[Distutils] A new, experimental packaging tool: distil
Philippe Ombredanne
pombredanne at nexb.com
Tue Mar 26 10:49:18 CET 2013
On Tue, Mar 26, 2013 at 9:54 AM, Vinay Sajip <vinay_sajip at yahoo.co.uk> wrote:
> I've created a new tool called distil which I'm using to experiment with
> packaging functionality.
Nice!
> * Very simple deployment - just copy distil.py[1] to a location on your path,
> optionally naming it to distil on POSIX platforms. There's no need to install
> distlib - it's all included.
I see that you are using a pattern similar to the virtualenv.py
script, embedding other code as a compressed byte array.
See how virtualenv.py is turning out to be lately:
https://github.com/pypa/virtualenv/blob/11ccab2698274f0e10b72da863f9efb73cf1a9aa/virtualenv.py#L1937
I am in general fine with the approach, though I feel a bit uncomfy
with this approach creeping in as "the" way to bootstrap things with
one single file for core distribution-related tools.
Would anyone know of a better way to package things in a single
python-executable bootstrapping script file without obfuscating the
source contents in compressed/encoded/obfuscated byte arrays?
Also, in your code calling this binary payload STUFF feels a tad
scary: this is arbitrary code that I cannot see nor inspect before
running.
I would not want to run unknown STUFFs on my machine ... and even more
so since the corresponding sources are not available publicly yet in a
source repo.
At the minimum, getting some comments or explicit variable names the
virtualenv way on what this payload is would help IMHO:
"STUFF = """
eJyEm1OMLlC3Zb+ybbtO1Snbtm3brjpl27Zt27Zt27b6Tye3b9J9k37YK9kv+2FmPMxkrC0vBQKKCgA
AIAGIUeqCCqFgEh/4AACRBQCAD8AFGFs4OVtbGNLpGRoYWdnbOTrTObk7GdnZmlqY0dq7qyhDAUDqZP
......"
--
Cordially
Philippe Ombredanne
More information about the Distutils-SIG
mailing list