Python compiler infects "immutable" bundle - how to avoid it?

Guenter Milde milde at users.sf.net
Sat Feb 22 19:13:42 UTC 2020


On 2020-02-22, Stephan Witt wrote:
> Am 22.02.2020 um 03:35 schrieb Richard Kimberly Heck <rikiheck at lyx.org>:
>> On 2/21/20 12:08 PM, Stephan Witt wrote:
>>> Am 21.02.2020 um 12:08 schrieb Stephan Witt <st.witt at gmx.net>:
>>>> Hi pythonists,

>>>> I’m trying to make ready for code signing on Mac.

>>>> The idea of code signing is to ship the package with a digital
>>>> signature to guarantee the integrity of the software.

>>>> https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html

>>>> The problem now is arising: the python scripts LyX is using
>>>> are compiled on the fly and the result is placed inside the
>>>> package. That way the package looses its integrity.

>>>> Is there any suggestion how to handle this?

Under Linux, AFAIK, the *.pyc files are not shipped with the package but
created by a post-install script. This way, the package can be checked
against the signature (before installation) but the byte-compiled files are
there once users start to use LyX.

>>> ... ATM I cannot see any performance issues.

One of the more critical cases would be opening a small but really old file
so that lyx2lyx needs most of the rather big modules. Of course, the effect
will be more visible with a HDD than with an SSD.


>> On Windows, we compile the Python files at installation. I don't know if
>> that could help.

> On Mac I'd prefer to avoid that. The python executable is not part of the
> software bundle and therefore its version at runtime is unknown.

But one compatible Python version should be installed before installing
LyX, right?

...


Günter



More information about the lyx-devel mailing list