Hide QML source files for deployment
-
I've noticed that the qml source files must hang out in the open in the build directory when you deploy (I am deploying for Windows). Whereas other code is compiled into non-readable binary code, QML files remain as source code. Is there a way to avoid this? I have to place them in the directory with the executable for the app to run.
-
You can store all your QML file in a resource file (QRC). This way they will be compiled into your binary.
-
Sure. The right direction, as usual, is the Qt documentation :) "Link":http://qt-project.org/doc/qt-5.0/qtcore/resources.html. And "a more specific one":http://qt-project.org/doc/qt-5.0/qtquick/qtquick-deployment.html#managing-resource-files-with-the-qt-resource-system.
-
I think that these files even if in a resource file are not really compiled into the binary. They are not visible as separate files in your build directory, but they are not compiled, encrypted, or turned into binary code and the QML is easily seen by anyone who wishes to inspect the executable.
-
[quote author="qttester5" date="1379344108"]I think that these files even if in a resource file are not really compiled into the binary. They are not visible as separate files in your build directory, but they are not compiled, encrypted, or turned into binary code and the QML is easily seen by anyone who wishes to inspect the executable. [/quote]
Correct. AFAIK, no obfuscation is done. The only thing you can easily do is to turn on resource compression, but that is also not very secure. Otherwise, you need to implement your own solution, or start a playground project for such a system under Qt Project umbrella.
-
Actually I noticed that when included in a resource file, an actual c++ source is generated for the QML which would then be compiled into binary, suggesting that they are in fact compiled. But since QmL is interpreted in real-time, I don't know if either I am wrong about this, or something else is happening behind the scenes.
-
They are simply encoded so that the compiler is fooled into thinking it's actual source code. You can put any file (text, binary) into Qt resource files and it will always work. This has nothing to do with QML. Once you run your app, Qt resource system will read those compiled files and expose them to QML engine as standard, plain text data.
-
I previously thought - and you yourself also confirmed above - that text files such as QML are not really "hidden" in a binary executable and someone could technically see the plain text QML code if they inspected an executable. But this suggests that actually yes, they are indeed compiled into binary. Even if the resource system turns then back into plain text at runtime, they are still hidden for all practical purposes, no?
-
They are hidden, yes, but some people suggest that with right inspection tools they can still be read. I have never tried that myself, so I can't confirm. Just be aware that this might be a possibility.
-
They are hidden, yes, but some people suggest that with right inspection tools they can still be read. I have never tried that myself, so I can't confirm. Just be aware that this might be a possibility.
Since Qt5.15, the sources are no longer removed from resources when using qtquickcompiler.
Qt6.5.2 seems to have the same behavior: qml sources are still in.
To check it: strings your-binary | grep import
