MobileRead Forums - View Single Post

kovidgoyal · 06-30-2019, 08:05 PM

Regarding embedded python, as far as I can tell, the following of points should apply:

1) Turn off the use of __pycache__ and instead precompile the bytecode at embedding time. This is because I am pretty sure notarized apps are not allowed to change things inside their .app folders. IIRC gatekeeper will periodically recheck the app folder to enforece this.

2) The hardened runtime for some stupid reason seems to only care about machine code. Loading pure python plugins/extensions should therefore be no problem

3) I think the exceptions for dlopening and execing unsigend code should also allow loading third party python C extensions from outseide the app bundle, but am not sure. It may be that plugins that use native code wont be workable on macOS. This will require experimentation.

06-30-2019, 08:05 PM	#16
kovidgoyal creator of calibre Posts: 45,455 Karma: 27757438 Join Date: Oct 2006 Location: Mumbai, India Device: Various	Regarding embedded python, as far as I can tell, the following of points should apply: 1) Turn off the use of __pycache__ and instead precompile the bytecode at embedding time. This is because I am pretty sure notarized apps are not allowed to change things inside their .app folders. IIRC gatekeeper will periodically recheck the app folder to enforece this. 2) The hardened runtime for some stupid reason seems to only care about machine code. Loading pure python plugins/extensions should therefore be no problem 3) I think the exceptions for dlopening and execing unsigend code should also allow loading third party python C extensions from outseide the app bundle, but am not sure. It may be that plugins that use native code wont be workable on macOS. This will require experimentation.