Script Encryption¶
This section explains how to encrypt the FIRERPA modules or scripts you develop. Note that this guide does not cover script encryption on your PC, but rather focuses on scripts or modules running within the built-in Python environment of FIRERPA—such as those located in /data/usr/module/task, /data/usr/module/extension, or scripts executed via the built-in Python interpreter. We provide tools to help you quickly perform encryption, and through this section, you will learn how to protect your developed scripts.
Script encryption is achieved by converting Python code to C using Cython and then compiling it into a .so (shared object) file. This method has minimal impact on performance. However, we recommend encrypting only your core logic rather than all script files. Additionally, do not attempt to encrypt third-party library files, as this is ineffective. Always follow the principle: “Only encrypt your own logic.”
Build the Compiler Docker Image¶
We rely heavily on Docker, so please ensure Docker is installed before proceeding. Clone the repository https://github.com/firerpa/compiler, then build the image using the following command or refer to the documentation:
docker build -t compiler .
Encrypt Your Script Code¶
Use the following command to map your source code into the container and compile it. Supported architectures include arm, arm64, x86, and x86_64, corresponding to different CPU architectures of the FIRERPA server. Note that binaries from different architectures are not compatible with each other.
docker run -it --rm -v /source/dir:/data compiler:latest compile.sh --arch arm64 /data/my_important_script.py
Upon successful execution, a compiled file named my_important_script.cpython-39.so will be generated in the same directory as your original script. Do not rename this file. If you need a different name, simply rename the original script before compilation. In your final release, remove the original .py source file and keep only the .so file.
Attention
If your code is not a FIRERPA module (e.g., extension or task), and consists of only a single file, Python cannot directly execute .so files. In such cases, you must create an entry-point Python script that imports and runs the encrypted .so file. For modules, however, you can simply place the .so file into the appropriate directory and restart the service.