[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#64573: [PATCH 0/3] guix: build: python-build-system: Have applicatio
|
From: |
Wojtek Kosior |
|
Subject: |
bug#64573: [PATCH 0/3] guix: build: python-build-system: Have applications by default ignore non-Guix libraries in user site dir |
|
Date: |
Wed, 26 Jul 2023 11:14:51 +0200 |
> Hello, I think we can let pip just break as other distros (eg: ArchLinux
> and Debian) with PEP-668.
>
> https://gitlab.archlinux.org/archlinux/packaging/packages/python/-/blob/main/EXTERNALLY-MANAGED
> https://pythonspeed.com/articles/externally-managed-environment-pep-668/
> https://peps.python.org/pep-0668/#recommendations-for-distros
>
> With usage guide towards virtual environments, guix shell, or pipx
> (not packaged yet).
>
> Consider other distros does the same thing, this should be safer.
>
> What do you think? 🤔
You're right, making pip break and recommend pipx seems like the right
thing to do.
I opened a new issue with patches that add python-pipx (haven't done
anything related to the 'EXTERNALLY-MANAGED' file yet, tho).
Thanks,
Wojtek
-- (sig_start)
website: https://koszko.org/koszko.html
fingerprint: E972 7060 E3C5 637C 8A4F 4B42 4BC5 221C 5A79 FD1A
follow me on Fediverse: https://friendica.me/profile/koszko/profile
♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
-- (sig_end)
On Sat, 22 Jul 2023 08:30:04 +0800 宋文武 <iyzsong@envs.net> wrote:
> Wojtek Kosior <koszko@koszko.org> writes:
>
> > Python applications used to prioritize loading their libraries from
> > so-called
> > "user site dir" (usually in ~/.local/lib/python<VERSION>/site-packages). The
> > libraries would only be loaded from /gnu/store when not found in the user
> > site
> > dir. This used to cause hard-to-diagnose bugs like [1] when a user happened
> > to
> > have a similar but incompatible version of a library installed via pip.
> >
> > These patches modify the python-build-system's procedure responsible for
> > wrapping executables. The modified proc defines a PYTHONNOUSERSITE variable
> > which makes Python applications disregard the user site dir when loading
> > libraries.
> >
> > While this solution does harden most Python applications, it can also break
> > a
> > few ones like pip that operate on the user site dir itself. To work around
> > that, the second patch introduces a change to pip to allow installing to the
> > user site directory even when PYTHONNOUSERSITE is set by the Guix-created
> > wrapper script.
>
> Hello, I think we can let pip just break as other distros (eg: ArchLinux
> and Debian) with PEP-668.
>
> https://gitlab.archlinux.org/archlinux/packaging/packages/python/-/blob/main/EXTERNALLY-MANAGED
> https://pythonspeed.com/articles/externally-managed-environment-pep-668/
> https://peps.python.org/pep-0668/#recommendations-for-distros
>
> With usage guide towards virtual environments, guix shell, or pipx
> (not packaged yet).
>
> Consider other distros does the same thing, this should be safer.
>
> What do you think? 🤔
pgp9Ieur83x1U.pgp
Description: OpenPGP digital signature