Monday, April 30, 2018

Re: [Patch] Python for non wxallowed /usr/local

On Tue, May 01, 2018 at 03:13:23AM +0300, IL Ka wrote:
> Hi,
>
> > Can you please give me a link to fix?
> Sorry, I misunderstood you.
>
You said "thank you for fixing py-cryptography".
I didn't notice that fix.

> I run snapshot and it has wxallowed for /usr/local by default (I haven't
> touched it).
> $ grep wxallowed /etc/fstab
> 4154a363527e316f.h /usr/local ffs rw,wxallowed,nodev 1 2
>
> python is wxneeded since 2016 in OpenBSD:
> https://github.com/openbsd/ports/blame/master/lang/python/Makefile.inc#L127
>
> $ readelf -a $(which python3) | grep WX
> OPENBSD_WXNEED 0x0000000000000000 0x0000000000000000 0x0000000000000000
>
> So, it now works perfectly.
>
> But virtualenv is broken because it copies file to my home,
> and /home is not wxallowed.
>
> I do not use any package that needs WX, so I am not able to use virtualenv
> for no good reason.
>
> To fix it, I rebuild python from ports using USE_WXNEEDED=no
> It solved my problem, but I do not want to build Python from ports,
> so better solution would be to
> * Accept your patch and create 2 flavors of python
> * Or set USE_WXNEEDED=no by default
>
> Virtualenv is de-facto standard, it is not good to break it
> because some modules need WX.
>
> And enabling "wxneeded" for python generally decreases security.
>
> > it's better to patch W|X ports
> Yes, but is not it better to disable wxneeded and then try to patch them
> or create two flavors until they are fixed?
>
My patch may and will break ports which depend on W|X,
so that users have to manually install wx flavor.

> Ilya.

No comments:

Post a Comment