How-to: Install PyLRU in Whonix

From Whonix
Jump to navigation Jump to search

PyLRU python library

Introduction[edit]

PyLRU is: [1]

...a true LRU cache along with several support classes. The cache is efficient and written in pure Python. It works with Python 2.6+ including the 3.x series. Basic operations (lookup, insert, delete) all run in a constant amount of time. Pylru provides a cache class with a simple dict interface. It also provides classes to wrap any object that has a dict interface with a cache. Both write-through and write-back semantics are supported. Pylru also provides classes to wrap functions in a similar way, including a function decorator.

PyLRU Setup[edit]

Info Perform the following procedure in Whonix-Workstation (Qubes-Whonix: anon-whonix App Qube).

Download[edit]

Acquire the PyLRUarchive.org source code by Jay Hutchinson (jlhutch on GitHubarchive.org).

git clone https://github.com/jlhutch/pylru

Hash Sum Verification[edit]

Info This section is optional, but provides better security.

Use sha512sum to create a sha512 sum of pylru.py.

  • Digital signatures: A tool enhancing download security. Commonly used across the internet.
  • Learn more: Curious? Learn more about digital software signatures.
  • Optional: Digital signatures are optional. If you've never used them before, there might be no need to start now.
  • No worries: New to digital software signatures? It's okay, no need to worry.
  • Not a requirement: Not mandatory for using Whonix, but an extra security measure for advanced users.

Note:

sha512sum ~/pylru/pylru.py

The output should show. [2] 

c822aa8e23b9cd3e569a335c88a2929d4b3fe64cee397b7777842eb6ad3cba7fd191e801cf503f28bc461978e19fe97ea74df56bd134e8e41f11ec80b52887df  pylru.py

Digital Signature Verification[edit]

Info This section is optional, but provides better security.

1. Import Whonix developer Patrick Schleizer's signing key.

gpg --import /usr/share/keyrings/derivative.asc

2. Create a file named signed-hash.asc.

Open file signed-hash.asc in a text editor of your choice as a regular, non-root user.

If you are using a graphical environment, run. mousepad signed-hash.asc

If you are using a terminal, run. nano signed-hash.asc

3. Paste the following text. 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

c822aa8e23b9cd3e569a335c88a2929d4b3fe64cee397b7777842eb6ad3cba7fd191e801cf503f28bc461978e19fe97ea74df56bd134e8e41f11ec80b52887df  pylru.py
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEbpebKKbzfEO+MK+hy41Qu3e7PEgFAmF4SG9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDZF
OTc5QjI4QTZGMzdDNDNCRTMwQUZBMUNCOEQ1MEJCNzdCQjNDNDgACgkQy41Qu3e7
PEhtShAAm10bv4eUs38kfAeB50OGeSD/BMQf1aImKUk8YJfty5frhmdGcDqWDMYN
ju5SpwPlb0uOXPaBUXC7tN04UrUxwmV5oNbT6pGPTqqq6DXRNA6iZPTKBwGQq9t0
pelcPFCUs0KKycUYDxRJrdchAT807TyKD5Aj8wn+yLxm30jRrqE99vaJT6OeHIju
lAUCFIhBQoYyCuHpi18JWBbsnzyI9r3CcRzGc+4sDQyaA1SAGCclNgGFlsrNv9xt
MCSogBnPcJWna2gCtuxFRItxAKGS0R3KmC5J2s4fi93QpWzUKdDCB1eM8uXBGNqu
jvsDpRqZO732JffwFrFTEW4otAZ7matHjAiUS4Qw5bZxf9Zl3gEk7S0LOpPzm4nC
iYfAK4gir7Sw8Zt7AJBAvQOKiERl48CG3AORuoxI6iISK8W1rjJywfluM2qhnc+x
h7kOHBWsf2Xd0Nn7VeZKYVsLA5MmJwIVEmFV1q/7Fpin0letdkWzaVXuCVmKFOJ+
M7c6HvFKtZq3XhbS80r8R0SkCOsKJTsHTlZv9AVqFZXsdR17WoIuKMuQAs8Uny/9
NIpWSEofl3hYdrPn5vFCGhoVUVbBhv1bWOTb6XDGWcimK7UfQnMiIHcQUBQLc2kD
annsM0txxRIIuehwJlkjuhwrvMRL2PQP/aCyIHz/9FdRVw8bYF0=
=D1X6
-----END PGP SIGNATURE-----

4. Save.

5. Perform digital signature verification.

gpg --decrypt signed-hash.asc > signed-hash

If the file is verified successfully, the output will include Good signature, which is the most important thing to check. 

gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.

This message does not alter the validity of the signature related to the downloaded key. Rather, this warning refers to the level of trust placed in the Whonix signing key and the web of trust. To remove this warning, the Whonix signing key must be personally signed with your own key.

6. View the verified hash sum.

cat signed-hash

7. Verify that the hash sum in the file matches the hash sum shown earlier by the sha512 utility.

Installation[edit]

1. Create folder /usr/local/lib/python3.9/dist-packages/.

sudo mkdir -p /usr/local/lib/python3.9/dist-packages/

2. Install pylru.py in folder /usr/local/lib/python3.9/dist-packages/.

sudo cp ~/pylru/pylru.py /usr/local/lib/python3.9/dist-packages/

3. Done.

PyLRU installation is now complete.

Footnotes[edit]

  1. https://pypi.org/project/pylru/archive.org
  2. Confirmed by Whonix developer Patrick Schleizer.
Your support makes
all the difference!

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 11 year success story and maybe DONATE!

Retrieved from "https://www.whonix.org/w/index.php?title=PyLRU&oldid=97186"