Python's import
mechanism already provide all the tools necessary to achieve what you want. You can install different kinds of import
hooks in order to support what you want.
In particular you'll probably find convenient to install a meta path hook that searches for "signed modules" and returns a Loader
that is able to perform the imports from this signed format.
A very simple and convenient format for your signed plug-ins would be a zip
archive containing:
- The code of the plug-in in the form of modules/packages
- A PGP signature of the above code
In this way:
- Your loader should unpack the zip, and check the signature. If it matches then you can safely load the plug-in, if it doesn't match you should ask the user to trust the plug-in (or not and abort)
- If the user wants to modify the plug-in it can simply unpack the
zip
archive and modify it as he wishes. - Imports from
zip
archives are already implemented in thezipimport
module. This means that you don't have to rewrite a loader from scratch.
Actually if you want to reduce the code for the hooks to the minimum you'd simply need to verify the signature and then add the path to the zip
archive into sys.path
, since python already handles imports from zip
archive even without explicitly using zipimport
.
Using this design you just have to install these hooks and then you can import
the plug-in as if they were normal modules and the verification etc. will be done automatically.