date:20230707

Re: Guix's python has pip's user dir in its loadpath

2023-07-07 Thread Maxim Cournoyer

Hello,

Wojtek Kosior  writes:

>> > I just saw this message and hurried myself up to test the patch to
>> > python-build-system that I made. Unfortunately, it turns out the
>> > "PYTHONNOUSERSITE=1" env var breaks pip which tries to install wheels to
>> > the system site directory and fails due to a read-only filesystem.  
>> 
>> I'm not sure I follow; why would PYTHONNOUSERSITE affect pip?  I thought
>> it should only appear in wrappers of Python executables, not be set in a
>> profile's environment (thus not affecting pip) ?
>
> Indeed. And once I make my change, PYTHONNOUSERSITE gets also placed in
> the wrapper of the `pip` executable.
>
>> Could you share the diff of the patch you tried so far?
>
> I am attaching the patch file.
>
> I was trying to test with
>
> ./pre-inst-env guix shell -C --network --no-cwd python-xmldiff coreutils 
> python-pip
> pip install xmldiff==2.4
> echo > ~/.local/lib/python3.10/site-packages/xmldiff/main.py
> xmldiff --help
>
> Without my patch, we get an error on 4th line. With my patch, we get
> the "Read-only file system" error on the 2nd line

Neat!  I think maybe we could add a build argument called
e.g. '#:honor-user-site?' to disable the having PYTHONNOUSERSITE=1 in
the wrapper for a few select packages (e.g. pip, virtualenv, probably a
few others that are expected to work with or honor pip user-installed
Python packages).

-- 
Thanks,
Maxim

Re: Guix meetup at FOSSY?

2023-07-07 Thread Vagrant Cascadian

On 2023-07-06, Timothy Sample wrote:
> Vagrant Cascadian  writes:
>> On 2023-07-04, Timothy Sample wrote:
>>
>>> What about having a Guix lunch on Friday?
...
>> There are not a lot of things near the venue, but I will look for
>> options that are nearby and/or quick to get to by public transit ... and
>> ideally with outdoor seating or takeaway options.
>
> That sounds fantastic!  Thank you.

My current best idea is the handful of food carts at pioneer courthouse
square, with a few different carts that cater to various dietary needs
and appetites... about 10-15 minutes on the MAX, with stops right at
both endpoints!

Presuming nobody wants to miss any talks, looks like Friday lunch is
from 12:30 to 2pm... so that should leave roughly a short hour to hang
out and chat and whatnot, more if we coordinate transit times. :)

live well,
  vagrant

signature.asc
Description: PGP signature

Re: Guix's python has pip's user dir in its loadpath

2023-07-07 Thread Development of GNU Guix and the GNU System distribution.

> > I just saw this message and hurried myself up to test the patch to
> > python-build-system that I made. Unfortunately, it turns out the
> > "PYTHONNOUSERSITE=1" env var breaks pip which tries to install wheels to
> > the system site directory and fails due to a read-only filesystem.  
> 
> I'm not sure I follow; why would PYTHONNOUSERSITE affect pip?  I thought
> it should only appear in wrappers of Python executables, not be set in a
> profile's environment (thus not affecting pip) ?

Indeed. And once I make my change, PYTHONNOUSERSITE gets also placed in
the wrapper of the `pip` executable.

> Could you share the diff of the patch you tried so far?

I am attaching the patch file.

I was trying to test with

./pre-inst-env guix shell -C --network --no-cwd python-xmldiff coreutils 
python-pip
pip install xmldiff==2.4
echo > ~/.local/lib/python3.10/site-packages/xmldiff/main.py
xmldiff --help

Without my patch, we get an error on 4th line. With my patch, we get
the "Read-only file system" error on the 2nd line

Best,
Wojtek

-- (sig_start)
website: https://koszko.org/koszko.html
fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 FD1A
follow me on Fediverse: https://friendica.me/profile/koszko/profile

♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
-- (sig_end)
From 6c2cd9679d52ac4f06e91026948da5fae2c2a29c Mon Sep 17 00:00:00 2001
Message-Id: <6c2cd9679d52ac4f06e91026948da5fae2c2a29c.1688740423.git.kos...@koszko.org>
From: Wojtek Kosior 
Date: Mon, 3 Jul 2023 10:53:41 +0200
Subject: [PATCH] guix: build: python-build-system: Don't process user site dir

* guix/build/python-build-system.scm (wrap): Define PYTHONNOUSERSITE for
programs so they don't incorrectly pick up local, pip-installed libraries.
---
 guix/build/python-build-system.scm | 12 
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/guix/build/python-build-system.scm b/guix/build/python-build-system.scm
index aa04664b25..bbcb861da0 100644
--- a/guix/build/python-build-system.scm
+++ b/guix/build/python-build-system.scm
@@ -241,12 +241,16 @@ (define* (wrap #:key inputs outputs #:allow-other-keys)
   (define %sh (delay (search-input-file inputs "bin/bash")))
   (define (sh) (force %sh))
 
-  (let* ((var `("GUIX_PYTHONPATH" prefix
-,(search-path-as-string->list
-  (or (getenv "GUIX_PYTHONPATH") "")
+  (let* ((var-pythonpath `("GUIX_PYTHONPATH" prefix
+   ,(search-path-as-string->list
+ (or (getenv "GUIX_PYTHONPATH") ""
+ ;; Harden applications by preventing Python from automatically
+ ;; picking up libraries in user site directory.
+ (var-usersite '("PYTHONNOUSERSITE" = ("1"
 (for-each (lambda (dir)
 (let ((files (list-of-files dir)))
-  (for-each (cut wrap-program <> #:sh (sh) var)
+  (for-each (cut wrap-program <> #:sh (sh)
+ var-pythonpath var-usersite)
 files)))
   bindirs)))
 

base-commit: 08649cfcd41bc78ba4df0609798461816dda9496
-- 
2.40.1



pgpuQuvhBu2UJ.pgp
Description: OpenPGP digital signature

Re: Guix's python has pip's user dir in its loadpath

2023-07-07 Thread Maxim Cournoyer

Hi Wojtek,

Wojtek Kosior  writes:

>> > But we'll be rebuilding the Python world anyway, so now is a chance to
>> > try out some changes like that, though maybe it is a bit much with
>> > what we are trying already. See   
>> 
>> It's a simple change, I guess we could try it at the same time, if
>> someone volunteers to do it!
>
> I just saw this message and hurried myself up to test the patch to
> python-build-system that I made. Unfortunately, it turns out the
> "PYTHONNOUSERSITE=1" env var breaks pip which tries to install wheels to
> the system site directory and fails due to a read-only filesystem.

I'm not sure I follow; why would PYTHONNOUSERSITE affect pip?  I thought
it should only appear in wrappers of Python executables, not be set in a
profile's environment (thus not affecting pip) ?

Could you share the diff of the patch you tried so far?

-- 
Thanks,
Maxim

Re: Guix's python has pip's user dir in its loadpath

Re: Guix meetup at FOSSY?

Re: Guix's python has pip's user dir in its loadpath

Re: Guix's python has pip's user dir in its loadpath

4 matches

Site Navigation

Mail list logo

Footer information