Functions for signing notebooks
A class for computing and verifying notebook signatures.
Return whether all code cells are trusted
If there are no code cells, return True.
This function is the inverse of mark_cells.
Check a notebook’s stored signature
If a signature is stored in the notebook’s metadata, a new signature is computed and compared with the stored value.
Returns True if the signature is found and matches, False otherwise.
The following conditions must all be met for a notebook to be trusted: - a signature is stored in the form ‘scheme:hexdigest’ - the stored scheme matches the requested scheme - the requested scheme is available from hashlib - the computed hash from notebook_signature matches the stored hash
Compute a notebook’s signature
by hashing the entire contents of the notebook via HMAC digest.
Mark cells as trusted if the notebook’s signature can be verified
Sets cell.trusted = True | False on all code cells, depending on whether the stored signature can be verified.
This function is the inverse of check_cells
Sign a notebook, indicating that its output is trusted
stores ‘algo:hmac-hexdigest’ in notebook.metadata.signature
Yield every item in a container as bytes
Allows any JSONable object to be passed to an HMAC digester without having to serialize the whole thing.
Context manager for operating on a notebook with its signature removed
Used for excluding the previous signature when computing a notebook’s signature.