14

Is it possible to deploy python applications such that you don't release the source code and you don't have to be sure the customer has python installed?

I'm thinking maybe there is some installation process that can run a python app from just the .pyc files and a shared library containing the interpreter or something like that?

Basically I'm keen to get the development benefits of a language like Python - high productivity etc. but can't quite see how you could deploy it professionally to a customer where you don't know how there machine is set up and you definitely can't deliver the source.

How do professional software houses developing in python do it (or maybe the answer is that they don't) ?

Improve this question
3
  • PS I am aware of py2exe and all that stuff but it seems like a hack type of solution, e.g. a bit inelegant to have to compile in the whole interpreter every time you write an app Commented Feb 23, 2012 at 21:12
  • 2
    Read this question for inspiration: stackoverflow.com/questions/2678180/… Commented Feb 23, 2012 at 21:17
  • is there another similar language that can be compiled to native binary? D perhaps? Would be good to have a language with bindings to a popular GUI package like widgets or qt as well Commented Feb 23, 2012 at 21:23

5 Answers 5

Reset to default
19

  1. You protect your source code legally, not technologically. Distributing py files really isn't a big deal. The only technological solution here is not to ship your program (which is really becoming more popular these days, as software is provided over the internet rather than fully installed locally more often.)

  2. If you don't want the user to have to have Python installed but want to run Python programs, you'll have to bundle Python. Your resistance to doing so seems quite odd to me. Java programs have to either bundle or anticipate the JVM's presence. C programs have to either bundle or anticipate libc's presence (usually the latter), etc. There's nothing hacky about using what you need.

  3. Professional Python desktop software bundles Python, either through something like py2exe/cx_Freeze/some in-house thing that does the same thing or through embedding Python (in which case Python comes along as a library rather than an executable). The former approach is usually a lot more powerful and robust.

Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

not really resistant - just trying to think through the options, particularly what is least hassle for the customer. by bundling do you mean provide the customer with a python installer for their platform and tell them to install it before running our code?
there are instances where you have to be careful about protecting source from a technological viewpoint, e.g. defence sector.
@Hiett, I believe your remark "there are instances where you have to be careful about protecting source from a technological viewpoint, e.g. defence sector." is wrong-headed and dangerous. Shipping your program trying to hide your source is a failing proposition. Your non-source distribution can always be decompiled or otherwise edited or re-used, and decompiling is especially trivial in Python. In security-critical industries such as defense, it is even more important not to have security holes like that. The only technological solution is not to give the program to someone at all.
@Hiett: When you use something like py2exe, you aren't exactly "asking the user to install Python". You're asking the user to install your software... which happens to include Python. As I thought Mike made very clear with point 2, all software needs some kind of runtime. The Java example is especially telling. Who would call Java an "unprofessional" language? Yet Java software routinely comes bundled with a Java runtime environment (which the installer installs for you as necessary), and that JRE is vastly bigger than Python!
@Hiett: That's a different question, one that has to do with package management. On Windows, AFAIK, Python is not available as a merge module you can include in your MSI, but it is available as an MSI so at the very least you can silently install it. On Linux, you can usually assume Python is present... Though it may be outdated.
|
8

Yes, it is possible to make installation packages. Look for py2exe, cx_freeze and others.

No, it is not possible to keep the source code completely safe. There are always ways to decompile.
Original source code can trivially be obtained from .pyc files if someone wants to do it. Code obfuscation would make it more difficult to do something with the code.

Improve this answer

Comments

6

I am surprised no one mentioned this before now, but Cython seems like a viable solution to this problem. It will take your Python code and transpile it into CPython compatible C code. You also get a small speed boost (~25% last I checked) since it will be compiled to native machine code instead of just Python byte code. You still need to be sure the user has Python installed (either by making it a pre-requisite pushed off onto the user to deal with, or bundling it as part of the installer process). Also, you do need to have at least one small part of your application in pure Python: the hook into the main function.

So you would need something basic like this:

import cython_compiled_module

if __name__ == '__main__':
    cython_compiled_module.main()

But this effectively leaks no implementation details. I think using Cython should meet the criteria in the question, but it also introduces the added complexity of compiling in C, which loses some of Python's easy cross-platform nature. Whether that is worth it or not is up to you.

As others stated, even the resulting compiled C code could be decompiled with a little effort, but it is likely much more close to the type of obfuscation you were initially hoping for.

Improve this answer

Comments

3

Well, it depends what you want to do. If by "not releasing the source code" you mean "the customer should not be able to access the source code in any way", well, you're fighting a losing battle. Even programs written in C can be reverse engineered, after all. If you're afraid someone will steal from you, make them sign a contract and sue them if there's trouble.

But if you mean "the customer should not care about python files, and not be able to casually access them", you can use a solution like cx_Freeze to turn your Python application into an executable.

Improve this answer

Comments

1

Build a web application in python. Then the world can use it via a browser with zero install.

Improve this answer

3 Comments

we're not developing web apps - if only it were that easy
@Hiett: More and more of what used to only be possible as "desktop" software is now available as Web software. Are you sure what you're doing can't be done as a Web app?
LOL... how many people think there's only the client - if you develop a web app (or any server-side app) in Python, and want to sell it, and don't want to release the whole source code, what do you do? Write another web (server) app? C'mon...

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.