desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #63048
[Bug 912625] Re: #!/usr/bin/env python breaks Python-based Ubuntu packages in the presence of virtualenvs, local installations
I might take a look at c2esp, foo2zjs and pyppd in due time.
So far I'm not sure this bug is as uncontroversial as it might seem and
would really prefer a discussion about it on debian-
python@xxxxxxxxxxxxxxxx before rushing out any actions. The Debian
Python Policy currently says "Maintainers _should_ not use env ..": this
doesn't mean it's (currently) forbidden; this even means it discouraged,
but allowed.
I don't think creating a Ubuntu-specific diff for this type of bug is
the way to go: either there is a valid reason to do it and it should be
done in Debian first (with appropriate Debian Python Policy change,
lintian warning, etc) or there is none and, well, the cost of the diff
will have to be carried by Ubuntu hands. (Note that given bugs on the
respective packages, such a change could be done in very few days in
Debian.) Not doing it in "Debian first" now means that it might
eventually be done there later and that a merge will be needed; that
sounds like unneccessary work on both sides (and I like to avoid
unneccessary work).
In particular, this topic was previously discussed there:
http://lists.debian.org/debian-python/2009/09/msg00132.html and there
seemed to be reasonable agreement around a lintian warning and/or python
policy amendment (although without actions); this should really come
before blindly fixing all affected packages in Ubuntu only. (IMHO, eh).
Cheers, OdyX
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-applets in Ubuntu.
https://bugs.launchpad.net/bugs/912625
Title:
#!/usr/bin/env python breaks Python-based Ubuntu packages in the
presence of virtualenvs, local installations
Status in HP Linux Imaging and Printing:
New
Status in “c2esp” package in Ubuntu:
New
Status in “foo2zjs” package in Ubuntu:
New
Status in “gconf2” package in Ubuntu:
New
Status in “gnome-applets” package in Ubuntu:
New
Status in “hplip” package in Ubuntu:
Fix Released
Status in “mercurial” package in Ubuntu:
New
Status in “pidgin” package in Ubuntu:
New
Status in “pitivi” package in Ubuntu:
New
Status in “pyppd” package in Ubuntu:
New
Bug description:
Currently (as of 11.04, and I suspect in 11.10), several packages I've
discovered will potentially break if you have a non-system Python
executable on your PATH, e.g. using virtualenv or a custom-built
Python. As per the Debian Python Policy (I can't find a similarly
thorough document for Ubuntu),
> The preferred specification for the Python interpreter is
/usr/bin/python or /usr/bin/pythonX.Y. This ensures that a Debian
installation of python is used and all dependencies on additional
python modules are met.
> Maintainers should not override the Debian Python interpreter using
/usr/bin/env python or /usr/bin/env pythonX.Y. This is not advisable
as it bypasses Debian's dependency checking and makes the package
vulnerable to incomplete local installations of python.
I think this is reasonable, and also supported by the majority of the
Python scripts in my /usr/bin directory.
This also has potential security implications, i.e. someone with only
user-level access could override the system Python in a user's
~/.bash_profile and install a malicious version of certain package
dependencies.
dwf@barricade:~$ lsb_release -rd
Description: Ubuntu 11.04
Release: 11.04
dwf@barricade:~$ grep '#!/usr/bin/env python' /usr/bin/* /usr/sbin/* |cut -d ':' -f 1|xargs dpkg -S
gconf2: /usr/bin/gsettings-schema-convert
mercurial-common: /usr/bin/hg-ssh
hplip: /usr/bin/hp-align
hplip: /usr/bin/hp-check
hplip: /usr/bin/hp-clean
hplip: /usr/bin/hp-colorcal
hplip: /usr/bin/hp-firmware
hplip: /usr/bin/hp-hpdio
hplip: /usr/bin/hp-info
hplip: /usr/bin/hp-levels
hplip: /usr/bin/hp-makeuri
hplip: /usr/bin/hp-pkservice
hplip: /usr/bin/hp-plugin
hplip: /usr/bin/hp-probe
hplip: /usr/bin/hp-query
hplip: /usr/bin/hp-scan
hplip: /usr/bin/hp-setup
hplip: /usr/bin/hp-testpage
hplip: /usr/bin/hp-timedate
hplip: /usr/bin/hp-unload
gnome-applets: /usr/bin/invest-chart
pitivi: /usr/bin/pitivi
libpurple-bin: /usr/bin/purple-remote
libpurple-bin: /usr/bin/purple-url-handler
hplip: /usr/sbin/hpssd
dwf@barricade:~$ grep '#!/usr/bin/env python' /usr/bin/* /usr/sbin/* |cut -d ':' -f 1 |xargs dpkg -S |cut -d':' -f 1|xargs apt-cache policy
gconf2:
Installed: 2.32.2-0ubuntu2
Candidate: 2.32.2-0ubuntu2
Version table:
*** 2.32.2-0ubuntu2 0
500 http://us.archive.ubuntu.com/ubuntu/ natty/main i386 Packages
100 /var/lib/dpkg/status
hplip:
Installed: 3.11.1-2ubuntu2
Candidate: 3.11.1-2ubuntu2
Version table:
*** 3.11.1-2ubuntu2 0
500 http://us.archive.ubuntu.com/ubuntu/ natty/main i386 Packages
100 /var/lib/dpkg/status
gnome-applets:
Installed: 2.32.1.1-0ubuntu5
Candidate: 2.32.1.1-0ubuntu5
Version table:
*** 2.32.1.1-0ubuntu5 0
500 http://us.archive.ubuntu.com/ubuntu/ natty/main i386 Packages
100 /var/lib/dpkg/status
libpurple-bin:
Installed: 1:2.7.11-1ubuntu2.1
Candidate: 1:2.7.11-1ubuntu2.1
Version table:
*** 1:2.7.11-1ubuntu2.1 0
500 http://security.ubuntu.com/ubuntu/ natty-security/main i386 Packages
100 /var/lib/dpkg/status
1:2.7.11-1ubuntu2 0
500 http://us.archive.ubuntu.com/ubuntu/ natty/main i386 Packages
pitivi:
Installed: 0.13.5-1ubuntu4
Candidate: 0.13.5-1ubuntu4
Version table:
*** 0.13.5-1ubuntu4 0
500 http://us.archive.ubuntu.com/ubuntu/ natty/main i386 Packages
100 /var/lib/dpkg/status
mercurial-common:
Installed: 1.7.5-1ubuntu1
Candidate: 1.7.5-1ubuntu1
Version table:
*** 1.7.5-1ubuntu1 0
500 http://us.archive.ubuntu.com/ubuntu/ natty/universe i386 Packages
100 /var/lib/dpkg/status
To manage notifications about this bug go to:
https://bugs.launchpad.net/hplip/+bug/912625/+subscriptions
