1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
|
#-----------------------------------------------------------------------------
# Copyright (c) 2005-2023, PyInstaller Development Team.
#
# Distributed under the terms of the GNU General Public License (version 2
# or later) with exception for distributing the bootloader.
#
# The full license is in the file COPYING.txt, distributed with this software.
#
# SPDX-License-Identifier: (GPL-2.0-or-later WITH Bootloader-exception)
#-----------------------------------------------------------------------------
"""
This module contains classes that are available for the .spec files.
Spec file is generated by PyInstaller. The generated code from .spec file
is a way how PyInstaller does the dependency analysis and creates executable.
"""
import os
import subprocess
import time
import pathlib
import shutil
from operator import itemgetter
from PyInstaller import HOMEPATH, PLATFORM
from PyInstaller import log as logging
from PyInstaller.archive.writers import CArchiveWriter, ZlibArchiveWriter
from PyInstaller.building.datastruct import Target, _check_guts_eq, normalize_pyz_toc, normalize_toc
from PyInstaller.building.utils import (
_check_guts_toc, _make_clean_directory, _rmtree, process_collected_binary, get_code_object, strip_paths_in_code,
compile_pymodule
)
from PyInstaller.building.splash import Splash # argument type validation in EXE
from PyInstaller.compat import is_cygwin, is_darwin, is_linux, is_win, strict_collect_mode, is_nogil
from PyInstaller.depend import bindepend
from PyInstaller.depend.analysis import get_bootstrap_modules
import PyInstaller.utils.misc as miscutils
logger = logging.getLogger(__name__)
if is_win:
from PyInstaller.utils.win32 import (icon, versioninfo, winmanifest, winresource, winutils)
if is_darwin:
import PyInstaller.utils.osx as osxutils
class PYZ(Target):
"""
Creates a zlib-based PYZ archive that contains byte-compiled pure Python modules.
"""
def __init__(self, *tocs, **kwargs):
"""
tocs
One or more TOC (Table of Contents) lists, usually an `Analysis.pure`.
kwargs
Possible keyword arguments:
name
A filename for the .pyz. Normally not needed, as the generated name will do fine.
"""
if kwargs.get("cipher"):
from PyInstaller.exceptions import RemovedCipherFeatureError
raise RemovedCipherFeatureError(
"Please remove the 'cipher' arguments to PYZ() and Analysis() in your spec file."
)
from PyInstaller.config import CONF
super().__init__()
name = kwargs.get('name', None)
self.name = name
if name is None:
self.name = os.path.splitext(self.tocfilename)[0] + '.pyz'
# PyInstaller bootstrapping modules.
bootstrap_dependencies = get_bootstrap_modules()
# Compile the python modules that are part of bootstrap dependencies, so that they can be collected into the
# CArchive/PKG and imported by the bootstrap script.
self.dependencies = []
workpath = os.path.join(CONF['workpath'], 'localpycs')
for name, src_path, typecode in bootstrap_dependencies:
if typecode == 'PYMODULE':
# Compile pymodule and include the compiled .pyc file.
pyc_path = compile_pymodule(
name,
src_path,
workpath,
# Never optimize bootstrap dependencies!
optimize=0,
code_cache=None,
)
self.dependencies.append((name, pyc_path, typecode))
else:
# Include as is (extensions).
self.dependencies.append((name, src_path, typecode))
# Merge input TOC(s) and their code object dictionaries (if available). Skip the bootstrap modules, which will
# be passed on to CArchive/PKG.
bootstrap_module_names = set(name for name, _, typecode in self.dependencies if typecode == 'PYMODULE')
self.toc = []
self.code_dict = {}
for toc in tocs:
# Check if code cache association exists for the given TOC list
code_cache = CONF['code_cache'].get(id(toc))
if code_cache is not None:
self.code_dict.update(code_cache)
for entry in toc:
name, _, typecode = entry
# PYZ expects only PYMODULE entries (python code objects).
assert typecode in {'PYMODULE', 'PYMODULE-1', 'PYMODULE-2'}, f"Invalid entry passed to PYZ: {entry}!"
# Module required during bootstrap; skip to avoid collecting a duplicate.
if name in bootstrap_module_names:
continue
self.toc.append(entry)
# Normalize TOC
self.toc = normalize_pyz_toc(self.toc)
# Alphabetically sort the TOC to enable reproducible builds.
self.toc.sort()
self.__postinit__()
_GUTS = (
# input parameters
('name', _check_guts_eq),
('toc', _check_guts_toc),
# no calculated/analysed values
)
def assemble(self):
logger.info("Building PYZ (ZlibArchive) %s", self.name)
# Ensure code objects are available for all modules we are about to collect.
# NOTE: `self.toc` is already sorted by names.
archive_toc = []
for entry in self.toc:
name, src_path, typecode = entry
if name not in self.code_dict:
# The code object is not available from the ModuleGraph's cache; re-create it.
optim_level = {'PYMODULE': 0, 'PYMODULE-1': 1, 'PYMODULE-2': 2}[typecode]
try:
self.code_dict[name] = get_code_object(name, src_path, optimize=optim_level)
except SyntaxError:
# The module was likely written for different Python version; exclude it
continue
archive_toc.append(entry)
# Remove leading parts of paths in code objects.
self.code_dict = {name: strip_paths_in_code(code) for name, code in self.code_dict.items()}
# Create the archive
ZlibArchiveWriter(self.name, archive_toc, code_dict=self.code_dict)
logger.info("Building PYZ (ZlibArchive) %s completed successfully.", self.name)
class PKG(Target):
"""
Creates a CArchive. CArchive is the data structure that is embedded into the executable. This data structure allows
to include various read-only data in a single-file deployment.
"""
xformdict = {
# PYMODULE entries are already byte-compiled, so we do not need to encode optimization level in the low-level
# typecodes. PYSOURCE entries are byte-compiled by the underlying writer, so we need to pass the optimization
# level via low-level typecodes.
'PYMODULE': 'm',
'PYMODULE-1': 'm',
'PYMODULE-2': 'm',
'PYSOURCE': 's',
'PYSOURCE-1': 's1',
'PYSOURCE-2': 's2',
'EXTENSION': 'b',
'PYZ': 'z',
'PKG': 'a',
'DATA': 'x',
'BINARY': 'b',
'ZIPFILE': 'Z',
'EXECUTABLE': 'b',
'DEPENDENCY': 'd',
'SPLASH': 'l',
'SYMLINK': 'n',
}
def __init__(
self,
toc,
python_lib_name,
name=None,
cdict=None,
exclude_binaries=False,
strip_binaries=False,
upx_binaries=False,
upx_exclude=None,
target_arch=None,
codesign_identity=None,
entitlements_file=None
):
"""
toc
A TOC (Table of Contents) list.
python_lib_name
Name of the python shared library to store in PKG. Required by bootloader.
name
An optional filename for the PKG.
cdict
Dictionary that specifies compression by typecode. For Example, PYZ is left uncompressed so that it
can be accessed inside the PKG. The default uses sensible values. If zlib is not available, no
compression is used.
exclude_binaries
If True, EXTENSIONs and BINARYs will be left out of the PKG, and forwarded to its container (usually
a COLLECT).
strip_binaries
If True, use 'strip' command to reduce the size of binary files.
upx_binaries
"""
super().__init__()
self.toc = normalize_toc(toc) # Ensure guts contain normalized TOC
self.python_lib_name = python_lib_name
self.cdict = cdict
self.name = name
if name is None:
self.name = os.path.splitext(self.tocfilename)[0] + '.pkg'
self.exclude_binaries = exclude_binaries
self.strip_binaries = strip_binaries
self.upx_binaries = upx_binaries
self.upx_exclude = upx_exclude or []
self.target_arch = target_arch
self.codesign_identity = codesign_identity
self.entitlements_file = entitlements_file
# This dict tells PyInstaller what items embedded in the executable should be compressed.
if self.cdict is None:
self.cdict = {
'EXTENSION': COMPRESSED,
'DATA': COMPRESSED,
'BINARY': COMPRESSED,
'EXECUTABLE': COMPRESSED,
'PYSOURCE': COMPRESSED,
'PYMODULE': COMPRESSED,
'SPLASH': COMPRESSED,
# Do not compress PYZ as a whole, as it contains individually-compressed modules.
'PYZ': UNCOMPRESSED,
# Do not compress target names in symbolic links.
'SYMLINK': UNCOMPRESSED,
}
self.__postinit__()
_GUTS = ( # input parameters
('name', _check_guts_eq),
('cdict', _check_guts_eq),
('toc', _check_guts_toc), # list unchanged and no newer files
('python_lib_name', _check_guts_eq),
('exclude_binaries', _check_guts_eq),
('strip_binaries', _check_guts_eq),
('upx_binaries', _check_guts_eq),
('upx_exclude', _check_guts_eq),
('target_arch', _check_guts_eq),
('codesign_identity', _check_guts_eq),
('entitlements_file', _check_guts_eq),
# no calculated/analysed values
)
def assemble(self):
logger.info("Building PKG (CArchive) %s", os.path.basename(self.name))
pkg_file = pathlib.Path(self.name).resolve() # Used to detect attempts at PKG feeding itself
bootstrap_toc = [] # TOC containing bootstrap scripts and modules, which must not be sorted.
archive_toc = [] # TOC containing all other elements. Sorted to enable reproducible builds.
for dest_name, src_name, typecode in self.toc:
# Ensure that the source file exists, if necessary. Skip the check for OPTION entries, where 'src_name' is
# None. Also skip DEPENDENCY entries due to special contents of 'dest_name' and/or 'src_name'. Same for the
# SYMLINK entries, where 'src_name' is relative target name for symbolic link.
if typecode not in {'OPTION', 'DEPENDENCY', 'SYMLINK'}:
if not os.path.exists(src_name):
if strict_collect_mode:
raise ValueError(f"Non-existent resource {src_name}, meant to be collected as {dest_name}!")
else:
logger.warning(
"Ignoring non-existent resource %s, meant to be collected as %s", src_name, dest_name
)
continue
# Detect attempt at collecting PKG into itself, as it results in and endless feeding loop and exhaustion
# of all available storage space.
if pathlib.Path(src_name).resolve() == pkg_file:
raise ValueError(f"Trying to collect PKG file {src_name} into itself!")
if typecode in ('BINARY', 'EXTENSION'):
if self.exclude_binaries:
# This is onedir-specific codepath - the EXE and consequently PKG should not be passed the Analysis'
# `datas` and `binaries` TOCs (unless the user messes up the .spec file). However, EXTENSION entries
# might still slip in via `PYZ.dependencies`, which are merged by EXE into its TOC and passed on to
# PKG here. Such entries need to be passed to the parent container (the COLLECT) via
# `PKG.dependencies`.
#
# This codepath formerly performed such pass-through only for EXTENSION entries, but in order to
# keep code simple, we now also do it for BINARY entries. In a sane world, we do not expect to
# encounter them here; but if they do happen to pass through here and we pass them on, the
# container's TOC de-duplication should take care of them (same as with EXTENSION ones, really).
self.dependencies.append((dest_name, src_name, typecode))
else:
# This is onefile-specific codepath. The binaries (both EXTENSION and BINARY entries) need to be
# processed using `process_collected_binary` helper.
src_name = process_collected_binary(
src_name,
dest_name,
use_strip=self.strip_binaries,
use_upx=self.upx_binaries,
upx_exclude=self.upx_exclude,
target_arch=self.target_arch,
codesign_identity=self.codesign_identity,
entitlements_file=self.entitlements_file,
strict_arch_validation=(typecode == 'EXTENSION'),
)
archive_toc.append((dest_name, src_name, self.cdict.get(typecode, False), self.xformdict[typecode]))
elif typecode in ('DATA', 'ZIPFILE'):
# Same logic as above for BINARY and EXTENSION; if `exclude_binaries` is set, we are in onedir mode;
# we should exclude DATA (and ZIPFILE) entries and instead pass them on via PKG's `dependencies`. This
# prevents a onedir application from becoming a broken onefile one if user accidentally passes datas
# and binaries TOCs to EXE instead of COLLECT.
if self.exclude_binaries:
self.dependencies.append((dest_name, src_name, typecode))
else:
if typecode == 'DATA' and os.access(src_name, os.X_OK):
# DATA with executable bit set (e.g., shell script); turn into binary so that executable bit is
# restored on the extracted file.
carchive_typecode = 'b'
else:
carchive_typecode = self.xformdict[typecode]
archive_toc.append((dest_name, src_name, self.cdict.get(typecode, False), carchive_typecode))
elif typecode == 'OPTION':
archive_toc.append((dest_name, '', False, 'o'))
elif typecode in {'PYSOURCE', 'PYSOURCE-1', 'PYSOURCE-2', 'PYMODULE', 'PYMODULE-1', 'PYMODULE-2'}:
# Collect python script and modules in a TOC that will not be sorted.
bootstrap_toc.append((dest_name, src_name, self.cdict.get(typecode, False), self.xformdict[typecode]))
elif typecode == 'PYZ':
# Override PYZ name in the PKG archive into PYZ.pyz, regardless of what the original name was. The
# bootloader looks for PYZ via the typecode and implicitly expects a single entry, so the name does
# not matter. However, having a fixed name matters if we want reproducibility in scenarios where
# multiple builds are performed within the same process (for example, on our CI).
archive_toc.append(('PYZ.pyz', src_name, self.cdict.get(typecode, False), self.xformdict[typecode]))
else:
# PKG, DEPENDENCY, SPLASH, SYMLINK
archive_toc.append((dest_name, src_name, self.cdict.get(typecode, False), self.xformdict[typecode]))
# Sort content alphabetically by type and name to enable reproducible builds.
archive_toc.sort(key=itemgetter(3, 0))
# Do *not* sort modules and scripts, as their order is important.
# TODO: Think about having all modules first and then all scripts.
CArchiveWriter(self.name, bootstrap_toc + archive_toc, pylib_name=self.python_lib_name)
logger.info("Building PKG (CArchive) %s completed successfully.", os.path.basename(self.name))
class EXE(Target):
"""
Creates the final executable of the frozen app. This bundles all necessary files together.
"""
def __init__(self, *args, **kwargs):
"""
args
One or more arguments that are either an instance of `Target` or an iterable representing TOC list.
kwargs
Possible keyword arguments:
bootloader_ignore_signals
Non-Windows only. If True, the bootloader process will ignore all ignorable signals. If False (default),
it will forward all signals to the child process. Useful in situations where for example a supervisor
process signals both the bootloader and the child (e.g., via a process group) to avoid signalling the
child twice.
console
On Windows or macOS governs whether to use the console executable or the windowed executable. Always
True on Linux/Unix (always console executable - it does not matter there).
hide_console
Windows only. In console-enabled executable, hide or minimize the console window if the program owns the
console window (i.e., was not launched from existing console window). Depending on the setting, the
console is hidden/mininized either early in the bootloader execution ('hide-early', 'minimize-early') or
late in the bootloader execution ('hide-late', 'minimize-late'). The early option takes place as soon as
the PKG archive is found. In onefile builds, the late option takes place after application has unpacked
itself and before it launches the child process. In onedir builds, the late option takes place before
starting the embedded python interpreter.
disable_windowed_traceback
Disable traceback dump of unhandled exception in windowed (noconsole) mode (Windows and macOS only),
and instead display a message that this feature is disabled.
debug
Setting to True gives you progress messages from the executable (for console=False there will be
annoying MessageBoxes on Windows).
name
The filename for the executable. On Windows suffix '.exe' is appended.
exclude_binaries
Forwarded to the PKG the EXE builds.
icon
Windows and macOS only. icon='myicon.ico' to use an icon file or icon='notepad.exe,0' to grab an icon
resource. Defaults to use PyInstaller's console or windowed icon. Use icon=`NONE` to not add any icon.
version
Windows only. version='myversion.txt'. Use grab_version.py to get a version resource from an executable
and then edit the output to create your own. (The syntax of version resources is so arcane that I would
not attempt to write one from scratch).
uac_admin
Windows only. Setting to True creates a Manifest with will request elevation upon application start.
uac_uiaccess
Windows only. Setting to True allows an elevated application to work with Remote Desktop.
argv_emulation
macOS only. Enables argv emulation in macOS .app bundles (i.e., windowed bootloader). If enabled, the
initial open document/URL Apple Events are intercepted by bootloader and converted into sys.argv.
target_arch
macOS only. Used to explicitly specify the target architecture; either single-arch ('x86_64' or 'arm64')
or 'universal2'. Used in checks that the collected binaries contain the requires arch slice(s) and/or
to convert fat binaries into thin ones as necessary. If not specified (default), a single-arch build
corresponding to running architecture is assumed.
codesign_identity
macOS only. Use the provided identity to sign collected binaries and the generated executable. If
signing identity is not provided, ad-hoc signing is performed.
entitlements_file
macOS only. Optional path to entitlements file to use with code signing of collected binaries
(--entitlements option to codesign utility).
contents_directory
Onedir mode only. Specifies the name of the directory where all files par the executable will be placed.
Setting the name to '.' (or '' or None) re-enables old onedir layout without contents directory.
"""
from PyInstaller.config import CONF
super().__init__()
# Available options for EXE in .spec files.
self.exclude_binaries = kwargs.get('exclude_binaries', False)
self.bootloader_ignore_signals = kwargs.get('bootloader_ignore_signals', False)
self.console = kwargs.get('console', True)
self.hide_console = kwargs.get('hide_console', None)
self.disable_windowed_traceback = kwargs.get('disable_windowed_traceback', False)
self.debug = kwargs.get('debug', False)
self.name = kwargs.get('name', None)
self.icon = kwargs.get('icon', None)
self.versrsrc = kwargs.get('version', None)
self.manifest = kwargs.get('manifest', None)
self.resources = kwargs.get('resources', [])
self.strip = kwargs.get('strip', False)
self.upx_exclude = kwargs.get("upx_exclude", [])
self.runtime_tmpdir = kwargs.get('runtime_tmpdir', None)
self.contents_directory = kwargs.get("contents_directory", "_internal")
# If ``append_pkg`` is false, the archive will not be appended to the exe, but copied beside it.
self.append_pkg = kwargs.get('append_pkg', True)
# On Windows allows the exe to request admin privileges.
self.uac_admin = kwargs.get('uac_admin', False)
self.uac_uiaccess = kwargs.get('uac_uiaccess', False)
# macOS argv emulation
self.argv_emulation = kwargs.get('argv_emulation', False)
# Target architecture (macOS only)
self.target_arch = kwargs.get('target_arch', None)
if is_darwin:
if self.target_arch is None:
import platform
self.target_arch = platform.machine()
else:
assert self.target_arch in {'x86_64', 'arm64', 'universal2'}, \
f"Unsupported target arch: {self.target_arch}"
logger.info("EXE target arch: %s", self.target_arch)
else:
self.target_arch = None # explicitly disable
# Code signing identity (macOS only)
self.codesign_identity = kwargs.get('codesign_identity', None)
if is_darwin:
logger.info("Code signing identity: %s", self.codesign_identity)
else:
self.codesign_identity = None # explicitly disable
# Code signing entitlements
self.entitlements_file = kwargs.get('entitlements_file', None)
# UPX needs to be both available and enabled for the target.
self.upx = CONF['upx_available'] and kwargs.get('upx', False)
# Catch and clear options that are unsupported on specific platforms.
if self.versrsrc and not is_win:
logger.warning('Ignoring version information; supported only on Windows!')
self.versrsrc = None
if self.manifest and not is_win:
logger.warning('Ignoring manifest; supported only on Windows!')
self.manifest = None
if self.resources and not is_win:
logger.warning('Ignoring resources; supported only on Windows!')
self.resources = []
if self.icon and not (is_win or is_darwin):
logger.warning('Ignoring icon; supported only on Windows and macOS!')
self.icon = None
if self.hide_console and not is_win:
logger.warning('Ignoring hide_console; supported only on Windows!')
self.hide_console = None
if self.contents_directory in ("", "."):
self.contents_directory = None # Re-enable old onedir layout without contents directory.
elif self.contents_directory == ".." or "/" in self.contents_directory or "\\" in self.contents_directory:
raise SystemExit(
f'ERROR: Invalid value "{self.contents_directory}" passed to `--contents-directory` or '
'`contents_directory`. Exactly one directory level is required (or just "." to disable the '
'contents directory).'
)
if not kwargs.get('embed_manifest', True):
from PyInstaller.exceptions import RemovedExternalManifestError
raise RemovedExternalManifestError(
"Please remove the 'embed_manifest' argument to EXE() in your spec file."
)
# Old .spec format included in 'name' the path where to put created app. New format includes only exename.
#
# Ignore fullpath in the 'name' and prepend DISTPATH or WORKPATH.
# DISTPATH - onefile
# WORKPATH - onedir
if self.exclude_binaries:
# onedir mode - create executable in WORKPATH.
self.name = os.path.join(CONF['workpath'], os.path.basename(self.name))
else:
# onefile mode - create executable in DISTPATH.
self.name = os.path.join(CONF['distpath'], os.path.basename(self.name))
# Old .spec format included on Windows in 'name' .exe suffix.
if is_win or is_cygwin:
# Append .exe suffix if it is not already there.
if not self.name.endswith('.exe'):
self.name += '.exe'
base_name = os.path.splitext(os.path.basename(self.name))[0]
else:
base_name = os.path.basename(self.name)
# Create the CArchive PKG in WORKPATH. When instancing PKG(), set name so that guts check can test whether the
# file already exists.
self.pkgname = os.path.join(CONF['workpath'], base_name + '.pkg')
self.toc = []
for arg in args:
# Valid arguments: PYZ object, Splash object, and TOC-list iterables
if isinstance(arg, (PYZ, Splash)):
# Add object as an entry to the TOC, and merge its dependencies TOC
if isinstance(arg, PYZ):
self.toc.append((os.path.basename(arg.name), arg.name, "PYZ"))
else:
self.toc.append((os.path.basename(arg.name), arg.name, "SPLASH"))
self.toc.extend(arg.dependencies)
elif miscutils.is_iterable(arg):
# TOC-like iterable
self.toc.extend(arg)
else:
raise TypeError(f"Invalid argument type for EXE: {type(arg)!r}")
if is_nogil:
# Signal to bootloader that python was built with Py_GIL_DISABLED, in order to select correct `PyConfig`
# structure layout at run-time.
self.toc.append(("pyi-python-flag Py_GIL_DISABLED", "", "OPTION"))
if self.runtime_tmpdir is not None:
self.toc.append(("pyi-runtime-tmpdir " + self.runtime_tmpdir, "", "OPTION"))
if self.bootloader_ignore_signals:
# no value; presence means "true"
self.toc.append(("pyi-bootloader-ignore-signals", "", "OPTION"))
if self.disable_windowed_traceback:
# no value; presence means "true"
self.toc.append(("pyi-disable-windowed-traceback", "", "OPTION"))
if self.argv_emulation:
# no value; presence means "true"
self.toc.append(("pyi-macos-argv-emulation", "", "OPTION"))
if self.contents_directory:
self.toc.append(("pyi-contents-directory " + self.contents_directory, "", "OPTION"))
if self.hide_console:
# Validate the value
_HIDE_CONSOLE_VALUES = {'hide-early', 'minimize-early', 'hide-late', 'minimize-late'}
self.hide_console = self.hide_console.lower()
if self.hide_console not in _HIDE_CONSOLE_VALUES:
raise ValueError(
f"Invalid hide_console value: {self.hide_console}! Allowed values: {_HIDE_CONSOLE_VALUES}"
)
self.toc.append((f"pyi-hide-console {self.hide_console}", "", "OPTION"))
# If the icon path is relative, make it relative to the .spec file.
if self.icon and self.icon != "NONE":
if isinstance(self.icon, list):
self.icon = [self._makeabs(ic) for ic in self.icon]
else:
self.icon = [self._makeabs(self.icon)]
if is_win:
if not self.icon:
# --icon not specified; use default from bootloader folder
if self.console:
ico = 'icon-console.ico'
else:
ico = 'icon-windowed.ico'
self.icon = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'bootloader', 'images', ico)
# Prepare manifest for the executable by creating minimal manifest or modifying the supplied one.
if self.manifest:
# Determine if we were given a filename or an XML string.
if "<" in self.manifest:
self.manifest = self.manifest.encode("utf-8")
else:
self.manifest = self._makeabs(self.manifest)
with open(self.manifest, "rb") as fp:
self.manifest = fp.read()
self.manifest = winmanifest.create_application_manifest(self.manifest, self.uac_admin, self.uac_uiaccess)
if self.versrsrc:
if isinstance(self.versrsrc, versioninfo.VSVersionInfo):
# We were passed a valid versioninfo.VSVersionInfo structure
pass
elif isinstance(self.versrsrc, (str, bytes, os.PathLike)):
# File path; either absolute, or relative to the spec file
self.versrsrc = self._makeabs(self.versrsrc)
logger.debug("Loading version info from file: %r", self.versrsrc)
self.versrsrc = versioninfo.load_version_info_from_text_file(self.versrsrc)
else:
raise TypeError(f"Unsupported type for version info argument: {type(self.versrsrc)!r}")
# Identify python shared library. This is needed both for PKG (where we need to store the name so that
# bootloader can look it up), and for macOS-specific processing of the generated executable (adjusting the SDK
# version).
#
# NOTE: we already performed an equivalent search (using the same `get_python_library_path` helper) during the
# analysis stage to ensure that the python shared library is collected. Unfortunately, with the way data passing
# works in onedir builds, we cannot look up the value in the TOC at this stage, and we need to search again.
self.python_lib = bindepend.get_python_library_path()
if self.python_lib is None:
from PyInstaller.exceptions import PythonLibraryNotFoundError
raise PythonLibraryNotFoundError()
# Normalize TOC
self.toc = normalize_toc(self.toc)
self.pkg = PKG(
toc=self.toc,
python_lib_name=os.path.basename(self.python_lib),
name=self.pkgname,
cdict=kwargs.get('cdict', None),
exclude_binaries=self.exclude_binaries,
strip_binaries=self.strip,
upx_binaries=self.upx,
upx_exclude=self.upx_exclude,
target_arch=self.target_arch,
codesign_identity=self.codesign_identity,
entitlements_file=self.entitlements_file
)
self.dependencies = self.pkg.dependencies
# Get the path of the bootloader and store it in a TOC, so it can be checked for being changed.
exe = self._bootloader_file('run', '.exe' if is_win or is_cygwin else '')
self.exefiles = [(os.path.basename(exe), exe, 'EXECUTABLE')]
self.__postinit__()
_GUTS = (
# input parameters
('name', _check_guts_eq),
('console', _check_guts_eq),
('debug', _check_guts_eq),
('exclude_binaries', _check_guts_eq),
('icon', _check_guts_eq),
('versrsrc', _check_guts_eq),
('uac_admin', _check_guts_eq),
('uac_uiaccess', _check_guts_eq),
('manifest', _check_guts_eq),
('append_pkg', _check_guts_eq),
('argv_emulation', _check_guts_eq),
('target_arch', _check_guts_eq),
('codesign_identity', _check_guts_eq),
('entitlements_file', _check_guts_eq),
# for the case the directory is shared between platforms:
('pkgname', _check_guts_eq),
('toc', _check_guts_eq),
('resources', _check_guts_eq),
('strip', _check_guts_eq),
('upx', _check_guts_eq),
('mtm', None), # checked below
# derived values
('exefiles', _check_guts_toc),
('python_lib', _check_guts_eq),
)
def _check_guts(self, data, last_build):
if not os.path.exists(self.name):
logger.info("Rebuilding %s because %s missing", self.tocbasename, os.path.basename(self.name))
return True
if not self.append_pkg and not os.path.exists(self.pkgname):
logger.info("Rebuilding because %s missing", os.path.basename(self.pkgname))
return True
if Target._check_guts(self, data, last_build):
return True
mtm = data['mtm']
if mtm != miscutils.mtime(self.name):
logger.info("Rebuilding %s because mtimes don't match", self.tocbasename)
return True
if mtm < miscutils.mtime(self.pkg.tocfilename):
logger.info("Rebuilding %s because pkg is more recent", self.tocbasename)
return True
return False
@staticmethod
def _makeabs(path):
"""
Helper for anchoring relative paths to spec file location.
"""
from PyInstaller.config import CONF
if os.path.isabs(path):
return path
else:
return os.path.join(CONF['specpath'], path)
def _bootloader_file(self, exe, extension=None):
"""
Pick up the right bootloader file - debug, console, windowed.
"""
# Having console/windowed bootloader makes sense only on Windows and macOS.
if is_win or is_darwin:
if not self.console:
exe = exe + 'w'
# There are two types of bootloaders:
# run - release, no verbose messages in console.
# run_d - contains verbose messages in console.
if self.debug:
exe = exe + '_d'
if extension:
exe = exe + extension
bootloader_file = os.path.join(HOMEPATH, 'PyInstaller', 'bootloader', PLATFORM, exe)
logger.info('Bootloader %s' % bootloader_file)
return bootloader_file
def assemble(self):
# On Windows, we used to append .notanexecutable to the intermediate/temporary file name to (attempt to)
# prevent interference from anti-virus programs with the build process (see #6467). This is now disabled
# as we wrap all processing steps that modify the executable in the `_retry_operation` helper; however,
# we keep around the `build_name` variable instead of directly using `self.name`, just in case we need
# to re-enable it...
build_name = self.name
logger.info("Building EXE from %s", self.tocbasename)
if os.path.exists(self.name):
if os.path.isdir(self.name):
_rmtree(self.name) # will prompt for confirmation if --noconfirm is not given
else:
os.remove(self.name)
if not os.path.exists(os.path.dirname(self.name)):
os.makedirs(os.path.dirname(self.name))
bootloader_exe = self.exefiles[0][1] # pathname of bootloader
if not os.path.exists(bootloader_exe):
raise SystemExit(_MISSING_BOOTLOADER_ERRORMSG)
# Step 1: copy the bootloader file, and perform any operations that need to be done prior to appending the PKG.
logger.info("Copying bootloader EXE to %s", build_name)
self._retry_operation(shutil.copyfile, bootloader_exe, build_name)
self._retry_operation(os.chmod, build_name, 0o755)
if is_win:
# First, remove all resources from the file. This ensures that no manifest is embedded, even if bootloader
# was compiled with a toolchain that forcibly embeds a default manifest (e.g., mingw toolchain from msys2).
self._retry_operation(winresource.remove_all_resources, build_name)
# Embed icon.
if self.icon != "NONE":
logger.info("Copying icon to EXE")
self._retry_operation(icon.CopyIcons, build_name, self.icon)
# Embed version info.
if self.versrsrc:
logger.info("Copying version information to EXE")
self._retry_operation(versioninfo.write_version_info_to_executable, build_name, self.versrsrc)
# Embed/copy other resources.
logger.info("Copying %d resources to EXE", len(self.resources))
for resource in self.resources:
self._retry_operation(self._copy_windows_resource, build_name, resource)
# Embed the manifest into the executable.
logger.info("Embedding manifest in EXE")
self._retry_operation(winmanifest.write_manifest_to_executable, build_name, self.manifest)
elif is_darwin:
# Convert bootloader to the target arch
logger.info("Converting EXE to target arch (%s)", self.target_arch)
osxutils.binary_to_target_arch(build_name, self.target_arch, display_name='Bootloader EXE')
# Step 2: append the PKG, if necessary
if self.append_pkg:
append_file = self.pkg.name # Append PKG
append_type = 'PKG archive' # For debug messages
else:
# In onefile mode, copy the stand-alone PKG next to the executable. In onedir, this will be done by the
# COLLECT() target.
if not self.exclude_binaries:
pkg_dst = os.path.join(os.path.dirname(build_name), os.path.basename(self.pkgname))
logger.info("Copying stand-alone PKG archive from %s to %s", self.pkg.name, pkg_dst)
shutil.copyfile(self.pkg.name, pkg_dst)
else:
logger.info("Stand-alone PKG archive will be handled by COLLECT")
# The bootloader requires package side-loading to be explicitly enabled, which is done by embedding custom
# signature to the executable. This extra signature ensures that the sideload-enabled executable is at least
# slightly different from the stock bootloader executables, which should prevent antivirus programs from
# flagging our stock bootloaders due to sideload-enabled applications in the wild.
# Write to temporary file
pkgsig_file = self.pkg.name + '.sig'
with open(pkgsig_file, "wb") as f:
# 8-byte MAGIC; slightly changed PKG MAGIC pattern
f.write(b'MEI\015\013\012\013\016')
append_file = pkgsig_file # Append PKG-SIG
append_type = 'PKG sideload signature' # For debug messages
if is_linux:
# Linux: append data into custom ELF section using objcopy.
logger.info("Appending %s to custom ELF section in EXE", append_type)
cmd = ['objcopy', '--add-section', f'pydata={append_file}', build_name]
p = subprocess.run(cmd, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, encoding='utf-8')
if p.returncode:
raise SystemError(f"objcopy Failure: {p.returncode} {p.stdout}")
elif is_darwin:
# macOS: remove signature, append data, and fix-up headers so that the appended data appears to be part of
# the executable (which is required by strict validation during code-signing).
# Strip signatures from all arch slices. Strictly speaking, we need to remove signature (if present) from
# the last slice, because we will be appending data to it. When building universal2 bootloaders natively on
# macOS, only arm64 slices have a (dummy) signature. However, when cross-compiling with osxcross, we seem to
# get dummy signatures on both x86_64 and arm64 slices. While the former should not have any impact, it does
# seem to cause issues with further binary signing using real identity. Therefore, we remove all signatures
# and re-sign the binary using dummy signature once the data is appended.
logger.info("Removing signature(s) from EXE")
osxutils.remove_signature_from_binary(build_name)
# Fix Mach-O image UUID(s) in executable to ensure uniqueness across different builds.
# NOTE: even if PKG is side-loaded, use the hash of its contents to generate the new UUID.
# NOTE: this step is performed *before* PKG is appended and sizes are fixed in the executable's headers;
# this ensures that we are operating only on original header size instead of enlarged one (which could
# be significantly larger in large onefile builds).
logger.info("Modifying Mach-O image UUID(s) in EXE")
osxutils.update_exe_identifier(build_name, self.pkg.name)
# Append the data
logger.info("Appending %s to EXE", append_type)
self._append_data_to_exe(build_name, append_file)
# Fix Mach-O headers
logger.info("Fixing EXE headers for code signing")
osxutils.fix_exe_for_code_signing(build_name)
else:
# Fall back to just appending data at the end of the file
logger.info("Appending %s to EXE", append_type)
self._retry_operation(self._append_data_to_exe, build_name, append_file)
# Step 3: post-processing
if is_win:
# Set checksum to appease antiviral software. Also set build timestamp to current time to increase entropy
# (but honor SOURCE_DATE_EPOCH environment variable for reproducible builds).
logger.info("Fixing EXE headers")
build_timestamp = int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))
self._retry_operation(winutils.set_exe_build_timestamp, build_name, build_timestamp)
self._retry_operation(winutils.update_exe_pe_checksum, build_name)
elif is_darwin:
# If the version of macOS SDK used to build bootloader exceeds that of macOS SDK used to built Python
# library (and, by extension, bundled Tcl/Tk libraries), force the version declared by the frozen executable
# to match that of the Python library.
# Having macOS attempt to enable new features (based on SDK version) for frozen application has no benefit
# if the Python library does not support them as well.
# On the other hand, there seem to be UI issues in tkinter due to failed or partial enablement of dark mode
# (i.e., the bootloader executable being built against SDK 10.14 or later, which causes macOS to enable dark
# mode, and Tk libraries being built against an earlier SDK version that does not support the dark mode).
# With python.org Intel macOS installers, this manifests as black Tk windows and UI elements (see issue
# #5827), while in Anaconda python, it may result in white text on bright background.
pylib_version = osxutils.get_macos_sdk_version(self.python_lib)
exe_version = osxutils.get_macos_sdk_version(build_name)
if pylib_version < exe_version:
logger.info(
"Rewriting the executable's macOS SDK version (%d.%d.%d) to match the SDK version of the Python "
"library (%d.%d.%d) in order to avoid inconsistent behavior and potential UI issues in the "
"frozen application.", *exe_version, *pylib_version
)
osxutils.set_macos_sdk_version(build_name, *pylib_version)
# Re-sign the binary (either ad-hoc or using real identity, if provided).
logger.info("Re-signing the EXE")
osxutils.sign_binary(build_name, self.codesign_identity, self.entitlements_file)
# Ensure executable flag is set
self._retry_operation(os.chmod, build_name, 0o755)
# Get mtime for storing into the guts
self.mtm = self._retry_operation(miscutils.mtime, build_name)
if build_name != self.name:
self._retry_operation(os.rename, build_name, self.name)
logger.info("Building EXE from %s completed successfully.", self.tocbasename)
def _copy_windows_resource(self, build_name, resource_spec):
import pefile
# Helper for optionally converting integer strings to values; resource types and IDs/names can be specified as
# either numeric values or custom strings...
def _to_int(value):
try:
return int(value)
except Exception:
return value
logger.debug("Processing resource: %r", resource_spec)
resource = resource_spec.split(",") # filename,[type],[name],[language]
if len(resource) < 1 or len(resource) > 4:
raise ValueError(
f"Invalid Windows resource specifier {resource_spec!r}! "
f"Must be in format 'filename,[type],[name],[language]'!"
)
# Anchor resource file to spec file location, if necessary.
src_filename = self._makeabs(resource[0])
# Ensure file exists.
if not os.path.isfile(src_filename):
raise ValueError(f"Resource file {src_filename!r} does not exist!")
# Check if src_filename points to a PE file or an arbitrary (data) file.
try:
with pefile.PE(src_filename, fast_load=True):
is_pe_file = True
except Exception:
is_pe_file = False
if is_pe_file:
# If resource file is PE file, copy all resources from it, subject to specified type, name, and language.
logger.debug("Resource file %r is a PE file...", src_filename)
# Resource type, name, and language serve as filters. If not specified, use "*".
resource_type = _to_int(resource[1]) if len(resource) >= 2 else "*"
resource_name = _to_int(resource[2]) if len(resource) >= 3 else "*"
resource_lang = _to_int(resource[3]) if len(resource) >= 4 else "*"
try:
winresource.copy_resources_from_pe_file(
build_name,
src_filename,
[resource_type],
[resource_name],
[resource_lang],
)
except Exception as e:
raise IOError(f"Failed to copy resources from PE file {src_filename!r}") from e
else:
logger.debug("Resource file %r is an arbitrary data file...", src_filename)
# For arbitrary data file, resource type and name need to be provided.
if len(resource) < 3:
raise ValueError(
f"Invalid Windows resource specifier {resource_spec!r}! "
f"For arbitrary data file, the format is 'filename,type,name,[language]'!"
)
resource_type = _to_int(resource[1])
resource_name = _to_int(resource[2])
resource_lang = _to_int(resource[3]) if len(resource) >= 4 else 0 # LANG_NEUTRAL
# Prohibit wildcards for resource type and name.
if resource_type == "*":
raise ValueError(
f"Invalid Windows resource specifier {resource_spec!r}! "
f"For arbitrary data file, resource type cannot be a wildcard (*)!"
)
if resource_name == "*":
raise ValueError(
f"Invalid Windows resource specifier {resource_spec!r}! "
f"For arbitrary data file, resource ma,e cannot be a wildcard (*)!"
)
try:
with open(src_filename, 'rb') as fp:
data = fp.read()
winresource.add_or_update_resource(
build_name,
data,
resource_type,
[resource_name],
[resource_lang],
)
except Exception as e:
raise IOError(f"Failed to embed data file {src_filename!r} as Windows resource") from e
def _append_data_to_exe(self, build_name, append_file):
with open(build_name, 'ab') as outf:
with open(append_file, 'rb') as inf:
shutil.copyfileobj(inf, outf, length=64 * 1024)
@staticmethod
def _retry_operation(func, *args, max_attempts=20):
"""
Attempt to execute the given function `max_attempts` number of times while catching exceptions that are usually
associated with Windows anti-virus programs temporarily locking the access to the executable.
"""
def _is_allowed_exception(e):
"""
Helper to determine whether the given exception is eligible for retry or not.
"""
if isinstance(e, PermissionError):
# Always retry on all instances of PermissionError
return True
elif is_win:
from PyInstaller.compat import pywintypes
# Windows-specific errno and winerror codes.
# https://learn.microsoft.com/en-us/cpp/c-runtime-library/errno-constants
_ALLOWED_ERRNO = {
13, # EACCES (would typically be a PermissionError instead)
22, # EINVAL (reported to be caused by Crowdstrike; see #7840)
}
# https://learn.microsoft.com/en-us/windows/win32/debug/system-error-codes--0-499-
_ALLOWED_WINERROR = {
5, # ERROR_ACCESS_DENIED (reported in #7825)
32, # ERROR_SHARING_VIOLATION (exclusive lock via `CreateFileW` flags, or via `_locked`).
110, # ERROR_OPEN_FAILED (reported in #8138)
}
if isinstance(e, OSError):
# For OSError exceptions other than PermissionError, validate errno.
if e.errno in _ALLOWED_ERRNO:
return True
# OSError typically translates `winerror` into `errno` equivalent; but try to match the original
# values as a fall back, just in case. `OSError.winerror` attribute exists only on Windows.
if e.winerror in _ALLOWED_WINERROR:
return True
elif isinstance(e, pywintypes.error):
# pywintypes.error is raised by helper functions that use win32 C API bound via pywin32-ctypes.
if e.winerror in _ALLOWED_WINERROR:
return True
return False
func_name = func.__name__
for attempt in range(max_attempts):
try:
return func(*args)
except Exception as e:
# Check if exception is eligible for retry; if not, also check its immediate cause (in case the
# exception was thrown from an eligible exception).
if not _is_allowed_exception(e) and not _is_allowed_exception(e.__context__):
raise
# Retry after sleep (unless this was our last attempt)
if attempt < max_attempts - 1:
sleep_duration = 1 / (max_attempts - 1 - attempt)
logger.warning(
f"Execution of {func_name!r} failed on attempt #{attempt + 1} / {max_attempts}: {e!r}. "
f"Retrying in {sleep_duration:.2f} second(s)..."
)
time.sleep(sleep_duration)
else:
logger.warning(
f"Execution of {func_name!r} failed on attempt #{attempt + 1} / {max_attempts}: {e!r}."
)
raise RuntimeError(f"Execution of {func_name!r} failed - no more attempts left!") from e
class COLLECT(Target):
"""
In one-dir mode creates the output folder with all necessary files.
"""
def __init__(self, *args, **kwargs):
"""
args
One or more arguments that are either an instance of `Target` or an iterable representing TOC list.
kwargs
Possible keyword arguments:
name
The name of the directory to be built.
"""
from PyInstaller.config import CONF
super().__init__()
self.strip_binaries = kwargs.get('strip', False)
self.upx_exclude = kwargs.get("upx_exclude", [])
self.console = True
self.target_arch = None
self.codesign_identity = None
self.entitlements_file = None
# UPX needs to be both available and enabled for the taget.
self.upx_binaries = CONF['upx_available'] and kwargs.get('upx', False)
# The `name` should be the output directory name, without the parent path (the directory is created in the
# DISTPATH). Old .spec formats included parent path, so strip it away.
self.name = os.path.join(CONF['distpath'], os.path.basename(kwargs.get('name')))
for arg in args:
if isinstance(arg, EXE):
self.contents_directory = arg.contents_directory
break
else:
raise ValueError("No EXE() instance was passed to COLLECT()")
self.toc = []
for arg in args:
# Valid arguments: EXE object and TOC-like iterables
if isinstance(arg, EXE):
# Add EXE as an entry to the TOC, and merge its dependencies TOC
self.toc.append((os.path.basename(arg.name), arg.name, 'EXECUTABLE'))
self.toc.extend(arg.dependencies)
# Inherit settings
self.console = arg.console
self.target_arch = arg.target_arch
self.codesign_identity = arg.codesign_identity
self.entitlements_file = arg.entitlements_file
# Search for the executable's external manifest, and collect it if available
for dest_name, src_name, typecode in arg.toc:
if dest_name == os.path.basename(arg.name) + ".manifest":
self.toc.append((dest_name, src_name, typecode))
# If PKG is not appended to the executable, we need to collect it.
if not arg.append_pkg:
self.toc.append((os.path.basename(arg.pkgname), arg.pkgname, 'PKG'))
elif miscutils.is_iterable(arg):
# TOC-like iterable
self.toc.extend(arg)
else:
raise TypeError(f"Invalid argument type for COLLECT: {type(arg)!r}")
# Normalize TOC
self.toc = normalize_toc(self.toc)
self.__postinit__()
_GUTS = (
# COLLECT always builds, we just want the TOC to be written out.
('toc', None),
)
def _check_guts(self, data, last_build):
# COLLECT always needs to be executed, in order to clean the output directory.
return True
def assemble(self):
_make_clean_directory(self.name)
logger.info("Building COLLECT %s", self.tocbasename)
for dest_name, src_name, typecode in self.toc:
# Ensure that the source file exists, if necessary. Skip the check for DEPENDENCY entries due to special
# contents of 'dest_name' and/or 'src_name'. Same for the SYMLINK entries, where 'src_name' is relative
# target name for symbolic link.
if typecode not in {'DEPENDENCY', 'SYMLINK'} and not os.path.exists(src_name):
# If file is contained within python egg, it will be added with the egg.
if strict_collect_mode:
raise ValueError(f"Non-existent resource {src_name}, meant to be collected as {dest_name}!")
else:
logger.warning(
"Ignoring non-existent resource %s, meant to be collected as %s", src_name, dest_name
)
continue
# Disallow collection outside of the dist directory.
if os.pardir in os.path.normpath(dest_name).split(os.sep) or os.path.isabs(dest_name):
raise SystemExit(
'ERROR: attempting to store file outside of the dist directory: %r. Aborting.' % dest_name
)
# Create parent directory structure, if necessary
if typecode in ("EXECUTABLE", "PKG"):
dest_path = os.path.join(self.name, dest_name)
else:
dest_path = os.path.join(self.name, self.contents_directory or "", dest_name)
dest_dir = os.path.dirname(dest_path)
try:
os.makedirs(dest_dir, exist_ok=True)
except FileExistsError:
raise SystemExit(
f"ERROR: Pyinstaller needs to create a directory at {dest_dir!r}, "
"but there already exists a file at that path!"
)
if typecode in ('EXTENSION', 'BINARY'):
src_name = process_collected_binary(
src_name,
dest_name,
use_strip=self.strip_binaries,
use_upx=self.upx_binaries,
upx_exclude=self.upx_exclude,
target_arch=self.target_arch,
codesign_identity=self.codesign_identity,
entitlements_file=self.entitlements_file,
strict_arch_validation=(typecode == 'EXTENSION'),
)
if typecode == 'SYMLINK':
# On Windows, ensure that symlink target path (stored in src_name) is using Windows-style back slash
# separators.
if is_win and os.path.sep == '/':
src_name = src_name.replace(os.path.sep, '\\')
os.symlink(src_name, dest_path) # Create link at dest_path, pointing at (relative) src_name
elif typecode != 'DEPENDENCY':
# At this point, `src_name` should be a valid file.
if not os.path.isfile(src_name):
raise ValueError(f"Resource {src_name!r} is not a valid file!")
# If strict collection mode is enabled, the destination should not exist yet.
if strict_collect_mode and os.path.exists(dest_path):
raise ValueError(
f"Attempting to collect a duplicated file into COLLECT: {dest_name} (type: {typecode})"
)
# Use `shutil.copyfile` to copy file with default permissions. We do not attempt to preserve original
# permissions nor metadata, as they might be too restrictive and cause issues either during subsequent
# re-build attempts or when trying to move the application bundle. For binaries (and data files with
# executable bit set), we manually set the executable bits after copying the file.
shutil.copyfile(src_name, dest_path)
if (
typecode in ('EXTENSION', 'BINARY', 'EXECUTABLE')
or (typecode == 'DATA' and os.access(src_name, os.X_OK))
):
os.chmod(dest_path, 0o755)
logger.info("Building COLLECT %s completed successfully.", self.tocbasename)
class MERGE:
"""
Given Analysis objects for multiple executables, replace occurrences of data and binary files with references to the
first executable in which they occur. The actual data and binary files are then collected only once, thereby
reducing the disk space used by multiple executables. Every executable (even onedir ones!) obtained from a
MERGE-processed Analysis gains onefile semantics, because it needs to extract its referenced dependencies from other
executables into temporary directory before they can run.
"""
def __init__(self, *args):
"""
args
Dependencies as a list of (analysis, identifier, path_to_exe) tuples. `analysis` is an instance of
`Analysis`, `identifier` is the basename of the entry-point script (without .py suffix), and `path_to_exe`
is path to the corresponding executable, relative to the `dist` directory (without .exe suffix in the
filename component). For onefile executables, `path_to_exe` is usually just executable's base name
(e.g., `myexecutable`). For onedir executables, `path_to_exe` usually comprises both the application's
directory name and executable name (e.g., `myapp/myexecutable`).
"""
self._dependencies = {}
self._symlinks = set()
# Process all given (analysis, identifier, path_to_exe) tuples
for analysis, identifier, path_to_exe in args:
# Process analysis.binaries and analysis.datas TOCs. self._process_toc() call returns two TOCs; the first
# contains entries that remain within this analysis, while the second contains entries that reference
# an entry in another executable.
binaries, binaries_refs = self._process_toc(analysis.binaries, path_to_exe)
datas, datas_refs = self._process_toc(analysis.datas, path_to_exe)
# Update `analysis.binaries`, `analysis.datas`, and `analysis.dependencies`.
# The entries that are found in preceding executable(s) are removed from `binaries` and `datas`, and their
# DEPENDENCY entry counterparts are added to `dependencies`. We cannot simply update the entries in
# `binaries` and `datas`, because at least in theory, we need to support both onefile and onedir mode. And
# while in onefile, `a.datas`, `a.binaries`, and `a.dependencies` are passed to `EXE` (and its `PKG`), with
# onedir, `a.datas` and `a.binaries` need to be passed to `COLLECT` (as they were before the MERGE), while
# `a.dependencies` needs to be passed to `EXE`. This split requires DEPENDENCY entries to be in a separate
# TOC.
analysis.binaries = normalize_toc(binaries)
analysis.datas = normalize_toc(datas)
analysis.dependencies += binaries_refs + datas_refs
def _process_toc(self, toc, path_to_exe):
# NOTE: unfortunately, these need to keep two separate lists. See the comment in the calling code on why this
# is so.
toc_keep = []
toc_refs = []
for entry in toc:
dest_name, src_name, typecode = entry
# Special handling and bookkeeping for symbolic links. We need to account both for dest_name and src_name,
# because src_name might be the same in different contexts. For example, when collecting Qt .framework
# bundles on macOS, there are multiple relative symbolic links `Current -> A` (one in each .framework).
if typecode == 'SYMLINK':
key = dest_name, src_name
if key not in self._symlinks:
# First occurrence; keep the entry in "for-keep" TOC, same as we would for binaries and datas.
logger.debug("Keeping symbolic link %r entry in original TOC.", entry)
self._symlinks.add(key)
toc_keep.append(entry)
else:
# Subsequent occurrence; keep the SYMLINK entry intact, but add it to the references TOC instead of
# "for-keep" TOC, so it ends up in `a.dependencies`.
logger.debug("Moving symbolic link %r entry to references TOC.", entry)
toc_refs.append(entry)
del key # Block-local variable
continue
# In fact, we need to accout for both dest_name and src_name with regular entries as well; previous
# approach that considered only src_name ended tripped up when same file was collected in different
# locations (i.e., same src_name but different dest_names).
key = dest_name, src_name
if key not in self._dependencies:
logger.debug("Adding dependency %r located in %s", key, path_to_exe)
self._dependencies[key] = path_to_exe
# Add entry to list of kept TOC entries
toc_keep.append(entry)
else:
# Construct relative dependency path; i.e., the relative path from this executable (or rather, its
# parent directory) to the executable that contains the dependency.
dep_path = os.path.relpath(self._dependencies[key], os.path.dirname(path_to_exe))
# Ignore references that point to the origin package. This can happen if the same resource is listed
# multiple times in TOCs (e.g., once as binary and once as data).
if dep_path.endswith(path_to_exe):
logger.debug(
"Ignoring self-reference of %r for %s, located in %s - duplicated TOC entry?", key, path_to_exe,
dep_path
)
# The entry is a duplicate, and should be ignored (i.e., do not add it to either of output TOCs).
continue
logger.debug("Referencing %r to be a dependency for %s, located in %s", key, path_to_exe, dep_path)
# Create new DEPENDENCY entry; under destination path (first element), we store the original destination
# path, while source path contains the relative reference path.
toc_refs.append((dest_name, dep_path, "DEPENDENCY"))
return toc_keep, toc_refs
UNCOMPRESSED = False
COMPRESSED = True
_MISSING_BOOTLOADER_ERRORMSG = """Fatal error: PyInstaller does not include a pre-compiled bootloader for your
platform. For more details and instructions how to build the bootloader see
<https://pyinstaller.readthedocs.io/en/stable/bootloader-building.html>"""
|
