12:54 p.m.
Hello Python packagers.
Our pip has a custom patch that warns if "pip install" is run as root
(emit-a-warning-when-running-with-root-privileges.patch). That I think is a good
idea to have, as many users will still find "sudo pip install" instructions on
the Internet and they can potentially nuke their system.
What I realized today is that this warning is visible when we use pip during
packaging of rpm packages (e.g. with %pyproject_install):
+ /usr/bin/python3 -m pip install --root
/builddir/build/BUILDROOT/python-pytest-4.4.2-0.fc33.x86_64 --no-deps
--disable-pip-version-check --progress-bar off --verbose --ignore-installed
--no-warn-script-location --no-index --no-cache-dir --find-links
pyproject-wheeldir pytest==4.4.2
WARNING: Running pip install with root privileges is generally not a good idea.
Try `python3 -m pip install --user` instead.
...
It would be nice if we were able to suppress this warning.
There are several options to handle this I could brainstorm myself:
1) Add a custom --no-warn-root-privileges option and use it in our macros. This
is a problem because we are introducing downstream only API. When others use
this flag with upstream pip, it fails.
2) Hide the warning when $RPM_BUILD_ROOT is set. This sounds good for our macro
invocations, however it would also hide the warning when using naïve "pip
install foo" in spec. We might want to keep the warning in such cases.
3) Introduce an environment variable (e.g. PIP_NOWARN_ROOT) and set it from our
macros. Like (1), this adds a new API, however with upstream pip, it "simply"
does nothing.
4) Introduce our warning upstream, but make it opt-in only. Have
--warn-root-privileges / --no-warn-root-privileges options. In Fedora, only
patch the default value. (We could also propose our defaults upstream, but IIRC
there were reservation when we tried to upstream this patch.) IMHO This might be
the best approach, but arguably also the most complex one.
5) Hide the warning when --root is set. When using "sudo pip install" with
custom --root, users are more likely to do it on purpose and it would remove the
warning in all our macros without a need to touch them. IMHO This solution has
the best effort/gain ratio.
What do you think?
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
2:17 p.m.
New subject: Suppress "running pip install with root privileges" warning in
RPM macros?
On Tue, 2020-07-07 at 19:54 +0200, Miro Hrončok wrote:
*snip*
What do you think?
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
I am not really a Fedora packager but 5) seems the best option to me.
Like you said, people setting --root are very likely doing it on
purpose. There are also a few tools that might use --root, and I
wouldn't want to add a fedora specific API in the upstream.
This behavior could also be extended to --prefix.
Cheers,
Filipe Laíns
6:48 a.m.
New subject: Suppress "running pip install with root privileges" warning in
RPM macros?
On 2020-07-07 19:54, Miro Hrončok wrote:
1) Add a custom --no-warn-root-privileges option
2) Hide the warning when $RPM_BUILD_ROOT is set.
3) Introduce an environment variable (e.g. PIP_NOWARN_ROOT)
4) Introduce our warning upstream, but make it opt-in only.
5) Hide the warning when --root is set.
What do you think?
I like option 5 as well.
It's just a warning, not an error, because there are cases where you
"know what you're doing", such as containers/VMs, where "sudo pip"
may
be appropriate. All uses of --root that come to my mind are such cases.
Users who follow tutorials without "knowing what they're doing" are very
unlikely to use --root.
1:21 a.m.
New subject: Suppress "running pip install with root privileges" warning in
RPM macros?
I was curious how hard it'd be to implement this and it turned out to be
very simple so I've prepared a PR:
https://src.fedoraproject.org/rpms/python-pip/pull-request/67
Lumír
On 7/9/20 1:48 PM, Petr Viktorin wrote:
On 2020-07-07 19:54, Miro Hrončok wrote:
> 1) Add a custom --no-warn-root-privileges option
> 2) Hide the warning when $RPM_BUILD_ROOT is set.
> 3) Introduce an environment variable (e.g. PIP_NOWARN_ROOT)
> 4) Introduce our warning upstream, but make it opt-in only.
> 5) Hide the warning when --root is set.
>
> What do you think?
I like option 5 as well.
It's just a warning, not an error, because there are cases where you
"know what you're doing", such as containers/VMs, where "sudo
pip" may
be appropriate. All uses of --root that come to my mind are such cases.
Users who follow tutorials without "knowing what they're doing" are
very unlikely to use --root.
_______________________________________________
python-devel mailing list -- python-devel(a)lists.fedoraproject.org
To unsubscribe send an email to
python-devel-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/python-devel@lists.fedorapr...
5:47 a.m.
New subject: Suppress "running pip install with root privileges" warning in
RPM macros?
On 10. 07. 20 8:21, Lumir Balhar wrote:
I was curious how hard it'd be to implement this and it turned
out to be very
simple so I've prepared a PR:
https://src.fedoraproject.org/rpms/python-pip/pull-request/67
Thank You, Lumír.
I've merged and built it.
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
1379
days inactive
1382
days old
python-devel@lists.fedoraproject.org
4 comments
4 participants
participants (4)
-
Filipe Laíns -
Lumir Balhar -
Miro Hrončok -
Petr Viktorin