>
> I think it would need to be set to True, not False, to have the desired
>
> effect on Guix-installed pip application.
>
to clarify, the comment in site.py says
>
set it to False to disable the feature or True to force the feature
>
and my impression was that we want to disable the user site dir by default
>
(i.e. disable the feature), right?
Oh, you were right. For some reason I previously misunderstood what you
actually wanted to change.
>
> However, we want our change to only affect applications installed with
>
> Guix. So that the user could theoretically still do e.g.
>
> python3 -m pip install --ignore-installed pip
>
> ~/.local/bin/pip install xmldiff
>
> Rn I don't see a better way to achieve this than patching
>
> python-build-system and applications like pip.
>
I can still `python3 -m pip install` with the explicit `--user`
>
switch, even when the user site dir is disabled globally via
>
ENABLE_USER_SITE=False. The only thing that changes is the default
>
search path. So that library will only be available if I explicitly add
>
.local/lib/pythonX/site-packages to PYTHONPATH.
It's useful to know `--user` does the job here.
>
Shouldn’t that also solve the original issue of Guix-installed
>
applications picking up random libraries from the user site dir.
Yes, it should. I still see some benefits of using PYTHONNOUSERSITE env
var, though.
1. The hardening can be easily disabled for a single application if some
not yet known need arises[1].
2. The change is limited to just applications — people running
`python3` shall have it behave just as it used to so far.
3. As a result of 2., there's no need to explicitly add something to
PYTHONPATH when using the user site dir.
I'm trying to imagine what I'd expect if I were just starting to use
Guix. And I believe there'd be least astonishment if both the user site
dir were working out-of-the-box and the applications were working
independently of what one puts in that dir.
During this discussion one more idea came to mind. There might exist a
different way of solving the problem. I.e. to keep user site dir
enabled, then make
- GUIX_PYTHONPATH take precedence over both user site dir and
PYTHONPATH whenever a Guix-installed application is launched through
its wrapper and
- PYTHONPATH with user site dir take precedence over GUIX_PYTHONPATH in
all other cases.
This probably wouldn't require patching applications like pip. And
would also leave the control over the PYTHONNOUSERSITE variable and the
option it affects to the user. Should I try doing this?
Wojtek
[1] Perhaps with ENABLE_USER_SITE=False this can also be achieved by
the `-S` flag to Python (although won't this approach be less
reliable?).
-- (sig_start)
website:
https://koszko.org/koszko.html
fingerprint: E972 7060 E3C5 637C 8A4F 4B42 4BC5 221C 5A79 FD1A
follow me on Fediverse:
https://friendica.me/profile/koszko/profile
♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
-- (sig_end)
On Tue, 18 Jul 2023 11:41:48 +0200 Lars-Dominik Braun <
[email protected]> wrote:
>
> I think it would need to be set to True, not False, to have the desired
>
> effect on Guix-installed pip application.
>
to clarify, the comment in site.py says
>
set it to False to disable the feature or True to force the feature
>
and my impression was that we want to disable the user site dir by default
>
(i.e. disable the feature), right?
>
> However, we want our change to only affect applications installed with
>
> Guix. So that the user could theoretically still do e.g.
>
> python3 -m pip install --ignore-installed pip
>
> ~/.local/bin/pip install xmldiff
>
> Rn I don't see a better way to achieve this than patching
>
> python-build-system and applications like pip.
>
I can still `python3 -m pip install` with the explicit `--user`
>
switch, even when the user site dir is disabled globally via
>
ENABLE_USER_SITE=False. The only thing that changes is the default
>
search path. So that library will only be available if I explicitly add
>
.local/lib/pythonX/site-packages to PYTHONPATH.
>
Shouldn’t that also solve the original issue of Guix-installed
>
applications picking up random libraries from the user site dir.
>
Cheers,
pgpiYm_gZSesm.pgp
Description:
OpenPGP digital signature
[
Next in Thread
]
[bug#64573] [PATCH 0/3] guix: build: python-build-system: Have applications by default ignore non-Guix libraries in user site dir
,
Wojtek Kosior
,
2023/07/11
[bug#64573] [PATCH 2/3] gnu: python-pip: Enable user site even with PYTHONNOUSERSITE
,
Wojtek Kosior
,
2023/07/11
[bug#64573] [PATCH 1/3] guix: build: python-build-system: Don't process user site dir
,
Wojtek Kosior
,
2023/07/11
[bug#64573] [PATCH 3/3] guix: build: python-build-system: Honor disable-user-site? argument
,
Wojtek Kosior
,
2023/07/11
[bug#64573] [PATCH 0/3] guix: build: python-build-system: Have applications by default ignore non-Guix libraries in user site dir
,
Lars-Dominik Braun
,
2023/07/16
[bug#64573] [PATCH 0/3] guix: build: python-build-system: Have applications by default ignore non-Guix libraries in user site dir
,
Wojtek Kosior
,
2023/07/17
[bug#64573] [PATCH 0/3] guix: build: python-build-system: Have applications by default ignore non-Guix libraries in user site dir
,
Lars-Dominik Braun
,
2023/07/18
[bug#64573] [PATCH 0/3] guix: build: python-build-system: Have applications by default ignore non-Guix libraries in user site dir
,
Wojtek Kosior
<=
[bug#64573] [PATCH 0/3] guix: build: python-build-system: Have applications by default ignore non-Guix libraries in user site dir
,
宋文武
,
2023/07/21
bug#64573: [PATCH 0/3] guix: build: python-build-system: Have applications by default ignore non-Guix libraries in user site dir
,
Wojtek Kosior
,
2023/07/26
Previous by thread:
[bug#64573] [PATCH 0/3] guix: build: python-build-system: Have applications by default ignore non-Guix libraries in user site dir
Next by thread:
[bug#64573] [PATCH 0/3] guix: build: python-build-system: Have applications by default ignore non-Guix libraries in user site dir
Index(es):
Thread