added support for wrapping the extractable keys from the platform
+
+## v3.3.0 (2026-03-24)
+
+**This is a minor release**
+
+Following changes and improvements in this release:
+- Added support for OP-TEESigning operation in imagesigning
+
+## v3.1.0 (2026-01-30)
+
+**This is a minor release**
+
+Following changes and improvements in this release:
+- Removed SignOCI subcommand and artifactURI parameter from signing-tool CLI
+
+## v3.0.0 (2026-01-20)
+
+**This is a major release**
+
+Following changes and improvements in this release:
+- Version Info System
+  - Added version.py with version, git tag, branch, commit, build date, and API version
+  - signing-tool --version now shows detailed version information
+- Python Packaging
+  - Added pyproject.toml for modern Python packaging
+  - Added config-init CLI command
+- Code Quality
+  - Fixed pycodestyle errors across signingtool modules
+  - Improved code formatting and line lengths

signing_tool-3.6.1/pyproject.toml

@@ -0,0 +1,57 @@
+[build-system]
+requires = ["setuptools>=61.0"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "signing-tool"
+dynamic = ["version"]
+description = "Laavat Signing Solution CLI Tool"
+readme = { file = "README.md", content-type = "text/markdown" }
+license = { file = "LICENSE" }
+authors = [
+    { name = "Laavat Oy", email = "contact@laavat.com" },
+]
+keywords = ["signing", "cli", "pki", "certificate", "signing-tool", "laavat"]
+urls = { Documentation = "https://docs.laavat.io/democlient/usage/", Homepage = "https://docs.laavat.io/" }
+requires-python = ">=3.8"
+classifiers = [
+    "Development Status :: 5 - Production/Stable",
+    "Intended Audience :: Developers",
+    "License :: Other/Proprietary License",
+    "Operating System :: OS Independent",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.8",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+]
+dependencies = [
+    "certifi>=2017.4.17",
+    "python-dateutil>=2.1",
+    "six>=1.10",
+    "urllib3>=1.23",
+    "requests>=2.25.1",
+    "jwcrypto>=1.0",
+    "configparser>=5.0.2",
+    "cryptography>=3.4",
+]
+
+[project.optional-dependencies]
+dev = [
+    "autopep8>=1.5.7",
+    "pycodestyle>=2.7.0",
+]
+
+[project.scripts]
+signing-tool = "signingtool.cli:main"
+config-init = "signingtool.config_init:main"
+
+[tool.setuptools]
+license-files = ["LICENSE", "LICENSES/*"]
+
+[tool.setuptools.packages.find]
+where = ["."]
+include = ["signingtool*"]
+
+[tool.setuptools.dynamic]
+version = {attr = "signingtool.version.__version__"}