Re: Best Practices python virtualenv

2018-05-03 Thread Stuart Henderson
On 2018-05-01, IL Ka wrote: >> while there are Python modules which rely on W|X. > Yes, but I do not use them. > > I only run Python and Django. > I am aware of the fact that my python is not compatible with some modules, > and I am ok with it since I do not need them. >

Re: Best Practices python virtualenv

2018-05-01 Thread Ken MacKenzie
Not exactly. For starters right now I am getting to know OpenBSD as a platform so at this point is more about evaluating if and how to alter my workflows to better fit with the platform. Next off though is in general with python code I do consider it important to think about what the deployment

Re: Best Practices python virtualenv

2018-05-01 Thread Ve Telko
Hi, Ken. Did you noticed that you are spending much more time with setting up your env every time you want to run your python apps than with programming itself? No offense but I think this is not normal. Ve.

Re: Best Practices python virtualenv

2018-05-01 Thread Raphael
On Mon, Apr 30, 2018 at 04:46:49PM +, Ken MacKenzie wrote: > Is there a recommended best practice when setting up an environment with > python > virtualenv with regards to wxallowed. > > My typical workflow is under my home directory I have a > dev/language/project/.venv type structure. I

Re: Best Practices python virtualenv

2018-05-01 Thread Leonid Bobrov
On Tue, May 01, 2018 at 04:22:50PM +, Ken MacKenzie wrote: > I power my flying car with flying monkeys... > No need to, I am free as a bird, I can power my flying car with my flying wings. Oh, wait, I don't have wings... Anyway, nice joke, but I feel myself embarrasing.

Re: Best Practices python virtualenv

2018-05-01 Thread Ken MacKenzie
I power my flying car with flying monkeys... I think the best answer from all this comes back to, at least for python 3, switching over to the built in venv in python3. Other than that the symlink to a location in /usr/local for venv is another option for python 2 or packages that need to

Re: Best Practices python virtualenv

2018-05-01 Thread Theo de Raadt
Leonid Bobrov wrote: > I have a plan how to completely get rid of wxallowed mount option, > but I am not yet skilled to fix W|X ports, especially the ones > written in C++ (I've started learning C++ recently). Is that like "I have a plan to build a flying car, but I

Re: Best Practices python virtualenv

2018-05-01 Thread IL Ka
> while there are Python modules which rely on W|X. Yes, but I do not use them. I only run Python and Django. I am aware of the fact that my python is not compatible with some modules, and I am ok with it since I do not need them. > use ports instead of pkg_add to get Python binary without W|X

Re: Best Practices python virtualenv

2018-05-01 Thread Leonid Bobrov
On Tue, May 01, 2018 at 06:09:59PM +0300, IL Ka wrote: > > > > So you're now on a custom built python and are unable to use standard > > pkg_add upgrades to new versions. I'd say that on balance, this is more > > likely to *reduce* your security. > > > I built it from ports, so I can update it

Re: Best Practices python virtualenv

2018-05-01 Thread IL Ka
> > So you're now on a custom built python and are unable to use standard pkg_add upgrades to new versions. I'd say that on balance, this is more > likely to *reduce* your security. I built it from ports, so I can update it using standard port update procedure. Since packages are built from

Re: Best Practices python virtualenv

2018-05-01 Thread Marco Bonetti
- On Apr 30, 2018, at 5:46 PM, Ken MacKenzie k...@mack-z.com wrote: > Is there a recommended best practice when setting up an environment with > python > virtualenv with regards to wxallowed. I use a specific directory in /usr/local which is very close to your option 2: # mkdir -p

Re: Best Practices python virtualenv

2018-05-01 Thread Etienne
On 05/01/18 01:54, IL Ka wrote: Since /usr/local/ has wxallowed by default (see your /etc/fstab) it works. Does it affect security? In theory -- yes, because python can now create WX pages. True. But I use this solution because:  - root controls what goes in /usr/local  - I mount /home

Re: Best Practices python virtualenv

2018-05-01 Thread Stuart Henderson
On 2018-05-01, IL Ka wrote: > It is up to you, but I still belive that best solution is to rebuild python > without of wxneeded. > 1) It improves security So you're now on a custom built python and are unable to use standard pkg_add upgrades to new versions. I'd say

Re: Best Practices python virtualenv

2018-04-30 Thread IL Ka
The only difference is venv creates link to python, it does not copy binary itself. You now have python3 -> /usr/local/bin/python3 in your venv. Since /usr/local/ has wxallowed by default (see your /etc/fstab) it works. Does it affect security? In theory -- yes, because python can now create WX

Re: Best Practices python virtualenv

2018-04-30 Thread Ken M
Not to disagree but if using python3 -m venv in home works and home is not mounted as wxallowed is there still a security issue with this workflow? Granted at this point talking about a development workstation and not a server. So while I am at it I guess I should ask is what you are saying more

Re: Best Practices python virtualenv

2018-04-30 Thread IL Ka
It is up to you, but I still belive that best solution is to rebuild python without of wxneeded. 1) It improves security 2) It fixes your virtualenv issue. If you do not use packages that need WX, why do you need wxneed?

Re: Best Practices python virtualenv

2018-04-30 Thread Ken M
I happen to like python and will be the first I reach for for many simple or even some bigger tasks. Nothing against those other languages. I actually have a special place in my heart for perl, but with the perl 5 vs 6 thing I wonder on the longer term future of the language. Honestly I need to

Re: Best Practices python virtualenv

2018-04-30 Thread Ken M
Thanks for all the responses but it seems an alternate solution presented by another user in a direct reply is to use python3 - m venv. Basically using the venv built in to python3 as opposed to the legacy method of py-virtualenv that I typically only have to use for older python 2 code bases.

Re: Best Practices python virtualenv

2018-04-30 Thread Dave Voutila
Ken MacKenzie writes: > Is there a recommended best practice when setting up an environment with > python > virtualenv with regards to wxallowed. AFAIK nothing official. > > My typical workflow is under my home directory I have a > dev/language/project/.venv type structure. I

Re: Best Practices python virtualenv

2018-04-30 Thread IL Ka
Hello. Short answer: if you do not need py-cryptography and QtWebKit, just rebuild python from ports disabling USE_WXNEEDED. I run Django using virtualenv in my $HOME and it works. Long answer: To use mmap(2) with PROT_EXEC | PROT_WRITE you need to link binary with -z wxneeded (See ld(1)). It

Re: Best Practices python virtualenv

2018-04-30 Thread Kevin Chadwick
On Mon, 30 Apr 2018 16:46:49 + > Is there a recommended best practice when setting up an environment > with python > virtualenv with regards to wxallowed. sthen@ mentioned a compiler option and that only some modules actually require RWX memory. I don't know the details as to why python

Best Practices python virtualenv

2018-04-30 Thread Ken MacKenzie
Is there a recommended best practice when setting up an environment with python virtualenv with regards to wxallowed. My typical workflow is under my home directory I have a dev/language/project/.venv type structure. I guess the simple solution is to mount /home as wxallowed in /etc/fstab, but is