deploying python applications

Question

Is it possible to deploy python applications such that you don't release the source code and you don't have to be sure the customer has python installed?

I'm thinking maybe there is some installation process that can run a python app from just the .pyc files and a shared library containing the interpreter or something like that?

Basically I'm keen to get the development benefits of a language like Python - high productivity etc. but can't quite see how you could deploy it professionally to a customer where you don't know how there machine is set up and you definitely can't deliver the source.

How do professional software houses developing in python do it (or maybe the answer is that they don't) ?

PS I am aware of py2exe and all that stuff but it seems like a hack type of solution, e.g. a bit inelegant to have to compile in the whole interpreter every time you write an app — bph, Feb 23 '12 at 21:12
Read this question for inspiration: http://stackoverflow.com/questions/2678180/how-does-dropbox-use-python-on-windows-and-os-x — Fred Foo, Feb 23 '12 at 21:17
is there another similar language that can be compiled to native binary? D perhaps? Would be good to have a language with bindings to a popular GUI package like widgets or qt as well — bph, Feb 23 '12 at 21:23

score 19 · Accepted Answer · edited Nov 28 '12 at 16:46

19

You protect your source code legally, not technologically. Distributing py files really isn't a big deal. The only technological solution here is not to ship your program (which is really becoming more popular these days, as software is provided over the internet rather than fully installed locally more often.)
If you don't want the user to have to have Python installed but want to run Python programs, you'll have to bundle Python. Your resistance to doing so seems quite odd to me. Java programs have to either bundle or anticipate the JVM's presence. C programs have to either bundle or anticipate libc's presence (usually the latter), etc. There's nothing hacky about using what you need.
Professional Python desktop software bundles Python, either through something like py2exe/cx_Freeze/some in-house thing that does the same thing or through embedding Python (in which case Python comes along as a library rather than an executable). The former approach is usually a lot more powerful and robust.

edited Nov 28 '12 at 16:46

vitaut

49,672
25
199
336

answered Feb 23 '12 at 21:21

Mike Graham

73,987
14
101
130

not really resistant - just trying to think through the options, particularly what is least hassle for the customer. by bundling do you mean provide the customer with a python installer for their platform and tell them to install it before running our code? – bph Feb 23 '12 at 21:26
there are instances where you have to be careful about protecting source from a technological viewpoint, e.g. defence sector. – bph Feb 23 '12 at 21:28
@Hiett, No, I do not mean to have the user install Python stock and then install your program. Unless your product is mainly used as a Python library, that wouldn't make sense. I'm not sure why you thought I meant to do something other than have the user go through the normal install process for their platform (just once). – Mike Graham Feb 23 '12 at 21:33
3

@Hiett, I believe your remark "there are instances where you have to be careful about protecting source from a technological viewpoint, e.g. defence sector." is wrong-headed and dangerous. Shipping your program trying to hide your source is a failing proposition. Your non-source distribution can always be decompiled or otherwise edited or re-used, and decompiling is especially trivial in Python. In security-critical industries such as defense, it is even more important not to have security holes like that. The only technological solution is not to give the program to someone at all. – Mike Graham Feb 23 '12 at 21:36
good points - i'm keen to use higher level languages for productivity gains in development but just struggling slightly conceptually to get away from the idea of delivering a native compiled binary to the customer - i think i just have to get with the times a bit and not be worried to ask them to install whatever interpreter is required – bph Feb 23 '12 at 21:44
@Hiett: I know some people who can read assembler about as well as they can read Python. And they're _very_ good at reading Python. – cha0site Feb 23 '12 at 21:50
2

@Hiett: When you use something like py2exe, you aren't exactly "asking the user to install Python". You're asking the user to install *your software*... which *happens* to include Python. As I thought Mike made very clear with point 2, all software needs some kind of runtime. The Java example is especially telling. Who would call Java an "unprofessional" language? Yet Java software routinely comes bundled with a Java runtime environment (which the installer installs for you as necessary), and that JRE is vastly bigger than Python! – John Y Feb 23 '12 at 22:33
@John: good stuff, i got a bit confused with mikes use of the term 'bundle' in (2.) i see now that he meant using py2exe (or equivalent). It seems that going down the py2exe type route is acceptable for professional software apps (thats what I was trying to figure out). You mention an installer for java which can detect if the necessary runtime environment is present on the target machine - are there similar installers available for python? – bph Feb 24 '12 at 08:23
1

@Hiett: That's a different question, one that has to do with package management. On Windows, AFAIK, Python is not available as a merge module you can include in your MSI, but it is available as an MSI so at the very least you can silently install it. On Linux, you can usually assume Python is present... Though it may be outdated. – cha0site Feb 27 '12 at 17:18

score 8 · Answer 2 · answered Feb 23 '12 at 21:16

Yes, it is possible to make installation packages. Look for py2exe, cx_freeze and others.

No, it is not possible to keep the source code completely safe. There are always ways to decompile.
Original source code can trivially be obtained from .pyc files if someone wants to do it. Code obfuscation would make it more difficult to do something with the code.

score 6 · Answer 3 · answered Aug 17 '15 at 23:40

I am surprised no one mentioned this before now, but Cython seems like a viable solution to this problem. It will take your Python code and transpile it into CPython compatible C code. You also get a small speed boost (~25% last I checked) since it will be compiled to native machine code instead of just Python byte code. You still need to be sure the user has Python installed (either by making it a pre-requisite pushed off onto the user to deal with, or bundling it as part of the installer process). Also, you do need to have at least one small part of your application in pure Python: the hook into the main function.

So you would need something basic like this:

import cython_compiled_module

if __name__ == '__main__':
    cython_compiled_module.main()

But this effectively leaks no implementation details. I think using Cython should meet the criteria in the question, but it also introduces the added complexity of compiling in C, which loses some of Python's easy cross-platform nature. Whether that is worth it or not is up to you.

As others stated, even the resulting compiled C code could be decompiled with a little effort, but it is likely much more close to the type of obfuscation you were initially hoping for.

score 3 · Answer 4 · answered Feb 23 '12 at 21:15

Well, it depends what you want to do. If by "not releasing the source code" you mean "the customer should not be able to access the source code in any way", well, you're fighting a losing battle. Even programs written in C can be reverse engineered, after all. If you're afraid someone will steal from you, make them sign a contract and sue them if there's trouble.

But if you mean "the customer should not care about python files, and not be able to casually access them", you can use a solution like cx_Freeze to turn your Python application into an executable.

score 1 · Answer 5 · answered Feb 23 '12 at 21:15

1

Build a web application in python. Then the world can use it via a browser with zero install.

answered Feb 23 '12 at 21:15

Matt Alcock

12,399
14
45
61

we're not developing web apps - if only it were that easy – bph Feb 23 '12 at 21:16
@Hiett: More and more of what used to only be possible as "desktop" software is now available as Web software. Are you *sure* what you're doing can't be done as a Web app? – John Y Feb 23 '12 at 22:16
LOL... how many people think there's only the client - if you develop a web app (or any server-side app) in Python, and want to sell it, and don't want to release the whole source code, what do you do? Write another web (server) app? C'mon... – Mad Hatter Dec 13 '13 at 11:55

deploying python applications

5 Answers5

Linked