address a security vulnerability in pyinstaller < 3.6 (#5052)

* address a security vulnerability in pyinstaller < 3.6 * Deleted all hooks that are now native pyinstaller hooks * Cleanup of hook files, this way its easier to keep track of new native hooks * revert `dns` hook changes * bring back numpy DLL load hack, but then in hook-golem.py Co-authored-by: maaktweluit <10008353+maaktweluit@users.noreply.github.com>
golemfactory · Jan 22, 2020 · ce246a3 · ce246a3
1 parent 22efdae
commit ce246a3
Show file tree

Hide file tree

Showing 10 changed files with 24 additions and 80 deletions.
diff --git a/requirements-build.txt b/requirements-build.txt
@@ -3,4 +3,4 @@ altgraph==0.16.1
 future==0.16.0
 macholib==1.11
 pefile==2017.11.5
-PyInstaller==3.3.1
+PyInstaller==3.6
diff --git a/scripts/pyinstaller/hooks/hook-Crypto.py b/scripts/pyinstaller/hooks/hook-Crypto.py
diff --git a/scripts/pyinstaller/hooks/hook-cytoolz.py b/scripts/pyinstaller/hooks/hook-cytoolz.py
diff --git a/scripts/pyinstaller/hooks/hook-eth_hash.py b/scripts/pyinstaller/hooks/hook-eth_hash.py
diff --git a/scripts/pyinstaller/hooks/hook-golem.py b/scripts/pyinstaller/hooks/hook-golem.py
@@ -1,10 +1,15 @@
-from PyInstaller.utils.hooks import collect_submodules
+import os
+import glob
+from PyInstaller.compat import is_win
+from PyInstaller.utils.hooks import (
+    get_module_file_attribute,
+    collect_submodules,
+)
+
 
 hiddenimports = collect_submodules('golem') + \
                 collect_submodules('apps') + \
-                collect_submodules('dns') + \
-                collect_submodules('os_win') + \
-                ['Cryptodome', 'xml', 'scrypt', 'mock']
+                collect_submodules('dns')
 
 datas = [
     ('loggingconfig.py', '.'),
@@ -40,3 +45,14 @@
      'scripts/virtualization'),
     ('scripts/virtualization/get-hyperv-state.ps1', 'scripts/virtualization')
 ]
+
+# copy of the native `hooks/hook-numpy.py`, so it will also search DLLs/
+binaries = []
+
+if is_win:
+    extra_dll_locations = ['DLLs']
+    for location in extra_dll_locations:
+        dll_glob = os.path.join(os.path.dirname(
+            get_module_file_attribute('numpy')), location, "*.dll")
+        if glob.glob(dll_glob):
+            binaries.append((dll_glob, "."))
diff --git a/scripts/pyinstaller/hooks/hook-mock.py b/scripts/pyinstaller/hooks/hook-mock.py
@@ -0,0 +1 @@
+hiddenimports = ['mock']
diff --git a/scripts/pyinstaller/hooks/hook-numpy.core.py b/scripts/pyinstaller/hooks/hook-numpy.core.py
diff --git a/scripts/pyinstaller/hooks/hook-PIL.py → scripts/pyinstaller/hooks/hook-os_win.py b/scripts/pyinstaller/hooks/hook-PIL.py → scripts/pyinstaller/hooks/hook-os_win.py
@@ -1,3 +1,3 @@
 from PyInstaller.utils.hooks import collect_submodules
 
-hiddenimports = collect_submodules('PIL')
+hiddenimports = collect_submodules('os_win')
diff --git a/scripts/pyinstaller/hooks/hook-scrypt.py b/scripts/pyinstaller/hooks/hook-scrypt.py
@@ -0,0 +1 @@
+hiddenimports = ['scrypt']
diff --git a/scripts/pyinstaller/hooks/hook-web3.py b/scripts/pyinstaller/hooks/hook-web3.py