Bug 1506355
Summary: | macros.python*: Use -Es/-I to invoke python macro scriptlets | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ville Skyttä <ville.skytta> | ||||
Component: | python-rpm-macros | Assignee: | Orion Poplawski <orion> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | rawhide | CC: | cstratak, j, mcyprian, orion, python-sig, ville.skytta | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
Whiteboard: | |||||||
Fixed In Version: | python-rpm-macros-3-23.fc27 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2017-11-15 17:47:51 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Ville Skyttä
2017-10-25 19:01:09 UTC
Created attachment 1343391 [details]
macros.python*: Use -Es/-I to invoke python macro scriptlets
To avoid environment and user dir influence.
Seems quite reasonable to me, but my schedule is packed and I won't have time to apply it today. Certainly Orion is welcome to do so if he has time. Seems like a good idea to me. Please go ahead as I have no time. Pushed but unable to build right now, I'll leave that to someone else to take care of. Is there any actual behavior change compared to how the macros were utilized so far? Any use case where this might break something (or how it was broken before)? There shouldn't be unless you somehow expected the environment to leak into the python calls. Since they're only extracting either versions or paths built into python, I can't think of any case where that would be useful. Right. Regarding how it was broken before, here's one example: $ mkdir /tmp/distutils # touch /tmp/distutils/__init__.py ; echo $'def get_python_lib(*_):\n print("arbitrary code!")\n return ""' > /tmp/distutils/sysconfig.py $ PYTHONPATH=/tmp rpm -E %python_sitelib arbitrary code! Oops, bad example, should have been "rpm -E %python2_sitelib" to reproduce the issue with this package. %python_sitelib comes from rpm itself (and has already been fixed in git master there). python-rpm-macros-3-23.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-c877b9b704 python-rpm-macros-3-23.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-c877b9b704 python-rpm-macros-3-23.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. |