RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Demonstration why this is strongly desired:

$ LOCAL_PYLIB=~/.local/lib/python$(rpm -E '%{python_version}')
$ mkdir -p "${LOCAL_PYLIB}/site-packages"
$ touch "${LOCAL_PYLIB}/site-packages/commands.py"
$ > "${LOCAL_PYLIB}/site-packages/commands_override.pth" cat <EOF
import sys; sys.__plen = len(sys.path)
.
import sys; new=sys.path[sys.__plen:]; del sys.path[sys.__plen:]; p=getattr(sys,'__egginsert',0); sys.path[p:p]=new; sys.__egginsert = p+len(new)
EOF
$ pcs help
> Traceback (most recent call last):
>   File "/usr/sbin/pcs", line 13, in <module>
>     import cluster
>   File "/usr/lib/python2.6/site-packages/pcs/cluster.py", line 21, in <module>
>     from subprocess import getstatusoutput
> ImportError: cannot import name getstatusoutput

This can be prevented with "-s" option to Python interpreter.

Something similar can be achieved with PYTHONPATH et al. environment
variable manipulation.

This can be prevented with "-E" option to Python interpreter.


Modified bits, regardless if on filesystem or in runtime (this case) are
not supportable in principle, whether the modification is noticable or
completely hidden (this case) --> make "pcs" run Python with "-Es" flags

For inspiration see:
https://pagure.io/clufter/91a2bd5d87952eabe767bb464c43ed2d40d80e33

Created attachment 1265359 [details]
proposed fix

Test:
Added -Es flags to shebang in pcs executable:
#!/usr/bin/python -Es

If I may suggest something, it's perhaps more forward-looking
to use:

> %{__python*} setup.py build --executable='%{__python*} -Es'

unlike as with clufter which already uses setup.cfg heavily anyway.

Note that this is also what Fedora's %py*_build packaging macros
(also coming to RHEL 7.4, but it's likely not possible to use
them, yet: [bug 1297522]) for Python utilize.

(I would personally be interested in whether using this new
form actually helps to overcome [bug 1353934] issue, see also
[bug 1297522 comment 11].)

After Fix:

[vm-rhel72-1 ~] $ rpm -q pcs
pcs-0.9.157-1.el7.x86_64

[vm-rhel72-3 ~] $ which pcs
/usr/sbin/pcs
[vm-rhel72-3 ~] $ head -n1 $(which pcs)
#!/usr/bin/python -Es

This change requires a test that the original reproducer does not cause the misbehavior and everything other works.

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1958