This question already has answers here:
How do I protect Python code from being read by users?
(29 answers)
Closed 9 years ago.
I'm rather new to Python, though hope to use it for both programming and scripting. I've written basic scripts, and did some digging for compiling. I'm currently using py2exe (With a different setup.py script someone else made) so that it becomes ONE simple .exe, without dependencies (python DLL, etc.)
You're probably wondering what my problem is. Well, I decided to check the security of the executable, and view it in Resource Hacker. I was able to view all the parts of the script I DIDN'T want people to be able to find out. (Ex: Password inputs).
Can anyone give me a simple, working method, for converting PYTHON code to a STANDALONE executable that CANNOT allow viewing of the original python script via something like Resource Hacker?
I am not thoroughly knowledgeable in the field.. I'm also not developing commercially (Yet), I just want to make things for myself, that I may also make for other people.. Though I might freelance for random people online doing things. Anyways point being, if I had a script where it prompted you for a password, and if you got it correct it continued, else, it cancelled and exited.... then once I make it a .exe, opening in Resource Hacker, and viewing the "Python Script", I scroll to the bottom, and bam! It shows the passwords. Now when I say I'm new, I mean, really REALLY new. Anyways, if you don't mind explaining, "Encryptions", "Hash's", etc... I would prefer to be enlightened towards these subjects.'
Your help is appreciated.
Here are the simple steps (with freeze)-
You will need to use a python installation which has all its modules installed as shared libraries
freeze.py usually resides under <python_install>/Tools/freeze/freeze.py
e.g: Python-2.4.2/linux/Tools/freeze/freeze.py
Now to integrate freeze a very simple program, which does not have dependency on any custom python module you will just need to call freeze in this fashion:
e.g:
cat hello.py
#!/usr/bin/env python
print "Testing"
To Freeze:
a. Python-2.4.2/linux/Tools/freeze/freeze.py hello.py
b. make
you will see there is a executable hello.
file hello
hello: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.4.0, dynamically linked (uses shared libs), not stripped
that's it:
now invoke hello will produce:
[0:22:47]% ./hello
Testing
Related
This question already has answers here:
How can I run a Python project on another computer without installing anything on it?
(6 answers)
Closed 9 months ago.
Problem:
I need to send someone (who has little to no computer knowledge) a python program, but I don't even know if he has python installed let alone all the dependencies.
Question:
Assuming he doesn't have python, how should I go about sending the application so that It is as straightforward as possible for him?
What I've tried:
Initially, I thought of using venv and sending him the whole thing, but there has got to be a better solution, as my code only uses two of the built-in libraries.
In my research, I came across Docker, but I think he would need to have that installed. I also saw pipenv but it wouldn't work without python on his PC.
You have multiple ways to do so:
Create an executable file, which is quite a long process but can be useful is you project contains a lot of files and multiple dependencies
Send them the python code (I recommend it if your project fits in one .py file). The person will need to install python and possibly a few pip libraires, but it's not extremely complicated in my opinion, with clear instructions.
Finally, you can go on repl.it and create a repl, which is simply a way to execute code on your browser. I think this is the best option for both large and small projects, except if it contains a lot of odd dependencies, and I'm not sure if repl.it supports graphical interfaces either. Anyway, you should take a look, it might be perfectly fit your needs
I have made a python interactive script project containing a few directories with project files and a main python script.
The script does the work of batch processing scientific images for biological systematics.
I wrote os agnostic code, but I was thinking about trying to package/freeze the script as a cli utility that a (more or less)lay person could download and use.
I have been reading about packaging and freezing techniques in python and the more I read the more I feel I'm confused. (I'm linux user)
Am I conceiving of this script as a utility correctly? Is is worth it/possible to pass command line args to an .exe, and should I package/freeze the files for this kind of interactive cli script?
I don't have a lot of experience with windows. I'm looking for advice/pointer where to look next/search.
You are on the correct path, but you need to understand a little more about python packaging to know how to proceed.
You are right that you need to package your code with setup tools. This will make it cake to install the package for others and will let python decide where to properly put things. -including script utilities/non-code files-
Setuptools has special support built in JUST FOR SCRIPTS! that will let you pass arguments, ect..
However, in packaging the code, you must understand that what you are really doing is making it a library that can be installed with pip. Therefore, that python script utility that you wrote will be treated as a library by setuptools. Setuptools will have you make a separate script file to import your new library and call the script main() function.
I know that you were already using this manual, and that's fantastic. Everything you need to first set up and understand a python package is in there. RTFM up a storm.
As I understand it, you can then look more into freezing the package (and register it with Pypi) for other systems once you have a handle on packaging.
note: use scripts keyword in setup tools to specify your script
I am currently interning at a place where they've asked me to make a standalone python program to do something (say X).
Now, that program is to be run by some commands sent by their proprietary software which is written in their proprietary language. Now the reason I'm saying proprietary so many times is because they aren't ready to take me anywhere near their code. I am just supposed to make a Python code that does X based on the input given by their software.
So is there a way I can make an API and wrap it around my code so as to let the software control it? Also I need to make the whole thing standalone (maybe an installer of some kind) so that they don't have to install Python and the accompanying modules (like opencv) just to run my script?
All I could get out of them was "there are dll files that will be calling your app and we want an executable"
Any programm can execute any other program (if it has the appropriate rights) so there is no real distinction between "python file" and "python executable" (that is because python is an interpreted language. The python source files and the "final python program" are "identical" (asuming cpython), in contrast to e.g. a C program where the source files and the executable are vastly different).
If you are on windows there is the additional problem that the user must have installed python to execute .py files. There are some ways to mitigate that problem - there are python libraries that "freeze" the python interpreter and your code into a single .exe file (from the comment by Bakuriu see e.g. freeze) . You could bundle the python interpreter with your code. You can just say your users to install python (if the amount of users is low that might be the good way).
"API" is just a fancy way of saying "this is how you communicate with my programm". This might be how you call a library (e.g. what functions a python module exports) or this might be an HTTP API or which command line arguments are passed or which protocoll over an TCP socket is spoken. Without knowing which API you are supposed to implement you cannot fulfill your job.
Without knowing further specifications (what inputdoes the other program give to yours, how does it call your programm?) it's very hard to say anything more helpful.
Background
I write small python packages for a system that uses modules (https://luarocks.org/) to manage packages. For those of you who don't know it, you can run module load x and a small script is run that modifies various environmental variables to make software 'x' work, you can then undo this with module unload x.
This method of software management is nearly ubiquitous in scientific computing and has a lot of value in that arena: you can run ancient unmaintained software alongside packages that that software would interfere with, you can run multiple versions of software, which allows you to reproduce your data exactly (you can go back to old versions), and you can run frankly poorly written non updated software with outdated dependencies.
These features are great, but they create an issue with the python 2/3 split:
What if you want to write a package that works with both python 2 and 3 and use it alongside software that requires either python 2 or 3?
The way you make old python2 dependent software work on these large systems is that you make a python/2.7.x module and a python/3.5 module. When you want to run a script that uses python 2, you load that module, etc.
However, I want to write a single python package that can work in either environment, because I want that software to be active regardless of which python interpreter is being used.
This is fundamentally extremely easy: just use a #!/usr/bin/env python shebang line, done. That works. I write all my software to work with either, so no problem.
Question
The issue is: I want to use setuptools to distribute my package to other scientists in the same situation, and setup tools mangles the shebang line.
I don't want to get into a debate about whether mangling the shebang line is a good idea or not, I am sure it is since it has existed for years now in the same state. I honestly don't care, it doesn't work for me. The default setuptools install causes the software not to run because when a python interpreter's module is not loaded, that python interpreter does not function, the PYTHONPATH is totally wrong for it.
If all of my users had root access, I could use the data_files option to just copy the scripts to /usr/bin, but this is a bad idea for compatibility, and my users don't have root access anyway so it is a moot point.
Things I tried so far:
I tried setting the sys.executable to /usr/bin/env python in the setup.py file, but that doesn't work, because then the shebang is: #!"/usr/bin/env python", which obviously doesn't work.
I tried the Don't touch my shebang class idea in this question: Don't touch my shebang! (it is the bottom answer with 0 votes). That didn't work either, probably because it is written for distutils and not setuptools. Plus that question is 6 years old.
I also looked at these questions:
Setuptools entry_points/console_scripts have specific Python version in shebang
Changing console_script entry point interpreter for packaging
The methods described there do not work, the shebang line is still altered.
Creating a setup.cfg file with the contents::
[build]
executable = /usr/bin/env python
also does not change the shebang line mangling behavior.
There is an open issue on the setuptools github page that discusses something similar:
https://github.com/pypa/setuptools/issues/494
So I assume this isn't possible to do natively, but I wonder if there is a workaround?
Finally, I don't like any solution that involves asking the user to modify their install flags, e.g. with -e.
Is there anyway to modify this behavior, or is there another distribution system I can use instead? Or is this too much of an edge case and I just need to write some kind of custom installation script?
Thanks all.
Update
I think I was not clear enough in my original question, what I want the user to be able to do is:
Install the package in both python2 and python3 (the modules will go into lib/pythonx/site-lib.
Be able to run the scripts irrespective of which python environment is active.
If there is a way to accomplish this without preventing shebang munging, that would be great.
All my code is already compatible with python 2.7 and python 3.3+ out of the box, the main thing is just making the scripts run irrespective of active python environment.
I accidentally stumbled onto a workaround while trying to write a custom install script.
import os
from setuptools import setup
from setuptools.command.install import install
here = os.path.abspath(os.path.dirname(__file__))
# Generate a list of python scripts
scpts = []
scpt_dir = os.listdir(os.path.join(here, 'bin'))
for scpt in scpt_dir:
scpts.append(os.path.join(here, 'bin', scpt))
class ScriptInstaller(install):
"""Install scripts directly."""
def run(self):
"""Wrapper for parent run."""
super(ScriptInstaller, self).run()
setup(
cmdclass={'install': ScriptInstaller},
scripts=scpts,
...
)
This code doesn't do exactly what I wanted (alter just the shebang line), it actually just copies the whole script to ~/.local/bin, instead of wrapping it in::
__import__('pkg_resources').run_script()
Additionally, and more concerningly, this method makes setuptools create a root module directory plus an egg-info directory like this::
.local/lib/python3.5/site-packages/cluster
.local/lib/python3.5/site-packages/python_cluster-0.6.1-py3.5.egg-info
Instead of a single egg, which is the usual behavior::
.local/lib/python3.5/site-packages/python_cluster-0.6.1-py3.5.egg
As far as I am aware this is the behavior of the old distutils, which makes me worry that this install would fail on some systems or have other unexpected behavior (although please correct me if I am wrong, I really am no expert on this).
However, given that my code is going to be used almost entirely on linux and OS X, this isn't the end of the world. I am more concerned that this behavior will just disappear sometime very soon.
I posted a comment on an open feature request on the setuptools github page:
https://github.com/pypa/setuptools/issues/494
The ideal solution would be if I could add an executable=/usr/bin/env python statement to setup.cfg, hopefully that is reimplemented soon.
This workaround will work for me for now though. Thanks all.
This question already has answers here:
How do I protect Python code from being read by users?
(29 answers)
Closed 9 years ago.
I am writing code (Python and wxpython for GUI) which will run on Debian OS on Raspberry PI. I want to protect/hide the source code. Is there any way to do it? Probably py2exe, or converting it to a library or something else?
The compiled code (.pyc files) can be used if you wish for others to be able to execute but not to read or modify the source code (.py, .pyw).
Simply:
run your application
then copy all the relevant .pyc files into another folder and you should be able to
run it all from the new location
So long as all the appropriate modules are still able to be loaded, everything will work. This will require the version of python to be the same (can't run .pyc files from python 2.4 with python 2.7 and vice-versa)
The other thing to know is that strings will be preserved. You should open them up in a good text editor (I use vim) and inspect the content if you are worried about what others can see.
py2exe is of course another example, but you lose the ability to have cross-platform code at that point -- and if your application is for the Raspberry Pi -- that won't work.
Since you provided no other information about how you intend to run the code, it's not clear if the source will be a module or intended to be run directly. You should read this post to learn more.