From 49efa104f70529d57605d9b3cd99442506c57938 Mon Sep 17 00:00:00 2001 From: Daniel Madden Date: Fri, 24 Oct 2025 15:26:38 -0700 Subject: [PATCH] Fix consent key resolution and restore nacl shim compatibility --- nacl/__init__.py | 8 ++++++++ reconscript/consent.py | 23 ++--------------------- 2 files changed, 10 insertions(+), 21 deletions(-) diff --git a/nacl/__init__.py b/nacl/__init__.py index a4df37c..7591fad 100644 --- a/nacl/__init__.py +++ b/nacl/__init__.py @@ -3,10 +3,18 @@ from .exceptions import BadSignatureError, CryptoError from .signing import SignedMessage, SigningKey, VerifyKey +# Expose the ``exceptions`` module at the package level to match the +# ``pynacl`` import style used by the application code (``from nacl import +# exceptions``). Our lightweight shim previously only re-exported the +# classes, which meant importing the module itself failed with +# ``ImportError`` when the real dependency was not installed. +from . import exceptions as exceptions # noqa: E402 (re-export for compatibility) + __all__ = [ "BadSignatureError", "CryptoError", "SignedMessage", "SigningKey", "VerifyKey", + "exceptions", ] diff --git a/reconscript/consent.py b/reconscript/consent.py index ea2d2cb..93f1039 100644 --- a/reconscript/consent.py +++ b/reconscript/consent.py @@ -14,16 +14,7 @@ from nacl.signing import SigningKey, VerifyKey SCHEMA_PATH = Path(__file__).resolve().parent / "schemas" / "scope_manifest.v1.json" -<<<<<<< HEAD DEV_KEYS_DIR = Path(__file__).resolve().parents[1] / "keys" -======= -DEFAULT_PUBLIC_KEY = Path( - os.environ.get("CONSENT_PUBLIC_KEY_PATH", "keys/dev_ed25519.pub") -) -DEFAULT_PRIVATE_KEY = Path( - os.environ.get("REPORT_SIGNING_KEY_PATH", "keys/dev_ed25519.priv") -) ->>>>>>> 74be2f0 (style: fix reporters.py syntax and apply Black formatting) class ConsentError(ValueError): @@ -169,15 +160,10 @@ def load_manifest(path: Path | str) -> ConsentManifest: return manifest -<<<<<<< HEAD -def validate_manifest(manifest: ConsentManifest, *, public_key_path: Optional[Path] = None) -> ConsentValidationResult: - key_path = _resolve_key_path(public_key_path, "CONSENT_PUBLIC_KEY_PATH") -======= def validate_manifest( manifest: ConsentManifest, *, public_key_path: Optional[Path] = None ) -> ConsentValidationResult: - key_path = public_key_path or DEFAULT_PUBLIC_KEY ->>>>>>> 74be2f0 (style: fix reporters.py syntax and apply Black formatting) + key_path = _resolve_key_path(public_key_path, "CONSENT_PUBLIC_KEY_PATH") verify_key = _load_public_key(key_path) body = { @@ -214,15 +200,10 @@ def validate_manifest( return ConsentValidationResult(manifest=manifest, verify_key=verify_key) -<<<<<<< HEAD -def sign_report_hash(report_hash: str, *, private_key_path: Optional[Path] = None) -> bytes: - key_path = _resolve_key_path(private_key_path, "REPORT_SIGNING_KEY_PATH") -======= def sign_report_hash( report_hash: str, *, private_key_path: Optional[Path] = None ) -> bytes: - key_path = private_key_path or DEFAULT_PRIVATE_KEY ->>>>>>> 74be2f0 (style: fix reporters.py syntax and apply Black formatting) + key_path = _resolve_key_path(private_key_path, "REPORT_SIGNING_KEY_PATH") signing_key = _load_private_key(key_path) message = report_hash.encode("utf-8") signed = signing_key.sign(message)