From nobody Tue Jul 12 17:00:49 2022 X-Original-To: python@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 74B6117FC2DA for ; Tue, 12 Jul 2022 17:00:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Lj6TF6Sjsz3X0j for ; Tue, 12 Jul 2022 17:00:49 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Lj6TF5XGyzrTp for ; Tue, 12 Jul 2022 17:00:49 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 26CH0nNI060375 for ; Tue, 12 Jul 2022 17:00:49 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 26CH0nKt060374 for python@FreeBSD.org; Tue, 12 Jul 2022 17:00:49 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" From: bugzilla-noreply@freebsd.org To: python@FreeBSD.org Subject: maintainer-feedback requested: [Bug 265176] lang/python3* distributes ensurepip, etc, which can break devel/py-pip and devel/py-setuptools Date: Tue, 12 Jul 2022 17:00:49 +0000 X-Bugzilla-Type: request X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: python@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? Message-ID: In-Reply-To: References: X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: FreeBSD-specific Python issues List-Archive: https://lists.freebsd.org/archives/freebsd-python List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-python@freebsd.org X-BeenThere: freebsd-python@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1657645249; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jCKA0WV51AT/6bdtjM6RdU1UfRZHuR9RenT5ZcX+SfE=; b=XtW6ykJ5CtcrgGOY3Jk3e++GjHD8GVVWp+4n9x/piRZFtPfMAqq4kprGhjISTbcfiXlDsf LjJAB0j8Ghi3DAZcxEi5O8XgvmN5YpaFUGUtpKr6WNxQm9jPDpgEsBI8HfL/CPiEkqJdHo /ABc1jbV5r+uvjnWLHhHN4D969ZWjcayf3eT3+a93fu8aa1QO5/D+aWxrt0h4Qqnl8R8mW f2glWsJZNUvs2069hMNA94roWj6v4df4sNY1uGQPLAbuhZoQCdhj4Xv54if8oL9bkRkt+a XSuwAfSW6Xu0Xe1d2dg4OeV9O2XZhdIzfpmku7yEyVJMrhhU/qrs8MTQQLxP/A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1657645249; a=rsa-sha256; cv=none; b=UClWR8QE5y6hzrFhjG8WjpmjaUkd/wbVLtMqKjMjn0P+blg1PNjb5BjV5xGZ1bJ/KEjImy jVz47g4HtzpHp7t24CShaKztWvs3VAmIiSyw9iGC8VeCwzifssC3PeNeV9SCMmUrhQjlnA dpvLs9RrwWz3P8Dg7uGyBFVtZgeB9PxRH8JfULM481eSImGMgEPaWpELMTpnm62aOwoHzI DJefmAKvYhez9+5wV5a9sA9BNjM9WHsQPGV0rzCoirKCbDYwbVX9J7D0vixN3ndU1fm2pp 5yH7Y4doEAYB6FUj3SrgswqB9EDUf/H4tpDOVF8mhMc0wz7bDBWWMVjTMEKmHA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N Bugzilla Automation has asked freebsd-python (Nobody) for maintainer-feedback: Bug 265176: lang/python3* distributes ensurepip, etc, which can break devel/py-pip and devel/py-setuptools https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D265176 --- Description --- The python interpreter provides setuptools/pip along with the interpreter f= or bootstrapping the pip and setuptools packages: https://docs.python.org/3/library/ensurepip.html . Using ensurepip from python is wrought with headaches though; using it can break systems in the following scenarios: 1. lang/python310 distributes pip/setuptools version X, whereas devel/py-pip requires pip/setuptools version Y. If version X > version Y and `python3.10 ensurepip --upgrade` is run by root, ensurepip will upgrade the system pack= age versions of pip/setuptools, resulting in files being installed to the system site-packages which no longer match the devel/py-pip@py310 installed files. 2. The root user has a non-permissive umask (007). If `python3.10 -m ensure= pip --upgrade` is run as root, the packages installed will not be accessible to unprivileged users (depending on group ownership), rendering packages which rely on setuptools (and the libraries it provides) unusable to unprivileged users. ensurepip should be completely removed from lang/python3* and instead provi= ded as a separate standalone package, e.g., devel/py-ensurepip, OR (better yet) just removed from lang/python3*, requiring the end-user to rely on devel/py= -pip and devel/py-setuptools packages explicitly. The latter option is how other *nix distributions (CentOS Linux, Debian Linux) have dealt with this potent= ial pitfall. More discussion about this can be found in PEP-453: https://peps.python.org/pep-0453/ .