Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow more valid pip sources #1349

Closed
2 of 3 tasks
maxrake opened this issue Jan 30, 2024 · 2 comments · Fixed by #1351
Closed
2 of 3 tasks

Allow more valid pip sources #1349

maxrake opened this issue Jan 30, 2024 · 2 comments · Fixed by #1351
Assignees
@cd-work
Labels
enhancement New feature or request high priority Should be handled immediately

Comments

@maxrake
Copy link
Contributor

maxrake commented Jan 30, 2024
edited
Loading

Overview

It has been observed that users with their primary/active python3/pip binary located in ~/.local are not able to perform lockfile generation on pip manifest files. This is a valid location for pip to exist and should be supported. Updates to sandbox exceptions are likely needed.

Additional Guidance

A workaround exists to bypass the sandbox with the --skip-sandbox option. However, this is not recommended unless the fully resolved set of dependencies are already known and trusted since arbitrary code execution is possible without the sandbox.

Acceptance Criteria

  • Lockfile generation for pip manifests succeeds when the primary pip binary is located in ~/.local and no other instances of pip exist
  • The pip extension sandbox permissions are updated to match
  • Documentation is updated so that users experiencing this error will get more background and/or actionable next steps when visiting the suggested link
@maxrake maxrake added enhancement New feature or request high priority Should be handled immediately labels Jan 30, 2024
@maxrake maxrake changed the title Allow for more valid pip locations Allow more valid pip sources Jan 31, 2024
@louislang
Copy link
Contributor

@phylum-dev/user-components This should be treated as critical. It's blocking a customer, we need to unblock them asap!

@cd-work
Copy link
Contributor

cd-work commented Jan 31, 2024

For personal reference:

$ pip3 --version
pip 23.3.2 from /home/ubuntu/.local/lib/python3.8/site-packages/pip (python 3.8)
$ python3 -m pip --version
pip 23.3.2 from /home/ubuntu/.local/lib/python3.8/site-packages/pip (python 3.8)

cd-work added a commit that referenced this issue Jan 31, 2024
@cd-work
Fix sandbox exceptions for local pip installs
fd2e6ce 
This fixes lockfile generation with pip when it is installed in
`~/.local/lib/python*/site-packages/pip`.

It also fixes an issue where `pyenv` installed through the package
manager wouldn't allow for lockfile generation.

Closes #1349.
cd-work added a commit that referenced this issue Jan 31, 2024
@cd-work
Fix sandbox exceptions for local pip installs
58f9857 
This fixes lockfile generation with pip when it is installed in
`~/.local/lib/python*/site-packages/pip`.

It also fixes an issue where `pyenv` installed through the package
manager wouldn't allow for lockfile generation.

Closes #1349.
@cd-work cd-work mentioned this issue Jan 31, 2024
Merged
maxrake pushed a commit that referenced this issue Feb 1, 2024
@cd-work
Fix sandbox exceptions for local pip installs (#1351)
d794a51 
This fixes lockfile generation with pip when it is installed in
`~/.local/lib/python*/site-packages/pip`.

It also fixes an issue where `pyenv` installed through the package
manager wouldn't allow for lockfile generation.

Closes #1349.
@maxrake maxrake mentioned this issue Feb 7, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cd-work cd-work

Labels
enhancement New feature or request high priority Should be handled immediately
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix sandbox exceptions for local pip installs phylum-dev/cli
3 participants
@louislang @maxrake @cd-work