GNU bug report logs - #64573
[PATCH 0/3] guix: build: python-build-system: Have applications by default ignore non-Guix libraries in user site dir

Previous Next

Full log

Message #34 received at 64573-close <at> debbugs.gnu.org (full text, mbox):

From: Wojtek Kosior <koszko <at> koszko.org>
To: 宋文武 <iyzsong <at> envs.net>
Cc: jgart <jgart <at> dismail.de>, Lars-Dominik Braun <lars <at> 6xq.net>,
 64573-close <at> debbugs.gnu.org
Subject: Re: bug#64573: [PATCH 0/3] guix: build: python-build-system: Have
 applications by default ignore non-Guix libraries in user site dir
Date: Wed, 26 Jul 2023 11:14:51 +0200

[Message part 1 (text/plain, inline)]

> Hello, I think we can let pip just break as other distros (eg: ArchLinux
> and Debian) with PEP-668.
> 
> https://gitlab.archlinux.org/archlinux/packaging/packages/python/-/blob/main/EXTERNALLY-MANAGED
> https://pythonspeed.com/articles/externally-managed-environment-pep-668/
> https://peps.python.org/pep-0668/#recommendations-for-distros
> 
> With usage guide towards virtual environments, guix shell, or pipx
> (not packaged yet).
> 
> Consider other distros does the same thing, this should be safer.
> 
> What do you think?  🤔

You're right, making pip break and recommend pipx seems like the right
thing to do.

I opened a new issue with patches that add python-pipx (haven't done
anything related to the 'EXTERNALLY-MANAGED' file yet, tho).

Thanks,
Wojtek

-- (sig_start)
website: https://koszko.org/koszko.html
fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 FD1A
follow me on Fediverse: https://friendica.me/profile/koszko/profile

♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
-- (sig_end)


On Sat, 22 Jul 2023 08:30:04 +0800 宋文武 <iyzsong <at> envs.net> wrote:

> Wojtek Kosior <koszko <at> koszko.org> writes:
> 
> > Python applications used to prioritize loading their libraries from so-called
> > "user site dir" (usually in ~/.local/lib/python<VERSION>/site-packages). The
> > libraries would only be loaded from /gnu/store when not found in the user site
> > dir. This used to cause hard-to-diagnose bugs like [1] when a user happened to
> > have a similar but incompatible version of a library installed via pip.
> >
> > These patches modify the python-build-system's procedure responsible for
> > wrapping executables. The modified proc defines a PYTHONNOUSERSITE variable
> > which makes Python applications disregard the user site dir when loading
> > libraries.
> >
> > While this solution does harden most Python applications, it can also break a
> > few ones like pip that operate on the user site dir itself. To work around
> > that, the second patch introduces a change to pip to allow installing to the
> > user site directory even when PYTHONNOUSERSITE is set by the Guix-created
> > wrapper script.  
> 
> Hello, I think we can let pip just break as other distros (eg: ArchLinux
> and Debian) with PEP-668.
> 
> https://gitlab.archlinux.org/archlinux/packaging/packages/python/-/blob/main/EXTERNALLY-MANAGED
> https://pythonspeed.com/articles/externally-managed-environment-pep-668/
> https://peps.python.org/pep-0668/#recommendations-for-distros
> 
> With usage guide towards virtual environments, guix shell, or pipx
> (not packaged yet).
> 
> Consider other distros does the same thing, this should be safer.
> 
> What do you think?  🤔

[Message part 2 (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.