-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix pip's machinery for creating an isolated build environment so that user installed packages do not override the stdlib #8213
Conversation
Working on adding a news file now... I just need to restore my pip to vanilla so that I can get tracebacks and such to post the issue to get the issue # for the news file |
I don’t understand. How would imports work if |
0f74f40
to
0526e85
Compare
@uranusjr The important thing here is the order. When python is invoked,
The code that I'm changing in The problem is that in some cases (See the issue I've now opened) it would add site-packages to the beginning of sys.path instead of a wheel. In those cases, a package in site-packages could replace a package in the stdlib with bad results. |
Because pip ships with an __main__.py file, one valid way to invoke it is: python /usr/lib/python3.6/site-packages/pip/. This results in __package__ being the empty string This, in turn, triggers the code to add the pip wheel to sys.path. Unfortunately, while this is fine to do when it's restricted to a wheel just containing pip, it isn't okay to do when it is site-packages as that will mean that other things in site-packages could end up overriding things in the stdlib (*cough*enum34*cough*). Check file extension to limit when we end up adding the extra path to sys.path. Fixes pypa#8214
0526e85
to
0ac0fb3
Compare
Is there a practical use case for this usage (that can't be handled another way)? I don't think this is a method of running pip that we particularly need to support, to be honest. |
@pfmoore If you take a look at the linked issue, this is being done in pip's own code. I mention in the issue that the code could be modified in addition to this change but I'm not sure that it is correct to do so (the code in pip wants to make sure that it re-invokes the same install of pip as is currently running. More idiomatic ways of invoking pip like |
So the same pip is already in your From my understanding, the |
@uranusjr I think you're on some sort of tangent now. I'm not adding anything to It doesn't hurt me at all if you want to remove the whole section instead of my more targetted fix but I assume that there's a reason that that code was added in the first place. |
@uranusjr Running from a wheel seems to be from @pfmoore's commit so I guess we're in the right place for him to decide if he thinks that code is still needed ;-) commit 87418e05bb55ea64476653dd41e2f4db785f02c0
Author: Paul Moore <p.f.moore@gmail.com>
Date: Mon Feb 17 18:40:39 2014 +0000
diff --git a/pip/__main__.py b/pip/__main__.py
index 92602ff5..81f3330e 100644
--- a/pip/__main__.py
+++ b/pip/__main__.py
@@ -1,4 +1,12 @@
import sys
+
+# If we are running from a wheel, add the wheel to sys.path
+# This allows the usage python pip-*.whl/pip install pip-*.whl
+if __package__ == '':
+ import os
+ path = os.path.dirname(os.path.dirname(__file__))
+ sys.path.insert(0, path) |
@uranusjr also, this is incorrect:
It's also being used by pip itself here: https://github.com/abadger/pip/blob/master/src/pip/_internal/build_env.py#L171 That's the usage that I'm fixing.
This is probably true but unfortunately it doesn't help. The problem is that pip itself is using this and therefore it has to work. It doesn't have anything to do with how I might decide to invoke pip myself. (Run the reproducer in #8214 to see that for yourself) |
Running from a wheel is needed for But please don't assume I remember the reasoning behind a commit from 6 years ago... |
I’m becoming increasingly confused. You say this has to work, but the PR, if I’m not mistaken, specifically makes it to not work? Quoting the commit message that introduced the line (464b2f3):
It is specifically designed to make sure a pip not already in |
Maybe in that case the logic needs to be more clever, and insert |
@uranusjr How are you imagining that the pip in Anything that gets added to sys.path in |
This is the same mechanism used by |
Having the discussion in 2 places, for the same topic makes it difficult to follow the discussion. Let's keep the all the discussion in #8214, and leave this PR for discussing not-design-decisions details. |
e3bd222
to
52f8308
Compare
This does not seem to work with Python 3.6 and pip download: |
Superseded by #9689. |
Because pip ships with an
__main__.py
file, one valid way to invoke itis:
python /usr/lib/python3.6/site-packages/pip/
. This results in__package__
being the empty string This, in turn, triggers the code toadd the pip wheel to sys.path. Unfortunately, while this is fine to do
when it's restricted to a wheel just containing pip, it isn't okay to do
when it is site-packages as that will mean that other things in
site-packages could end up overriding things in the stdlib
(coughenum34cough).
Check file extension to limit when we end up adding the extra path to
sys.path.
Fixed #8214