[Python-Dev] Safely importing zip files with C extensions
Brett Cannon
brett at python.org
Thu Mar 28 17:09:26 CET 2013
On Thu, Mar 28, 2013 at 10:44 AM, Thomas Heller <theller at ctypes.org> wrote:
> Am 27.03.2013 20:38, schrieb Vinay Sajip:
>
> This quote is here to stop GMane complaining that I'm top-posting. Ignore.
>>>
>>
>> I've already posted this to distutils-sig, but thought that it might be of
>> interest to readers here as it relates to importing C extensions ...
>>
>> zipimport is great, but there can be issues importing software that
>> contains
>> C extensions. But the new wheel format (PEP 427) may give us a better way
>> of
>> importing zip files containing C extensions. Since wheels are .zip files,
>> they
>> can sometimes be used to provide functionality without needing to be
>> installed.
>> But whereas .zip files contain no convention for indicating compatibility
>> with
>> a particular Python, wheels do contain this compatibility information.
>> Thus, it
>> is possible to check if a wheel can be directly imported from, and the
>> wheel
>> support in distlib allows you to take advantage of this using the mount()
>> and
>> unmount() methods. When you mount a wheel, its absolute path name is
>> added to
>> sys.path, allowing the Python code in it to be imported. (A
>> DistlibException is
>> raised if the wheel isn't compatible with the Python which calls the
>> mount()
>> method.)
>>
>
> The zip-file itself could support importing compiled extensions when it
> contains a python-wrapper module that unpacks the .so/.dll file somewhere,
> and finally calls imp.load_dynamic() to import it and replace itself.
Which must be done carefully to prevent a security issue. It shouldn't be
unzipped anywhere but into a directory only writable by the process.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20130328/2d110e62/attachment.html>
More information about the Python-Dev
mailing list