LibreTiny platform version publish delay

Hi @ivankravets,

LibreTiny has a version 1.3.0 published via GitHub actions a week ago but it has not been approved and not available in the registry.
Is there an issue with the package?

Kind Regards,
ESPHome Developer @ Nabu Casa


There is a security issue with LibreTiny dev-platform. It breaks PlatformIO’s Python virtual environment in runtime. You make a lot of hacks before the platform is initialized. I recommend moving ltchiptool source code to the final release of dev-platform and using site module:

import site

site.addsitedir(os.path.join(os.path.dirname(os.path.realpath(__file__)), "ltchiptool"))

import ltchiptool

Shortly, the LibretinyPlatform() constructor and whole module should not corrupt any environment.

I have addressed the issue now, I think. The fix is currently in another branch, because it needs proper testing.
I did it the same way as ESP32 platform does, which is creating another virtual environment in the penv directory under .platformio. This way LibreTiny doesn’t install ltchiptool to the global environment.
The file has been modified not to require ltchiptool at all, instead it bundles a part of its source code in tools directory.

I hope this will resolve the security issue.