From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id wB2vMQZNoGQ6NQEASxT56A (envelope-from ) for ; Sat, 01 Jul 2023 17:57:58 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id OOKLMQZNoGQ5swAA9RJhRA (envelope-from ) for ; Sat, 01 Jul 2023 17:57:58 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 688DD47C7C for ; Sat, 1 Jul 2023 17:57:58 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qFcyK-0000GE-8S; Sat, 01 Jul 2023 11:57:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qFcyI-0000Fm-Kn for guix-devel@gnu.org; Sat, 01 Jul 2023 11:57:14 -0400 Received: from mail-qv1-xf2a.google.com ([2607:f8b0:4864:20::f2a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qFcyH-0002n4-7G for guix-devel@gnu.org; Sat, 01 Jul 2023 11:57:14 -0400 Received: by mail-qv1-xf2a.google.com with SMTP id 6a1803df08f44-635dd1b52a2so20493016d6.3 for ; Sat, 01 Jul 2023 08:57:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1688227032; x=1690819032; h=mime-version:user-agent:message-id:in-reply-to:date:references :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=Gbbnfcx0wGsuKr10ZaZcUG60+mL8E/P6jjp9Q1F+8QI=; b=sqVGHooeideTHaFuElWtzgT+UsXsB0NgWZSIiLETiTaXQLLaVxwTREHYXuBdHvkVxb pqHkdhJub4QqWwoonJPQrZHvMOGbZ8Cq5amn+QPNFRyzt6ZRwuthcYPt3RC8/+dbYfTB i+arhuy5LYqz7NPZs3H0AVTYVjDUZf0FGr9Nwcr8olYo4HI87hkXbhsGHcFOn1zOiCeb 4XxOxPENmRBseXS+F008puA7TOwZHEgFqy1w57RKPuePwMV9YoW7ZqN2X5tpVH7Uhmzd STpLY6FLrESYQmZNm0mzK3W2/Kk2mceNgGtQOWGK0dAWJ30sIL3WjXS+OrrQvDYuT82E mqTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688227032; x=1690819032; h=mime-version:user-agent:message-id:in-reply-to:date:references :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=Gbbnfcx0wGsuKr10ZaZcUG60+mL8E/P6jjp9Q1F+8QI=; b=EJCpyZDudisDAKK4zbyEfk8t/XR0g4UO2L4dbBnyoIhcqyV9YYXvCuJIASVAuYgYNy 6HPh0dshuya/fIbCqrhoiW9r3zOiMxW20EjPTYhUYncxO+t5ePp7/Mkrhcwx1KKCDz9D AiVO8bzEjdkMJCWEWo19hrGcg85xRGD/D4wRU3H5Y/ChDq+uGiLSvyE0G6Evqf5eiPbU sjfAb5UPgerUR2u1mqmNsGmB4atX4UT/8Lflwn0utn2jUChlTcarRPB4qBw7YSNbX67r fmVjFSjdKUHz5xQXHJW71ISG1ASfSCzXgC/VHWZukyZhf/yZYO57vu8UDHzDHAwKbT9J rcng== X-Gm-Message-State: ABy/qLZHOR7l7XZ5qi9/m9ie25OW4GcbPBkY7Uy2rtKixvs3xNrmaUrR 5ZNL6bD5YFxkzHzcqUSMXGJXzuFdVh8= X-Google-Smtp-Source: APBJJlGJup2vHwCVXhi9BlyeGAqiAZrE10rmf2+SoStR9wyBtbG1GC8OcNNBzFM5exk3vpDjMKxrWw== X-Received: by 2002:a05:6214:20ef:b0:635:f23e:ef97 with SMTP id 15-20020a05621420ef00b00635f23eef97mr7872710qvk.7.1688227031746; Sat, 01 Jul 2023 08:57:11 -0700 (PDT) Received: from hurd (dsl-10-133-148.b2b2c.ca. [72.10.133.148]) by smtp.gmail.com with ESMTPSA id t11-20020a056214154b00b00631f02c2279sm9213075qvw.90.2023.07.01.08.57.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 01 Jul 2023 08:57:11 -0700 (PDT) From: Maxim Cournoyer To: Wojtek Kosior Cc: =?utf-8?B?5a6L5paH5q2m?= , edk@beaver-labs.com, guix-devel Subject: Re: Guix's python has pip's user dir in its loadpath References: <87edmey1wg.fsf@rdklein.fr> <877crma7qe.fsf@envs.net> <87edls1fyk.fsf@gmail.com> <20230701133257.6ada1e94.koszko@koszko.org> Date: Sat, 01 Jul 2023 11:57:09 -0400 In-Reply-To: <20230701133257.6ada1e94.koszko@koszko.org> (Wojtek Kosior's message of "Sat, 1 Jul 2023 13:32:57 +0200") Message-ID: <871qhr1v6y.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=2607:f8b0:4864:20::f2a; envelope-from=maxim.cournoyer@gmail.com; helo=mail-qv1-xf2a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Seal: i=1; s=key1; d=yhetil.org; t=1688227078; a=rsa-sha256; cv=none; b=LH240Pup1E0uzYR9zXInwuVCvCna1IHZEW2KzguNmxOUlAkV/P7FvN9Wub6WVzgBeQt5Yr oEHZPZbJD7Zjhx0sBHIdOp2yGUdhq1c+3ZSQySK77Gusd9JsVBzEwIEXXOBITqP9bV51RS esXSq2+pcbAgVdKgaV+wEsw41h3SrdZTBB6RTTi3ORTzzdXvvnbPzge8fdpX8B6WlyUo0m Zsek7TwtpKT9hcFY/G6eD4FWBiF0idXAeotbrkH5/NXDGWQhMh2CKrBBAHzYf5vHuHPnIE SfutvCkke6THHJyoKH7R0kfosx8be/rXkOQ3KqUueSmGvMIgdlcKUAjrHUa4Cg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20221208 header.b=sqVGHooe; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1688227078; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=Gbbnfcx0wGsuKr10ZaZcUG60+mL8E/P6jjp9Q1F+8QI=; b=LMPINWItSf5+yL8uDeLdPkcMCdPvjdCYhFt4ot2KAQKn6ZhFmMeRilUMyO1famwVcWqdnz cynvCwB7mcnmc1vgkY3gAL0pLqQHKvFvrSK6OParemOUkcUz7X7EX+Z9Uj464wv9NOWpLz 6l6BjBAcCv8HHw8a5Sr6qIrrH1mRTO10cXSYGxbMV22MtCfXkX50VHHmkC7Izl6JqKw/Oi aL526/AbueRdiOAZLuInqnFrZ65XLFhpBvbq+9YGQYiMhniN7p9ifmtgAjRNJa8A/hBaVl ibzTQmzLIi5WNZw8DWYWKfxvQEGNo41F6C4cAZ6dat9SwOmycv42B1zfjpTR1Q== Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20221208 header.b=sqVGHooe; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Scanner: scn0.migadu.com X-Migadu-Spam-Score: -7.22 X-Spam-Score: -7.22 X-Migadu-Queue-Id: 688DD47C7C X-TUID: idwcjR8bj2fH Hi, Wojtek Kosior writes: > The precedence of local, pip-installed Python libraries over Guix ones > has already been a source of bugs. And these can be hard to diagnose. > I imagine an optimal solution would be to configure this behavior on > per-package basis. The vast majority of applications does not need to > load local libraries. There are just a few exceptions like > `python-virtualenv`. > > Once I did write a package definition that deliberately disabled user > site dir package loading. I used code similar to what's below. > >> (modify-phases %standard-phases >> (add-after 'wrap 'prevent-local-package-interference >> (lambda* (#:key outputs #:allow-other-keys) >> (substitute* (string-append (assoc-ref outputs "out") >> "/bin/") >> (("^#!/.*$" shabang) >> (string-append shabang >> "export PYTHONNOUSERSITE=1\n")))))) That is indeed a simple thing we could do to harden Python binaries from picking up user pip-installed dependencies potentially causing problems. I would welcome such a patch. > Of course, it makes no sense to add such snippet to all definitions. > Instead, we could modify python-build-system to allow doing a similar > thing based on a flag passed in package's `(arguments)`. I think it need not be made configurable but just applied indiscriminately to the wrap phase used in the python-build-system. -- Thanks, Maxim