Utilities for signing notebooks
A class for computing and verifying notebook signatures.
Return whether all code cells are trusted
If there are no code cells, return True.
This function is the inverse of mark_cells.
Check a notebook’s stored signature
If a signature is stored in the notebook’s metadata, a new signature is computed and compared with the stored value.
Returns True if the signature is found and matches, False otherwise.
The following conditions must all be met for a notebook to be trusted: - a signature is stored in the form ‘scheme:hexdigest’ - the stored scheme matches the requested scheme - the requested scheme is available from hashlib - the computed hash from notebook_signature matches the stored hash
Compute a notebook’s signature
by hashing the entire contents of the notebook via HMAC digest.
Cull oldest 25% of the trusted signatures when the size limit is reached
Mark cells as trusted if the notebook’s signature can be verified
Sets cell.metadata.trusted = True | False on all code cells, depending on whether the stored signature can be verified.
This function is the inverse of check_cells
Sign a notebook, indicating that its output is trusted on this machine
Stores hash algorithm and hmac digest in a local database of trusted notebooks.
Ensure that a notebook is untrusted
by removing its signature from the trusted database, if present.
Yield every item in a container as bytes
Allows any JSONable object to be passed to an HMAC digester without having to serialize the whole thing.
Iterator that yields all cells in a notebook
nbformat version independent
Context manager for operating on a notebook with its signature removed
Used for excluding the previous signature when computing a notebook’s signature.