[Distutils] easy_install runnable in a sandbox environment?

Rick van der Zwet info at rickvanderzwet.nl
Thu May 10 00:42:07 CEST 2012

I am having issues in running easy_install in a sandbox environment
(chroot with python2.7 under FreeBSD 9.0-RELASE, without /dev mount).
easy_install is sourcing tempfile, which requires /dev/urandom to be
present, as seen in the backtrace:

    brahm# sh -x setuptools-0.6c11-py2.7.egg
    + basename setuptools-0.6c11-py2.7.egg
    + [ setuptools-0.6c11-py2.7.egg = setuptools-0.6c11-py2.7.egg ]
    + exec python2.7 -c 'import sys, os; sys.path.insert(0,
os.path.abspath('\''setuptools-0.6c11-py2.7.egg'\'')); from
setuptools.command.easy_install import bootstrap;
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/usr/local/lib/python2.7/site-packages/setuptools-0.6c11-py2.7.egg/setuptools/command/easy_install.py",
line 12, in <module>
      File "/usr/local/lib/python2.7/tempfile.py", line 34, in <module>
        from random import Random as _Random
      File "/usr/local/lib/python2.7/random.py", line 881, in <module>
        _inst = Random()
      File "/usr/local/lib/python2.7/random.py", line 97, in __init__
      File "/usr/local/lib/python2.7/random.py", line 111, in seed
        a = long(_hexlify(_urandom(16)), 16)
    OSError: [Errno 2] No such file or directory: '/dev/urandom'

Quite some time ago, their has been comments in the changelog (06.c4)
stating that running easy_install without /dev/urandom should be
   Fixed not allowing os.open() of paths outside the sandbox, even if
they are opened read-only (e.g. reading /dev/urandom for random
numbers, as is done by os.urandom() on some platforms).

While this was back in 2006, I was wondering what the current state of
affairs which regards of requiring the /dev/urandom as of today? Am I
looking at a  feature request, bug report or design limitation?

Br. /Rick

More information about the Distutils-SIG mailing list