Security-Alert with numpy? pyconfig.h

[pyinstaller-tickets-migration]

Original date: 2014/06/11

I'm having trouble making a one-folder version of my module. It always runs into the security alert below. I am running Enthought Canopy python on linux (canopy-1.2.0.1610.rh5-x86_64). I've narrowed down a pyinstaller problem to the numpy import:

[dm225@login-02 pyinstaller_tests]$ more test.py
import numpy

[dm225@login-02 pyinstaller_tests]$ pyinstaller test.py

fatal: Not a git repository (or any of the parent directories): .git
23 INFO: wrote /home/dbchem/dm225/.local/installers/pyinstaller_tests/test.spec
50 INFO: UPX is not available.
74 INFO: Processing hook hook-os
179 INFO: Processing hook hook-time
219 INFO: Processing hook hook-_sre
245 INFO: Processing hook hook-cStringIO
255 INFO: Processing hook hook-codecs
268 INFO: Processing hook hook-encodings
852 INFO: Processing hook hook-cPickle
975 INFO: Extending PYTHONPATH with /home/dbchem/dm225/.local/installers/pyinstaller_tests
975 INFO: checking Analysis
976 INFO: building Analysis because out00-Analysis.toc non existent
976 INFO: running Analysis out00-Analysis.toc
1011 INFO: Analyzing /home/dbchem/dm225/.local/installers/AlGDock-0.0.1/AlGDock/src/pyinstaller/PyInstaller/loader/_pyi_bootstrap.py
1030 INFO: Processing hook hook-os
1043 INFO: Processing hook hook-site
1068 INFO: Processing hook hook-encodings
1218 INFO: Processing hook hook-time
1287 INFO: Processing hook hook-_sre
1346 INFO: Processing hook hook-cStringIO
1360 INFO: Processing hook hook-codecs
2069 INFO: Processing hook hook-cPickle
2285 INFO: Processing hook hook-pydoc
2497 INFO: Processing hook hook-email
2579 INFO: Processing hook hook-httplib
2627 INFO: Processing hook hook-email.message
2726 INFO: Analyzing /home/dbchem/dm225/.local/installers/AlGDock-0.0.1/AlGDock/src/pyinstaller/PyInstaller/loader/pyi_importers.py
2782 INFO: Analyzing /home/dbchem/dm225/.local/installers/AlGDock-0.0.1/AlGDock/src/pyinstaller/PyInstaller/loader/pyi_archive.py
2834 INFO: Analyzing /home/dbchem/dm225/.local/installers/AlGDock-0.0.1/AlGDock/src/pyinstaller/PyInstaller/loader/pyi_carchive.py
2887 INFO: Analyzing /home/dbchem/dm225/.local/installers/AlGDock-0.0.1/AlGDock/src/pyinstaller/PyInstaller/loader/pyi_os_path.py
2893 INFO: Analyzing test.py
3702 INFO: Processing hook hook-parser
3833 INFO: Processing hook hook-distutils
4063 INFO: Processing hook hook-sysconfig
4160 INFO: Processing hook hook-xml
4259 INFO: Processing hook hook-xml.sax
4291 INFO: Processing hook hook-pyexpat
4916 INFO: Processing hook hook-setuptools
5496 INFO: Hidden import 'codecs' has been found otherwise
5496 INFO: Hidden import 'encodings' has been found otherwise
5497 INFO: Looking for run-time hooks
5497 INFO: Analyzing rthook /home/dbchem/dm225/.local/installers/AlGDock-0.0.1/AlGDock/src/pyinstaller/PyInstaller/loader/rthooks/pyi_rth_pkgres.py
6498 INFO: Using Python library /home/dbchem/dm225/.local/Canopy_64bit/System/bin/../lib/libpython2.7.so.1.0
6722 INFO: Warnings written to /home/dbchem/dm225/.local/installers/pyinstaller_tests/build/test/warntest.txt
6748 INFO: checking PYZ
6749 INFO: rebuilding out00-PYZ.toc because out00-PYZ.pyz is missing
6749 INFO: building PYZ (ZlibArchive) out00-PYZ.toc
10147 INFO: checking PKG
10148 INFO: rebuilding out00-PKG.toc because out00-PKG.pkg is missing
10148 INFO: building PKG (CArchive) out00-PKG.pkg
10242 INFO: checking EXE
10244 INFO: rebuilding out00-EXE.toc because test missing
10244 INFO: building EXE from out00-EXE.toc
10246 INFO: Appending archive to EXE /home/dbchem/dm225/.local/installers/pyinstaller_tests/build/test/test
10315 INFO: checking COLLECT
10316 INFO: building COLLECT out00-COLLECT.toc
Security-Alert: try to store file outside of dist-directory. Aborting. '../../installers/Canopy/appdata/canopy-1.2.0.1610.rh5-x86_64/include/python2.7/pyconfig.h'

here is a hack workaround

I'm not sure if it breaks other things.

for ind in reversed(range(len(a.datas))):
    if a.datas[ind][0].startswith('..'):
        print 'Removing %s from datas'%a.datas[ind][0]  
        a.datas.pop(ind)

[pyinstaller-tickets-migration]

Original date: 2014/06/11
Original reporter: dminh AND iit DOT edu

The following is a work-around for this issue that can be inserted in a spec file, but it might cause other problems:

(a is an Analysis object)

for ind in reversed(range(len(a.datas))):
  if a.datas[ind][0].startswith('..'):
    olddata = a.datas.pop(ind)
    print 'Removing %s from a.datas'%(olddata[0])

[htgoebel]

This may be related to #782

[bwoodsend]

All the pyconfig.h issues should have been resolved by #5218 which removed the (now obsolete) file completely.