[Python-Dev] Safely importing zip files with C extensions (original) (raw)

Brett Cannon brett at python.org
Thu Mar 28 17:09:26 CET 2013

On Thu, Mar 28, 2013 at 10:44 AM, Thomas Heller <theller at ctypes.org> wrote:

Am 27.03.2013 20:38, schrieb Vinay Sajip:

This quote is here to stop GMane complaining that I'm top-posting. Ignore.

I've already posted this to distutils-sig, but thought that it might be of interest to readers here as it relates to importing C extensions ... zipimport is great, but there can be issues importing software that contains C extensions. But the new wheel format (PEP 427) may give us a better way of importing zip files containing C extensions. Since wheels are .zip files, they can sometimes be used to provide functionality without needing to be installed. But whereas .zip files contain no convention for indicating compatibility with a particular Python, wheels do contain this compatibility information. Thus, it is possible to check if a wheel can be directly imported from, and the wheel support in distlib allows you to take advantage of this using the mount() and unmount() methods. When you mount a wheel, its absolute path name is added to sys.path, allowing the Python code in it to be imported. (A DistlibException is raised if the wheel isn't compatible with the Python which calls the mount() method.) The zip-file itself could support importing compiled extensions when it contains a python-wrapper module that unpacks the .so/.dll file somewhere, and finally calls imp.loaddynamic() to import it and replace itself.

Which must be done carefully to prevent a security issue. It shouldn't be unzipped anywhere but into a directory only writable by the process. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20130328/2d110e62/attachment.html>

More information about the Python-Dev mailing list