Python compiler infects "immutable" bundle - how to avoid it?

Stephan Witt st.witt at gmx.net
Fri Feb 21 17:08:21 UTC 2020


Am 21.02.2020 um 12:08 schrieb Stephan Witt <st.witt at gmx.net>:
> 
> Hi pythonists,
> 
> I’m trying to make ready for code signing on Mac.
> 
> The idea of code signing is to ship the package with a digital
> signature to guarantee the integrity of the software.
> 
> https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html
> 
> The problem now is arising: the python scripts LyX is using
> are compiled on the fly and the result is placed inside the
> package. That way the package looses its integrity.
> 
> Is there any suggestion how to handle this?
> 
> I thought about to compile and ship the scripts on my system.
> But this is probably a bad idea - python at runtime can have
> different version. Is it possible to suppress the on the fly
> compile process and what’s the price to pay? Or is it possible
> to direct it to some directory below the .lyx in users home?

I've decided to ship the application with readonly directories.
That way the python interpreter cannot save the compiled code
onto disk to cache the result. ATM I cannot see any performance
issues.

Stephan


More information about the lyx-devel mailing list