Hi,
Wojtek Kosior <kos...@koszko.org> writes:
> The precedence of local, pip-installed Python libraries over Guix ones
> has already been a source of bugs. And these can be hard to diagnose.
> I imagine an optimal solution would be to configure this behavior on
> per-package basis. The vast majority of applications does not need to
> load local libraries. There are just a few exceptions like
> `python-virtualenv`.
>
> Once I did write a package definition that deliberately disabled user
> site dir package loading. I used code similar to what's below.
>
>> (modify-phases %standard-phases
>> (add-after 'wrap 'prevent-local-package-interference
>> (lambda* (#:key outputs #:allow-other-keys)
>> (substitute* (string-append (assoc-ref outputs "out")
>> "/bin/<program-name>")
>> (("^#!/.*$" shabang)
>> (string-append shabang
>> "export PYTHONNOUSERSITE=1\n"))))))
That is indeed a simple thing we could do to harden Python binaries from
picking up user pip-installed dependencies potentially causing
problems. I would welcome such a patch.
> Of course, it makes no sense to add such snippet to all definitions.
> Instead, we could modify python-build-system to allow doing a similar
> thing based on a flag passed in package's `(arguments)`.
I think it need not be made configurable but just applied
indiscriminately to the wrap phase used in the python-build-system.
--
Thanks,
Maxim
