= Proposed Self Contained Change: Making sudo pip Safe (Again) =

Change owner(s):
* Michal Cyprian <mcyprian AT redhat DOT com>
* Petr Viktorin <pviktori AT redhat DOT com>
* Tomas Orsava <torsava AT redhat DOT com>
* Miro Hroncok <mhroncok AT redhat DOT com>

At the present time, running sudo pip3 in Fedora is not safe. Pip
shares its installation directory with dnf, can remove dnf-managed
files and generally break the Python 3 interpreter. We propose a
series of measures that will make it safe to use.

== Detailed Description ==
The danger of using sudo pip3 stems from the fact that both Python dnf
packages and sudo pip3 install modules to the same location, namely

We aim to move the working directory for sudo pip3 to a more
appropriate location: /usr/local/lib/pythonX.Y/site-packages, and
modify the Python 3 interpreter in Fedora to scan both above mentioned
locations when importing modules. In addition, system-python—a
stripped down version of Python 3 for use by system tools—will not
read the sudo pip3 install location, making it more secure by being
less susceptible to interference by user-downloaded modules.

From the technical standpoint, this will be accomplished by changing
the sys.prefix setting in the /usr/bin/python3 executable from /usr/
to /usr/local. pip3 will thereafter use this prefix when determining
where to install modules. In addition, the original path
/usr/lib/pythonX.Y/site-packages will be added to the sys.path
variable (so that modules at that location are still processed when
importing), because this path will not be automatically scanned
anymore as it no longer lies inside the sys.prefix path. These
settings, however, will not be modified for the system-python binary,
and the %{__python3} macro will be changed from /usr/bin/python3 to
/usr/libexec/system-python. Therefore, Python dnf packages will
continue to be built with the correct installation path for system

Note that using sudo pip3 is not strictly necessary, as using pip3
install --user would satisfy the vast majority of use cases.
Nevertheless, sudo pip is far too prevalent an instruction in various
guides and installation notes throughout the Internet that there is
little hope of changing users' behaviour in this regard.

== Scope ==
* Proposal owners:
Modify the Python 3 executable as described above.
Modify the %{__python3} macro so that it points to /usr/libexec/system-python

* Other developers:
Spec files that use pip3 install without the use of a macro will need
to be modified accordingly. Only 3 like packages were identified
(python-flit, python-entrypoints, python-setuptools).

* Release engineering:
A rebuild of all Python packages will be necessary.

* List of deliverables:
All Fedora deliverables will be affected in a minor way that does not
jeopardize their delivery.

* Policies and guidelines:
The definition of the %{__python3} macro will be updated as mentioned above.

* Trademark approval:
Not needed for this Change
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Reply via email to