Brian Granger wrote: > Hi, > > In the process of working through the issues with sys.path on Leopard, > I have found another potential Leopard bug that is particularly nasty. > > In Tiger, sudo preserves environment variables: > > $ export FOO=/tmp > $ python -c "import os; print os.environ['FOO']" > /tmp > $ sudo python -c "import os; print os.environ['FOO']" > /tmp > > But, in Leopard, sudo does not perserve environment variables: > > $ export FOO=/tmp > $ python -c "import os; print os.environ['FOO']" > /tmp > $ sudo python -c "import os; print os.environ['FOO']" > Password: > Traceback (most recent call last): > File "<string>", line 1, in <module> > File > "/System/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5/UserDict.py", > line 22, in __getitem__ > raise KeyError(key) > KeyError: 'FOO' > > This is a big problem. First, if you have set PYTHONPATH to point > sys.path at the site-packages in /Library, this setting will be lost > when you do: > > sudo python setup.py install > > On another package. I encountered this in building pytables, which > requires numpy >= 1.0.3. I had installed numpy 1.0.4, and set my > PYTHONPATH to point to it. But, the pytables setup.py script failts > because PYTHONPATH is lost and it only sees the older (1.0.1) builtin > numpy. > > Second, some setup.py scripts use environment variables to determine > how things are built, find other dependencies, etc. Currently, this > will fail on Leopard if such packages are installed into locations > that require sudo. I haven't tried it yet, but I expect that this > will also hold true for other python installations. The behavior also > shows up with ruby on Leopard. > > The solution currently is to install all packages to locations that > don't require sudo to write to. I will file a bug report, but until > the bug is fixed, we should explore putting a note on the numpy/scipy > site - and even possibly on the python.org site to describe the > problem and its workaround. > Have you tried the env_reset option (man sudoers) ? IMHO, the Leopard behaviour looks saner than Tiger, from what you are saying. Having PYTHONPATH overridable by the user looks like a good tool for unwanted privileges escalation... Actually, looking a bit at sudo NEWS file, you can see that PYTHONPATH was added as an env variable to disable something like 2 years ago, which explains the behaviour (sudo has been updated, I suppose, and Tiger is a bit more than 2 years old if I remember correctly).
Do you *really* need to install numpy in a location only writable through sudo ? cheers, David _______________________________________________ Numpy-discussion mailing list [email protected] http://projects.scipy.org/mailman/listinfo/numpy-discussion
