Shared runtime with --restrict flag for separate packages?

[dbhathena]

Hi, I would like to create two independent packages that are both obfuscated with pyarmor, one of which is a dependency of the other, and should not be importable:

• depPkg -> --restricted
• otherPkg -> has depPkg as a dependency, is not --restricted

Is this possible, and if so how? I have tried even to use a shared runtime to obfuscate both packages, but I still get a RuntimeError: unauthorized use of script error when doing so. Thank you in advance!

[jondy]

In the restrict package, the exported module shouldn't be obfuscated with restrict option.
It should work if using the right options.

[dbhathena]

Thank you, this worked!

[dbhathena]

Hi @jondy, I'd like to follow up on this.

Currently your solution has worked because we are willing to unrestrict a certain depPkg module using pyarmor cfg -p depPkg.module_name restrict_module 0. However, this is not a long-term or scalable solution for us...soon we will need to have our other obfuscated packages access functions within depPkg that we don't want others to access/abuse.

Ideally, obfuscating both packages with a shared runtime key would supercede the --restrict flag, and allow the packages to communicate freely, while non-obfuscated packages (or even obfuscated packages that are obfuscated with a different key), would not be able to do so. Is there any work on the roadmap to enable something like this? Do you have any suggestions for how to accomplish this? Our only alternative will be to copy/submodule all depPkg code into the otherPkg every time we build, which would not be our ideal solution.

[jondy]

All the pyarmor features are documented here
https://pyarmor.readthedocs.io/en/latest/#table-of-contents

Please check it to find the right solution. If there is no feature for your case, it's still no this feature