Features/SystemPythonExecutablesUseSystemPython

From FedoraProject

< Features(Difference between revisions)
Jump to: navigation, search
(Create new feature)
 
(Detailed Description)
(8 intermediate revisions by one user not shown)
Line 8: Line 8:
  
 
== Owner ==
 
== Owner ==
* Name: FIXME
+
<!--This should link to your home wiki page so we know who you are-->
 +
* Name: [[User:dmalcolm|Dave Malcolm]]
 +
 
 +
<!-- Include you email address that you can be reached should people want to contact you about helping with your feature, status is requested, or  technical issues need to be resolved-->
 +
* Email: <dmalcolm@redhat.com>
  
 
== Current status ==
 
== Current status ==
* Targeted release: [[Releases/12|  Fedora 12]]  
+
* Targeted release: [[Releases/16|  Fedora 16]]  
* Last updated: 2009-06-16
+
* Last updated: 2011-05-24
 
* Percentage of completion: 0%
 
* Percentage of completion: 0%
  
Line 23: Line 27:
  
 
These system executables are expecting to use the system python, and thus should use:
 
These system executables are expecting to use the system python, and thus should use:
<code>#! /usr/bin/python</code>
+
<code>#! /usr/bin/python</code>".
 +
 
 +
The shebang line should also contain carefully-chosen command line options for invoking python for a system executable.
 +
 
 +
FIXME: does this work?  do the command-line args from the shebang get appropriately combined with those from the invocation of the exectuable?
 +
 
 +
As of Python 2.6 and 3.0, Python supports loading user-specific Python libraries, as per [http://www.python.org/dev/peps/pep-0370/ PEP-370], which is helpful for Python developers, but isn't appropriate for system executables, and could be a security issue.  It can also lead to warnings from SELinux - see e.g. {{bz|614025}}.  The shebang line for a system executable should thus contain the "-s" argument, to suppress PEP-370.
 +
 
 +
Alternatively, we could add a <code>/usr/bin/system-python-2</code> executable (or somesuch), which invokes python 2 in an appropriate way for a system executable, isolating the exact command-line arguments to be used in one place.
 +
 
 +
TODO: are any other command-line arguments appropriate?
  
 
== Benefit to Fedora ==
 
== Benefit to Fedora ==
Line 31: Line 45:
 
== Scope ==
 
== Scope ==
 
Requires lots of one-liner fixes to numerous packages; exact list TBD.
 
Requires lots of one-liner fixes to numerous packages; exact list TBD.
 +
 +
Creation of an rpmlint test to detect usage of <code>#!/usr/bin/env</code> shebang lines, and the correct args for invoking python
  
 
== Test Plan ==
 
== Test Plan ==
  
 
TBD
 
TBD
 +
 +
* add a test to rpmlint ?
  
 
== User Experience ==
 
== User Experience ==
Line 56: Line 74:
  
 
[[Category:FeaturePageIncomplete]]
 
[[Category:FeaturePageIncomplete]]
 +
[[Category:Python]]

Revision as of 17:12, 24 May 2011

Contents

Fix shebang line of system Python executables

Summary

System executables written in Python now use a shebang line that explicitly references the system version of Python.

Remove the "#!/usr/bin/env python" shebang line from python executables, replacing with "#!/usr/bin/python"

Owner

  • Email: <dmalcolm@redhat.com>

Current status

  • Targeted release: Fedora 16
  • Last updated: 2011-05-24
  • Percentage of completion: 0%

Detailed Description

Fedora ships numerous executables written in Python. Many of them contain the shebang line: #!/usr/bin/env python

However, this makes it difficult to install alternative versions of Python on the system. If a user wishes e.g. to install python 3 on the system, and have a /usr/local/python in her PATH, this will break these executables.

These system executables are expecting to use the system python, and thus should use: #! /usr/bin/python".

The shebang line should also contain carefully-chosen command line options for invoking python for a system executable.

FIXME: does this work? do the command-line args from the shebang get appropriately combined with those from the invocation of the exectuable?

As of Python 2.6 and 3.0, Python supports loading user-specific Python libraries, as per PEP-370, which is helpful for Python developers, but isn't appropriate for system executables, and could be a security issue. It can also lead to warnings from SELinux - see e.g. RHBZ #614025. The shebang line for a system executable should thus contain the "-s" argument, to suppress PEP-370.

Alternatively, we could add a /usr/bin/system-python-2 executable (or somesuch), which invokes python 2 in an appropriate way for a system executable, isolating the exact command-line arguments to be used in one place.

TODO: are any other command-line arguments appropriate?

Benefit to Fedora

Users will be able to parallel-install local copies of older and newer releases of Python on the system and add them to the front of their PATH without breaking these executables. (e.g. Python 2.4 for Zope, or Python 3)

Scope

Requires lots of one-liner fixes to numerous packages; exact list TBD.

Creation of an rpmlint test to detect usage of #!/usr/bin/env shebang lines, and the correct args for invoking python

Test Plan

TBD

  • add a test to rpmlint ?

User Experience

Should be no user-visible change for non-Python experts.

Python developers and users wishing to parallel-install a local version of Python should now be able to add it to the front of their PATH without breaking these apps.

Dependencies

None

Contingency Plan

None; I believe that this is a collection of tiny fixes to many packages, each with minimal risk.

Documentation

TBD

Release Notes

TBD