#-----------------------------------------------------------------------------
|
# Copyright (c) 2005-2023, PyInstaller Development Team.
|
#
|
# Distributed under the terms of the GNU General Public License (version 2
|
# or later) with exception for distributing the bootloader.
|
#
|
# The full license is in the file COPYING.txt, distributed with this software.
|
#
|
# SPDX-License-Identifier: (GPL-2.0-or-later WITH Bootloader-exception)
|
#-----------------------------------------------------------------------------
|
"""
|
This module contains classes that are available for the .spec files.
|
|
Spec file is generated by PyInstaller. The generated code from .spec file
|
is a way how PyInstaller does the dependency analysis and creates executable.
|
"""
|
|
import os
|
import subprocess
|
import time
|
import shutil
|
from operator import itemgetter
|
|
from PyInstaller import HOMEPATH, PLATFORM
|
from PyInstaller import log as logging
|
from PyInstaller.archive.writers import CArchiveWriter, ZlibArchiveWriter
|
from PyInstaller.building.datastruct import Target, _check_guts_eq, normalize_pyz_toc, normalize_toc
|
from PyInstaller.building.utils import (
|
_check_guts_toc, _make_clean_directory, _rmtree, checkCache, get_code_object, strip_paths_in_code, compile_pymodule
|
)
|
from PyInstaller.building.splash import Splash # argument type validation in EXE
|
from PyInstaller.compat import is_cygwin, is_darwin, is_linux, is_win, strict_collect_mode
|
from PyInstaller.depend import bindepend
|
from PyInstaller.depend.analysis import get_bootstrap_modules
|
from PyInstaller.depend.utils import is_path_to_egg
|
import PyInstaller.utils.misc as miscutils
|
|
logger = logging.getLogger(__name__)
|
|
if is_win:
|
from PyInstaller.utils.win32 import (icon, versioninfo, winmanifest, winresource, winutils)
|
|
if is_darwin:
|
import PyInstaller.utils.osx as osxutils
|
|
|
class PYZ(Target):
|
"""
|
Creates a ZlibArchive that contains all pure Python modules.
|
"""
|
def __init__(self, *tocs, **kwargs):
|
"""
|
tocs
|
One or more TOC (Table of Contents) lists, usually an `Analysis.pure` and an `Analysis.zipped_data`.
|
|
If the passed TOC has an attribute `_code_cache`, it is expected to be a dictionary of module code objects
|
from ModuleGraph.
|
|
kwargs
|
Possible keyword arguments:
|
|
name
|
A filename for the .pyz. Normally not needed, as the generated name will do fine.
|
cipher
|
The block cipher that will be used to encrypt Python bytecode.
|
"""
|
|
from PyInstaller.config import CONF
|
|
super().__init__()
|
|
name = kwargs.get('name', None)
|
cipher = kwargs.get('cipher', None)
|
|
self.name = name
|
if name is None:
|
self.name = os.path.splitext(self.tocfilename)[0] + '.pyz'
|
|
# PyInstaller bootstrapping modules.
|
bootstrap_dependencies = get_bootstrap_modules()
|
|
# Bundle the crypto key.
|
self.cipher = cipher
|
if cipher:
|
key_file = ('pyimod00_crypto_key', os.path.join(CONF['workpath'], 'pyimod00_crypto_key.py'), 'PYMODULE')
|
# Insert the key as the first module in the list. The key module contains just variables and does not depend
|
# on other modules.
|
bootstrap_dependencies.insert(0, key_file)
|
|
# Compile the python modules that are part of bootstrap dependencies, so that they can be collected into the
|
# CArchive and imported by the bootstrap script.
|
self.dependencies = []
|
workpath = os.path.join(CONF['workpath'], 'localpycs')
|
for name, src_path, typecode in bootstrap_dependencies:
|
if typecode == 'PYMODULE':
|
# Compile pymodule and include the compiled .pyc file.
|
pyc_path = compile_pymodule(name, src_path, workpath, code_cache=None)
|
self.dependencies.append((name, pyc_path, typecode))
|
else:
|
# Include as is (extensions).
|
self.dependencies.append((name, src_path, typecode))
|
|
# Merge input TOC(s) and their code object dictionaries (if available). Skip the bootstrap modules, which will
|
# be passed on to CArchive.
|
bootstrap_module_names = set(name for name, _, typecode in self.dependencies if typecode == 'PYMODULE')
|
self.toc = []
|
self.code_dict = {}
|
for toc in tocs:
|
# Check if code cache association exists for the given TOC list
|
code_cache = CONF['code_cache'].get(id(toc))
|
if code_cache is not None:
|
self.code_dict.update(code_cache)
|
|
for entry in toc:
|
name, _, typecode = entry
|
# PYZ expects PYMODULE entries (python code objects) and DATA entries (data collected from zipped eggs).
|
assert typecode in ('PYMODULE', 'DATA'), f"Invalid entry passed to PYZ: {entry}!"
|
# Module required during bootstrap; skip to avoid collecting a duplicate.
|
if typecode == 'PYMODULE' and name in bootstrap_module_names:
|
continue
|
self.toc.append(entry)
|
|
# Normalize TOC
|
self.toc = normalize_pyz_toc(self.toc)
|
|
# Alphabetically sort the TOC to enable reproducible builds.
|
self.toc.sort()
|
|
self.__postinit__()
|
|
_GUTS = (
|
# input parameters
|
('name', _check_guts_eq),
|
('toc', _check_guts_toc),
|
# no calculated/analysed values
|
)
|
|
def assemble(self):
|
logger.info("Building PYZ (ZlibArchive) %s", self.name)
|
|
# Ensure code objects are available for all modules we are about to collect.
|
# NOTE: `self.toc` is already sorted by names.
|
archive_toc = []
|
for entry in self.toc:
|
name, src_path, typecode = entry
|
if typecode == 'PYMODULE' and name not in self.code_dict:
|
# The code object is not available from the ModuleGraph's cache; re-create it.
|
try:
|
self.code_dict[name] = get_code_object(name, src_path)
|
except SyntaxError:
|
# The module was likely written for different Python version; exclude it
|
continue
|
archive_toc.append(entry)
|
|
# Remove leading parts of paths in code objects.
|
self.code_dict = {name: strip_paths_in_code(code) for name, code in self.code_dict.items()}
|
|
# Create the archive
|
ZlibArchiveWriter(self.name, archive_toc, code_dict=self.code_dict, cipher=self.cipher)
|
logger.info("Building PYZ (ZlibArchive) %s completed successfully.", self.name)
|
|
|
class PKG(Target):
|
"""
|
Creates a CArchive. CArchive is the data structure that is embedded into the executable. This data structure allows
|
to include various read-only data in a single-file deployment.
|
"""
|
xformdict = {
|
'PYMODULE': 'm',
|
'PYSOURCE': 's',
|
'EXTENSION': 'b',
|
'PYZ': 'z',
|
'PKG': 'a',
|
'DATA': 'x',
|
'BINARY': 'b',
|
'ZIPFILE': 'Z',
|
'EXECUTABLE': 'b',
|
'DEPENDENCY': 'd',
|
'SPLASH': 'l'
|
}
|
|
def __init__(
|
self,
|
toc,
|
name=None,
|
cdict=None,
|
exclude_binaries=False,
|
strip_binaries=False,
|
upx_binaries=False,
|
upx_exclude=None,
|
target_arch=None,
|
codesign_identity=None,
|
entitlements_file=None
|
):
|
"""
|
toc
|
A TOC (Table of Contents) list.
|
name
|
An optional filename for the PKG.
|
cdict
|
Dictionary that specifies compression by typecode. For Example, PYZ is left uncompressed so that it
|
can be accessed inside the PKG. The default uses sensible values. If zlib is not available, no
|
compression is used.
|
exclude_binaries
|
If True, EXTENSIONs and BINARYs will be left out of the PKG, and forwarded to its container (usually
|
a COLLECT).
|
strip_binaries
|
If True, use 'strip' command to reduce the size of binary files.
|
upx_binaries
|
"""
|
super().__init__()
|
|
self.toc = normalize_toc(toc) # Ensure guts contain normalized TOC
|
self.cdict = cdict
|
self.name = name
|
if name is None:
|
self.name = os.path.splitext(self.tocfilename)[0] + '.pkg'
|
self.exclude_binaries = exclude_binaries
|
self.strip_binaries = strip_binaries
|
self.upx_binaries = upx_binaries
|
self.upx_exclude = upx_exclude or []
|
self.target_arch = target_arch
|
self.codesign_identity = codesign_identity
|
self.entitlements_file = entitlements_file
|
|
# This dict tells PyInstaller what items embedded in the executable should be compressed.
|
if self.cdict is None:
|
self.cdict = {
|
'EXTENSION': COMPRESSED,
|
'DATA': COMPRESSED,
|
'BINARY': COMPRESSED,
|
'EXECUTABLE': COMPRESSED,
|
'PYSOURCE': COMPRESSED,
|
'PYMODULE': COMPRESSED,
|
'SPLASH': COMPRESSED,
|
# Do not compress PYZ as a whole, as it contains individually-compressed modules.
|
'PYZ': UNCOMPRESSED
|
}
|
|
self.__postinit__()
|
|
_GUTS = ( # input parameters
|
('name', _check_guts_eq),
|
('cdict', _check_guts_eq),
|
('toc', _check_guts_toc), # list unchanged and no newer files
|
('exclude_binaries', _check_guts_eq),
|
('strip_binaries', _check_guts_eq),
|
('upx_binaries', _check_guts_eq),
|
('upx_exclude', _check_guts_eq),
|
('target_arch', _check_guts_eq),
|
('codesign_identity', _check_guts_eq),
|
('entitlements_file', _check_guts_eq),
|
# no calculated/analysed values
|
)
|
|
def assemble(self):
|
logger.info("Building PKG (CArchive) %s", os.path.basename(self.name))
|
|
bootstrap_toc = [] # TOC containing bootstrap scripts and modules, which must not be sorted.
|
archive_toc = [] # TOC containing all other elements. Sorted to enable reproducible builds.
|
|
for dest_name, src_name, typecode in self.toc:
|
# Ensure that the source file exists, if necessary. Skip the check for OPTION entries, where 'src_name' is
|
# None. Also skip DEPENDENCY entries due to special contents of 'dest_name' and/or 'src_name'.
|
if typecode not in ('OPTION', 'DEPENDENCY') and not os.path.exists(src_name):
|
# If file is contained within python egg, it will be added with the egg.
|
if not is_path_to_egg(src_name):
|
if strict_collect_mode:
|
raise ValueError(f"Non-existent resource {src_name}, meant to be collected as {dest_name}!")
|
else:
|
logger.warning(
|
"Ignoring non-existent resource %s, meant to be collected as %s", src_name, dest_name
|
)
|
continue
|
if typecode in ('BINARY', 'EXTENSION'):
|
if self.exclude_binaries:
|
# This is onedir-specific codepath - the EXE and consequently PKG should not be passed the Analysis'
|
# `datas` and `binaries` TOCs (unless the user messes up the .spec file). However, EXTENSION entries
|
# might still slip in via `PYZ.dependencies`, which are merged by EXE into its TOC and passed on to
|
# PKG here. Such entries need to be passed to the parent container (the COLLECT) via
|
# `PKG.dependencies`.
|
#
|
# This codepath formerly performed such pass-through only for EXTENSION entries, but in order to
|
# keep code simple, we now also do it for BINARY entries. In a sane world, we do not expect to
|
# encounter them here; but if they do happen to pass through here and we pass them on, the
|
# container's TOC de-duplication should take care of them (same as with EXTENSION ones, really).
|
self.dependencies.append((dest_name, src_name, typecode))
|
else:
|
# This is onefile-specific codepath. The binaries (both EXTENSION and BINARY entries) need to be
|
# processed using `checkCache` helper.
|
src_name = checkCache(
|
src_name,
|
strip=self.strip_binaries,
|
upx=self.upx_binaries,
|
upx_exclude=self.upx_exclude,
|
dist_nm=dest_name,
|
target_arch=self.target_arch,
|
codesign_identity=self.codesign_identity,
|
entitlements_file=self.entitlements_file,
|
strict_arch_validation=(typecode == 'EXTENSION'),
|
)
|
archive_toc.append((dest_name, src_name, self.cdict.get(typecode, False), self.xformdict[typecode]))
|
elif typecode == 'OPTION':
|
archive_toc.append((dest_name, '', False, 'o'))
|
elif typecode in ('PYSOURCE', 'PYMODULE'):
|
# Collect python script and modules in a TOC that will not be sorted.
|
bootstrap_toc.append((dest_name, src_name, self.cdict.get(typecode, False), self.xformdict[typecode]))
|
else:
|
# PYZ, PKG, DEPENDENCY, SPLASH
|
# TODO: are DATA and ZIPFILE valid here?
|
archive_toc.append((dest_name, src_name, self.cdict.get(typecode, False), self.xformdict[typecode]))
|
|
# Bootloader has to know the name of Python library. Pass python libname to CArchive.
|
pylib_name = os.path.basename(bindepend.get_python_library_path())
|
|
# Sort content alphabetically by type and name to enable reproducible builds.
|
archive_toc.sort(key=itemgetter(3, 0))
|
# Do *not* sort modules and scripts, as their order is important.
|
# TODO: Think about having all modules first and then all scripts.
|
CArchiveWriter(self.name, bootstrap_toc + archive_toc, pylib_name=pylib_name)
|
|
logger.info("Building PKG (CArchive) %s completed successfully.", os.path.basename(self.name))
|
|
|
class EXE(Target):
|
"""
|
Creates the final executable of the frozen app. This bundles all necessary files together.
|
"""
|
def __init__(self, *args, **kwargs):
|
"""
|
args
|
One or more arguments that are either an instance of `Target` or an iterable representing TOC list.
|
kwargs
|
Possible keyword arguments:
|
|
bootloader_ignore_signals
|
Non-Windows only. If True, the bootloader process will ignore all ignorable signals. If False (default),
|
it will forward all signals to the child process. Useful in situations where for example a supervisor
|
process signals both the bootloader and the child (e.g., via a process group) to avoid signalling the
|
child twice.
|
console
|
On Windows or Mac OS governs whether to use the console executable or the windowed executable. Always
|
True on Linux/Unix (always console executable - it does not matter there).
|
disable_windowed_traceback
|
Disable traceback dump of unhandled exception in windowed (noconsole) mode (Windows and macOS only),
|
and instead display a message that this feature is disabled.
|
debug
|
Setting to True gives you progress messages from the executable (for console=False there will be
|
annoying MessageBoxes on Windows).
|
name
|
The filename for the executable. On Windows suffix '.exe' is appended.
|
exclude_binaries
|
Forwarded to the PKG the EXE builds.
|
icon
|
Windows and Mac OS only. icon='myicon.ico' to use an icon file or icon='notepad.exe,0' to grab an icon
|
resource. Defaults to use PyInstaller's console or windowed icon. Use icon=`NONE` to not add any icon.
|
version
|
Windows only. version='myversion.txt'. Use grab_version.py to get a version resource from an executable
|
and then edit the output to create your own. (The syntax of version resources is so arcane that I would
|
not attempt to write one from scratch).
|
uac_admin
|
Windows only. Setting to True creates a Manifest with will request elevation upon application start.
|
uac_uiaccess
|
Windows only. Setting to True allows an elevated application to work with Remote Desktop.
|
embed_manifest
|
Windows only. Setting to True (the default) embeds the manifest into the executable. Setting to False
|
generates an external .exe.manifest file. Applicable only in onedir mode (exclude_binaries=True); in
|
onefile mode (exclude_binaries=False), the manifest is always embedded in the executable, regardless
|
of this option.
|
argv_emulation
|
macOS only. Enables argv emulation in macOS .app bundles (i.e., windowed bootloader). If enabled, the
|
initial open document/URL Apple Events are intercepted by bootloader and converted into sys.argv.
|
target_arch
|
macOS only. Used to explicitly specify the target architecture; either single-arch ('x86_64' or 'arm64')
|
or 'universal2'. Used in checks that the collected binaries contain the requires arch slice(s) and/or
|
to convert fat binaries into thin ones as necessary. If not specified (default), a single-arch build
|
corresponding to running architecture is assumed.
|
codesign_identity
|
macOS only. Use the provided identity to sign collected binaries and the generated executable. If
|
signing identity is not provided, ad-hoc signing is performed.
|
entitlements_file
|
macOS only. Optional path to entitlements file to use with code signing of collected binaries
|
(--entitlements option to codesign utility).
|
"""
|
from PyInstaller.config import CONF
|
|
super().__init__()
|
|
# Available options for EXE in .spec files.
|
self.exclude_binaries = kwargs.get('exclude_binaries', False)
|
self.bootloader_ignore_signals = kwargs.get('bootloader_ignore_signals', False)
|
self.console = kwargs.get('console', True)
|
self.disable_windowed_traceback = kwargs.get('disable_windowed_traceback', False)
|
self.debug = kwargs.get('debug', False)
|
self.name = kwargs.get('name', None)
|
self.icon = kwargs.get('icon', None)
|
self.versrsrc = kwargs.get('version', None)
|
self.manifest = kwargs.get('manifest', None)
|
self.embed_manifest = kwargs.get('embed_manifest', True)
|
self.resources = kwargs.get('resources', [])
|
self.strip = kwargs.get('strip', False)
|
self.upx_exclude = kwargs.get("upx_exclude", [])
|
self.runtime_tmpdir = kwargs.get('runtime_tmpdir', None)
|
# If ``append_pkg`` is false, the archive will not be appended to the exe, but copied beside it.
|
self.append_pkg = kwargs.get('append_pkg', True)
|
|
# On Windows allows the exe to request admin privileges.
|
self.uac_admin = kwargs.get('uac_admin', False)
|
self.uac_uiaccess = kwargs.get('uac_uiaccess', False)
|
|
# macOS argv emulation
|
self.argv_emulation = kwargs.get('argv_emulation', False)
|
|
# Target architecture (macOS only)
|
self.target_arch = kwargs.get('target_arch', None)
|
if is_darwin:
|
if self.target_arch is None:
|
import platform
|
self.target_arch = platform.machine()
|
else:
|
assert self.target_arch in {'x86_64', 'arm64', 'universal2'}, \
|
f"Unsupported target arch: {self.target_arch}"
|
logger.info("EXE target arch: %s", self.target_arch)
|
else:
|
self.target_arch = None # explicitly disable
|
|
# Code signing identity (macOS only)
|
self.codesign_identity = kwargs.get('codesign_identity', None)
|
if is_darwin:
|
logger.info("Code signing identity: %s", self.codesign_identity)
|
else:
|
self.codesign_identity = None # explicitly disable
|
# Code signing entitlements
|
self.entitlements_file = kwargs.get('entitlements_file', None)
|
|
if CONF['hasUPX']:
|
self.upx = kwargs.get('upx', False)
|
else:
|
self.upx = False
|
|
# Catch and clear options that are unsupported on specific platforms.
|
if self.versrsrc and not is_win:
|
logger.warning('Ignoring version information; supported only on Windows!')
|
self.versrsrc = None
|
if self.manifest and not is_win:
|
logger.warning('Ignoring manifest; supported only on Windows!')
|
self.manifest = None
|
if self.resources and not is_win:
|
logger.warning('Ignoring resources; supported only on Windows!')
|
self.resources = []
|
if self.icon and not (is_win or is_darwin):
|
logger.warning('Ignoring icon; supported only on Windows and macOS!')
|
self.icon = None
|
|
# Old .spec format included in 'name' the path where to put created app. New format includes only exename.
|
#
|
# Ignore fullpath in the 'name' and prepend DISTPATH or WORKPATH.
|
# DISTPATH - onefile
|
# WORKPATH - onedir
|
if self.exclude_binaries:
|
# onedir mode - create executable in WORKPATH.
|
self.name = os.path.join(CONF['workpath'], os.path.basename(self.name))
|
else:
|
# onefile mode - create executable in DISTPATH.
|
self.name = os.path.join(CONF['distpath'], os.path.basename(self.name))
|
|
# Old .spec format included on Windows in 'name' .exe suffix.
|
if is_win or is_cygwin:
|
# Append .exe suffix if it is not already there.
|
if not self.name.endswith('.exe'):
|
self.name += '.exe'
|
base_name = os.path.splitext(os.path.basename(self.name))[0]
|
else:
|
base_name = os.path.basename(self.name)
|
# Create the CArchive PKG in WORKPATH. When instancing PKG(), set name so that guts check can test whether the
|
# file already exists.
|
self.pkgname = os.path.join(CONF['workpath'], base_name + '.pkg')
|
|
self.toc = []
|
|
for arg in args:
|
# Valid arguments: PYZ object, Splash object, and TOC-list iterables
|
if isinstance(arg, (PYZ, Splash)):
|
# Add object as an entry to the TOC, and merge its dependencies TOC
|
if isinstance(arg, PYZ):
|
self.toc.append((os.path.basename(arg.name), arg.name, "PYZ"))
|
else:
|
self.toc.append((os.path.basename(arg.name), arg.name, "SPLASH"))
|
self.toc.extend(arg.dependencies)
|
elif miscutils.is_iterable(arg):
|
# TOC-like iterable
|
self.toc.extend(arg)
|
else:
|
raise TypeError(f"Invalid argument type for EXE: {type(arg)!r}")
|
|
if self.runtime_tmpdir is not None:
|
self.toc.append(("pyi-runtime-tmpdir " + self.runtime_tmpdir, "", "OPTION"))
|
|
if self.bootloader_ignore_signals:
|
# no value; presence means "true"
|
self.toc.append(("pyi-bootloader-ignore-signals", "", "OPTION"))
|
|
if self.disable_windowed_traceback:
|
# no value; presence means "true"
|
self.toc.append(("pyi-disable-windowed-traceback", "", "OPTION"))
|
|
if self.argv_emulation:
|
# no value; presence means "true"
|
self.toc.append(("pyi-macos-argv-emulation", "", "OPTION"))
|
|
# If the icon path is relative, make it relative to the .spec file.
|
def makeabs(path):
|
if os.path.isabs(path):
|
return path
|
else:
|
return os.path.join(CONF['specpath'], path)
|
|
if self.icon and self.icon != "NONE":
|
if isinstance(self.icon, list):
|
self.icon = [makeabs(ic) for ic in self.icon]
|
else:
|
self.icon = [makeabs(self.icon)]
|
|
if is_win:
|
if not self.exclude_binaries:
|
# onefile mode forces embed_manifest=True
|
if not self.embed_manifest:
|
logger.warning("Ignoring embed_manifest=False setting in onefile mode!")
|
self.embed_manifest = True
|
if not self.icon:
|
# --icon not specified; use default from bootloader folder
|
if self.console:
|
ico = 'icon-console.ico'
|
else:
|
ico = 'icon-windowed.ico'
|
self.icon = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'bootloader', 'images', ico)
|
filename = os.path.join(CONF['workpath'], CONF['specnm'] + ".exe.manifest")
|
self.manifest = winmanifest.create_manifest(
|
filename, self.manifest, self.console, self.uac_admin, self.uac_uiaccess
|
)
|
|
manifest_filename = os.path.basename(self.name) + ".manifest"
|
|
# If external manifest file is requested (supported only in onedir mode), add the file to the TOC in order
|
# for it to be collected as an external manifest file. Otherwise, the assembly pipeline will embed the
|
# manifest into the executable later on.
|
if not self.embed_manifest:
|
self.toc.append((manifest_filename, filename, 'BINARY'))
|
|
if self.versrsrc:
|
if isinstance(self.versrsrc, versioninfo.VSVersionInfo):
|
# We were passed a valid versioninfo.VSVersionInfo structure
|
pass
|
elif isinstance(self.versrsrc, (str, bytes, os.PathLike)):
|
# File path; either absolute, or relative to the spec file
|
if not os.path.isabs(self.versrsrc):
|
self.versrsrc = os.path.join(CONF['specpath'], self.versrsrc)
|
logger.debug("Loading version info from file: %r", self.versrsrc)
|
self.versrsrc = versioninfo.load_version_info_from_text_file(self.versrsrc)
|
else:
|
raise TypeError(f"Unsupported type for version info argument: {type(self.versrsrc)!r}")
|
|
# Normalize TOC
|
self.toc = normalize_toc(self.toc)
|
|
self.pkg = PKG(
|
self.toc,
|
name=self.pkgname,
|
cdict=kwargs.get('cdict', None),
|
exclude_binaries=self.exclude_binaries,
|
strip_binaries=self.strip,
|
upx_binaries=self.upx,
|
upx_exclude=self.upx_exclude,
|
target_arch=self.target_arch,
|
codesign_identity=self.codesign_identity,
|
entitlements_file=self.entitlements_file
|
)
|
self.dependencies = self.pkg.dependencies
|
|
# Get the path of the bootloader and store it in a TOC, so it can be checked for being changed.
|
exe = self._bootloader_file('run', '.exe' if is_win or is_cygwin else '')
|
self.exefiles = [(os.path.basename(exe), exe, 'EXECUTABLE')]
|
|
self.__postinit__()
|
|
_GUTS = ( # input parameters
|
('name', _check_guts_eq),
|
('console', _check_guts_eq),
|
('debug', _check_guts_eq),
|
('exclude_binaries', _check_guts_eq),
|
('icon', _check_guts_eq),
|
('versrsrc', _check_guts_eq),
|
('uac_admin', _check_guts_eq),
|
('uac_uiaccess', _check_guts_eq),
|
('manifest', _check_guts_eq),
|
('embed_manifest', _check_guts_eq),
|
('append_pkg', _check_guts_eq),
|
('argv_emulation', _check_guts_eq),
|
('target_arch', _check_guts_eq),
|
('codesign_identity', _check_guts_eq),
|
('entitlements_file', _check_guts_eq),
|
# for the case the directory ius shared between platforms:
|
('pkgname', _check_guts_eq),
|
('toc', _check_guts_eq),
|
('resources', _check_guts_eq),
|
('strip', _check_guts_eq),
|
('upx', _check_guts_eq),
|
('mtm', None), # checked below
|
# no calculated/analysed values
|
('exefiles', _check_guts_toc),
|
)
|
|
def _check_guts(self, data, last_build):
|
if not os.path.exists(self.name):
|
logger.info("Rebuilding %s because %s missing", self.tocbasename, os.path.basename(self.name))
|
return True
|
if not self.append_pkg and not os.path.exists(self.pkgname):
|
logger.info("Rebuilding because %s missing", os.path.basename(self.pkgname))
|
return True
|
|
if Target._check_guts(self, data, last_build):
|
return True
|
|
mtm = data['mtm']
|
if mtm != miscutils.mtime(self.name):
|
logger.info("Rebuilding %s because mtimes don't match", self.tocbasename)
|
return True
|
if mtm < miscutils.mtime(self.pkg.tocfilename):
|
logger.info("Rebuilding %s because pkg is more recent", self.tocbasename)
|
return True
|
|
return False
|
|
def _bootloader_file(self, exe, extension=None):
|
"""
|
Pick up the right bootloader file - debug, console, windowed.
|
"""
|
# Having console/windowed bootloader makes sense only on Windows and Mac OS.
|
if is_win or is_darwin:
|
if not self.console:
|
exe = exe + 'w'
|
# There are two types of bootloaders:
|
# run - release, no verbose messages in console.
|
# run_d - contains verbose messages in console.
|
if self.debug:
|
exe = exe + '_d'
|
if extension:
|
exe = exe + extension
|
bootloader_file = os.path.join(HOMEPATH, 'PyInstaller', 'bootloader', PLATFORM, exe)
|
logger.info('Bootloader %s' % bootloader_file)
|
return bootloader_file
|
|
def assemble(self):
|
from PyInstaller.config import CONF
|
|
# On Windows, we must never create a file with a .exe suffix that we then have to (re)write to (see #6467).
|
# Any intermediate/temporary file must have an alternative suffix.
|
build_name = self.name + '.notanexecutable' if is_win or is_cygwin else self.name
|
|
logger.info("Building EXE from %s", self.tocbasename)
|
if os.path.exists(self.name):
|
if os.path.isdir(self.name):
|
_rmtree(self.name) # will prompt for confirmation if --noconfirm is not given
|
else:
|
os.remove(self.name)
|
if not os.path.exists(os.path.dirname(self.name)):
|
os.makedirs(os.path.dirname(self.name))
|
exe = self.exefiles[0][1] # pathname of bootloader
|
if not os.path.exists(exe):
|
raise SystemExit(_MISSING_BOOTLOADER_ERRORMSG)
|
|
# Step 1: copy the bootloader file, and perform any operations that need to be done prior to appending the PKG.
|
logger.info("Copying bootloader EXE to %s", build_name)
|
self._copyfile(exe, build_name)
|
os.chmod(build_name, 0o755)
|
|
if is_win:
|
# First, remove all resources from the file. This ensures that no manifest is embedded, even if bootloader
|
# was compiled with a toolchain that forcibly embeds a default manifest (e.g., mingw toolchain from msys2).
|
winresource.RemoveAllResources(build_name)
|
# Embed icon.
|
if self.icon != "NONE":
|
logger.info("Copying icon to EXE")
|
icon.CopyIcons(build_name, self.icon)
|
# Embed version info.
|
if self.versrsrc:
|
logger.info("Copying version information to EXE")
|
versioninfo.write_version_info_to_executable(build_name, self.versrsrc)
|
# Embed other resources.
|
logger.info("Copying %d resources to EXE", len(self.resources))
|
for res in self.resources:
|
res = res.split(",")
|
for i in range(1, len(res)):
|
try:
|
res[i] = int(res[i])
|
except ValueError:
|
pass
|
resfile = res[0]
|
if not os.path.isabs(resfile):
|
resfile = os.path.join(CONF['specpath'], resfile)
|
restype = resname = reslang = None
|
if len(res) > 1:
|
restype = res[1]
|
if len(res) > 2:
|
resname = res[2]
|
if len(res) > 3:
|
reslang = res[3]
|
try:
|
winresource.UpdateResourcesFromResFile(
|
build_name, resfile, [restype or "*"], [resname or "*"], [reslang or "*"]
|
)
|
except winresource.pywintypes.error as exc:
|
if exc.args[0] != winresource.ERROR_BAD_EXE_FORMAT:
|
logger.error(
|
"Error while updating resources in %s from resource file %s!",
|
build_name,
|
resfile,
|
exc_info=1
|
)
|
continue
|
|
# Handle the case where the file contains no resources, and is intended as a single resource to be
|
# added to the exe.
|
if not restype or not resname:
|
logger.error("Resource type and/or name not specified!")
|
continue
|
if "*" in (restype, resname):
|
logger.error(
|
"No wildcards allowed for resource type and name when the source file does not contain "
|
"any resources!"
|
)
|
continue
|
try:
|
winresource.UpdateResourcesFromDataFile(build_name, resfile, restype, [resname], [reslang or 0])
|
except winresource.pywintypes.error:
|
logger.error(
|
"Error while updating resource %s %s in %s from data file %s!",
|
restype,
|
resname,
|
build_name,
|
resfile,
|
exc_info=1
|
)
|
# Embed the manifest into the executable.
|
if self.embed_manifest:
|
logger.info("Embedding manifest in EXE")
|
self.manifest.update_resources(build_name, [1])
|
elif is_darwin:
|
# Convert bootloader to the target arch
|
logger.info("Converting EXE to target arch (%s)", self.target_arch)
|
osxutils.binary_to_target_arch(build_name, self.target_arch, display_name='Bootloader EXE')
|
|
# Step 2: append the PKG, if necessary
|
if self.append_pkg:
|
append_file = self.pkg.name # Append PKG
|
append_type = 'PKG archive' # For debug messages
|
else:
|
# In onefile mode, copy the stand-alone PKG next to the executable. In onedir, this will be done by the
|
# COLLECT() target.
|
if not self.exclude_binaries:
|
pkg_dst = os.path.join(os.path.dirname(build_name), os.path.basename(self.pkgname))
|
logger.info("Copying stand-alone PKG archive from %s to %s", self.pkg.name, pkg_dst)
|
self._copyfile(self.pkg.name, pkg_dst)
|
else:
|
logger.info("Stand-alone PKG archive will be handled by COLLECT")
|
|
# The bootloader requires package side-loading to be explicitly enabled, which is done by embedding custom
|
# signature to the executable. This extra signature ensures that the sideload-enabled executable is at least
|
# slightly different from the stock bootloader executables, which should prevent antivirus programs from
|
# flagging our stock bootloaders due to sideload-enabled applications in the wild.
|
|
# Write to temporary file
|
pkgsig_file = self.pkg.name + '.sig'
|
with open(pkgsig_file, "wb") as f:
|
# 8-byte MAGIC; slightly changed PKG MAGIC pattern
|
f.write(b'MEI\015\013\012\013\016')
|
|
append_file = pkgsig_file # Append PKG-SIG
|
append_type = 'PKG sideload signature' # For debug messages
|
|
if is_linux:
|
# Linux: append data into custom ELF section using objcopy.
|
logger.info("Appending %s to custom ELF section in EXE", append_type)
|
cmd = ['objcopy', '--add-section', f'pydata={append_file}', build_name]
|
p = subprocess.run(cmd, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, universal_newlines=True)
|
if p.returncode:
|
raise SystemError(f"objcopy Failure: {p.returncode} {p.stdout}")
|
|
elif is_darwin:
|
# macOS: remove signature, append data, and fix-up headers so that the appended data appears to be part of
|
# the executable (which is required by strict validation during code-signing).
|
|
# Strip signatures from all arch slices. Strictly speaking, we need to remove signature (if present) from
|
# the last slice, because we will be appending data to it. When building universal2 bootloaders natively on
|
# macOS, only arm64 slices have a (dummy) signature. However, when cross-compiling with osxcross, we seem to
|
# get dummy signatures on both x86_64 and arm64 slices. While the former should not have any impact, it does
|
# seem to cause issues with further binary signing using real identity. Therefore, we remove all signatures
|
# and re-sign the binary using dummy signature once the data is appended.
|
logger.info("Removing signature(s) from EXE")
|
osxutils.remove_signature_from_binary(build_name)
|
|
# Append the data
|
logger.info("Appending %s to EXE", append_type)
|
with open(build_name, 'ab') as outf:
|
with open(append_file, 'rb') as inf:
|
shutil.copyfileobj(inf, outf, length=64 * 1024)
|
|
# Fix Mach-O headers
|
logger.info("Fixing EXE headers for code signing")
|
osxutils.fix_exe_for_code_signing(build_name)
|
else:
|
# Fall back to just appending data at the end of the file
|
logger.info("Appending %s to EXE", append_type)
|
with open(build_name, 'ab') as outf:
|
with open(append_file, 'rb') as inf:
|
shutil.copyfileobj(inf, outf, length=64 * 1024)
|
|
# Step 3: post-processing
|
if is_win:
|
# Set checksum to appease antiviral software. Also set build timestamp to current time to increase entropy
|
# (but honor SOURCE_DATE_EPOCH environment variable for reproducible builds).
|
logger.info("Fixing EXE headers")
|
build_timestamp = int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))
|
winutils.set_exe_build_timestamp(build_name, build_timestamp)
|
winutils.update_exe_pe_checksum(build_name)
|
elif is_darwin:
|
# If the version of macOS SDK used to build bootloader exceeds that of macOS SDK used to built Python
|
# library (and, by extension, bundled Tcl/Tk libraries), force the version declared by the frozen executable
|
# to match that of the Python library.
|
# Having macOS attempt to enable new features (based on SDK version) for frozen application has no benefit
|
# if the Python library does not support them as well.
|
# On the other hand, there seem to be UI issues in tkinter due to failed or partial enablement of dark mode
|
# (i.e., the bootloader executable being built against SDK 10.14 or later, which causes macOS to enable dark
|
# mode, and Tk libraries being built against an earlier SDK version that does not support the dark mode).
|
# With python.org Intel macOS installers, this manifests as black Tk windows and UI elements (see issue
|
# #5827), while in Anaconda python, it may result in white text on bright background.
|
pylib_version = osxutils.get_macos_sdk_version(bindepend.get_python_library_path())
|
exe_version = osxutils.get_macos_sdk_version(build_name)
|
if pylib_version < exe_version:
|
logger.info(
|
"Rewriting the executable's macOS SDK version (%d.%d.%d) to match the SDK version of the Python "
|
"library (%d.%d.%d) in order to avoid inconsistent behavior and potential UI issues in the "
|
"frozen application.", *exe_version, *pylib_version
|
)
|
osxutils.set_macos_sdk_version(build_name, *pylib_version)
|
|
# Re-sign the binary (either ad-hoc or using real identity, if provided).
|
logger.info("Re-signing the EXE")
|
osxutils.sign_binary(build_name, self.codesign_identity, self.entitlements_file)
|
|
# Ensure executable flag is set
|
os.chmod(build_name, 0o755)
|
# Get mtime for storing into the guts
|
self.mtm = miscutils.mtime(build_name)
|
if build_name != self.name:
|
os.rename(build_name, self.name)
|
logger.info("Building EXE from %s completed successfully.", self.tocbasename)
|
|
def _copyfile(self, infile, outfile):
|
with open(infile, 'rb') as infh:
|
with open(outfile, 'wb') as outfh:
|
shutil.copyfileobj(infh, outfh, length=64 * 1024)
|
|
|
class COLLECT(Target):
|
"""
|
In one-dir mode creates the output folder with all necessary files.
|
"""
|
def __init__(self, *args, **kwargs):
|
"""
|
args
|
One or more arguments that are either an instance of `Target` or an iterable representing TOC list.
|
kwargs
|
Possible keyword arguments:
|
|
name
|
The name of the directory to be built.
|
"""
|
from PyInstaller.config import CONF
|
|
super().__init__()
|
|
self.strip_binaries = kwargs.get('strip', False)
|
self.upx_exclude = kwargs.get("upx_exclude", [])
|
self.console = True
|
self.target_arch = None
|
self.codesign_identity = None
|
self.entitlements_file = None
|
|
if CONF['hasUPX']:
|
self.upx_binaries = kwargs.get('upx', False)
|
else:
|
self.upx_binaries = False
|
|
# The `name` should be the output directory name, without the parent path (the directory is created in the
|
# DISTPATH). Old .spec formats included parent path, so strip it away.
|
self.name = os.path.join(CONF['distpath'], os.path.basename(kwargs.get('name')))
|
|
self.toc = []
|
for arg in args:
|
# Valid arguments: EXE object and TOC-like iterables
|
if isinstance(arg, EXE):
|
# Add EXE as an entry to the TOC, and merge its dependencies TOC
|
self.toc.append((os.path.basename(arg.name), arg.name, 'EXECUTABLE'))
|
self.toc.extend(arg.dependencies)
|
# Inherit settings
|
self.console = arg.console
|
self.target_arch = arg.target_arch
|
self.codesign_identity = arg.codesign_identity
|
self.entitlements_file = arg.entitlements_file
|
# Search for the executable's external manifest, and collect it if available
|
for dest_name, src_name, typecode in arg.toc:
|
if dest_name == os.path.basename(arg.name) + ".manifest":
|
self.toc.append((dest_name, src_name, typecode))
|
# If PKG is not appended to the executable, we need to collect it.
|
if not arg.append_pkg:
|
self.toc.append((os.path.basename(arg.pkgname), arg.pkgname, 'PKG'))
|
elif miscutils.is_iterable(arg):
|
# TOC-like iterable
|
self.toc.extend(arg)
|
else:
|
raise TypeError(f"Invalid argument type for COLLECT: {type(arg)!r}")
|
|
# Normalize TOC
|
self.toc = normalize_toc(self.toc)
|
|
self.__postinit__()
|
|
_GUTS = (
|
# COLLECT always builds, we just want the TOC to be written out.
|
('toc', None),
|
)
|
|
def _check_guts(self, data, last_build):
|
# COLLECT always needs to be executed, in order to clean the output directory.
|
return True
|
|
def assemble(self):
|
_make_clean_directory(self.name)
|
logger.info("Building COLLECT %s", self.tocbasename)
|
for dest_name, src_name, typecode in self.toc:
|
# Ensure that the source file exists, if necessary. Skip the check for DEPENDENCY entries due to special
|
# contents of 'dest_name' and/or 'src_name'.
|
if typecode != 'DEPENDENCY' and not os.path.exists(src_name):
|
# If file is contained within python egg, it will be added with the egg.
|
if not is_path_to_egg(src_name):
|
if strict_collect_mode:
|
raise ValueError(f"Non-existent resource {src_name}, meant to be collected as {dest_name}!")
|
else:
|
logger.warning(
|
"Ignoring non-existent resource %s, meant to be collected as %s", src_name, dest_name
|
)
|
continue
|
# Disallow collection outside of the dist directory.
|
if os.pardir in os.path.normpath(dest_name).split(os.sep) or os.path.isabs(dest_name):
|
raise SystemExit(
|
'Security-Alert: attempting to store file outside of the dist directory: %r. Aborting.' % dest_name
|
)
|
# Create parent directory structure, if necessary
|
dest_path = os.path.join(self.name, dest_name) # Absolute destination path
|
dest_dir = os.path.dirname(dest_path)
|
if not os.path.exists(dest_dir):
|
os.makedirs(dest_dir)
|
elif not os.path.isdir(dest_dir):
|
raise SystemExit(
|
f"Pyinstaller needs to create a directory at {dest_dir!r}, "
|
"but there already exists a file at that path!"
|
)
|
if typecode in ('EXTENSION', 'BINARY'):
|
src_name = checkCache(
|
src_name,
|
strip=self.strip_binaries,
|
upx=self.upx_binaries,
|
upx_exclude=self.upx_exclude,
|
dist_nm=dest_name,
|
target_arch=self.target_arch,
|
codesign_identity=self.codesign_identity,
|
entitlements_file=self.entitlements_file,
|
strict_arch_validation=(typecode == 'EXTENSION'),
|
)
|
if typecode != 'DEPENDENCY':
|
# At this point, `src_name` should be a valid file.
|
if not os.path.isfile(src_name):
|
raise ValueError(f"Resource {src_name!r} is not a valid file!")
|
# If strict collection mode is enabled, the destination should not exist yet.
|
if strict_collect_mode and os.path.exists(dest_path):
|
raise ValueError(
|
f"Attempting to collect a duplicated file into COLLECT: {dest_name} (type: {typecode})"
|
)
|
shutil.copy2(src_name, dest_path) # Use copy2 to (attempt to) preserve metadata
|
if typecode in ('EXTENSION', 'BINARY'):
|
os.chmod(dest_path, 0o755)
|
logger.info("Building COLLECT %s completed successfully.", self.tocbasename)
|
|
|
class MERGE:
|
"""
|
Given Analysis objects for multiple executables, replace occurrences of data and binary files with references to the
|
first executable in which they occur. The actual data and binary files are then collected only once, thereby
|
reducing the disk space used by multiple executables. Every executable (even onedir ones!) obtained from a
|
MERGE-processed Analysis gains onefile semantics, because it needs to extract its referenced dependencies from other
|
executables into temporary directory before they can run.
|
"""
|
def __init__(self, *args):
|
"""
|
args
|
Dependencies as a list of (analysis, identifier, path_to_exe) tuples. `analysis` is an instance of
|
`Analysis`, `identifier` is the basename of the entry-point script (without .py suffix), and `path_to_exe`
|
is path to the corresponding executable, relative to the `dist` directory (without .exe suffix in the
|
filename component). For onefile executables, `path_to_exe` is usually just executable's base name
|
(e.g., `myexecutable`). For onedir executables, `path_to_exe` usually comprises both the application's
|
directory name and executable name (e.g., `myapp/myexecutable`).
|
"""
|
self._dependencies = {}
|
|
# Process all given (analysis, identifier, path_to_exe) tuples
|
for analysis, identifier, path_to_exe in args:
|
# Process analysis.binaries and analysis.datas TOCs. self._process_toc() call returns two TOCs; the first
|
# contains entries that remain within this analysis, while the second contains entries that reference
|
# an entry in another executable.
|
binaries, binaries_refs = self._process_toc(analysis.binaries, path_to_exe)
|
datas, datas_refs = self._process_toc(analysis.datas, path_to_exe)
|
# Update `analysis.binaries`, `analysis.datas`, and `analysis.dependencies`.
|
# The entries that are found in preceding executable(s) are removed from `binaries` and `datas`, and their
|
# DEPENDENCY entry counterparts are added to `dependencies`. We cannot simply update the entries in
|
# `binaries` and `datas`, because at least in theory, we need to support both onefile and onedir mode. And
|
# while in onefile, `a.datas`, `a.binaries`, and `a.dependencies` are passed to `EXE` (and its `PKG`), with
|
# onedir, `a.datas` and `a.binaries` need to be passed to `COLLECT` (as they were before the MERGE), while
|
# `a.dependencies` needs to be passed to `EXE`. This split requires DEPENDENCY entries to be in a separate
|
# TOC.
|
analysis.binaries = normalize_toc(binaries)
|
analysis.datas = normalize_toc(datas)
|
analysis.dependencies += binaries_refs + datas_refs
|
|
def _process_toc(self, toc, path_to_exe):
|
# NOTE: unfortunately, these need to keep two separate lists. See the comment in the calling code on why this
|
# is so.
|
toc_keep = []
|
toc_refs = []
|
for entry in toc:
|
dest_name, src_name, typecode = entry
|
if src_name not in self._dependencies:
|
logger.debug("Adding dependency %s located in %s", src_name, path_to_exe)
|
self._dependencies[src_name] = path_to_exe
|
# Add entry to list of kept TOC entries
|
toc_keep.append(entry)
|
else:
|
# Construct relative dependency path; i.e., the relative path from this executable (or rather, its
|
# parent directory) to the executable that contains the dependency.
|
dep_path = os.path.relpath(self._dependencies[src_name], os.path.dirname(path_to_exe))
|
# Ignore references that point to the origin package. This can happen if the same resource is listed
|
# multiple times in TOCs (e.g., once as binary and once as data).
|
if dep_path.endswith(path_to_exe):
|
logger.debug(
|
"Ignoring self-reference of %s for %s, located in %s - duplicated TOC entry?", src_name,
|
path_to_exe, dep_path
|
)
|
# The entry is a duplicate, and should be ignored (i.e., do not add it to either of output TOCs).
|
continue
|
logger.debug("Referencing %s to be a dependency for %s, located in %s", src_name, path_to_exe, dep_path)
|
# Create new DEPENDENCY entry; under destination path (first element), we store the original destination
|
# path, while source path contains the relative reference path.
|
toc_refs.append((dest_name, dep_path, "DEPENDENCY"))
|
|
return toc_keep, toc_refs
|
|
|
UNCOMPRESSED = False
|
COMPRESSED = True
|
|
_MISSING_BOOTLOADER_ERRORMSG = """Fatal error: PyInstaller does not include a pre-compiled bootloader for your
|
platform. For more details and instructions how to build the bootloader see
|
<https://pyinstaller.readthedocs.io/en/stable/bootloader-building.html>"""
|
