How to secure the source code of your python application

Sooner or later, all python-developers are faced with a choice: give the application to the customer in source code or hide it. And in the second case, many (especially recently familiar with this charming language) problems begin: a Google search, as a rule, gives nothing, no ideas (or all are delusional).

And what to do in this case?

The first thought was to give the pyc-files. Then I did not understand what it really is. After several hours spent searching for answers than this threatens, the only possible conclusion was made: the option would not pass. For python <2.7, “decompilers” are completely free, and 2.7 and higher for relatively little money promise to issue in the form of source codes. Moreover, this tool , with which I have received my code one-to-one in a few moments.
')
The build option in the binary seemed quite tempting. But, as it turned out, all the collectors (below I will give an example of cx_Freeze) actually only do that they pack .pyc into the archive, that is, they don’t protect the source code at all.

And then it hit me.

We propose we have a project with such a structure (this is just an example):

TestModule/__init__.py
TestModule/Config.py
ui/__init__.py
ui/mainwindow.py
ui/loginwindow.py
main.py

Here I would immediately like to note two points:

1. In the main.py file, we should actually only have a call to the main module, but if there is something more, it is desirable to arrange it into a separate module
2. Files __init__.py is desirable so that they are generally empty.

We do some simple manipulations:

1. $ sudo apt-get install cython
2. Create the file compile.py in the project root:
   

    from distutils.core import setup from distutils.extension import Extension from Cython.Distutils import build_ext ext_modules = [ Extension("TestModule.Config", ["TestModule/Config.py"]), Extension("ui.mainwindow", ["ui/mainwindow.py"]), Extension("ui.loginwindow", ["ui/loginwindow.py"]), ] setup( name = 'Test App', cmdclass = {'build_ext': build_ext}, ext_modules = ext_modules ) 

   
   
3. In the same place (at the root of the project) we perform
   $ python compile.py build_ext --inplace
4. now we can delete all files in subdirectories except * .so and __init__.py

After testing for performance, everything should work just like before.
That's all, now nobody will read the source code for sure. True, it is too early to give the application, the customer does not want to install and configure the python with all the modules you use. Therefore, we collect everything in the "package":

1. $ sudo apt-get install cx-freeze
2. At the root of the project create a file pack.py:
   

    from cx_Freeze import setup, Executable setup( name = "Test App", version = "0.1", description = "test", executables = [Executable("main.py")]) 

3. $ python pack.py build
4. Copy "their" folders from the project folder to build / exe.linux-x86_64-2.7
5. We try to run the resulting binary and, if necessary, copy the missing libraries (in my case it was PyQt)

After verification, you can give the package to the customer.

PS I hope someone this simple how-to will save as much time as I could save.