5

I'm in serious need of some guidance on how to properly deploy a desktop python application (generate a trusted executable and installer).

First of all, I'm a mech. engineer. Not a full-stack programmer, although circumstances have made me delve deep into all sorts of programming for several years now. But I still lack some project insights that might be trivial for some professional programmers.

I've built a project for the company I work at using Tkinter, all in VS Code. The app is fully functional and runs great. Has git versioning, unit tests, dynamic screen sizing, and a login/licensing system (that part I had the help of a third-party company that made the login backend on .NET, I just call/send requests in the main python program to communicate with the server). I even have a beautiful landing page ready to be in production on the company's website.

However, I'm sort of stuck now. I can generate an executable using pyinstaller, create an installer with Inno Setup and even pack it into a .msi with MSI Wrapper. Which is what I did. But I run into window's trust issues and eventual virus warnings, even though there's no malicious code in it.

That's certainly not the proper way of doing a serious company app deployment intended for mass distribution and selling licenses. I think that might have something to do with using Visual Studio Enterprise, azure devops, maybe having a code signing certificate, an app manifest .xml, etc. That's the sort of thing that I have no experience with whatsoever and find myself lost now.

I'd like to know which steps I'd have to take now to properly deploy this app (i.e. have a trusted windows executable and installer, in the company's name). How would you proceed with this?

Extra info: The app is fully written in python, with several open source libraries such as matplotlib, numpy, PIL, etc. And all the GUI was made with tkinter. Aside from that, it only needs images/icons from a folder to assemble the GUI elements and a .ttf font to write some specific text.

Leonardo de la Roca
  • 51
  • 3
  • Maybe like, write a C# app and have it call the scripts and set up the Python env. That way you can just distribute the Windows application normally, and it'd just have Python do all its actual heavy lifting, internally. There's far more resources out there for distributing Native or .NET Windows applications. – Random Davis Sep 28 '22 at 19:13
  • Does this help? [Generate a certificate for .exe created by pyinstaller](https://stackoverflow.com/questions/64071408/generate-a-certificate-for-exe-created-by-pyinstaller) or [Signing a Windows EXE file](https://stackoverflow.com/questions/252226/signing-a-windows-exe-file) – Steven Rumbalski Sep 28 '22 at 19:15

1 Answers1

0

Python can for sure provide a professional program for distribution. But you mentioned some points that many times are hard to attack if you don't have prior experience.

For the python aspect the only problem comes with a rather easy decompilation of the source code of the application.Obscufation of the code can be achieved at a very good extend either by compiling with Cython,using an encrypting library like bcrypt or use a remote internet application to interogate for secret data.(If ofcourse obscufation is needed)

Also you need to check the licenses for all 3d party libraries,because some of them are not free for professional business wich have earnings.

The trust issues on windows are due to UAC and it exists for all application in Windows.You can sign an application (many times costs some money) so UAC do not 'complain' about the authenticity of the application.

Now for the legality issues ofcourse you should read the license you will provide with MSI very carefully or even advise a lawyer.Also because the python application many times will need the equivalent VC redist to be distributed with the application MSI it is a little obscure if this is totally legal to distribute VC redist in your application.

Ευάγγελος Γρηγορόπουλος
  • 885
  • 1
  • 10
  • 22