search

ronaldoussoren / py2app

py2app is a Python setuptools command which will allow you to make standalone Mac OS X application bundles and plugins from Python scripts.
Other
340 stars 36 forks source link

Avoid saving sensitive information in Info.plist #517

Open octimot opened 7 months ago

octimot commented 7 months ago

After freezing the app, I noticed that the Info.plist might contain the path to the python executable used by py2app.:

Here's a sample

<key>PythonInfoDict</key>
    <dict>
        <key>PythonExecutable</key>
        <string>/path/to/my/python</string>     <--- this string 
                ....
    </dict>
....

My way of fixing this is using the following plutil command:

plutil -replace PythonInfoDict.PythonExecutable - string 'venv/bin/python' [PATH_TO_BUNDLE]/Contents/

Note that you potentially have to re-sign the app bundle after doing this!

The path might contain the MacOS user name, or folder structures from the developer's computer, especially when using python executables from different locations on their system.

Is there a better way to avoid this path leak into the Info.plist file? Also, is this path actually necessary or used by anything after distribution?

Cheers!