Uv python manager #469
Uv python manager #469
Conversation
| # yara-python-dex is be needed for ARM64 | ||
| uv tool install /tmp/MobSF --with setuptools \ | ||
| --with git+https://github.com/MobSF/yara-python-dex.git \ | ||
| --with xmlsec==1.3.14 |
There was a problem hiding this comment.
Add $(uv tool dir)/mobsf/bin/python $(uv tool dir)/mobsf/lib/python3.11/site-packages/mobsf/MobSF/tools_download.py /root/.MobSF so the built-in jadx is downloaded for offline use.
| fi | ||
| add-history mobsf | ||
| add-test-command "/opt/tools/MobSF/venv/bin/python -c 'from mobsf.MobSF.settings import VERSION; print(VERSION)'" | ||
| add-test-command "$(uv tool dir)/mobsf/bin/python -c 'from mobsf.MobSF.settings import VERSION; print(VERSION)'" |
There was a problem hiding this comment.
Use $(uv
8000
tool dir)/mobsf/bin/python -c 'from mobsf.MobSF.init import VERSION; print(VERSION)' so first-run is not triggered (see #505).
|
If we don't care about |
|
The secret is used to generate the API key: https://github.com/MobSF/Mobile-Security-Framework-MobSF/blob/master/mobsf/MobSF/init.py#L193-L214 |
Initially I wanted to completely replace pyenv with uv, but I'm going to take things one step at a time.
I found that
uv tool installdoes not shallow git repos (e.g. with--depth=1). In short, all git history is cloned, which is fairly negligible in general, but it was problematic for MobSF, given its heavy history.It's OK to clone all the history with
uvbecause only the sources are kept (the history is deleted post-install). Only the install takes a little longer, but given the benchmark below, it's negligible (except for MobSF, of course, which is why I shallow clone the repo first). I'll suggest this improvement to uv.Plus, here, uv doesn't benefit at all from its cache (between several
uv tool install).The
install_uvstep took only 6s and 44MiB of disk + ~20MiB by python version if not found on system/pyenv.Faster and lighter (metrics are generated using #451):