From 56004e6d3a1e813f38c0adfd1244ac7615e61015 Mon Sep 17 00:00:00 2001 From: Stephan Witt Date: Fri, 21 Feb 2020 18:04:28 +0100 Subject: [PATCH] Make the directories in LyX application bundle read only. Python produces files with cached on-the-fly compiled code on disk inside the bundle. This should be avoided in case of a signed application bundle. (cherry picked from commit ca7defab45a685bbc0303c32b94afb5ec98d4118) --- development/LyX-Mac-binary-release.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/development/LyX-Mac-binary-release.sh b/development/LyX-Mac-binary-release.sh index 64d350ce7c..9bd196dbc7 100644 --- a/development/LyX-Mac-binary-release.sh +++ b/development/LyX-Mac-binary-release.sh @@ -633,7 +633,10 @@ LYX_BUNDLE_PATH="${LyxAppPrefix}/${BUNDLE_PATH}" build_lyx() { # Clear Output if [ -n "${LyxAppZip}" -a -f "${LyxAppZip}" ]; then rm "${LyxAppZip}"; fi - if [ -d "${LyxAppPrefix}" ]; then rm -rf "${LyxAppPrefix}"; fi + if [ -d "${LyxAppPrefix}" ]; then + find "${LyxAppPrefix}" -type d -exec chmod u+w '{}' \; + rm -rf "${LyxAppPrefix}" + fi case "${EnableCXX11}" in "--enable-cxx11") @@ -1013,7 +1016,7 @@ make_dmg() { VOLUME=$(mount |grep ${DEVICE} | cut -f 3 -d ' ') # copy in the application bundle - ditto --hfsCompression "${LyxAppDir}.app" "${VOLUME}/${LyxName}.app" + ditto --hfsCompression "${LyxAppPrefix}" "${VOLUME}/${LyxName}.app" # copy in background image mkdir -p "${VOLUME}/Pictures" @@ -1067,5 +1070,6 @@ if [ ${LyxOnlyPackage:-"no"} = "no" ]; then convert_universal copy_dictionaries test -n "${CODESIGN_IDENTITY}" && code_sign "${LYX_BUNDLE_PATH}" + find "${LyxAppPrefix}" -type d -exec chmod a-w '{}' \; fi build_package