Bug#981817: [Pkg-privacy-maintainers] Bug#981817: onioncircuits: Permission denied: '/usr/local/lib/python3.7/dist-packages/psutil-5.7.2.dist-info'
Hi! On 10.02.21 13:08, Jonathan Marquardt wrote: On Wed, Feb 10, 2021 at 12:26:35PM +0100, nodens wrote: Yes, the apparmor profile shipped with onioncircuit won't allow access to stuff in /usr/local. So python interpreter can't actually run. You're right. Just as a test i added "/usr/local/** r," to /etc/apparmor.d/local/usr.bin.onioncircuits and it works now. If you prefer, I could reopen the bug and tag it as wontfix for clarity. I really don't care. Thank you again! And thank you to Ulrike as well! I'm glad this was solved! And somehow cooperatively, I like that :) Ulrike
Bug#981817: [Pkg-privacy-maintainers] Bug#981817: onioncircuits: Permission denied: '/usr/local/lib/python3.7/dist-packages/psutil-5.7.2.dist-info'
On Wed, Feb 10, 2021 at 12:26:35PM +0100, nodens wrote: > Yes, the apparmor profile shipped with onioncircuit won't allow access > to stuff in /usr/local. So python interpreter can't actually run. > > I would still advise against mixed system-wide stuff from debian package > and from pip; and use virtualenv instead for any local needs, but this > could probably also be worked around by: > > - disabling the onioncircuits profile (not recommended), or > - adding some local rules to allow access to /usr/local/ in > /etc/apparmor.d/local/usr.bin.onioncircuits You're right. Just as a test i added "/usr/local/** r," to /etc/apparmor.d/local/usr.bin.onioncircuits and it works now. > If you prefer, I could reopen the bug and tag it as wontfix for clarity. I really don't care. Thank you again! And thank you to Ulrike as well!
Bug#981817: [Pkg-privacy-maintainers] Bug#981817: onioncircuits: Permission denied: '/usr/local/lib/python3.7/dist-packages/psutil-5.7.2.dist-info'
On 10/02/2021 11:02, Ulrike Uhlig wrote: > Hi! > > On 10.02.21 00:18, Jonathan Marquardt wrote: >> On Fri, Feb 05, 2021 at 12:08:49PM +0100, Clément Hermann wrote: >>> On 04/02/2021 13:04, Jonathan Marquardt wrote: On Thu, Feb 04, 2021 at 12:23:17PM +0100, Clément Hermann wrote: > >> However I found out that it always works (on all of my systems) if I >> launch >> onionciruits with the command: >> >> $ python3 /usr/bin/onionciruits >> >> I have no idea why. > > Could this be related to AppArmor? > > Just a random idea. Oh right. Of course. Thanks Ulrike :) Yes, the apparmor profile shipped with onioncircuit won't allow access to stuff in /usr/local. So python interpreter can't actually run. I would still advise against mixed system-wide stuff from debian package and from pip; and use virtualenv instead for any local needs, but this could probably also be worked around by: - disabling the onioncircuits profile (not recommended), or - adding some local rules to allow access to /usr/local/ in /etc/apparmor.d/local/usr.bin.onioncircuits The existing rules in /etc/apparmor.d/usr.bin.onioncircuits could be used as a starting point. I don't think it's relevant to include new rules in the package. If you prefer, I could reopen the bug and tag it as wontfix for clarity. Cheers, -- nodens
Bug#981817: onioncircuits: Permission denied: '/usr/local/lib/python3.7/dist-packages/psutil-5.7.2.dist-info'
On Wed, Feb 10, 2021 at 11:02:04AM +0100, Ulrike Uhlig wrote: > Hi! > > On 10.02.21 00:18, Jonathan Marquardt wrote: > > On Fri, Feb 05, 2021 at 12:08:49PM +0100, Clément Hermann wrote: > > > On 04/02/2021 13:04, Jonathan Marquardt wrote: > > > > On Thu, Feb 04, 2021 at 12:23:17PM +0100, Clément Hermann wrote: > > > However I found out that it always works (on all of my systems) if I launch > > onionciruits with the command: > > > > $ python3 /usr/bin/onionciruits > > > > I have no idea why. > > Could this be related to AppArmor? > > Just a random idea. Hello Ulrike! Let's test: ### $ sudo systemctl stop apparmor $ sudo systemctl disable apparmor Synchronizing state of apparmor.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install disable apparmor Removed /etc/systemd/system/sysinit.target.wants/apparmor.service. $ onioncircuits Traceback (most recent call last): File "/usr/bin/onioncircuits", line 25, in import pycountry File "/usr/lib/python3/dist-packages/pycountry/__init__.py", line 9, in from pkg_resources import resource_filename File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 3191, in @_call_aside File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 3175, in _call_aside f(*args, **kwargs) File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 3204, in _initialize_master_working_set working_set = WorkingSet._build_master() File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 574, in_build_master ws = cls() File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 567, in__init__ self.add_entry(entry) File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 623, in add_entry for dist in find_distributions(entry, True): File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2033, in find_on_path for dist in factory(fullpath): File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2095, in distributions_from_metadata if len(os.listdir(path)) == 0: PermissionError: [Errno 13] Permission denied: '/usr/local/lib/python3.7/dist-packages/zope.sqlalchemy-1.3.dist-info' ### Apparently not :/ Jonathan
Bug#981817: [Pkg-privacy-maintainers] Bug#981817: onioncircuits: Permission denied: '/usr/local/lib/python3.7/dist-packages/psutil-5.7.2.dist-info'
On Wed, Feb 10, 2021 at 10:39:23AM +0100, Clément Hermann wrote: > "type python3" might tell you if you are maybe using an alternate > python3 interpreter located in /usr/local when doing that. The shebang > in onioncircuits explicitely uses /usr/bin/python3 which might be > different that the one that is first in PATH. > > I would recommend making sure any other, non-system python3 is > self-enclosed (maybe in /opt) if needed. python-virtualenv might be a > solution you want to have a look at: system python used for packages, > and separated, local python for local code. I'm using the normal python3 installation from the Debian repos, nothing special. $ type python3 python3 is hashed (/usr/bin/python3) > I'm going to close this bug, since it's not an issue on the package. > > Thanks for the additional info, even if it's not a bug in the package > this might be useful to other! Well, at least I now have a workaround to get it running, so that's good enough for me. Thank you for your time!
Bug#981817: onioncircuits: Permission denied: '/usr/local/lib/python3.7/dist-packages/psutil-5.7.2.dist-info'
Hi! On 10.02.21 00:18, Jonathan Marquardt wrote: On Fri, Feb 05, 2021 at 12:08:49PM +0100, Clément Hermann wrote: On 04/02/2021 13:04, Jonathan Marquardt wrote: On Thu, Feb 04, 2021 at 12:23:17PM +0100, Clément Hermann wrote: However I found out that it always works (on all of my systems) if I launch onionciruits with the command: $ python3 /usr/bin/onionciruits I have no idea why. Could this be related to AppArmor? Just a random idea. Ulrike
Bug#981817: [Pkg-privacy-maintainers] Bug#981817: onioncircuits: Permission denied: '/usr/local/lib/python3.7/dist-packages/psutil-5.7.2.dist-info'
On 10/02/2021 00:18, Jonathan Marquardt wrote: > On Fri, Feb 05, 2021 at 12:08:49PM +0100, Clément Hermann wrote: >> in a clean Buster virtual machine, I tried to pip3 install psutil then >> install onioncircuits, and I didn't get this error (though I didn't try >> with a graphical environment running). There must be something else >> going on in your environment, maybe check the permissions on /usr/local >> and below, or try to go the virtualenv route, or if you can, install the >> python modules you need using Debian Packages (psutil has a recent >> version available through buster-backports for instance). > > I played around a bit and found the following things: > > Clean install with Debian 10 with Gnome: onioncircuits works. > > After I run "pip3 install psutil" as root: onioncircuits doesn't work. > > After I run "pip3 uninstall psutil" as root: It works again. > > However I found out that it always works (on all of my systems) if I launch > onionciruits with the command: > > $ python3 /usr/bin/onionciruit > > I have no idea why. "type python3" might tell you if you are maybe using an alternate python3 interpreter located in /usr/local when doing that. The shebang in onioncircuits explicitely uses /usr/bin/python3 which might be different that the one that is first in PATH. I would recommend making sure any other, non-system python3 is self-enclosed (maybe in /opt) if needed. python-virtualenv might be a solution you want to have a look at: system python used for packages, and separated, local python for local code. I'm going to close this bug, since it's not an issue on the package. Thanks for the additional info, even if it's not a bug in the package this might be useful to other! Cheers, -- nodens
Bug#981817: onioncircuits: Permission denied: '/usr/local/lib/python3.7/dist-packages/psutil-5.7.2.dist-info'
On Fri, Feb 05, 2021 at 12:08:49PM +0100, Clément Hermann wrote: > On 04/02/2021 13:04, Jonathan Marquardt wrote: > > On Thu, Feb 04, 2021 at 12:23:17PM +0100, Clément Hermann wrote: > >> The error message reference stuff in /usr/local: this leads me to think > >> some python libs where locally installed without using the package > >> system. Can you check that please ? And maybe test in a vm for instance > >> to check in a clean environment ? > > > > I checked and you're right. This doesn't happen in a clean environment. I > > figured out what causes the issue. I have psutil installed using pip (pip3 > > install psutil). > > > > Is there a way to fix this? What even causes this? I need psutil to be > > installed for some other python programs. > > I'm not sure in this particular case, the permission error suggests > there is something on your setup that prevents the user running > onioncircuits to access this file. > > Usually when one mixes distribution packages and pip, one would use > virtualenv or something similar to ensure what is run via pip modules is > self-contained. > > The thing is, I'm not sure why this error is on this module > specifically, or that the module is pstutil is significant or it could > be anyone. > > in a clean Buster virtual machine, I tried to pip3 install psutil then > install onioncircuits, and I didn't get this error (though I didn't try > with a graphical environment running). There must be something else > going on in your environment, maybe check the permissions on /usr/local > and below, or try to go the virtualenv route, or if you can, install the > python modules you need using Debian Packages (psutil has a recent > version available through buster-backports for instance). I played around a bit and found the following things: Clean install with Debian 10 with Gnome: onioncircuits works. After I run "pip3 install psutil" as root: onioncircuits doesn't work. After I run "pip3 uninstall psutil" as root: It works again. However I found out that it always works (on all of my systems) if I launch onionciruits with the command: $ python3 /usr/bin/onionciruits I have no idea why.
Bug#981817: onioncircuits: Permission denied: '/usr/local/lib/python3.7/dist-packages/psutil-5.7.2.dist-info'
On 04/02/2021 13:04, Jonathan Marquardt wrote: > On Thu, Feb 04, 2021 at 12:23:17PM +0100, Clément Hermann wrote: >> The error message reference stuff in /usr/local: this leads me to think >> some python libs where locally installed without using the package >> system. Can you check that please ? And maybe test in a vm for instance >> to check in a clean environment ? > > I checked and you're right. This doesn't happen in a clean environment. I > figured out what causes the issue. I have psutil installed using pip (pip3 > install psutil). > > Is there a way to fix this? What even causes this? I need psutil to be > installed for some other python programs. I'm not sure in this particular case, the permission error suggests there is something on your setup that prevents the user running onioncircuits to access this file. Usually when one mixes distribution packages and pip, one would use virtualenv or something similar to ensure what is run via pip modules is self-contained. The thing is, I'm not sure why this error is on this module specifically, or that the module is pstutil is significant or it could be anyone. in a clean Buster virtual machine, I tried to pip3 install psutil then install onioncircuits, and I didn't get this error (though I didn't try with a graphical environment running). There must be something else going on in your environment, maybe check the permissions on /usr/local and below, or try to go the virtualenv route, or if you can, install the python modules you need using Debian Packages (psutil has a recent version available through buster-backports for instance). Cheers, -- nodens
Bug#981817: onioncircuits: Permission denied: '/usr/local/lib/python3.7/dist-packages/psutil-5.7.2.dist-info'
On Thu, Feb 04, 2021 at 12:23:17PM +0100, Clément Hermann wrote: > The error message reference stuff in /usr/local: this leads me to think > some python libs where locally installed without using the package > system. Can you check that please ? And maybe test in a vm for instance > to check in a clean environment ? I checked and you're right. This doesn't happen in a clean environment. I figured out what causes the issue. I have psutil installed using pip (pip3 install psutil). Is there a way to fix this? What even causes this? I need psutil to be installed for some other python programs.
Bug#981817: onioncircuits: Permission denied: '/usr/local/lib/python3.7/dist-packages/psutil-5.7.2.dist-info'
Control: severity -1 normal Control: tags -1 +moreinfo Hi, Thanks for reporting a bug in onioncircuit Debian package! On 04/02/2021 10:39, Jonathan Marquardt wrote: > Package: onioncircuits > Version: 0.5-4 > Severity: grave > Justification: renders package unusable > > Dear Maintainer, > > I have multiple systems running the Debian Tor package with an open control > port. I always used this in combination with onioncircuits without any > problems until I upgraded to Debian Buster. Since the upgrade (or even fresh > installation of Buster) I'm unable to start onioncircuits: > > > > $ onioncircuits > Traceback (most recent call last): > File "/usr/bin/onioncircuits", line 25, in > import pycountry > File "/usr/lib/python3/dist-packages/pycountry/__init__.py", line 9, in > > from pkg_resources import resource_filename > File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 3191, > in > @_call_aside > File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 3175, > in _call_aside > f(*args, **kwargs) > File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 3204, > in _initialize_master_working_set > working_set = WorkingSet._build_master() > File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 574, > in _build_master > ws = cls() > File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 567, > in __init__ > self.add_entry(entry) > File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 623, > in add_entry > for dist in find_distributions(entry, True): > File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2033, > in find_on_path > for dist in factory(fullpath): > File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2095, > in distributions_from_metadata > if len(os.listdir(path)) == 0: > PermissionError: [Errno 13] Permission denied: > '/usr/local/lib/python3.7/dist-packages/psutil-5.7.2.dist-info' > > > > This even happens as root. > > Is this a known issue? I don't think so. I can't reproduce this issue either on a system that already had onioncircuits installed or a newly installed system, so I'm lowering the severity. The error message reference stuff in /usr/local: this leads me to think some python libs where locally installed without using the package system. Can you check that please ? And maybe test in a vm for instance to check in a clean environment ? Cheers, -- nodens
Bug#981817: onioncircuits: Permission denied: '/usr/local/lib/python3.7/dist-packages/psutil-5.7.2.dist-info'
Package: onioncircuits Version: 0.5-4 Severity: grave Justification: renders package unusable Dear Maintainer, I have multiple systems running the Debian Tor package with an open control port. I always used this in combination with onioncircuits without any problems until I upgraded to Debian Buster. Since the upgrade (or even fresh installation of Buster) I'm unable to start onioncircuits: $ onioncircuits Traceback (most recent call last): File "/usr/bin/onioncircuits", line 25, in import pycountry File "/usr/lib/python3/dist-packages/pycountry/__init__.py", line 9, in from pkg_resources import resource_filename File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 3191, in @_call_aside File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 3175, in _call_aside f(*args, **kwargs) File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 3204, in _initialize_master_working_set working_set = WorkingSet._build_master() File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 574, in _build_master ws = cls() File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 567, in __init__ self.add_entry(entry) File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 623, in add_entry for dist in find_distributions(entry, True): File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2033, in find_on_path for dist in factory(fullpath): File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2095, in distributions_from_metadata if len(os.listdir(path)) == 0: PermissionError: [Errno 13] Permission denied: '/usr/local/lib/python3.7/dist-packages/psutil-5.7.2.dist-info' This even happens as root. Is this a known issue? Cheers, Jonathan -- System Information: Debian Release: 10.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-13-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages onioncircuits depends on: ii gir1.2-glib-2.01.58.3-2 ii gir1.2-gtk-3.0 3.24.5-1 ii python33.7.3-1 ii python3-gi 3.30.4-1 ii python3-pycountry 17.5.14+ds1-0.1 ii python3-stem 1.7.1-1 onioncircuits recommends no packages. Versions of packages onioncircuits suggests: ii tor-geoipdb 0.4.4.6-1~d10.buster+1 -- no debconf information