Python compiler infects "immutable" bundle - how to avoid it?

Stephan Witt st.witt at gmx.net
Sat Feb 22 17:46:43 UTC 2020 

Am 22.02.2020 um 03:35 schrieb Richard Kimberly Heck <rikiheck at lyx.org>:
> 
> On 2/21/20 12:08 PM, Stephan Witt wrote:
>> Am 21.02.2020 um 12:08 schrieb Stephan Witt <st.witt at gmx.net>:
>>> Hi pythonists,
>>> 
>>> I’m trying to make ready for code signing on Mac.
>>> 
>>> The idea of code signing is to ship the package with a digital
>>> signature to guarantee the integrity of the software.
>>> 
>>> https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html
>>> 
>>> The problem now is arising: the python scripts LyX is using
>>> are compiled on the fly and the result is placed inside the
>>> package. That way the package looses its integrity.
>>> 
>>> Is there any suggestion how to handle this?
>>> 
>>> I thought about to compile and ship the scripts on my system.
>>> But this is probably a bad idea - python at runtime can have
>>> different version. Is it possible to suppress the on the fly
>>> compile process and what’s the price to pay? Or is it possible
>>> to direct it to some directory below the .lyx in users home?
>> I've decided to ship the application with readonly directories.
>> That way the python interpreter cannot save the compiled code
>> onto disk to cache the result. ATM I cannot see any performance
>> issues.
> 
> Yes, sorry, I do not know any way to prevent this kind of thing from
> happening. As you
> see, it's just a matter of caching the compilation.
> 
> On Windows, we compile the Python files at installation. I don't know if
> that could help.

On Mac I'd prefer to avoid that. The python executable is not part of the
software bundle and therefore its version at runtime is unknown.

OTOH, the lyx package for Centos 7 (in EPEL) contains the precompiled
python scripts for version 2.x (e.g. configure.pyc).

https://centos.pkgs.org/7/epel-x86_64/lyx-common-2.2.3-1.el7.noarch.rpm.html

But Centos 7 comes with python 2.7.5 as stable standard.

The situation for the packager is more comfortable here.

The standard on Mac is 2.7.17 with 10.14.6 (Mojave today) and I read
somewhere with 10.15.x (Catalina) python3 is available. But Apple has
announced the removal of python from standard OS:

"Future versions of macOS won’t include scripting language runtimes by default,
and might require you to install additional packages. If your software depends
on scripting languages, it’s recommended that you bundle the runtime within the app."

I’m not sure how difficult it would be to put the python universe into the LyX app.

Stephan

More information about the lyx-devel mailing list