Hi, In the process of working through the issues with sys.path on Leopard, I have found another potential Leopard bug that is particularly nasty. In Tiger, sudo preserves environment variables: $ export FOO=/tmp $ python -c "import os; print os.environ['FOO']" /tmp $ sudo python -c "import os; print os.environ['FOO']" /tmp But, in Leopard, sudo does not perserve environment variables: $ export FOO=/tmp $ python -c "import os; print os.environ['FOO']" /tmp $ sudo python -c "import os; print os.environ['FOO']" Password: Traceback (most recent call last): File "<string>", line 1, in <module> File "/System/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5/UserDict.py", line 22, in __getitem__ raise KeyError(key) KeyError: 'FOO' This is a big problem. First, if you have set PYTHONPATH to point sys.path at the site-packages in /Library, this setting will be lost when you do: sudo python setup.py install On another package. I encountered this in building pytables, which requires numpy >= 1.0.3. I had installed numpy 1.0.4, and set my PYTHONPATH to point to it. But, the pytables setup.py script failts because PYTHONPATH is lost and it only sees the older (1.0.1) builtin numpy. Second, some setup.py scripts use environment variables to determine how things are built, find other dependencies, etc. Currently, this will fail on Leopard if such packages are installed into locations that require sudo. I haven't tried it yet, but I expect that this will also hold true for other python installations. The behavior also shows up with ruby on Leopard. The solution currently is to install all packages to locations that don't require sudo to write to. I will file a bug report, but until the bug is fixed, we should explore putting a note on the numpy/scipy site - and even possibly on the python.org site to describe the problem and its workaround. Brian
Brian Granger wrote:
Hi,
In the process of working through the issues with sys.path on Leopard, I have found another potential Leopard bug that is particularly nasty.
In Tiger, sudo preserves environment variables:
$ export FOO=/tmp $ python -c "import os; print os.environ['FOO']" /tmp $ sudo python -c "import os; print os.environ['FOO']" /tmp
But, in Leopard, sudo does not perserve environment variables:
$ export FOO=/tmp $ python -c "import os; print os.environ['FOO']" /tmp $ sudo python -c "import os; print os.environ['FOO']" Password: Traceback (most recent call last): File "<string>", line 1, in <module> File "/System/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5/UserDict.py", line 22, in __getitem__ raise KeyError(key) KeyError: 'FOO'
This is a big problem. First, if you have set PYTHONPATH to point sys.path at the site-packages in /Library, this setting will be lost when you do:
sudo python setup.py install
On another package. I encountered this in building pytables, which requires numpy >= 1.0.3. I had installed numpy 1.0.4, and set my PYTHONPATH to point to it. But, the pytables setup.py script failts because PYTHONPATH is lost and it only sees the older (1.0.1) builtin numpy.
Second, some setup.py scripts use environment variables to determine how things are built, find other dependencies, etc. Currently, this will fail on Leopard if such packages are installed into locations that require sudo. I haven't tried it yet, but I expect that this will also hold true for other python installations. The behavior also shows up with ruby on Leopard.
The solution currently is to install all packages to locations that don't require sudo to write to. I will file a bug report, but until the bug is fixed, we should explore putting a note on the numpy/scipy site - and even possibly on the python.org site to describe the problem and its workaround.
Have you tried the env_reset option (man sudoers) ? IMHO, the Leopard behaviour looks saner than Tiger, from what you are saying. Having PYTHONPATH overridable by the user looks like a good tool for unwanted privileges escalation... Actually, looking a bit at sudo NEWS file, you can see that PYTHONPATH was added as an env variable to disable something like 2 years ago, which explains the behaviour (sudo has been updated, I suppose, and Tiger is a bit more than 2 years old if I remember correctly). Do you *really* need to install numpy in a location only writable through sudo ? cheers, David
participants (2)
-
Brian Granger -
David Cournapeau