ki#,`SrSSKJr SSKrSSKrSSKrSSKrSSKJr SSK J r SSK J r SSK Jr SSKJrJr SS KJr SS KJr SS KJr SS KJrJr SS KJr SSKJrJr SSK J!r!J"r"J#r# SSK$J%r% SSK&J'r' \(aSSK J(r( \ "\)5r*\RV"S5r,"SS5r-\-"5r.g)a'Signature verification for conda packages. This module provides the signature verification functionality that integrates with conda's post-solve hook system to verify package signatures during installation. Note: This module was migrated from conda.trust.signature_verification in conda 26.3. ) annotationsN)cached_property) getLogger)Path) TYPE_CHECKING)CONDA_PACKAGE_EXTENSION_V1CONDA_PACKAGE_EXTENSION_V2)context)join_url) SubdirData) HTTPErrorInsecureRequestWarning) get_session)verify_delegation verify_root)SignatureErrorload_metadata_from_filewrite_metadata_to_file) KEY_MGR_FILE)wrap_as_signable)Anyz(?P\d+)\.root\.jsonc\rSrSrSr\S Sj5r\S Sj5r\S Sj5rSSSjjr SSjr SS jr SS jr S r g)_SignatureVerification.zSignature verification for conda packages. This class provides caching signature verification that checks package metadata signatures against the trusted root and key manager metadata. c`[R(dg[R(d[R S5 g[ [R 5RSSS9 URc[R S5 gURc[R S5 gg)NFzWmetadata signature verification requested, but no metadata URL base has been specified.T)parentsexist_okzDcould not find trusted_root data for metadata signature verificationz?could not find key_mgr data for metadata signature verification) r extra_safety_checkssigning_metadata_url_baselogwarningr av_data_dirmkdir trusted_rootkey_mgr)selfs @lib/python3.13/site-packages/conda_content_trust/verification.pyenabled_SignatureVerification.enabled5s**00 KK?  W !''t'D    $ KKV  <<  KKQ cSn[R"[R5Vs0sHFn[R UR 5=n(dM+[URS55U_MH nn[UR5SS9H*upR[RSUS35 [U5n O U(d([R%S[RS35 gUSS S -S 3n['[RU5nUR)[R*U5n[-X5 [/U=o5 Mcs snf![[[ 4a Mf=f![["[ 4a Nf=f![0a:n U R2R4S :wa[R7U 5 Sn A U$Sn A f[8a n [R7U 5 Sn A U$Sn A ff=f) NnumberT)reversezLoading root metadata from .zNo root metadata found in zE. Install conda-anaconda-trust-root to enable signature verification.signedversionrz .root.jsoni)osscandirr r#RE_ROOT_METADATAmatchnameintgroupsorteditemsr!inforIsADirectoryErrorFileNotFoundErrorPermissionErrorNotADirectoryErrordebugr_fetch_channel_signing_datar rrr response status_codeerror Exception) r'trustedentrympaths_fnamepath untrustederrs r(r%#_SignatureVerification.trusted_rootWs $  ZZ(;(;<4;;==-d3G!  KK    KKCTs}}556b9Q9Q8RRST   s$6B D B44 D ADD Nc P[U5n[RnU(d[R"S[ 5 SSS.nU(aX7S'U(aXGS'[ X5n[Rn S[l[R[R4n URUU[USS5SU US 9n U R5 U [lU R5$!U [lf=f![Ran [S US U35eSn A ff=f) Nignorez!gzip, deflate, compress, identityzapplication/json)zAccept-Encodingz Content-Typez If-None-MatchzIf-Modified-SinceFproxies)headersrZauthtimeoutverifyzInvalid JSON returned from /)rr ssl_verifywarnings simplefilterrr add_anaconda_tokenremote_connect_timeout_secsremote_read_timeout_secsgetgetattrraise_for_statusjsonJSONDecodeError ValueError) r'signing_data_urlfilenameetag mod_stampsession verify_sslr[urlsaved_token_settingr]resprNs r(rA2_SignatureVerification._fetch_channel_signing_datas1./''   ! !(,B C C.  '+O $ +4' ('2&88%*" =3300G ;;D9! D  ! ! #)-?q K  s%AC+C;+ C8;D%D  D%c[URUS9nURR5upESU;a4URR SURR S35 gUSnURU;a*URR SURS35 gXbRnURR[5(aUSURnOBURR[5(aUSURnO [S5e[U5n XyS'[S XR5 [R!S UR35 URR S 5 g!["a@ [R%S UR35 URR S 5 gf=f)zVerify the signature for a package record. Args: repodata_fn: The repodata filename (e.g., 'repodata.json') record: A PackageRecord from conda ) repodata_fn signaturesz(no signatures found for rQNpackageszpackages.condazunknown package extensionpkg_mgrzvalid signature for z(package metadata is TRUSTED)zinvalid signature for z(package metadata is UNTRUSTED))r channel repo_fetchfetch_latest_parsedmetadataaddcanonical_namefnendswithrr rkrrr&r!r;rr") r'rwrecord subdir_datarepodatarJrx signaturer;envelopes r(r^_SignatureVerification.verifys![I !,,@@B  x ' OO  +FNN,I,I+J!L  l+  99J & OO  ";FII;a H I yy)  99  8 9 9J' 2D YY   : ; ;,-fii8D89 9$D)!* A i<< @ HH+FII;7 8 OO   ? @  C KK0 < = OO   A B CsFAGGc\UR(dgUHnURX5 M g)zPost-solve hook callback. Args: repodata_fn: The repodata filename unlink_precs: Package records to unlink (unused) link_precs: Package records to link (verified) N)r)r^)r'rw unlink_precs link_precsprecs r(__call___SignatureVerification.__call__#s$|| D KK *r+cNSHnURRUS5 M! g)zClear all cached properties.)r)r%r&N)__dict__pop)r'attrs r( cache_clear"_SignatureVerification.cache_clear6s :D MM  dD );r+)returnbool)rz dict | None)NN)rlrSrmrSrdict)rwrSrrrNone)rwrSrtuplerrrr)rr)rU __module__ __qualname____firstlineno____doc__rr)r%r&rAr^rr__static_attributes__rr+r(rr.s BAAFBJN8 #8/28 8t+AZ+++ +  +&*r+r)/r __future__rrir2rera functoolsrloggingrpathlibrtypingrconda.base.constantsrr conda.base.contextr conda.common.urlr conda.core.subdir_datar conda.gateways.connectionr r!conda.gateways.connection.sessionrauthenticationrrcommonrrr constantsrsigningrrrUr!compiler4rsignature_verificationrr+r(rs# % '%-G9:SS#%::<=K*K*^01r+