Installing Python Modules on Air-Gapped Hosts

Who said that all computers are connected today? They are many classified environments where computers can simply never connect to the wild Internet. But sometimes, you need to install some pieces of software from online resources. The classic case is Python modules. Let’s take a practical example with the PyMISP which allows interacting with a MISP instance. Just forget to make a ‘pip install pymisp’ on an air-gapped computer!

The next challenge is to resolve all the dependencies. On an air-gapped host, to make PyMISP work properly, I had to follow this dependency tree (this might change depending on your Python environment):

pymisp -> dateutil -> six
       -> requests -> idna
                   -> urllib3
                   -> chardet
                   -> certify

If you need to download and transfer these packages manually from source and build them, you will probably face another issue: the air-gapped environment does not have all tools to build the package (sounds logical). There is a solution to solve this: “Wheel”. It’s a built, archive format that can greatly speed installation compared to building and installing from source archives. A wheel archive (.whl) can be installed with the pip tool:

C:\Temp> pip install .\requests‑2.18.4‑py2.py3‑none‑any.whl

I found a wonderful source of ready-to-use Wheel archives prepared by Christoph Gohlke from the University of California, Irvine. He maintains a huge library of common Python packages (2 & 3):

If you’re working in a restricted environment, you probably don’t have admin rights. Add the ‘–user’ argument to the pip commands to install the Python module in your $USER environment.

Keep in mind:

• Some packages might contain executable code. Don’t break your local policy!
• Always download material from trusted sources
• Validate hashes
• Build your own Wheel archives if in doubt and create your own repository