498274 – python_doscript() from python-utils-r1.eclass should enforce correct shebangs

Bug 498274 - python_doscript() from python-utils-r1.eclass should enforce correct shebangs

Summary: python_doscript() from python-utils-r1.eclass should enforce correct shebangs

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Eclasses (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Python Gentoo Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-01-16 18:28 UTC by Anthony Basile
Modified:	2022-04-12 04:32 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Anthony Basile gentoo-dev

2014-01-16 18:28:45 UTC

I hit this in www-servers/varnish-3.0.5-r2 where vmod.py has a shebang line of

   #!/usr/local/bin/python

When "fixed up" by python_doscript(), this line becomes

   #!/usr/local/bin/python2.7

When run it fails because the path should be #!/usr/bin/python2.7.  We could use more intelligence in python_doscript() to generate correct shebang lines.



Reproducible: Always

Comment 1 Michał Górny archtester

2014-01-16 18:44:30 UTC

We should think a bit on how to handle this.

I don't want to make the shebang function over-strict. We now support little creatures such as:

  #!/usr/bin/env FOO=bar python

and the unlikely case of:

  #!/usr/bin/mycustomscript blahblah magic python


Maybe we should just match plain r"/usr/(local/)?bin/python" and always convert it to "/usr/bin/env python".

Comment 2 Mike Gilbert gentoo-dev

2014-01-16 18:55:18 UTC

I am curious to know what the distutils module would do with such a shebang; if we wanted to match an existing implementation, that would be the one.

Comment 3 Michał Górny archtester

2017-03-10 16:17:32 UTC

So, Python 3.6 uses the following regexp to match shebangs:

  first_line_re = re.compile(b'^#!.*python[0-9.]*([ \t].*)?$')

Files not matching that are not 'adjusted'. For those matching it, it sets:

  #!/full/path/pythonX.Y.exe<post_interp>

where <post_interp> is that group matched in the regexp. In other words, it always forces the full path.

Comment 4 Michał Górny archtester

2018-04-24 15:39:50 UTC

IIRC the only kind of shebangs that are portable across different systems are:

  #!/full/path one-argument

Which effectively limits us to two cases:

a. /usr/bin/env python

b. @EPREFIX@/usr/bin/python [-something]

If we are to change things, we need to take the above into consideration.

Comment 5 Sam James archtester

2022-04-12 04:32:22 UTC

I think this is fixed by the change to python_fix_shebang given python_doscript calls it:
```
commit 85820b0b54f298e1d96a4bc3ed9cd4952a46aea0
Author: Michał Górny <mgorny@gentoo.org>
Date:   Thu Mar 31 23:09:30 2022 +0200

    python-utils-r1.eclass: Make python_fix_shebang force full path

    Change the behavior of python_fix_shebang to always output full path
    to the Python interpreter (i.e. ${PYTHON}) instead of mangling
    the original path.  Most importantly, this ensures that:

    1. EPREFIX is included in the final path

    2. /usr/bin/env is replaced by the absolute path to avoid issues
       when calling system executables from inside a venv

    Note that this implies that a few unlikely corner cases may stop
    working, notably:

    a. "weird" shebangs such as "/usr/bin/foo python" will no longer work

    b. the mangled scripts will escape temporary venv e.g. created
       in distutils-r1 PEP517 mode (python_fix_shebang is not used in such
       a way in ::gentoo)

    Signed-off-by: Michał Górny <mgorny@gentoo.org>
```