From Fedora Project Wiki
Line 70: Line 70:
<!-- Does this feature require coordination with release engineering (e.g. changes to installer image generation or update package delivery)?  Is a mass rebuid required?  If a rel-eng ticket exists, add a link here.
<!-- Does this feature require coordination with release engineering (e.g. changes to installer image generation or update package delivery)?  Is a mass rebuid required?  If a rel-eng ticket exists, add a link here.
Please work with releng prior to feature submission, and ensure that someone is on board to do any process development work and testing; don't just assume that a bullet point in a change puts someone else on the hook.-->
Please work with releng prior to feature submission, and ensure that someone is on board to do any process development work and testing; don't just assume that a bullet point in a change puts someone else on the hook.-->
** [[Fedora_Program_Management/ReleaseBlocking/Fedora26|List of deliverables]]: All Fedora deliverables will be affected in a very minor way that does not jeopardize their delivery.
** [[Fedora_Program_Management/ReleaseBlocking/Fedora26|List of deliverables]]: All Fedora deliverables will be affected in a minor way that does not jeopardize their delivery.
<!-- Please check the list of Fedora release deliverables and list all the differences the feature brings -->
<!-- Please check the list of Fedora release deliverables and list all the differences the feature brings -->



Revision as of 14:48, 9 December 2016

Making sudo pip Safe (Again)

Summary

At the present time, running sudo pip3 in Fedora is not safe. It can overwrite files managed by dnf and generally break the Python 3 interpreter. We propose a series of measures that will make it safe to use.

Owner

Current status

  • Targeted release: Fedora 26
  • Last updated: 2016-12-09
  • Tracker bug: <will be assigned by the Wrangler>

Detailed Description

The danger of using sudo pip3 stems from the fact that both Python dnf packages and sudo pip3 install modules to the same location, namely /usr/lib/pythonX.Y/site-packages.

We aim to move the working directory for sudo pip3 to a more appropriate location: /usr/local/lib/pythonX.Y/site-packages, and modify the Python 3 interpreter in Fedora to scan both above mentioned locations when importing modules. In addition, system-python—a stripped down version of Python 3 for use by system tools—will not read the sudo pip3 install location, making it more sucure by being less susceptible to interference by user-downloaded modules.

From the technical standpoint, this will be accomplished by changing the sys.prefix setting in the /usr/bin/python3 executable from /usr/ to /usr/local. pip3 will thereafter use this prefix when determining where to install modules. In addition, the original path /usr/lib/pythonX.Y/site-packages will be added to the sys.path variable (so that modules at that location are still processed when importing), because this path will not be automatically scanned anymore as it no longer lies inside the sys.prefix path. These settings, however, will not be modified for the system-python binary, and the %{__python3} macro will be changed from /usr/bin/python3 to /usr/libexec/system-python. Therefore, Python dnf packages will continue to be built with the correct installation path for system modules.

Note that using sudo pip3 is not strictly necessary, as using pip3 install --user would satisfy the vast majority of use cases. Nevertheless, sudo pip is far too prevalent an instruction in various guides and installation notes throughout the Internet that there is little hope of changing users' behaviour in this regard.

Benefit to Fedora

Fedora users will benefit from the increased stability of the ecosystem. No longer will they wonder why their Python interpreter or system modules don't work after using sudo pip3.

Scope

  • Proposal owners:
    • Modify the Python 3 executable as described above.
    • Modify the %{__python3} macro so that it points to /usr/libexec/system-python
  • Other developers: Spec files that use pip3 install without the use of a macro will need to be modified accordingly. Only 3 like packages were identified (python-flit, python-entrypoints, python-setuptools).
  • Release engineering: A rebuild of all Python packages will be necessary.
    • List of deliverables: All Fedora deliverables will be affected in a minor way that does not jeopardize their delivery.
  • Policies and guidelines: The definition of the %{__python3} macro will be updated as mentioned above.
  • Trademark approval: Not needed for this Change

Upgrade/compatibility impact

Upgraded systems will continue to work as expected. Modules previously installed using sudo pip3 will remain in the location now reseved for system modules, and will need to be manually deleted if removal is required. However, they won't pose a threat to the stability of the system.

How To Test

Test dnf-installed modules

1. Install any Python 3 module using dnf.

2. Check if a corresponding file or directory was created at /usr/lib/pythonX.Y/site-packages/.

3. Run python3 and try to import said module.

4. Run /usr/libexec/system-python and try to import said module.

Test sudo pip3–installed modules

1. Install any Python 3 module using sudo pip3

2. Check if a corresponding file or directory was created at /usr/local/lib/pythonX.Y/site-packages/.

3. Run python3 and try to import said module.

4. Run /usr/libexec/system-python and try to import said module—the import should fail.

User Experience

Running sudo pip3 won't randomly result in a broken Python 3 on the user's system.

Dependencies

N/A

Contingency Plan

  • Contingency mechanism: Do not push changes to python3 and Python macros into rawhide.
  • Contingency deadline: beta freeze
  • Blocks release? No

Documentation

Discussions

0. TODO: Email thread about sudo pip install

1. https://groups.google.com/forum/#!topic/pypa-dev/r6qsAmJl9t0

Release Notes

The location where sudo pip3 installs modules has been changed to /usr/local/lib/pythonX.Y/site-packages, and is henceforth safe to use. No other changes in user experience are expected.