GNU bug report logs -
#64573
[PATCH 0/3] guix: build: python-build-system: Have applications by default ignore non-Guix libraries in user site dir
Previous Next
Reported by: Wojtek Kosior <koszko <at> koszko.org>
Date: Tue, 11 Jul 2023 18:13:01 UTC
Severity: normal
Tags: patch
Done: Wojtek Kosior <koszko <at> koszko.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
* guix/build/python-build-system.scm (wrap): Only define the PYTHONNOUSERSITE
wrapper variable if keyword argument disable-user-site? evaluates to true.
* guix/build-system/python.scm (python-build): Pass disable-user-site?
argument to the build side with the default of #t.
---
guix/build-system/python.scm | 2 ++
guix/build/python-build-system.scm | 31 +++++++++++++++++-------------
2 files changed, 20 insertions(+), 13 deletions(-)
diff --git a/guix/build-system/python.scm b/guix/build-system/python.scm
index cca009fb28..dd86cbd4bf 100644
--- a/guix/build-system/python.scm
+++ b/guix/build-system/python.scm
@@ -171,6 +171,7 @@ (define* (python-build name inputs
(tests? #t)
(test-target "test")
(use-setuptools? #t)
+ (disable-user-site? #t)
(configure-flags ''())
(phases '%standard-phases)
(outputs '("out"))
@@ -192,6 +193,7 @@ (define* (python-build name inputs
#:source #+source
#:configure-flags #$configure-flags
#:use-setuptools? #$use-setuptools?
+ #:disable-user-site? #$disable-user-site?
#:system #$system
#:test-target #$test-target
#:tests? #$tests?
diff --git a/guix/build/python-build-system.scm b/guix/build/python-build-system.scm
index 93aafc4aa9..959d062bb2 100644
--- a/guix/build/python-build-system.scm
+++ b/guix/build/python-build-system.scm
@@ -11,6 +11,7 @@
;;; Copyright © 2020 Efraim Flashner <efraim <at> flashner.co.il>
;;; Copyright © 2021 Lars-Dominik Braun <lars <at> 6xq.net>
;;; Copyright © 2021 Maxime Devos <maximedevos <at> telenet.be>
+;;; Copyright © 2023 Wojtek Kosior <my-contribution-is-licensed-cc0 <at> koszko.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -222,7 +223,7 @@ (define* (install #:key inputs outputs (configure-flags '()) use-setuptools?
(invoke "python" "-m" "compileall" "--invalidation-mode=unchecked-hash"
out))))
-(define* (wrap #:key inputs outputs #:allow-other-keys)
+(define* (wrap #:key inputs outputs disable-user-site? #:allow-other-keys)
(define (list-of-files dir)
(find-files dir (lambda (file stat)
(and (eq? 'regular (stat:type stat))
@@ -241,18 +242,22 @@ (define* (wrap #:key inputs outputs #:allow-other-keys)
(define %sh (delay (search-input-file inputs "bin/bash")))
(define (sh) (force %sh))
- (let* ((var-pythonpath `("GUIX_PYTHONPATH" prefix
- ,(search-path-as-string->list
- (or (getenv "GUIX_PYTHONPATH") ""))))
- ;; Harden applications by preventing Python from automatically
- ;; picking up libraries in user site directory.
- (var-usersite '("PYTHONNOUSERSITE" = ("GUIX_WRAPPER"))))
- (for-each (lambda (dir)
- (let ((files (list-of-files dir)))
- (for-each (cut wrap-program <> #:sh (sh)
- var-pythonpath var-usersite)
- files)))
- bindirs)))
+ (let ((vars (filter identity
+ `(("GUIX_PYTHONPATH" prefix
+ ,(search-path-as-string->list
+ (or (getenv "GUIX_PYTHONPATH") "")))
+ ;; Harden applications by preventing Python from
+ ;; automatically picking up libraries in user site
+ ;; directory.
+ ,(and disable-user-site?
+ '("PYTHONNOUSERSITE" = ("GUIX_WRAPPER")))))))
+ (for-each (lambda (var)
+ (for-each (lambda (dir)
+ (let ((files (list-of-files dir)))
+ (for-each (cut wrap-program <> #:sh (sh) var)
+ files)))
+ bindirs))
+ vars)))
(define* (rename-pth-file #:key name inputs outputs #:allow-other-keys)
"Rename easy-install.pth to NAME.pth to avoid conflicts between packages
--
2.40.1
This bug report was last modified 1 year and 301 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.