[Python-Dev] Use ptyhon -s as default shbang for system python executables/daemons

Thu Mar 19 19:15:39 CET 2015

On Wed, Mar 18, 2015 at 2:56 PM, Barry Warsaw <barry at python.org> wrote:
> On Mar 18, 2015, at 02:44 PM, Toshio Kuratomi wrote:
>
>>Interesting, I've cautiously in favor of -s in Fedora but the more I've
>>thought about it the less I've liked -E.  It just seems like PYTHONPATH is
>>analagous to LD_LIBRARY_PATH for C programs and PATH for shell scripting.
>>We leave both of those for local admins and users to affect the behaviour of
>>programs if they needed to.
>
> It is, and it isn't.  It's different because you can always explicitly
> override the shebang line if needed.  So if a local admin really needed to
> override $PYTHONPATH (though I can't come up with a use case right now), they
> could just:
>
> $ python3 -s /usr/bin/foo
>
I could see that as a difference.  However, the environment variables
give users the ability to change things globally whereas overriding
the shebang line is case-by-case  so it's not a complete replacement
of the functionality.

LD_LIBRARY_PATH can be used for things like logging all calls to a
specific function, applying a bugfix to a library when you don't have
root on the box, evaluating how a potential replacement for a system
library will affect the whole system, and other things that are
supposed to affect a large number of the files on the OS.  PYTHONPATH
can be used for the same purposes as long as -E is not embedded into
the shebang lines. (I suppose you could write a "python" wrapper
script that discards -E... but you'd need root on the box to install
your wrapper [since system packages are encouraged to use the full
path to python rather than env python] and the change would affect
everyone on the box rather than just the person setting the env var).

Using -E by default for all system applications would prevent that.
The benefit of -E is that it isolates the effects of PYTHONPATH to
only specific programs.  However, that benefit doesn't seem as
striking as it first appears (or at least, as it first appeared to me
:-).  Unix env vars have their own method of isolation: if the env var
is marked for export then it is sent to child processes.  If it is not
marked for export then it only affects the current process.  So it
seems like -E isn't adding something new; it's just protecting users
from themselves.  That seems contrary to "consenting adults" (although
distributions are separate entities from python-dev ;-).

What makes -s different from -E?  If you think about it in the context
of users being able to set PYTHONPATH to add libraries that can
override system packages then I think specifying -s for system
packages establishes a default behaviour: The user can override the
defaults but only if they change the environment.  Without -s, this
expectation is violated for libraries in the user site directory.
With -s, the user would have to add the user site directory to
PYTHONPATH if they want the libraries there to override system
packages.

So I guess I'm still leaning towards -E being the wrong choice for
Fedora but Fedora lives within a broader ecosystem of python-providing
distributions.  So I'm interested in seeing whether Debian thought
about these aspects when they decided on using -E or if that would
change anyone's minds and also what other distributions think about
adding -s and/or -E to their packaged applications' shebang lines.

-Toshio