Releases: home-assistant-libs/securetar
Releases · home-assistant-libs/securetar
2026.2.0
Important
This release introduces a new file format version 3. Version 3 uses Argon2 for root key derivation, Blake2 for subkey derivation and ChaCha12Poly1305 as cipher (see #126). Along with this a major rewrite of the library has been made beaking most current implementation.
What's Changed
- Bump version from 2025.12.0 to 2026.2.0 (#135) @emontnemery
- Remove dead branch for writing SecureTarFile to path (#133) @emontnemery
- Bump mypy from 1.19.0 to 1.19.1 (#134) @dependabot[bot]
- Lint with mypy (#128) @emontnemery
- Improve docstrings, sort imports (#132) @emontnemery
- Ignore mypy errors (#130) @emontnemery
- Fix tests (#131) @emontnemery
- Improve typing (#127) @emontnemery
- Add SecureTar version 3 (#126) @emontnemery
- Let dependabot update github actions (#124) @emontnemery
- Pin versions of github actions (#125) @emontnemery
- Don't allow creating inner tar if outer tar is not in PAX format (#123) @emontnemery
- Remove useless check in InnerSecureTarFile (#122) @emontnemery
- Improve test coverage (#121) @emontnemery
- Bump black from 25.12.0 to 26.1.0 (#120) @dependabot[bot]
- Minor improvements (#119) @emontnemery
- Add support for password validation (#118) @emontnemery
- Refactor and rename stream helpers (#117) @emontnemery
- Add support for passing SecureTarRootKeyContext to SecureTarArchive (#116) @emontnemery
- Add helper class SecureTarArchive (#115) @emontnemery
- Minor improvements (#114) @emontnemery
- Simplify _SecureTarCipher.close (#113) @emontnemery
- Bump black from 25.11.0 to 25.12.0 (#110) @dependabot[bot]
- Bump pytest from 9.0.1 to 9.0.2 (#111) @dependabot[bot]
- Break up SecureTar class (#112) @emontnemery
- Encapsulate details about handling of nonces (#107) @emontnemery
Contributors
emontnemery
Assets 2
2025.12.0
Important
This release moves the key derivation function into the library. This required a breaking change in the API!
What's Changed
- Bump minimum Python version to 3.11 (#109) @emontnemery
- Bump version to 2025.12.0 (#108) @agners
- Move key derivation to library (#104) @agners
- Bump pytest from 9.0.0 to 9.0.1 (#103) @dependabot
- Bump version to 2025.12.0b0 (#106) @agners
- Add version number validation step (#105) @agners
- Bump black from 25.1.0 to 25.11.0 (#101) @dependabot
- Bump pytest from 8.4.2 to 9.0.0 (#102) @dependabot
- Bump pytest from 8.4.1 to 8.4.2 (#99) @dependabot
- Bump flake8 from 7.2.0 to 7.3.0 (#98) @dependabot
- Bump pytest from 8.4.0 to 8.4.1 (#97) @dependabot
- Bump pytest from 8.3.5 to 8.4.0 (#96) @dependabot
- Bump flake8 from 7.1.2 to 7.2.0 (#94) @dependabot
- Bump pytest from 8.3.4 to 8.3.5 (#93) @dependabot
Contributors
agners, emontnemery, and dependabot
Assets 2
2025.12.0b0
What's Changed
- Bump version to 2025.12.0b0 (#106) @agners
- Add version number validation step (#105) @agners
- Bump black from 25.1.0 to 25.11.0 (#101) @dependabot
- Bump pytest from 8.4.2 to 9.0.0 (#102) @dependabot
- Bump pytest from 8.4.1 to 8.4.2 (#99) @dependabot
- Bump flake8 from 7.2.0 to 7.3.0 (#98) @dependabot
- Bump pytest from 8.4.0 to 8.4.1 (#97) @dependabot
- Bump pytest from 8.3.5 to 8.4.0 (#96) @dependabot
- Bump flake8 from 7.1.2 to 7.2.0 (#94) @dependabot
- Bump pytest from 8.3.4 to 8.3.5 (#93) @dependabot
Contributors
agners and dependabot
Assets 2
2025.2.1
What's Changed
- Bump version to 2025.2.1 (#92) @agners
- Wrap errors in atomic_contents_add (#91) @emontnemery
- Always create inner secure tar with write file mode (#90) @agners
- Bump flake8 from 7.1.1 to 7.1.2 (#89) @dependabot
Contributors
agners, emontnemery, and dependabot
Assets 2
2025.2.0
Contributors
agners and dependabot
Assets 2
2025.1.4
What's Changed
- Bump version to 2025.1.4 (#83) @agners
- Add encryption helper (#81) @emontnemery
- Sanitize read size in DecryptInnerTar.read (#82) @emontnemery
- Allow passing in a pre-defined nonce when encrypting (#80) @emontnemery
Contributors
agners and emontnemery
Assets 2
2025.1.3
Important
This release adds a new file header for encrypted tar files. This makes the file format not backwards compatible! The library can read the old format still.
What's Changed
- Bump version to 2025.1.3 (#79) @agners
- Replace custom PAX headers with a file header (#78) @emontnemery
Contributors
agners and emontnemery
Assets 2
2025.1.2
What's Changed
- Bump version to 2025.1.2 (#77) @agners
- Validate inner tar when decrypting (#75) @emontnemery
- Correct read of tail in DecryptInnerTar (#76) @emontnemery
- Improve tests (#74) @emontnemery
- Correct ciphertext size calculation in DecryptInnerTar (#73) @emontnemery
Contributors
agners and emontnemery
Assets 2
2025.1.1
Note
This version has a breaking change in the atomic_contents_add() API. Instead of a list a filter function is now expected.
What's Changed
- Bump version to 2025.1.1 (#72) @agners
- Modify atomic_contents_add to accept a filter function (#71) @emontnemery
Contributors
agners and emontnemery
Assets 2
2025.1.0
Note
This version has a slightly different handling of padding for encrypted tar files. For inner encrypted tar files, a PAX header _securetar.version with value 2.0 is added to indicate the new format. The library itself is backwards compatible since Python tarfile is not checking gzip footer and/or does not read past the tar end-of-file marker.
What's Changed
- Bump version to 2025.1.0 (#70) @agners
- Add header with securetar version (#69) @emontnemery
- Store size of plaintext as custom header (#67) @emontnemery
- Update typing of SecureTarFile construct to allow None name (#68) @emontnemery
- Fix mistake in test (#66) @emontnemery
- Add decryption helper (#65) @emontnemery
- Bump pytest from 8.3.3 to 8.3.4 (#63) @dependabot
- Improve padding when writing encrypted tar (#64) @emontnemery
Contributors
agners, emontnemery, and dependabot