Protecting addon code!
#16
GNU faq isn't a real source; jurisprudence and the license itself is. And there isn't much jurisprudence about what derivate work is (within a plugin system). Even SFLC doesn't know this for sure (while they surely have a strong opinion). Given GNU-faq, the Wordpress case and the way Kodi works with addons, all addons should be GPL except for images. Good luck to the future judge to find a definition of derivative work in a plugin system ;-)
I don't think a judge will care about all the techno mumble; he will only care which party to blame, either plugin or main program (remember the facilitating argument which is used a lot in p2p-cases?). The question whether a plugin needs to adopt GPL is only relevant for some OSS licenses.

But this discussion is drifting towards a GPL-discussion. To answer OP question:
No it's not really possible to protect Python scripts besides the options topfs2 listed.
Reply
#17
(2015-11-25, 11:18)takoi Wrote: You are missing the point. I'm not talking about the API, I'm talking about kodi, the program. Nobody is saying "using an API" makes it GPL, but using gpl libraries does. Every library also defines an API, so if you call that just "using an API", by that logic it's impossible to apply GPL to a library.

And linking creates derivative work, communicating over http does not. Completely different. It's spelled out if the faq: http://www.gnu.org/licenses/gpl-faq.en.h...ggregation

The question here was addon, and I kindof assumed python addon where you don't link. But its essentially the same for binary addons afaik. Kodi, loads the binary, and links the necessary points and starts calling. The addon does nothing of the linking, and afaik it should also be fine with GPL. However I can't claim to be an expert and a bit unsure on the binary case tbh. But I can't see how its much different than how kernel and drivers does it?
If you have problems please read this before posting

Always read the XBMC online-manual, FAQ and search the forum before posting.
Do not e-mail XBMC-Team members directly asking for support. Read/follow the forum rules.
For troubleshooting and bug reporting please make sure you read this first.

Image

"Well Im gonna download the code and look at it a bit but I'm certainly not a really good C/C++ programer but I'd help as much as I can, I mostly write in C#."
Reply
#18
(2015-11-25, 17:26)RockerC Wrote: It depens how Kodi invokes its plugins and addon if they should be considered as derivative work and thus make the GPL license transfered or not, just read:

http://www.gnu.org/licenses/gpl-faq.html#GPLAndPlugins

"QUESTION: If I write a plug-in to use with a GPL-covered program, what requirements does that impose on the licenses I can use for distributing my plug-in?

ANSWER: It depends on how the program invokes its plug-ins. If the program uses fork and exec to invoke plug-ins, then the plug-ins are separate programs, so the license for the main program makes no requirements for them.

If the program dynamically links plug-ins, and they make function calls to each other and share data structures, we believe they form a single program, which must be treated as an extension of both the main program and the plug-ins. This means you must license the plug-in under the GPL or a GPL-compatible free software license and distribute it with source code in a GPL-compliant way.

If the program dynamically links plug-ins, but the communication between them is limited to invoking the ‘main’ function of the plug-in with some options and waiting for it to return, that is a borderline case
. "

I think that answers my wondering, I reckon binary addons needs to pipe it out to a seperate process then. IMO seems like kindof an arbitrary line Smile Firefox is floss and executes javascript in same process Smile Same goes for every scripting language out there. Perhaps that doesn't really count as plugin Smile

Our plugins are not run as a seperate process.

Anyways, best is not to walk down that road. Just floss and love, its better that way Smile
If you have problems please read this before posting

Always read the XBMC online-manual, FAQ and search the forum before posting.
Do not e-mail XBMC-Team members directly asking for support. Read/follow the forum rules.
For troubleshooting and bug reporting please make sure you read this first.

Image

"Well Im gonna download the code and look at it a bit but I'm certainly not a really good C/C++ programer but I'd help as much as I can, I mostly write in C#."
Reply
#19
(2015-11-26, 16:56)topfs2 Wrote: I think that answers my wondering, I reckon binary addons needs to pipe it out to a seperate process then.

AFAIK binary addons are not supported at this point, except for a few special cases, like PVR. Personally, I was talking about binary Python modules AKA extensions. They are not executed in a separate process unless you make them to do so.
BTW such binary module may not import xbmc* modules at all (though, it is possible), leaving that to "normal" Python modules.
Reply
#20
binary addons are very much supported, not only pvr.
we have audio en/decoders, visualizations, screensavers, audiodsp

and they absolutely make function calls to each other and share data structures
Reply
#21
(2015-11-26, 21:07)wsnipex Wrote: binary addons are very much supported, not only pvr.
we have audio en/decoders, visualizations, screensavers, audiodsp

I said: "a few special cases ". We can't write e.g. a video plugin in directly in C++, only as a binary Python extension module.
Reply
#22
(2015-11-25, 08:58)topfs2 Wrote:
(2015-11-24, 11:39)takoi Wrote: Not sure what you are talking about but the xbmc* modules are actual programs and licensed under GPL. If you use them, you create derived work; the GPL is pretty clear on this.

The intent back when was that the bindings would be LGPL. Not sure if they actually are though. Anyways, GPL doesn't cross barriers like that. The API is written and specified, someone using that API doesn't make it GPL.

If that were the case everything written in Python GPL as Python is GPL Smile And anything using a GPL licensed servers rest api would also be forced to be GPL.

Anyway, on topic. The only way to close off python is to either link to pyc files, or link to shared libraries. Both of these are terrible for multi platform work and just opens up a heap of troubles for you. It is possible but rarely worth the effort IMO.

If your doing work for a company providing content, say something like netflix, then your protecting the code because you want the content secure, which IMO, should be handled on the servers (which is completely possible).

In short, unless you have a damn good reason (most aren't) for closing it off, just don't. You never know where open source takes you, perhaps 14 people line up to help you. Its easy to vision an awesome app but it takes lots of manhours to complete it, those 14 people might be extremely valuable and not possible without Smile

Thanks a again Smile
No , I have no plan to protect my code! I want to protect contents.
normally we generated some unique URL on server side based on time, MAC Address and some other information's, so I wrote a python script to generate those links on KODI side, so I want to protect this part of my code.
access to the server is possible only by identifying MAC address of our devices, but I want more protection by protecting my code! in this case at least we have some good reasons for insurance Company Big Grin
Reply
#23
you really should make your protection on server side as even making the code unreadable it wouldn't be very hard to find out what he does.

Anyway if you really want to make nobody read it, you can run an obfuscater (can't recommend a specific one but goggle shows up some) over your code so it remains usable python code but is not that easy to read (depending on code size not impossible still depending how much time the reader has Wink )
Reply
#24
rule #1) if someone really wants to discover what you are doing, there is no way to prevent it.
rule #2) obfuscating only keeps the casual peeps out, it will not stop the hardcore person, see rule #1.
Reply
#25
(2015-11-29, 02:55)jonashrem Wrote: you really should make your protection on server side as even making the code unreadable it wouldn't be very hard to find out what he does.

I think the idea is that there is protection on the server side, but that adding some "secret" code on the client makes it harder (not impossible, but harder) for someone to simply repurpose the add-on code to do something you don't want to allow for one reason or another.

I think this is a reasonable goal, and obfuscation seems like the best solution here, even if it does go somewhat against the spirit of open source.
Reply
#26
kodi addons execute kodi code as soon as they use any form of callbacks. so most of them plugins *are* derivative works, some of them get away by not using any callbacks (C++ addons that is, *all* python plugins have to call kodi code to return data so they are 100% covered by the GPL, end of story!)

i tried to plug the hole years ago by having binary addons call kodi code to register themself, and not the other way around like it is now. but nobody wanted in on it.
Reply
#27
(2015-11-29, 03:41)MrMC Wrote: rule #1) if someone really wants to discover what you are doing, there is no way to prevent it.
rule #2) obfuscating only keeps the casual peeps out, it will not stop the hardcore person, see rule #1.

I know. I even mentioned it and I personally wouldn't use obfuscation but this is the answer to the question the thread opener had (and the only one that doesn't make the addon hardware dependend) as he specifically wanted to protect it against "noobs" Wink.

Whether or not this is according to the gpl is another question (for my understanding it is as long as the functionality of the addon doesn't use any kodi specifiec functions provided by kodi but I would leave that to someone with more knowledge about that)
Reply
#28
(2015-11-26, 21:07)wsnipex Wrote: binary addons are very much supported, not only pvr.
we have audio en/decoders, visualizations, screensavers, audiodsp

and they absolutely make function calls to each other and share data structures

wsnipex, are there any examples of binary functions calling to python service addons? I'm trying to solve a problem with my visualization. From what I've observed, I cannot create a separate thread in a visualization addon to handle http requests. Without handling the http requests separately, the rendering is delayed and audio sometimes skips.

If you have time, please look at this code for an example of what should be possible, but isn't: https://github.com/hardyt/visualization....c/Main.cpp. If that kind of construct is not possible, an alternative is communicating with a service addon, right?

Thanks for all the assistance and guidance you provide.
Reply

Logout Mark Read Team Forum Stats Members Help
Protecting addon code!0