From Fedora Project Wiki

Revision as of 09:43, 29 May 2018 by Till (talk | contribs)


= Change Proposal Name = User PATH Prioritization

Summary

Changing user PATH ~/.local/bin to be added to the top of the PATH list instead of the end. This will bring Fedora in sync with other distributions which already fixed this issues (Debian/Ubuntu) and will allow users to install and use their own command line tools, also fixing multiple bugs where user installed tools cannot be accessed because the system installed ones took precedence.

Owner

Current status

  • Targeted release: Fedora 29
  • Last updated: 2018-05-29
  • Tracker bug: <will be assigned by the Wrangler>

Detailed Description

Currently if user is installing his own tools with installers like (pip), they will be installed inside ~/.local/bin but if the same CLI tools are installed at system level the user would not be able to use his own tools because the system one would be picked instead. This happens because .bashrc file adds user PATH to the end instead of the top of PATH list variable.

Same problem was happening with other distributions but they fixed it (Debian bug #83915)

Example: "pip install --user virtualenv" would install virtualenv at user level, adding ~/.local/bin/virtualenv executable. Still, if virtualenv happens to be installed at system level, this would currently be used instead of user installed one. On the other hand, python itself already knows to prefer user installed modules which means that "python -m virtualenv" will call user installed module instead of the system one.

If we change the order and to assure the user folders do take precedence, we would assure that python modules and shell scripts would use the same modules, avoiding weird bugs where what you call is not what you installed.

The issue is not unique to pip installed and applies to any tools that are installed in default XDG folder locations.

There should be no security concerns due to this change because any user is already able to add executables and to alter its own PATH, which means that if someone wants to trick a user to use another executable, they are already able to do that.

Benefit to Fedora

This change makes it possible for users to install and use tools at user level, without requiring them to hack their user PATH in order to be able to use them.

This bring Fedora in sync with other major Linux distributions which adopted the same path, priorietization.

Scope

  • Proposal owners: ssbarnea
  • Other developers: N/A (not a System Wide Change)
  • Policies and guidelines: N/A (not a System Wide Change)
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

N/A (not a System Wide Change)

How To Test

  1. pip install --upgrade --user virtualenv
  2. check that which virtualenv returns ~/.local/bin/virtualenv instead of another value like /usr/bin/virtualenv

There are no risk on breaking current deployments because this change would affect only newly created user accounts and nothing from default system installation would be installing tools at user level.

N/A (not a System Wide Change)

User Experience

This would bring a huge benefits for Python package creators which avoided promoting user of pip install --user <packagename> for the sole reason that the executable may not be picked. Almost all python tools that are installing CLI utilities do have at least one bug raised by a user that reported that the wrong tool version was used instead.

Dependencies

bash

N/A (not a System Wide Change)

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), Yes/No
  • Blocks product? product

Documentation

N/A (not a System Wide Change)

Release Notes

Fedora will now prioritizes commands from $HOME/.local/bin over system-wide paths to allow to easily mask system binaries with newer versions. For example pip install --user virtualenv will now work even when virtualenv from the package repositories is installed.