Re: Guix's python has pip's user dir in its loadpath

[Maxim Cournoyer]

Hi,

Wojtek Kosior <koszko@koszko.org> writes:

> The precedence of local, pip-installed Python libraries over Guix ones
> has already been a source of bugs. And these can be hard to diagnose.

> I imagine an optimal solution would be to configure this behavior on
> per-package basis. The vast majority of applications does not need to
> load local libraries. There are just a few exceptions like
> `python-virtualenv`.
>
> Once I did write a package definition that deliberately disabled user
> site dir package loading. I used code similar to what's below.
>
>> (modify-phases %standard-phases
>>   (add-after 'wrap 'prevent-local-package-interference
>>     (lambda* (#:key outputs #:allow-other-keys)
>>       (substitute* (string-append (assoc-ref outputs "out")
>>                                   "/bin/<program-name>")
>>         (("^#!/.*$" shabang)
>>          (string-append shabang
>>                         "export PYTHONNOUSERSITE=1\n"))))))

That is indeed a simple thing we could do to harden Python binaries from
picking up user pip-installed dependencies potentially causing
problems.  I would welcome such a patch.

> Of course, it makes no sense to add such snippet to all definitions.
> Instead, we could modify python-build-system to allow doing a similar
> thing based on a flag passed in package's `(arguments)`.

I think it need not be made configurable but just applied
indiscriminately to the wrap phase used in the python-build-system.

-- 
Thanks,
Maxim