pyship 0.1.6__py3-none-any.whl → 0.3.1__py3-none-any.whl

pyship/__init__.py

@@ -1,4 +1,4 @@
-""" pyship - ship python apps """
+"""pyship - ship python apps"""
 
 python_interpreter_exes = {True: "pythonw.exe", False: "python.exe"}  # True is GUI, False is CLI
 
@@ -21,6 +21,7 @@ from .nsis import run_nsis
 from .download import file_download, extract
 from .create_launcher import create_pyship_launcher
 from .clip import create_base_clip, install_target_app, create_clip, create_clip_file
+from .uv_util import find_or_bootstrap_uv, uv_python_install, uv_venv_create, uv_pip_install, uv_build
 from .cloud import PyShipCloud
 from .pyship import PyShip
 from .main import main

pyship/__main__.py

@@ -2,6 +2,5 @@ from ismain import is_main
 
 from pyship import main
 
-
 if is_main():
     main()

pyship/_version_.py

@@ -2,7 +2,7 @@ from pyshipupdate import __author__ as pyship_author
 
 __application_name__ = "pyship"
 __author__ = pyship_author
-__version__ = "0.1.6"
+__version__ = "0.3.1"
 __title__ = __application_name__
 __author_email__ = "j@abel.co"
 __url__ = "https://github.com/jamesabel/pyship"

pyship/app_info.py

@@ -1,9 +1,6 @@
-import os
 from pathlib import Path
 from dataclasses import dataclass
-from typing import Union
-import subprocess
-import sys
+from typing import Optional, Union
 
 import toml
 from semver import VersionInfo
@@ -88,21 +85,12 @@ def get_app_info_wheel(app_info: AppInfo, dist_path: Path) -> AppInfo:
 
 
 @typechecked
-def run_script(target_app_project_dir: Path, script_file_name: str):
-    script_path = Path(target_app_project_dir, script_file_name)
-    if script_path.exists():
-        pyship_print(f'running "{script_file_name}" (cwd="{target_app_project_dir}")')
-        make_venv_process = subprocess.run(script_file_name, cwd=str(target_app_project_dir), capture_output=True)
-        log.info(make_venv_process.stdout)
-        log.info(make_venv_process.stderr)
-
-
-@typechecked
-def get_app_info(target_app_project_dir: Path, target_app_dist_dir: Path) -> AppInfo:
+def get_app_info(target_app_project_dir: Path, target_app_dist_dir: Path, cache_dir: Optional[Path] = None) -> AppInfo:
     """
     Get combined app info from all potential sources.
     :param target_app_project_dir: app project dir, e.g. where a pyproject.toml may reside. (optional)
     :param target_app_dist_dir: the "distribution" dir, e.g. where a wheel may reside (optional)
+    :param cache_dir: cache dir for uv bootstrap (optional)
     :return: an AppInfo instance
     """
 
@@ -117,18 +105,15 @@ def get_app_info(target_app_project_dir: Path, target_app_dist_dir: Path) -> App
         wheel_glob = f"{app_info.name}*.whl"
         wheel_list = list(target_app_dist_dir.glob(wheel_glob))
         if len(wheel_list) < 1:
-            # No wheel file exists, but if there's a .bat file to build it, try that. In general the pyship user should have already created their wheel, but this is also
-            # handy for testing so the pyship repo can be cloned and pytest run, without otherwise having to build the test app's wheel.
-
-            venvs = list(Path(target_app_project_dir).glob("*venv"))  # does venv or .venv exist?
-            if len(venvs) < 1:
-                # Try to build the venv if it doesn't exist. Note that this uses specific script file names, but they can be set via env var.
-                run_script(target_app_project_dir, os.environ.get("PYSHIP_MAKE_VENV_SCRIPT", "make_venv.bat"))  # will be .sh for Linux/MacOS whenever they're supported ...
-
-            # run script to build the wheel
-            run_script(target_app_project_dir, os.environ.get("PYSHIP_BUILD_SCRIPT", "build.bat"))  # will be .sh for Linux/MacOS whenever they're supported ...
-
-            wheel_list = list(target_app_dist_dir.glob(wheel_glob))  # try again to find the wheel
+            # No wheel file exists - build it using uv
+            from pyship.uv_util import find_or_bootstrap_uv, uv_build
+
+            if cache_dir is not None:
+                uv_path = find_or_bootstrap_uv(cache_dir)
+                uv_build(uv_path, target_app_project_dir, target_app_dist_dir)
+                wheel_list = list(target_app_dist_dir.glob(wheel_glob))  # try again to find the wheel
+            else:
+                log.warning("no cache_dir provided, cannot bootstrap uv to build wheel")
 
         if len(wheel_list) == 0:
             log.error(f"{app_info.name} : no wheel at {target_app_dist_dir} ({target_app_dist_dir.absolute()})")

pyship/clip.py

@@ -1,44 +1,32 @@
-import glob
-import os
 import platform
-import re
 import shutil
-import subprocess
-import tkinter
 from pathlib import Path
-from platform import system
-import inspect
 
 from typeguard import typechecked
 from balsa import get_logger
 
-from pyshipupdate import is_windows, copy_tree
-import pyship
-import pyship.patch.pyship_patch
-from pyship import AppInfo, file_download, pyship_print, extract, __application_name__, subprocess_run, CLIP_EXT, PyshipCouldNotGetVersion
-
+from pyship import AppInfo, pyship_print, __application_name__, CLIP_EXT
+from pyship.uv_util import find_or_bootstrap_uv, uv_python_install, uv_venv_create, uv_pip_install
 
 log = get_logger(__application_name__)
 
 
 @typechecked
-def create_clip(target_app_info: AppInfo, app_dir: Path, remove_pth: bool, target_app_package_dist_dir: Path, cache_dir: Path, find_links: list) -> Path:
+def create_clip(target_app_info: AppInfo, app_dir: Path, target_app_package_dist_dir: Path, cache_dir: Path, find_links: list) -> Path:
     """
     create clip (Complete Location Independent Python) environment
     clip is a stand-alone, relocatable directory that contains the entire python environment (including all libraries and the target app) needed to execute the target python application
     :param target_app_info: target app info
     :param app_dir: app gets built here (i.e. the output of this function)
-    :param remove_pth: remove remove python*._pth files as a workaround (see bug URL below)
     :param target_app_package_dist_dir: target app module dist dir (as a package)
     :param cache_dir: cache dir
     :param find_links: a (potentially empty) list of "find links" to add to pip invocation
     :return: path to the clip dir
     """
 
-    # create the clip dir
     clip_dir = create_base_clip(target_app_info, app_dir, cache_dir)
     assert isinstance(target_app_info.name, str)
-    install_target_app(target_app_info.name, clip_dir, target_app_package_dist_dir, remove_pth, find_links)
+    install_target_app(target_app_info.name, clip_dir, target_app_package_dist_dir, cache_dir, find_links)
     return clip_dir
 
 
@@ -56,7 +44,7 @@ def create_clip_file(clip_dir: Path) -> Path:
 @typechecked
 def create_base_clip(target_app_info: AppInfo, app_dir: Path, cache_dir: Path) -> Path:
     """
-    create pyship python environment called clip
+    create pyship python environment called clip using uv
 
     :param target_app_info: target app info
     :param app_dir: app gets built here (i.e. the output of this function)
@@ -64,111 +52,37 @@ def create_base_clip(target_app_info: AppInfo, app_dir: Path, cache_dir: Path) -
     :return absolute path to created clip
     """
 
-    # use project's Python (in this venv) to determine target Python version
-    python_ver_str = platform.python_version()
     python_ver_tuple = platform.python_version_tuple()
+    python_version = f"{python_ver_tuple[0]}.{python_ver_tuple[1]}"
 
-    # get the embedded python interpreter
-    search = re.search(r"([0-9]+)", python_ver_tuple[2])
-    if search is not None:
-        base_patch_str = search.group(1)
-    else:
-        raise PyshipCouldNotGetVersion(python_ver_tuple)
-
-    # version but with numbers only and not the extra release info (e.g. b, rc, etc.)
-    ver_base_str = f"{python_ver_tuple[0]}.{python_ver_tuple[1]}.{base_patch_str}"
-    zip_file = Path(f"python-{python_ver_str}-embed-amd64.zip")
-    zip_url = f"https://www.python.org/ftp/python/{ver_base_str}/{zip_file}"
-    file_download(zip_url, cache_dir, zip_file)
     clip_dir_name = f"{target_app_info.name}_{str(target_app_info.version)}"
     clip_dir = Path(app_dir, clip_dir_name).absolute()
     pyship_print(f'building clip {clip_dir_name} ("{clip_dir}")')
-    extract(cache_dir, zip_file, clip_dir)
-
-    # Programmatically edit ._pth file, e.g. python38._pth
-    # see https://github.com/pypa/pip/issues/4207
-    # todo: refactor to use Path
-    glob_path = os.path.abspath(os.path.join(clip_dir, "python*._pth"))
-    pth_glob = glob.glob(glob_path)
-    if pth_glob is None or len(pth_glob) != 1:
-        log.critical("could not find '._pth' file at %s" % glob_path)
-    else:
-        pth_path = pth_glob[0]
-        log.info("uncommenting import site in %s" % pth_path)
-        pth_contents = open(pth_path).read()
-        pth_save_path = pth_path.replace("._pth", "._pip_bug_pth")
-        shutil.move(pth_path, pth_save_path)
-        pth_contents = pth_contents.replace("#import site", "import site")  # uncomment import site
-        pth_contents = "..\n" + pth_contents  # add where pyship_main.py will be (one dir 'up' from python.exe)
-        open(pth_path, "w").write(pth_contents)
-
-    # install pip
-    # this is how get-pip was originally obtained
-    # get_pip_file = "get-pip.py"
-    # get_file("https://bootstrap.pypa.io/get-pip.py", cache_folder, get_pip_file)
-    get_pip_file = "get-pip.py"
-    get_pip_path = os.path.join(os.path.dirname(pyship.__file__), get_pip_file)
-    log.info(f"{get_pip_path=}")
-    get_pip_cmd = ["python.exe", os.path.abspath(get_pip_path), "--no-warn-script-location"]
-    log.info(f"{get_pip_cmd=}")
-    subprocess.run(get_pip_cmd, cwd=clip_dir, capture_output=True, shell=True, check=True)  # subprocess_run uses typeguard and we don't have that yet so just use subprocess.run
-
-    # upgrade pip
-    pip_upgrade_cmd = ["python.exe", "-m", "pip", "install", "--no-deps", "--upgrade", "pip"]
-    log.info(f"{pip_upgrade_cmd=}")
-    subprocess.run(pip_upgrade_cmd, cwd=clip_dir, capture_output=True, shell=True, check=True)  # subprocess_run uses typeguard and we don't have that yet so just use subprocess.run
-
-    # the embedded Python doesn't ship with tkinter, so add it to clip
-    # https://stackoverflow.com/questions/37710205/python-embeddable-zip-install-tkinter
-    if is_windows():
-        python_base_install_dir = Path(tkinter.__file__).parent.parent.parent
-        copy_tree(Path(python_base_install_dir), clip_dir, "tcl")  # tcl dir
-        copy_tree(Path(python_base_install_dir, "Lib"), Path(clip_dir, "Lib", "site-packages"), "tkinter")  # tkinter dir
-        # dlls
-        for file_name in ["_tkinter.pyd", "tcl86t.dll", "tk86t.dll"]:
-            shutil.copy2(str(Path(python_base_install_dir, "DLLs", file_name)), str(clip_dir))
-    else:
-        log.fatal(f"Unsupported OS: {system()}")
-
-    # write out patch files
-    Path(clip_dir, "pyship_patch.pth").write_text("import pyship_patch")  # this causes the pyship_patch.py to be loaded and therefore executed
-    patch_string = f"{inspect.getsource(pyship.patch.pyship_patch.pyship_patch)}\n\npyship_patch()\n"
-    Path(clip_dir, "pyship_patch.py").write_text(patch_string)  # due to the above, this file gets executed at Python interpreter startup
+
+    uv_path = find_or_bootstrap_uv(cache_dir)
+    uv_python_install(uv_path, python_version)
+    uv_venv_create(uv_path, clip_dir, python_version)
 
     return clip_dir
 
 
 @typechecked
-def install_target_app(module_name: str, python_env_dir: Path, target_app_package_dist_dir: Path, remove_pth: bool, find_links: list):
+def install_target_app(module_name: str, clip_dir: Path, target_app_package_dist_dir: Path, cache_dir: Path, find_links: list):
     """
     install target app as a module (and its dependencies) into clip
     :param module_name: module name
-    :param python_env_dir: venv or clip dir
+    :param clip_dir: clip dir (a relocatable venv)
     :param target_app_package_dist_dir: target app module dist dir (as a package)
-    :param remove_pth: remove remove python*._pth files as a workaround (see bug URL below)
+    :param cache_dir: cache dir
     :param find_links: a list of "find links" to add to pip invocation
     """
 
-    # install this local app in the embedded python dir
     log.info(f"installing {module_name}")
 
-    if remove_pth:
-        # remove python*._pth
-        # https://github.com/PythonCharmers/python-future/issues/411
-        pth_glob_list = [p for p in Path(python_env_dir).glob("python*._pth")]
-        if len(pth_glob_list) == 1:
-            pth_path = str(pth_glob_list[0])
-            pth_save_path = pth_path.replace("._pth", "._future_bug_pth")
-            shutil.move(pth_path, pth_save_path)
-        else:
-            log.error(f"unexpected {pth_glob_list=} found at {python_env_dir=}")
-
-    # install the target module (and its dependencies)
-    cmd = [str(Path(python_env_dir, "python.exe")), "-m", "pip", "install", "-U", module_name, "--no-warn-script-location"]
-
-    find_links.append(str(target_app_package_dist_dir.absolute()))
+    uv_path = find_or_bootstrap_uv(cache_dir)
+    target_python = Path(clip_dir, "Scripts", "python.exe")
 
-    for find_link in find_links:
-        cmd.extend(["-f", f"file://{str(find_link)}"])
+    all_find_links = list(find_links)  # copy to avoid mutating caller's list
+    all_find_links.append(str(target_app_package_dist_dir.absolute()))
 
-    subprocess_run(cmd, python_env_dir)
+    uv_pip_install(uv_path, target_python, [module_name], all_find_links, upgrade=True)

pyship/cloud.py

@@ -30,7 +30,8 @@ class PyShipCloud:
         :return: URL of uploaded file
         """
         s3_key = file_path.name
-        self.s3_access.set_public_readable(True)  # all uploads are public readable (disable upload to keep installers and clips private)
+        # Note: AWS S3 now defaults to BucketOwnerEnforced which disables ACLs
+        # Use bucket policies or pre-signed URLs for access control instead
         self.s3_access.create_bucket()
         self.s3_access.upload(file_path, s3_key)
         return self.s3_access.get_s3_object_url(s3_key)

pyship/constants.py

@@ -1 +1,8 @@
+import os
+
 dist_dir = "dist"
+
+
+def is_ci() -> bool:
+    """Check if running in a CI environment (GitHub Actions, etc.)."""
+    return os.environ.get("CI", "").lower() == "true" or os.environ.get("GITHUB_ACTIONS", "").lower() == "true"

pyship/create_launcher.py

@@ -1,9 +1,9 @@
-import sys
+import shutil
 from pathlib import Path
-import subprocess
 
 from typeguard import typechecked
 from balsa import get_logger
+from semver import VersionInfo
 
 from pyshipupdate import mkdirs
 import pyship
@@ -11,7 +11,7 @@ from pyship import AppInfo, pyship_print, get_icon
 from pyship import __application_name__ as pyship_application_name
 from pyship.launcher import application_name as launcher_application_name
 from pyship.launcher import calculate_metadata, load_metadata, store_metadata
-
+from pyship.launcher_stub import compile_launcher_stub
 
 log = get_logger(launcher_application_name)
 
@@ -19,7 +19,7 @@ log = get_logger(launcher_application_name)
 @typechecked
 def create_pyship_launcher(target_app_info: AppInfo, app_path_output: Path):
     """
-    create the launcher executable
+    Create the launcher executable using a compiled C# stub and standalone Python launcher script.
     :param target_app_info: target app info
     :param app_path_output: app gets built here
     :return: True if launcher was built
@@ -32,91 +32,58 @@ def create_pyship_launcher(target_app_info: AppInfo, app_path_output: Path):
     else:
         metadata_filename = f"{target_app_info.name}_metadata.json"
 
-        # create launcher
-
-        # find the launcher source file path
+        # find the launcher source directory (for metadata hashing)
         assert hasattr(pyship, "__path__")
-        pyship_path_list = pyship.__path__  # type: ignore
+        pyship_path_list = pyship.__path__
         if len(pyship_path_list) != 1:
             log.warning(f"not length of 1: {pyship_path_list}")
-        pyship_path = pyship_path_list[0]  # parent dir of launcher source
+        pyship_path = Path(pyship_path_list[0])
         launcher_module_dir = Path(pyship_path, launcher_application_name)
 
-        launcher_exe_filename = f"{target_app_info.name}.exe"
-        launcher_exe_path = Path(app_path_output, target_app_info.name, launcher_exe_filename)
+        launcher_dir = Path(app_path_output, target_app_info.name)
+        launcher_exe_path = Path(launcher_dir, f"{target_app_info.name}.exe")
 
         icon_path = get_icon(target_app_info, pyship_print)
 
-        python_interpreter_path = sys.executable
-        if python_interpreter_path is None or len(python_interpreter_path) < 1:
-            log.error("python interpreter path not found")
-        else:
-            mkdirs(app_path_output)
-
-            explicit_modules_to_import = [
-                "ismain",
-                "sentry_sdk",
-                "typeguard",
-                "sentry_sdk.integrations.stdlib",
-                "pyship",  # pyship is needed since launcher calls other routines in pyship
-            ]
-
-            venv_dir = Path(target_app_info.project_dir, "venv")  # venv for the target app
-            pyinstaller_exe_path = Path(venv_dir, "Scripts", "pyinstaller.exe")
-            if not pyinstaller_exe_path.exists():
-                raise FileNotFoundError(str(pyinstaller_exe_path))
-            command_line = [str(pyinstaller_exe_path), "--clean", "-i", str(icon_path), "-n", target_app_info.name, "--distpath", str(app_path_output.absolute())]
-            for explicit_module_to_import in explicit_modules_to_import:
-                # modules pyinstaller doesn't seem to be able to find on its own
-                command_line.extend(["--hiddenimport", explicit_module_to_import])
-
-            # "-F" or "--onefile" is too slow of a start up - was measured at 15 sec for the launch app (experiment with just a print as the app was still 2 sec startup).  --onedir is ~1 sec.
-            # I could probably get the full app down a bit, but it'll never be 1 sec.
-            # https://stackoverflow.com/questions/9469932/app-created-with-pyinstaller-has-a-slow-startup
-            # command_line.append("--onefile")
-            command_line.append("--onedir")
-
-            if target_app_info.is_gui:
-                command_line.append("--noconsole")
-            # command_line.extend(["--debug", "all"])  # todo: remove once we get the launcher working again
-            site_packages_dir = Path(venv_dir, "Lib", "site-packages")
-
-            # find the launcher source code, so we can make an executable from it
-            launcher_source_path = None
-            launcher_candidate_parents = (site_packages_dir, Path())
-            for parent in launcher_candidate_parents:
-                source_candidate = Path(parent, pyship_application_name, launcher_application_name, f"{launcher_application_name}.py").absolute()
-                if source_candidate.exists():
-                    launcher_source_path = source_candidate
-                    break
-            if launcher_source_path is None:
-                log.fatal(f"could not find launcher path in {launcher_candidate_parents=}")
-                return False
+        mkdirs(app_path_output)
+
+        # Compute metadata for cache invalidation
+        assert isinstance(target_app_info.author, str)
+        assert isinstance(target_app_info.is_gui, bool)
+        assert isinstance(target_app_info.version, VersionInfo)
+        metadata = calculate_metadata(target_app_info.name, target_app_info.author, target_app_info.version, launcher_module_dir, icon_path, target_app_info.is_gui)
+        if not launcher_exe_path.exists() or metadata != load_metadata(app_path_output, metadata_filename):
+            pyship_print(f'building launcher ("{launcher_exe_path}")')
+
+            # 1. Compile the C# stub
+            compile_launcher_stub(
+                app_name=target_app_info.name,
+                icon_path=icon_path,
+                is_gui=target_app_info.is_gui,
+                output_path=launcher_dir,
+            )
+
+            # 2. Copy the standalone launcher script alongside the stub
+            standalone_source = Path(launcher_module_dir, "launcher_standalone.py")
+            standalone_dest = Path(launcher_dir, f"{target_app_info.name}_launcher.py")
+            shutil.copy2(str(standalone_source), str(standalone_dest))
+            log.info(f"copied launcher script to {standalone_dest}")
+
+            # 3. Copy the icon alongside
+            if icon_path.exists():
+                icon_dest = Path(launcher_dir, f"{target_app_info.name}.ico")
+                shutil.copy2(str(icon_path), str(icon_dest))
+                log.info(f"copied icon to {icon_dest}")
+
+            # 4. Store metadata for cache invalidation
+            store_metadata(app_path_output, metadata_filename, metadata)
+
+            if launcher_exe_path.exists():
+                built_it = True
+                log.info(f"launcher built ({launcher_exe_path})")
             else:
-                log.info(f"{launcher_source_path=}")
-                command_line.append(str(launcher_source_path))
-
-            # avoid re-building launcher if its functionality wouldn't change
-            assert isinstance(target_app_info.author, str)
-            assert isinstance(target_app_info.is_gui, bool)
-            metadata = calculate_metadata(target_app_info.name, target_app_info.author, target_app_info.version, Path(launcher_module_dir), icon_path, target_app_info.is_gui)
-            if not launcher_exe_path.exists() or metadata != load_metadata(app_path_output, metadata_filename):
-                pyship_print(f'building launcher ("{launcher_exe_path}")')
-                log.info(f"project_dir={str(target_app_info.project_dir)}")
-                log.info(f"{command_line=}")
-                # pyinstaller outputs regular status messages to stderr for some reason so just capture all output but also check for error return code
-                launcher_run = subprocess.run(command_line, cwd=target_app_info.project_dir, capture_output=True, text=True, check=True)
-                # metadata is in the app parent dir
-                store_metadata(app_path_output, metadata_filename, metadata)
-
-                if launcher_exe_path.exists():
-                    built_it = True
-                    log.info(f"launcher built ({launcher_exe_path})")
-                else:
-                    # launcher wasn't built - there was an error - so display the pyinstaller output to the user
-                    pyship_print(launcher_run.stdout)
-                    pyship_print(launcher_run.stderr)
-            else:
-                log.info(f"{launcher_exe_path} already built - no need to rebuild")
+                log.error(f"launcher exe not found after build: {launcher_exe_path}")
+        else:
+            log.info(f"{launcher_exe_path} already built - no need to rebuild")
 
     return built_it

pyship/download.py

@@ -32,6 +32,22 @@ def file_download(url: str, destination_folder: Path, file_name: Path):
     return destination_path
 
 
+def is_within_directory(directory: Path, target: Path):
+    abs_directory = directory.absolute()
+    abs_target = target.absolute()
+    prefix = os.path.commonprefix([abs_directory, abs_target])
+    return prefix == str(abs_directory)
+
+
+def safe_extract(tar, path: Path = Path(".")):
+    # for CVE-2007-4559
+    for member in tar.getmembers():
+        member_path = Path(path, member.name)
+        if not is_within_directory(path, member_path):
+            raise Exception("Attempted Path Traversal in Tar File")
+    tar.extractall(path, None, numeric_owner=False)
+
+
 @typechecked
 def extract(source_folder: Path, source_file: Path, destination_folder: Path):
     mkdirs(destination_folder, remove_first=True)
@@ -43,9 +59,9 @@ def extract(source_folder: Path, source_file: Path, destination_folder: Path):
             zf.extractall(destination_folder)
     elif source_file.suffix == ".tgz":
         with tarfile.open(source) as tf:
-            tf.extractall(destination_folder)
+            safe_extract(tf, destination_folder)
     elif source_file.suffix == ".gz":
         with tarfile.open(source) as tf:
-            tf.extractall(destination_folder)
+            safe_extract(tf, destination_folder)
     else:
         raise Exception(f"Unsupported file type {source_file.suffix} ({source_file})")

pyship/launcher/__init__.py

@@ -3,7 +3,7 @@ pyship launcher
 """
 
 from .restart_monitor import RestartMonitor
-from .launcher import launch
+from .launcher_standalone import launch
 from .hash import get_file_sha256
 from .metadata import calculate_metadata, load_metadata, store_metadata