mirror of
https://github.com/tahoe-lafs/tahoe-lafs.git
synced 2025-02-11 21:45:34 +00:00
This is a simple demonstration of adding an import hook that verifies a digital signature on a Python code object before allowing it to be imported. There are three files: * sign.py, which signs all the *.pyc files in the directories listed on the command line. The contents of the .pyc file is stored along with the signature in a file whose name ends with .pys . * secimp.py, which implements a secimport() function which will use *.pys files. * testkey.py is the key used to sign and verify *.pys files. To try it out: 1. Run "sign.py ." to compile and sign all the *.py files in the current directory. 2. Run secimp.py from the command-line; it will try to securely import testkey.pys, which should succeed. 3. Fire up your favorite editor, and change a single byte in a string somewhere in testkey.pys. Run secimp.py again; it should raise an exception when the signature can't be verified.