Hide Source Code in Deployment

Using Django Deployment
1

Is there a way to bundle a full django project as an executable to be delivered to a client ?

Basically I need to deploy the site to multiple clients’ owned servers where the source code is not part of the deal - but I don’t think obfuscation is what I am looking for.

2

The general answer is “No”, but depending upon what your real objective may be, there are some potential options that may suit your desires.

(As a practical matter, we recognize the futility of trying to do this and simply don’t worry about it.)

In theory, you could compile your project to either .pyc or .pyo files, and run those files without the original .py files. However, the .pyc files can easily be decoded back to human-readable form, and there are some potential version compatibility issues with the pyo files. (Additionally, there’s a PEP, PEP 488, suggesting that pyo files be eliminated.)

You could try it, but I don’t know how well that would work for a Django project - and it doesn’t necessarily address the third-party libraries involved (including Django itself).

And again remember, “you” are not running Django. Django is being run within the context of a WSGI handler such as gunicorn or uwsgi. Neither your project, nor Django itself are the “executable” here. It is those packages that would need to know how to handle your application.

3

What about

pip install pyinstaller
pyinstaller --onefile manage.py

?

4

First from the docs:

The bundled app does not include any source code. However, PyInstaller bundles compiled Python scripts (.pyc files). These could in principle be decompiled to reveal the logic of your code.

It is possible to get useful information from the installation file. Again, it gets back to identifying what your real, underlying object is for trying to do this.

Second, I would find it interesting to see how that works out with a production-quality deployment. (Thinking about the handling of static and media files, and things like celery tasks, along with other ancillary processes.)

5

Late response, but maybe this https://nuitka.net/? Never tried it myself