Do not depend on a patched Python #26457
Comments
|
comment:4
we can simply tag these tests, and then in the unpatched python case they won't be run. |
|
comment:5
Your description sounds like a duplicate of #25358, but if I read the title correctly you want to go further and also remove all other patches? I agree with that in principle, but it will be hard. We currently apply two patches to python that I added just for sage. One is a bug that has since been fixed upstream and will not be necessary once there is a new release: python/cpython#6118 The other fixes [[(https://bugs.python.org/issue27177]], which was fixed but never backported. I have not found any way to work around this patch since we need |
|
comment:6
I fully agree about the safe-directory part of course. |
|
comment:7
Replying to @timokau:
Could you clarify what you agree to? To drop the patches? |
|
comment:8
Replying to @timokau:
Yes, I should have been more clear about that. I want to do something about the patches that won't make it into upstream Python 2 because these will also never make it into the majority of distributions. I wasn't aware of the "re" one. |
|
comment:9
Replying to @dimpase:
So, something like I wonder whether that Python patch could not be monkey-patched in Sage somehow and then everybody would be happy? (We can of course add it for the doctesting as was done in #25358 but that does not solve the general problem of running Sage in an insecure location.) |
|
comment:10
Replying to @saraedum:
I'd be fine with dropping or keeping the patch, as long as the doctests don't depend on it. Replying to @saraedum:
The Other than that we could try to push upstream for a backport once again. Their reasoning is that the fix actually adds a feature instead of fixing a bug and only bugfixes are backported. Replying to @saraedum:
We would have to be very careful with that, too many differences could make sage-on-distro a second class citizen. Also it would probably be tempting to take the easy way out and "fix" problems by disabling tests on distro instead of fixing the underlying issue. On very limited cases like this it would probably be fine. |
|
comment:11
Replying to @timokau:
I agree. So could we change the underlying problem here? You demonstrated that we can check |
|
comment:12
Replying to @timokau:
I didn't know about this stuff…that's horrifying :)
Could we just change Sage and it's doctests to not to rely on this? (and keep the patch in the Sage-the-distribution.) |
|
comment:13
Replying to @saraedum:
We could just call the re-written |
|
comment:14
Replying to @saraedum:
Being able use |
|
comment:15
Replying to @timokau:
That sounds like a good plan to me. Let me have a look at this tomorrow. |
|
comment:16
Replying to @timokau:
I don't think that I've ever used |
|
comment:17
Replying to @saraedum:
Okay
First, I hope you're not just generalizing from your own experience: that is a dangerous thing to do. Second, it is used in the Sage library, for example for argument parsing or LaTeX stuff. And therefore, third, Sage is not just a math context; people use it for other things, such as developing Sage. When working on Sage development, I often have used So a strong -1 for removing this patch. |
|
comment:18
Replying to @jhpalmieri:
I did not mean to remove this patch:
I want to remove reliance on this patch from the Sage library so things work without it and change the doctests that rely on it/change them to #optional: python3. |
|
comment:19
Replying to @saraedum:
That is going in the direction of "distribution of second class citizen", with a feature (not a small one in my opinion) only working/tested on sage-the-distribution. I don't think removing a test for a valid use case is a good idea. At least I see value in that test for the nix package. |
|
comment:20
Replying to @timokau:
In this case, I don't actually see this problem. We would be testing this for Python 3 at least which is where we are going to anyway. (We could of course add an additional test for I might be wrong but I can't see that we could get the re patch into Debian or Conda (and I wouldn't even propose to try.) So, should Sage's documentation not be clear about the fact that this is a feature that may or may not work for you depending on how you are running Sage exactly? Doing a |
|
comment:21
I think python3 is still going to take some time.
Are you sure? Its a very reasonable two line patch that has pretty much no backwards incompatibility problems and has been accepted for 3.x: https://bugs.python.org/file43084/re_match_index.patch Having regex not work would be confusing for users. |
|
comment:22
Haven't read all the discussion yet, but definitely +1. |
|
comment:24
Where does this stand with Python 2 support dropped? |
|
comment:25
Well, I am using python 3.7 and 3.8 from the dsitro in sage-on-gentoo, without needing additional patches. Prior to the move to python3 I needed to provide a patched python 2.7 for sage-on-gentoo. Not anymore. I'd say it is obsolete. |
|
comment:26
Most of the existing patches look like they're cygwin-related. Unless I'm misreading things, (And I know nothing about cygwin, so I don't know if those patches are still necessary.) |
|
comment:27
Replying to @jhpalmieri:
I know nothing about cygwin either. I do remember pottering with a linking issue when using clang on linux in some cases. So, I am probably responsible for bringing that one in. Distros may very well already deal with that particular one. |
|
comment:28
I think this ticket can be closed as outdated. |
SageMath ships a patched Python which adds a warning if
.is on the path and deemed insecure, see https://bugs.python.org/issue16202 and #13579.This patch is not going to be part of Python anytime soon and afaik no distribution other than Sage-the-distribution is shipping this patch.
For packagers it is annoying to work around the doctests that expect this Python patch to be applied. Also it means that for Sage development we cannot swap out SageMath's Python with one coming from our (Linux) distribution. But long-term we want to be able to replace more SPKGs with distribution packages. (I know that embray is working on that.)
I would like to discuss this issue here. From my point of view, we should not expect this patch to be applied in doctesting and in Sage in general. (Actually, I don't think we should apply this patch at all and just behave like vanilla Python does but that's probably too controversial.)
I would like to hear some arguments here and come up with something that is going to make packagers happy because I believe that's really what we should be striving for. We might want a vote on sage-devel in the end but that remains to be seen.
I hope I am not creating a duplicate with this ticket (I might have tried to do something like that before...)
See #25358 for a related ticket.
CC: @timokau @kiwifb @antonio-rojas @embray @slel @nthiery @jdemeyer @isuruf @pcpa @tobihan @infinity0 @SnarkBoojum @cschwan
Component: distribution
Keywords: conda, archlinux, gentoo, debian, nix, python
Issue created by migration from https://trac.sagemath.org/ticket/26457
The text was updated successfully, but these errors were encountered: