Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid saving sensitive information in Info.plist #517

Open
octimot opened this issue Jan 27, 2024 · 0 comments
Open

Avoid saving sensitive information in Info.plist #517

octimot opened this issue Jan 27, 2024 · 0 comments

Comments

@octimot
Copy link

octimot commented Jan 27, 2024
edited

After freezing the app, I noticed that the Info.plist might contain the path to the python executable used by py2app.:

Here's a sample

<key>PythonInfoDict</key>
	<dict>
		<key>PythonExecutable</key>
		<string>/path/to/my/python</string>     <--- this string 
                ....
	</dict>
....

My way of fixing this is using the following plutil command:

plutil -replace PythonInfoDict.PythonExecutable - string 'venv/bin/python' [PATH_TO_BUNDLE]/Contents/

Note that you potentially have to re-sign the app bundle after doing this!

The path might contain the MacOS user name, or folder structures from the developer's computer, especially when using python executables from different locations on their system.

Is there a better way to avoid this path leak into the Info.plist file? Also, is this path actually necessary or used by anything after distribution?

Cheers!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@octimot