Use make init
to install pynitrokey
, its dependencies and the development tools inside a virtual environment in the venv
folder. This virtual environment is also used by other targets in the Makefile like make check
. pynitrokey
is installed in editable mode so that all changes to the source code also apply to the nitropy
executable in the virtual environment. If dependencies are changed, run make update-venv
to update the virtual environment.
By default the development environment is isolated using venv, when set up using make init
. To run the nitropy
from there call ./venv/bin/nitropy
. This can be used as a shortcut make run ARGS="nk3 list"
, where ARGS
is an optional argument to pass to nitropy
.
Setting up a proper environment, matching the exact Python version, or having a newer one than it is supported, might be problematic for the development. For such cases it is handy to have development/test environment containerized, so it does not affect nor need changes in the host OS internals. For that Earthly tool is used, but any Docker-like tool will work.
The common targets are listed in the main Makefile with the e
suffix:
make builde
- executes Earthly build process for the pynitrokey container image;make rune
- runs Docker container based on the pynitrokey image for a quick tests. UseDOCKER=podman
to callpodman
binary instead of the default Docker.
See https://earthly.dev/ for the Earthly setup instructions. Mind, that their binaries currently are not signed and cannot be verified, thus installation to the root directory of the host OS is not advised (on contrary to the claims on their main page). Use Dockerfile directly instead if in doubt.
We use flake8 for style checks, black for code formatting, isort for import sorting and mypy for static type analysis. To run all checks, execute make check
. Before using it for the first time, you have to call make init
to setup a virtual environment and install the required dependencies.
mypy is configured to only check annotated code. If you add new code, please consider adding type annotations and enabling strict checks for your modules in pyproject.toml
.
Please make sure that all checks pass for your code before opening a PR.
If you have an OpenPGP key, please sign all your commits with it. We require all commits on the master branch to be signed. If you don’t have an OpenPGP key, a developer that reviewed your commits will sign them for you.
The current minimum required Python version is documented in the readme. Make sure that your code works with this Python version. The minimum required Python version is selected to be compatible with the latest Ubuntu LTS and regular releases and with the latest Debian stable release. If there has not been a point release for the latest Ubuntu LTS release yet, we also support the second-latest Ubuntu LTS release. Raising the required Python version requires adapting the CI to this new minimum too.
For local quick checks of the formatting you can use pre-commit.
Setup:
$ pip install pre-commit -U $ pre-commit install
Usage:
Checks configured in .pre-commit-config.yaml
will be executed before each commit, and on-demand when calling pre-commit
from the command line.
To use an unreleased version of the Nitrokey Python SDK, replace the nitrokey
dependency in pyproject.toml
with:
"nitrokey @ git+https://github.com/Nitrokey/nitrokey-sdk-py.git@rev",
rev
can be a branch name, a tag or a commit hash.
It is also possible to use a local path:
"nitrokey @ file:../nitrokey-sdk-py",
Use pynitrokey.helpers.local_print
for printing messages to the user. This helper method also adds the output to the log file.
To report an error, use pynitrokey.helpers.local_critical
or raise a pynitrokey.cli.exceptions.CliException
(that uses local_critical
internally). Per default, this adds a support hint to the output that points the user to the log file.
Commands that require a password should first try to read the password from an environment variable. If the environment variable is not set, they should prompt the user to enter the password. Passwords must not be passed as a command-line argument.
The NetHSM client is now managed in a separate repo
When updating the dependencies, an error message appears in which the updated tool is more current than the registered version.