Advanced Type Annotations in Python
Enhance your code quality with Python's advanced type system features and static type checking.
In high-security environments like defense, military, or intelligence operations, systems are often airgapped - completely isolated from external networks. This creates unique challenges for Python development, particularly when it comes to package management. This guide demonstrates a secure approach to installing Python packages in airgapped environments using uv, an extremely fast package manager written in Rust. Note that this guide is specific to uv and its unique capabilities - if you're using other package managers like pip or Poetry, you'll need different approaches.
When transferring packages to airgapped systems, always follow your organization's security protocols for media transfer and file verification. Ensure all packages are scanned for malware before transfer.
The installation process consists of two distinct phases, performed on separate systems:
First, we'll use a script to download all required packages on an internet-connected system. This script handles dependency resolution and package downloading:
#!/bin/bash
# Get the destination directory from command line argument
dest_dir="$1"
# Create temporary file
temp_file=$(mktemp)
# Export requirements to temporary file
uv export --no-hashes --no-dev --no-editable > "$temp_file"
# Download packages
if [ -n "$dest_dir" ]; then
# Create destination directory if it doesn't exist
mkdir -p "$dest_dir"
pip download -r "$temp_file" -d "$dest_dir"
echo "Dependencies saved into $(cd "$dest_dir" && pwd)"
else
pip download -r "$temp_file"
fi
# Clean up temporary file
rm "$temp_file"
To use this script, save it as download_packages.sh
and run:
# Make the script executable
chmod +x download_packages.sh
# Run the script, specifying the destination directory
./download_packages.sh ./python_packages
After securely transferring the downloaded packages to the airgapped system, we'll use a second script for installation. This script ensures all packages are installed from local sources only:
#!/bin/bash
# Check if uv command exists
if ! command -v uv &> /dev/null; then
echo "Error: 'uv' command not found. Please install uv first."
exit 1
fi
# Run uv sync with config file
uv venv
uv pip install -r pyproject.toml --config-file airgapped-uv.toml
This script requires a configuration file (airgapped-uv.toml
) to ensure offline installation:
# airgapped-uv.toml
no-index = true
package = true
offline = true
find-links = ["file:///absolute/path/to/dependencies"]
no-index = true
: Prevents any attempts to reach PyPIoffline = true
: Enforces offline modefind-links
: Must use absolute path to package directoryAirgapped Python package installation requires careful planning and execution, but using uv makes the process more manageable and secure. By following this two-phase approach and adhering to security best practices, you can maintain reliable Python environments even in highly restricted settings.