Python compiler infects "immutable" bundle - how to avoid it?
Stephan Witt
st.witt at gmx.net
Sun Feb 23 06:15:45 UTC 2020
Am 22.02.2020 um 20:13 schrieb Guenter Milde <milde at users.sf.net>:
>
> On 2020-02-22, Stephan Witt wrote:
>> Am 22.02.2020 um 03:35 schrieb Richard Kimberly Heck <rikiheck at lyx.org>:
>>> On 2/21/20 12:08 PM, Stephan Witt wrote:
>>>> Am 21.02.2020 um 12:08 schrieb Stephan Witt <st.witt at gmx.net>:
>>>>> Hi pythonists,
>
>>>>> I’m trying to make ready for code signing on Mac.
>
>>>>> The idea of code signing is to ship the package with a digital
>>>>> signature to guarantee the integrity of the software.
>
>>>>> https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html
>
>>>>> The problem now is arising: the python scripts LyX is using
>>>>> are compiled on the fly and the result is placed inside the
>>>>> package. That way the package looses its integrity.
>
>>>>> Is there any suggestion how to handle this?
>
> Under Linux, AFAIK, the *.pyc files are not shipped with the package but
> created by a post-install script. This way, the package can be checked
> against the signature (before installation) but the byte-compiled files are
> there once users start to use LyX.
Yes, after the first run the signature is valid but the contents isn’t
clean anymore. That’s not nice, IMO.
>>>> ... ATM I cannot see any performance issues.
>
> One of the more critical cases would be opening a small but really old file
> so that lyx2lyx needs most of the rather big modules. Of course, the effect
> will be more visible with a HDD than with an SSD.
Frankly, I think it’s more a matter of CPU power than disk performance.
On my system the call "python -m py_compile configure.py“ lasts about 50 msecs
real time and the whole configure process is much longer. The lyx_2_4.py
compilation takes 70 msecs.
>>> On Windows, we compile the Python files at installation. I don't know if
>>> that could help.
>
>> On Mac I'd prefer to avoid that. The python executable is not part of the
>> software bundle and therefore its version at runtime is unknown.
>
> But one compatible Python version should be installed before installing
> LyX, right?
Python 2.7 is part of the OS. And this is subject to change.
Stephan
More information about the lyx-devel
mailing list