From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id oB/FOWrfpmTTIAAASxT56A (envelope-from ) for ; Thu, 06 Jul 2023 17:36:11 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id +G5pOWrfpmR08QAAauVa8A (envelope-from ) for ; Thu, 06 Jul 2023 17:36:10 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 85BA645D88 for ; Thu, 6 Jul 2023 17:36:10 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qHR1A-0005cJ-88; Thu, 06 Jul 2023 11:35:40 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qHR17-0005c9-BN for guix-devel@gnu.org; Thu, 06 Jul 2023 11:35:37 -0400 Received: from mail-qk1-x733.google.com ([2607:f8b0:4864:20::733]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qHR12-0007cs-C3 for guix-devel@gnu.org; Thu, 06 Jul 2023 11:35:37 -0400 Received: by mail-qk1-x733.google.com with SMTP id af79cd13be357-765942d497fso86515785a.1 for ; Thu, 06 Jul 2023 08:35:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1688657717; x=1691249717; h=mime-version:user-agent:message-id:in-reply-to:date:references :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=JoPjQ/FvcqwgQOlGowLDGWXThCKWUioWmRrSnYCSJNk=; b=n3d3QXwH8R27FmTjj4UM+6fd5g6yd1s5vyTRscns+eT3Kow4aETwz8aFeY83uy+F0o 59tFqPm63SpyaW9FPkFcYbGnIp7/DvRdOXr6RvJuZIn517Mh+QURqmAd0cBjbrifloJk PZE11OhUmTVzeXTvUxCRb2kbGLU2Rc6S04jdgy6wSYK9UmUookaJhlbQ7bmKWUtVxynE 4sBNuymZWeE4C+5r4lke4g4Yyjs1R2KIlHYfBxyP0udiNC3QjbvpO8WU+s2kQ0vfzZMh yXrCNEzFx2k2lFRulHEhy8H5srlRWoIxO9iqc38I25T7T3BLjz2dqpRMrt2LFxMJpgAU 2ioA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688657717; x=1691249717; h=mime-version:user-agent:message-id:in-reply-to:date:references :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=JoPjQ/FvcqwgQOlGowLDGWXThCKWUioWmRrSnYCSJNk=; b=eJ6hoDf/oz2VPVOXEPuxk1l8JP7Bnvm1NrpxygIiVTnYb/bkoO6HzON2v9QcRQj/7I wRqQLPZewwHl3ecwLZcbLFca3siYFEjyTiIedg14EEgYZYjopTcQ/ctpfMI31ojblgys SLc/K6/sDNUpwmBV8D8Mpxz38jarIsnqWOU75JKBoe7F3xegm1GnGE6xSpBnHLpluTSR q8tSxyJw9WTj/26vRIcKODGlcmgLkeutiWl3661VQwZ4kJPMVT452zDunW2YU/6qpeP9 3C35dlqpv8ZctHw9UxQwebYcUjOvGK67YsrWpJDgW3Rg+rHQP0D60B/zuSVOv+LtYr/x pxPQ== X-Gm-Message-State: ABy/qLaoNjMIN//NvH+qjR+99dqf7gk2arSOt4FnAlngmzmeHJOK1whB RgkNXIMPCiUxvp4cyJBMrQkAtHXrp+E= X-Google-Smtp-Source: APBJJlEE0YJOvWRXGtHQqcumpqCBnXnRNmqKXmG5T2iIQP754fvEgkq40wrHHeXtOqr9i3+WLFdfPA== X-Received: by 2002:a0c:e393:0:b0:632:30e:319 with SMTP id a19-20020a0ce393000000b00632030e0319mr2092255qvl.59.1688657716665; Thu, 06 Jul 2023 08:35:16 -0700 (PDT) Received: from hurd (dsl-205-236-230-179.b2b2c.ca. [205.236.230.179]) by smtp.gmail.com with ESMTPSA id x19-20020a0cda13000000b00636b3519467sm990698qvj.54.2023.07.06.08.35.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 08:35:16 -0700 (PDT) From: Maxim Cournoyer To: John Kehayias Cc: Wojtek Kosior , =?utf-8?B?5a6L5paH5q2m?= , edk@beaver-labs.com, guix-devel@gnu.org Subject: Re: Guix's python has pip's user dir in its loadpath References: <87edmey1wg.fsf@rdklein.fr> <877crma7qe.fsf@envs.net> <87edls1fyk.fsf@gmail.com> <20230701133257.6ada1e94.koszko@koszko.org> <871qhr1v6y.fsf@gmail.com> <87cz16kspd.fsf@protonmail.com> Date: Thu, 06 Jul 2023 11:35:15 -0400 In-Reply-To: <87cz16kspd.fsf@protonmail.com> (John Kehayias's message of "Wed, 05 Jul 2023 20:29:50 +0000") Message-ID: <87o7kpyrws.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=2607:f8b0:4864:20::733; envelope-from=maxim.cournoyer@gmail.com; helo=mail-qk1-x733.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1688657770; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=JoPjQ/FvcqwgQOlGowLDGWXThCKWUioWmRrSnYCSJNk=; b=NldgeuR0Mp3tczPc0m+kRYYjAuI2hl2YdjuIRn5PMbHc/Fbz+hAKrBRZPsQ+yi6CN0uC2F bPFqY6iXihFc0O2PM2yfL+wW8bir6PvP+YNNx+adWOzlcMKGvOeEP/PVzirshVyJQsfCwT 1oMRlOfFOtoZhaZj6JYyc5reZVuoXkfgeGz9Q+6ULK2ygGQBXq9lJKrSJZk0yD1M88I4Nn MEPvEq20LmvLP3rsRd95Vhsa97Yb6HYho5eep1CEXaqAfiw1qsQaZyvcKrFvhzUeZ9TN/D WR1e40BdCQe+GITsmzqdyzHSFwx5puvyLynTBTpxgzS9TBOrnfQJASOmWHxdRg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20221208 header.b=n3d3QXwH; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1688657770; a=rsa-sha256; cv=none; b=pf8EDV0PPqodTNFen4sCU9UHk9J5FoljfO5MFdySbc6oDm04z3IgPTiCpv8qPfPrmDA0gm TXUwrCgSsr826MmgSCPCq4b3dbgevebQVBwClupcJbG9SqeHM0elInVEqa69iPuM3D8k6d b6NQpOH5nCx/FUeu2PoLiztCKAHMJol6RcCzFaopmLBT2BtzZ6s3Qr3yxcnEEsXvha0cwx Y23WvGYwRZo+xvVzVvwY//W3toLqKxd939EeLrMQUQkFppURvuC9bJxi23AtFhCqkf/2KJ 1Zmz9v5RXNH/nzHhbo+8cQQupImYUKu2wiYdHCBcaslFq6/qPweJKYI+jQFiHg== X-Migadu-Scanner: scn1.migadu.com X-Migadu-Spam-Score: -4.94 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20221208 header.b=n3d3QXwH; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 85BA645D88 X-Spam-Score: -4.94 X-TUID: nPWHJIawgpSO Hi John, John Kehayias writes: > Hi, > > On Sat, Jul 01, 2023 at 11:57 AM, Maxim Cournoyer wrote: > >> Hi, >> >> Wojtek Kosior writes: >> >>> The precedence of local, pip-installed Python libraries over Guix ones >>> has already been a source of bugs. And these can be hard to diagnose. >> >>> I imagine an optimal solution would be to configure this behavior on >>> per-package basis. The vast majority of applications does not need to >>> load local libraries. There are just a few exceptions like >>> `python-virtualenv`. >>> >>> Once I did write a package definition that deliberately disabled user >>> site dir package loading. I used code similar to what's below. >>> >>>> (modify-phases %standard-phases >>>> (add-after 'wrap 'prevent-local-package-interference >>>> (lambda* (#:key outputs #:allow-other-keys) >>>> (substitute* (string-append (assoc-ref outputs "out") >>>> "/bin/") >>>> (("^#!/.*$" shabang) >>>> (string-append shabang >>>> "export PYTHONNOUSERSITE=1\n")))))) >> >> That is indeed a simple thing we could do to harden Python binaries from >> picking up user pip-installed dependencies potentially causing >> problems. I would welcome such a patch. >> > > Perhaps, but if this is expected (and known) upstream behavior, I'm > wary of deviating from these expectations. This general area does seem > tricky and no simple best answer I guess. While it's true that it's an intended upstream behavior, I think in the context of Guix users packages to be self-contained or in some case be able to load Guix-installed plugins or extensions, but here it seems reasonable that a Guix-packaged Python binary prefers loading Python libraries from Guix rather that from the Python user site. >>> Of course, it makes no sense to add such snippet to all definitions. >>> Instead, we could modify python-build-system to allow doing a similar >>> thing based on a flag passed in package's `(arguments)`. >> >> I think it need not be made configurable but just applied >> indiscriminately to the wrap phase used in the python-build-system. > > And this is part of the same question then, we should try to be > consistent, yes. I don't see a clear right path, but I haven't thought > much about this area. I think it comes down to a current > issue/limitation/quirk of Python from upstream and packaging for our > distro puts us in between what comes from them and how to take care of > our users. > > But we'll be rebuilding the Python world anyway, so now is a chance to > try out some changes like that, though maybe it is a bit much with > what we are trying already. See It's a simple change, I guess we could try it at the same time, if someone volunteers to do it! -- Thanks, Maxim