New submission from John Beck: The man page for Python (3.4 and 3.5) says:
-I Run Python in isolated mode. This also implies -E and -S. In isolated mode sys.path contains neither the scripts directory nor the users site-packages directory. All PYTHON* environment variables are ignored, too. Further restrictions may be imposed to prevent the user from injecting malicious code. But the code says: -I : isolate Python from the user's environment (implies -E and -s) and the code to handle -I does: case 'I': Py_IsolatedFlag++; Py_NoUserSiteDirectory++; Py_IgnoreEnvironmentFlag++; break; where Py_NoUserSiteDirectory is the variable corresponding to the -s flag rather than the -S flag. But it seems like -I should really imply both -s and -S. So I am filing this bug primarily to find out whether or not it really should be both. If so, great: a patch is attached; details below. But if not, then the man page should be corrected. The rest of this is written under the assumption that -I should imply -S as well as -s. Background: depending on which packages are installed on different Solaris systems, test_site passes or not. Certain packages (e.g., dogpile.core, dogpile.cache, repoze.lru) that have a .pth file with "import types" which results in test_site.StartupImportTests failing because types has been imported which is in the list of collections modules, none of which are expected to be imported. So we thought "well, -S should fix that" then noticed the man page saying -I implied -S which is how we got here. Tweaking the code and man page so -I does imply -S was trivial. But three other changes were needed: 1. In test_site.py, test_startup_imports() asserted that 'site' was in the list of modules that had been imported. This is no longer true, so I deleted the assert. 2. test_inspect failed because of a name error, that turned out to be inspect.py calling exit instead of sys.exit. So the attached patch corrects both of those. This fix is probably generally applicable even if the "-I should imply both -S and -s" assumption turns out to be false. 3. test_venv failed because it and the venv module were using -I to imply -s and -E but not -S. Changing three instances of "-Im" to "-Esm" (one in Lib/venv/__init__.py, the other two in Lib/test/test_venv.py) fixed this. However, even if the "-I should imply both -S and -s" assumption is true, this change may not be desirable in the general case, but needed because of Solaris' hacky work-around for issue 1298835 not yet being fixed.' I.e., we ship /usr/lib/python3.4/site-packages/vendor-packages.pth with the one line: import site; site.addsitedir('/usr/lib/python3.4/vendor-packages') (likewise for other versions). So this may not be desirable in general, but I mention it for the sake of completeness. ---------- components: Interpreter Core files: 25-site-module.patch keywords: patch messages: 242248 nosy: dhduvall, jbeck priority: normal severity: normal status: open title: man page says -I implies -S. code says -s. Should it be both? versions: Python 3.4, Python 3.5 Added file: http://bugs.python.org/file39233/25-site-module.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue24077> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com