Hello Pythonistas, packagers.
In the context of this change: https://fedoraproject.org/wiki/Changes/PythonSafePath
Python shebangs will have be: #! /usr/bin/python3 -sP
In order to remove certain flags, packagers have the following tool:
# Unset -s on python shebang - ensure that extensions installed with pip # to user locations are seen and properly loaded %global py3_shebang_flags %(echo %py3_shebang_flags | sed s/s//)
Or:
# Don't add -P to Python shebang # This package only works when /usr/bin is in sys.path %global py3_shebang_flags %(echo %py3_shebang_flags | sed s/P//)
In the implementation PR, Maxwell suggested a different approach: https://src.fedoraproject.org/rpms/python-rpm-macros/pull-request/141#commen...
Basically, packagers would do something like this:
# Unset -s on python shebang - ensure that extensions installed with pip # to user locations are seen and properly loaded %global _python3_shebang_nousersite %{nil}
Or:
# Don't add -P to Python shebang # This package only works when /usr/bin is in sys.path %global _python3_shebang_safepath %{nil}
The macro names are not set in stone, it could even be %_python3_shebang_s and %_python3_shebang_P.
The previous sed-based way would still work and packages that already use it would not need to change immediately.
Do you consider the macro based approach better (worth it)? And if so, do you prefer actual flag letters in the macro names, or the verbose names?
Thanks for your input.
Hey Miro,
On Thu, Jun 30, 2022, at 12:12 PM, Miro Hrončok wrote:
In order to remove certain flags, packagers have the following tool:
# Unset -s on python shebang - ensure that extensions installed with pip # to user locations are seen and properly loaded %global py3_shebang_flags %(echo %py3_shebang_flags | sed s/s//)
Or:
# Don't add -P to Python shebang # This package only works when /usr/bin is in sys.path %global py3_shebang_flags %(echo %py3_shebang_flags | sed s/P//)
In the implementation PR, Maxwell suggested a different approach: https://src.fedoraproject.org/rpms/python-rpm-macros/pull-request/141#commen...
Basically, packagers would do something like this:
# Unset -s on python shebang - ensure that extensions installed with pip # to user locations are seen and properly loaded %global _python3_shebang_nousersite %{nil}
Or:
# Don't add -P to Python shebang # This package only works when /usr/bin is in sys.path %global _python3_shebang_safepath %{nil}
The macro names are not set in stone, it could even be %_python3_shebang_s and %_python3_shebang_P.
The previous sed-based way would still work and packages that already use it would not need to change immediately.
Do you consider the macro based approach better (worth it)? And if so, do you prefer actual flag letters in the macro names, or the verbose names?
I'd much prefer the explicit named macro approach to the sed approach, I'd also prefer the flag letters in this case. It might be a bit contrary to have shorter macro names but the short names force me to look up what the options do for Python instead of never looking int to them because I think I know what 'nousersite' or 'safepath' means.
This likely comes down to personal taste so I'm interested to see what others think as well.
Regards,
Simon
"Simon de Vlieger" cmdr@supakeen.com writes:
Hey Miro,
On Thu, Jun 30, 2022, at 12:12 PM, Miro Hrončok wrote:
In order to remove certain flags, packagers have the following tool:
# Unset -s on python shebang - ensure that extensions installed with pip # to user locations are seen and properly loaded %global py3_shebang_flags %(echo %py3_shebang_flags | sed s/s//)
Or:
# Don't add -P to Python shebang # This package only works when /usr/bin is in sys.path %global py3_shebang_flags %(echo %py3_shebang_flags | sed s/P//)
In the implementation PR, Maxwell suggested a different approach: https://src.fedoraproject.org/rpms/python-rpm-macros/pull-request/141#commen...
Basically, packagers would do something like this:
# Unset -s on python shebang - ensure that extensions installed with pip # to user locations are seen and properly loaded %global _python3_shebang_nousersite %{nil}
Or:
# Don't add -P to Python shebang # This package only works when /usr/bin is in sys.path %global _python3_shebang_safepath %{nil}
The macro names are not set in stone, it could even be %_python3_shebang_s and %_python3_shebang_P.
The previous sed-based way would still work and packages that already use it would not need to change immediately.
Do you consider the macro based approach better (worth it)? And if so, do you prefer actual flag letters in the macro names, or the verbose names?
I'd much prefer the explicit named macro approach to the sed approach, I'd also prefer the flag letters in this case. It might be a bit contrary to have shorter macro names but the short names force me to look up what the options do for Python instead of never looking int to them because I think I know what 'nousersite' or 'safepath' means.
I can only agree to this.
Thanks for driving this Maxwell and Miro!
Cheers,
Dan
Jun 30, 2022 5:13:21 AM Miro Hrončok mhroncok@redhat.com:
Basically, packagers would do something like this:
# Unset -s on python shebang - ensure that extensions installed with pip # to user locations are seen and properly loaded %global _python3_shebang_nousersite %{nil}
Or:
# Don't add -P to Python shebang # This package only works when /usr/bin is in sys.path %global _python3_shebang_safepath %{nil}
The macro names are not set in stone, it could even be %_python3_shebang_s and %_python3_shebang_P.
The previous sed-based way would still work and packages that already use it would not need to change immediately.
Do you consider the macro based approach better (worth it)? And if so, do you prefer actual flag letters in the macro names, or the verbose names?
Of course, I think this is worth doing this as the person who suggested it :p. I prefer the flag letter names. They're shorter and easier to remember (after you first learn about them). Packagers will probably have to look up how to disable these flags when necessary and thus read the docs about what they actually do, anyways.
I also find the double negative `%global _python3_shebang_nousersite %{nil}` confusing. If we really want to use the verbose names (I don't), I would at least name the macro in terms of it limiting imports to only the system site-packages instead of the other way around. Something like `%_python3_shebang_sys_site_only` would be clearer, but it's a bit long for my taste.
I haven't followed it closely, but there is a Change proposal to do something similar for compiler flags in redhat-rpm-config. It might be worth alligning with that in terms of macro naming. -- Thanks,
Maxwell G (@gotmax23) Pronouns: He/Him/His
On 30. 06. 22 12:12, Miro Hrončok wrote:
Hello Pythonistas, packagers.
In the context of this change: https://fedoraproject.org/wiki/Changes/PythonSafePath
Python shebangs will have be: #! /usr/bin/python3 -sP
In order to remove certain flags, packagers have the following tool:
# Unset -s on python shebang - ensure that extensions installed with pip # to user locations are seen and properly loaded %global py3_shebang_flags %(echo %py3_shebang_flags | sed s/s//)
Or:
# Don't add -P to Python shebang # This package only works when /usr/bin is in sys.path %global py3_shebang_flags %(echo %py3_shebang_flags | sed s/P//)
In the implementation PR, Maxwell suggested a different approach: https://src.fedoraproject.org/rpms/python-rpm-macros/pull-request/141#commen...
Basically, packagers would do something like this:
# Unset -s on python shebang - ensure that extensions installed with pip # to user locations are seen and properly loaded %global _python3_shebang_nousersite %{nil}
Or:
# Don't add -P to Python shebang # This package only works when /usr/bin is in sys.path %global _python3_shebang_safepath %{nil}
The macro names are not set in stone, it could even be %_python3_shebang_s and %_python3_shebang_P.
The previous sed-based way would still work and packages that already use it would not need to change immediately.
Do you consider the macro based approach better (worth it)? And if so, do you prefer actual flag letters in the macro names, or the verbose names?
The macro-based approach has landed in rawhide. See https://fedoraproject.org/wiki/Changes/PythonSafePath#Opting_out
packaging@lists.fedoraproject.org