Script Encryption¶
In this chapter, you will learn how to encrypt modules or scripts that run in the built-in Python environment of FIRERPA. This chapter does not cover encrypting scripts on PC, but rather introduces encryption for modules in directories such as ~/modules/task, ~/modules/extension, and for scripts executed using the built-in Python command. We provide tools to help you quickly complete encryption.
Script encryption uses Cython to convert Python code into C language, then compiles it into .so files, which has minimal impact on performance. However, we recommend encrypting only the core logic rather than all script files; also, do not encrypt files from third-party libraries, as such operations are futile. Always follow the principle of "only encrypt your own logic."
Building the Tool Image¶
This tool heavily depends on Docker, so please ensure Docker is installed before proceeding. Now clone the repository https://github.com/firerpa/compiler and build the image according to the documentation or using the following command:
docker build -t compiler .
Encrypting Script Code¶
Use the following command to map the source code into the container and compile. Supported architectures (arch) include arm, arm64, x86, x86_64, corresponding to different architectures of the FIRERPA server. Files compiled for different architectures are not compatible with each other.
docker run -it --rm -v /source/dir:/data compiler:latest compile.sh --arch arm64 /data/my_important_script.py
Under normal circumstances, after running the command, you will get a file named my_important_script.cpython-39.so in the same directory as the script. Do not rename this file; if you need to use a different name, directly modify the original script's filename. When distributing the script, you can delete the corresponding .py source file and place the .so file in the appropriate directory.
Attention
If your code is not a FIRERPA module (for example, an extension or task) and consists of only a single Python file, the Python interpreter cannot directly run the .so file. In this case, you need to write an entry .py script to import and launch the encrypted .so file. If the code itself is a module, simply put the .so file into the corresponding directory and restart the service.