Flavor Pack packaging system implementing Progressive Secure Package Format (PSPF/2025)

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for livingstaccato from gravatar.com livingstaccato

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers
Report project as malware

Project description

FlavorPack: Progressive Secure Polyglot Packaging Toolchain

Python 3.11+ Go 1.23+ Rust 1.85+ CI Pipeline Version

⚠️ Alpha Software: FlavorPack is in early development. APIs, file formats, and commands may change without notice. Not recommended for production use. Check current version with flavor --version. Install from source only.

FlavorPack is a cross-language packaging system that creates self-contained, portable executables using the Progressive Secure Package Format (PSPF) 2025 Edition. It enables you to ship Python applications as single binaries that "just work" - no installation, no dependencies, no configuration required.

Note: The package name is flavorpack, but the command-line tool is flavor.

🎯 Key Features

  • Single-File Distribution: Package entire applications into one executable file
  • Cross-Language Support: Python orchestrator with Go and Rust launchers
  • Secure by Default: Ed25519 signature verification ensures package integrity
  • Progressive Extraction: Extract only what's needed, when it's needed
  • Smart Caching: Persistent work environment with intelligent validation
  • Zero Dependencies: End users need nothing pre-installed

🚀 Quick Start

Prerequisites

  • Python 3.11 or higher
  • UV package manager (curl -LsSf https://astral.sh/uv/install.sh | sh)
  • Go 1.23+ and Rust 1.85+ (for building helpers - see src/flavor-go/go.mod and src/flavor-rs/Cargo.toml)

Installation (Source Only)

Note: FlavorPack is not yet available on PyPI. Source installation is currently the only option.

# Clone the repository
git clone https://github.com/provide-io/flavorpack.git
cd flavorpack

# Set up environment and install dependencies
uv sync

# Build the Go and Rust helpers (required)
make build-helpers
# or directly: ./build.sh

Creating Your First Package

# Package a Python application
flavor pack --manifest pyproject.toml --output myapp.psp

# Run the packaged application
./myapp.psp

# Verify package integrity
flavor verify myapp.psp

📦 PSPF Format

The Progressive Secure Package Format is a polyglot file format that works as both an OS executable and a structured package. Each .psp file contains a native launcher, package metadata, and compressed data slots.

See the PSPF Format Specification for the complete binary layout diagram and technical details.

📚 Documentation

🏗️ Architecture

FlavorPack consists of three main components:

  1. Python Orchestrator (src/flavor/)

    • Manages the build process and dependency resolution
    • Creates manifests and handles Python packaging
    • Provides CLI interface for package operations

  2. Native Helpers (src/flavor-go/, src/flavor-rs/)

    • Launchers: Extract and execute packages at runtime, perform Ed25519 signature verification, manage workenv caching
    • Builders: Assemble PSPF packages from manifests, implement the PSPF/2025 binary format, handle slot packing and metadata encoding
    • Built binaries are placed in dist/bin/ for distribution

🔒 Security

Every PSPF package includes cryptographic integrity verification:

  • Ed25519 signatures ensure packages haven't been tampered with
  • Public keys are embedded in the package index
  • Signature verification happens automatically on every launch
  • Optional deterministic builds with --key-seed for reproducibility

🧪 Testing

# Run the test suite
make test

# Run with coverage
make test-cov

# Test cross-language compatibility
make validate-pspf

# Run specific test categories
pytest -m unit        # Fast unit tests
pytest -m integration # Integration tests
pytest -m security    # Security tests

# Test cross-language compatibility with Pretaster
make validate-pspf

🙏 Acknowledgments

FlavorPack is built on the shoulders of giants:

  • UV for fast Python package management
  • The Python, Go, and Rust communities for excellent tooling

Built with ❤️ by the provide.io team

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for livingstaccato from gravatar.com livingstaccato

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Release history Release notifications | RSS feed

0.4.4

0.4.3

0.4.2

0.4.1

0.4.0

0.3.25

0.3.23

0.3.22

0.3.21

0.0.1026.post0

This version

0.0.1026

0.0.1000.post2

0.0.1000.post1

0.0.1000.post0

0.0.1000

0.0.4.post8

0.0.4.post6

0.0.4.post5

0.0.4.post4

0.0.4.post3

0.0.4.post2

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

flavorpack-0.0.1026-py3-none-manylinux2014_x86_64.whl (7.8 MB view details)

Uploaded Python 3

flavorpack-0.0.1026-py3-none-manylinux2014_aarch64.whl (7.3 MB view details)

Uploaded Python 3

flavorpack-0.0.1026-py3-none-macosx_11_0_arm64.whl (7.1 MB view details)

Uploaded Python 3macOS 11.0+ ARM64

flavorpack-0.0.1026-py3-none-macosx_10_9_x86_64.whl (7.4 MB view details)

Uploaded Python 3macOS 10.9+ x86-64

File details

Details for the file flavorpack-0.0.1026-py3-none-manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for flavorpack-0.0.1026-py3-none-manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 fe7bbbf3e33f2f2de92a67de9708213f70284a11112b2baf53dd4b1c39e6407a
MD5 aecd9a666b53f009b818b56e6cc800c0
BLAKE2b-256 04984d08c7243c90dfa75f42ebc830e2ea88f5114b95de47749cba62f4092d6f

See more details on using hashes here.

File details

Details for the file flavorpack-0.0.1026-py3-none-manylinux2014_aarch64.whl.

File metadata

File hashes

Hashes for flavorpack-0.0.1026-py3-none-manylinux2014_aarch64.whl
Algorithm Hash digest
SHA256 e32599fa698bff47fd9ee67ff137780457e1c65920109a8543009b7015d88498
MD5 8952ce54ec2d60dde549e0d9f0da5ba1
BLAKE2b-256 4204ec5630c1962ac0e6f0cf64c3cc68465e91e683ff0046161bca1695fd137f

See more details on using hashes here.

File details

Details for the file flavorpack-0.0.1026-py3-none-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for flavorpack-0.0.1026-py3-none-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 fd7e3e614b9bebfcb1bd49da3a3213ec24d84acfe0024e334f35a19e549dc32f
MD5 486fe80347fa072a1a53e25a43f600bb
BLAKE2b-256 6805a82f6f9ae7d2bf8df95f949853ed318902987665d9469851518f43e1bd2a

See more details on using hashes here.

File details

Details for the file flavorpack-0.0.1026-py3-none-macosx_10_9_x86_64.whl.

File metadata

File hashes

Hashes for flavorpack-0.0.1026-py3-none-macosx_10_9_x86_64.whl
Algorithm Hash digest
SHA256 b5cfbd5645960582ce2f10eaacc1e2ccab10338e42a2fa7bc035dc96cf9b684e
MD5 38253555daadcbe5432c39f13012f690
BLAKE2b-256 363e15ab4de3b06c2cd8a36017385474a180bbcd7f31b135a35a0a1d501da67a

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page