On 2018-05-01, IL Ka wrote:
>> while there are Python modules which rely on W|X.
> Yes, but I do not use them.
>
> I only run Python and Django.
> I am aware of the fact that my python is not compatible with some modules,
> and I am ok with it since I do not need them.
>
>> use ports instead of p
Not exactly. For starters right now I am getting to know OpenBSD as a
platform
so at this point is more about evaluating if and how to alter my workflows
to
better fit with the platform.
Next off though is in general with python code I do consider it important to
think about what the deployment wi
Hi, Ken.
Did you noticed that you are spending much more time
with setting up your env every time you want to run your
python apps than with programming itself?
No offense but I think this is not normal.
Ve.
On Mon, Apr 30, 2018 at 04:46:49PM +, Ken MacKenzie wrote:
> Is there a recommended best practice when setting up an environment with
> python
> virtualenv with regards to wxallowed.
>
> My typical workflow is under my home directory I have a
> dev/language/project/.venv type structure. I guess
On Tue, May 01, 2018 at 04:22:50PM +, Ken MacKenzie wrote:
> I power my flying car with flying monkeys...
>
No need to, I am free as a bird, I can power my flying car
with my flying wings. Oh, wait, I don't have wings...
Anyway, nice joke, but I feel myself embarrasing.
I power my flying car with flying monkeys...
I think the best answer from all this comes back to, at least for python 3,
switching over to the built in venv in python3.
Other than that the symlink to a location in /usr/local for venv is another
option for python 2 or packages that need to wxallow
Leonid Bobrov wrote:
> I have a plan how to completely get rid of wxallowed mount option,
> but I am not yet skilled to fix W|X ports, especially the ones
> written in C++ (I've started learning C++ recently).
Is that like
"I have a plan to build a flying car, but I don't
yet have any meta
> while there are Python modules which rely on W|X.
Yes, but I do not use them.
I only run Python and Django.
I am aware of the fact that my python is not compatible with some modules,
and I am ok with it since I do not need them.
> use ports instead of pkg_add to get Python binary without W|X
T
On Tue, May 01, 2018 at 06:09:59PM +0300, IL Ka wrote:
> >
> > So you're now on a custom built python and are unable to use standard
>
> pkg_add upgrades to new versions. I'd say that on balance, this is more
> > likely to *reduce* your security.
>
>
> I built it from ports, so I can update it u
>
> So you're now on a custom built python and are unable to use standard
pkg_add upgrades to new versions. I'd say that on balance, this is more
> likely to *reduce* your security.
I built it from ports, so I can update it using standard port update
procedure.
Since packages are built from port
- On Apr 30, 2018, at 5:46 PM, Ken MacKenzie k...@mack-z.com wrote:
> Is there a recommended best practice when setting up an environment with
> python
> virtualenv with regards to wxallowed.
I use a specific directory in /usr/local which is very close to your option 2:
# mkdir -p /usr/local
On 05/01/18 01:54, IL Ka wrote:
Since /usr/local/ has wxallowed by default (see your /etc/fstab) it works.
Does it affect security?
In theory -- yes, because python can now create WX pages.
True. But I use this solution because:
- root controls what goes in /usr/local
- I mount /home withou
On 2018-05-01, IL Ka wrote:
> It is up to you, but I still belive that best solution is to rebuild python
> without of wxneeded.
> 1) It improves security
So you're now on a custom built python and are unable to use standard
pkg_add upgrades to new versions. I'd say that on balance, this is more
The only difference is venv creates link to python, it does not copy binary
itself.
You now have
python3 -> /usr/local/bin/python3
in your venv.
Since /usr/local/ has wxallowed by default (see your /etc/fstab) it works.
Does it affect security?
In theory -- yes, because python can now create WX
Not to disagree but if using python3 -m venv in home works and home is not
mounted as wxallowed is there still a security issue with this workflow?
Granted at this point talking about a development workstation and not a server.
So while I am at it I guess I should ask is what you are saying more
It is up to you, but I still belive that best solution is to rebuild python
without of wxneeded.
1) It improves security
2) It fixes your virtualenv issue.
If you do not use packages that need WX, why do you need wxneed?
I happen to like python and will be the first I reach for for many simple or
even some bigger tasks. Nothing against those other languages. I actually have a
special place in my heart for perl, but with the perl 5 vs 6 thing I wonder on
the longer term future of the language.
Honestly I need to ge
Thanks for all the responses but it seems an alternate solution presented by
another user in a direct reply is to use python3 - m venv. Basically using the
venv built in to python3 as opposed to the legacy method of py-virtualenv that I
typically only have to use for older python 2 code bases.
Th
Ken MacKenzie writes:
> Is there a recommended best practice when setting up an environment with
> python
> virtualenv with regards to wxallowed.
AFAIK nothing official.
>
> My typical workflow is under my home directory I have a
> dev/language/project/.venv type structure. I guess the simple s
Hello.
Short answer: if you do not need py-cryptography and QtWebKit, just rebuild
python from ports disabling
USE_WXNEEDED.
I run Django using virtualenv in my $HOME and it works.
Long answer:
To use mmap(2) with PROT_EXEC | PROT_WRITE you need to link binary with
-z wxneeded (See ld(1)).
It adds
On Mon, 30 Apr 2018 16:46:49 +
> Is there a recommended best practice when setting up an environment
> with python
> virtualenv with regards to wxallowed.
sthen@ mentioned a compiler option and that only some modules actually
require RWX memory. I don't know the details as to why python call
Is there a recommended best practice when setting up an environment with
python
virtualenv with regards to wxallowed.
My typical workflow is under my home directory I have a
dev/language/project/.venv type structure. I guess the simple solution is to
mount /home as wxallowed in /etc/fstab, but is
22 matches
Mail list logo
