Python compiler infects "immutable" bundle - how to avoid it?

Richard Kimberly Heck rikiheck at lyx.org
Sat Feb 22 02:35:15 UTC 2020


On 2/21/20 12:08 PM, Stephan Witt wrote:
> Am 21.02.2020 um 12:08 schrieb Stephan Witt <st.witt at gmx.net>:
>> Hi pythonists,
>>
>> I’m trying to make ready for code signing on Mac.
>>
>> The idea of code signing is to ship the package with a digital
>> signature to guarantee the integrity of the software.
>>
>> https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html
>>
>> The problem now is arising: the python scripts LyX is using
>> are compiled on the fly and the result is placed inside the
>> package. That way the package looses its integrity.
>>
>> Is there any suggestion how to handle this?
>>
>> I thought about to compile and ship the scripts on my system.
>> But this is probably a bad idea - python at runtime can have
>> different version. Is it possible to suppress the on the fly
>> compile process and what’s the price to pay? Or is it possible
>> to direct it to some directory below the .lyx in users home?
> I've decided to ship the application with readonly directories.
> That way the python interpreter cannot save the compiled code
> onto disk to cache the result. ATM I cannot see any performance
> issues.

Yes, sorry, I do not know any way to prevent this kind of thing from
happening. As you
see, it's just a matter of caching the compilation.

On Windows, we compile the Python files at installation. I don't know if
that could help.

Riki




More information about the lyx-devel mailing list