diff options
| author |  MarkKoz <[email protected]> | 2021-01-09 15:31:10 -0800 |
|---|---|---|
| committer | MarkKoz <[email protected]> | 2021-01-09 16:29:56 -0800 |
| commit | dd307c793588cdbfb5f759a91f337299a842f05d (patch) | |
| tree | 6f32779bdd221bd0eede9ed86e72045890f98155 | |
| parent | Merge pull request #86 from python-discord/precommit-pycharm (diff) | |
Use a custom directory for exposed Python packages
Isolate snekbox's dependencies from the packages available within the
Python interpreter. Disable Python's default behaviour of site-dependent
manipulations of sys.path. The custom directory looks like a user site
to allow `pip install --user` to work with it. However, snekbox will see
it as simply an additional search path for modules rather than as a user
site.
Disable isolated mode (-I) because it implies (-E), which ignores
PYTHON* environment variables. This conflicts with the reliance on
`PYTHONPATH`.
Specify `PYTHONUSERBASE` in the Dockerfile to make installing packages
to expose more intuitive for users. Otherwise, they'd have to remember
to set this variable every time they need to install something.
Diffstat (limited to '')
| -rw-r--r-- | .flake8 | 2 | ||||
| -rw-r--r-- | Dockerfile | 3 | ||||
| -rw-r--r-- | config/snekbox.cfg | 3 | ||||
| -rw-r--r-- | scripts/.profile | 2 | ||||
| -rw-r--r-- | snekbox/nsjail.py | 2 |
5 files changed, 7 insertions, 5 deletions
@@ -16,7 +16,7 @@ ignore= ANN002,ANN003,ANN101,ANN102,ANN204,ANN206 exclude= __pycache__,.cache, - venv,.venv + venv,.venv,user_base per-file-ignores=tests/*:D1,ANN import-order-style=pycharm inline-quotes=" @@ -41,7 +41,8 @@ ENV PIP_NO_CACHE_DIR=false \ PIPENV_DONT_USE_PYENV=1 \ PIPENV_HIDE_EMOJIS=1 \ PIPENV_NOSPIN=1 \ - GIT_SHA=$git_sha + GIT_SHA=$git_sha \ + PYTHONUSERBASE=/snekbox/user_base COPY Pipfile Pipfile.lock /snekbox/ WORKDIR /snekbox diff --git a/config/snekbox.cfg b/config/snekbox.cfg index 27caf27..aa39059 100644 --- a/config/snekbox.cfg +++ b/config/snekbox.cfg @@ -14,6 +14,7 @@ envar: "OPENBLAS_NUM_THREADS=1" envar: "MKL_NUM_THREADS=1" envar: "VECLIB_MAXIMUM_THREADS=1" envar: "NUMEXPR_NUM_THREADS=1" +envar: "PYTHONPATH=/snekbox/user_base/lib/python3.9/site-packages" keep_caps: false @@ -114,5 +115,5 @@ iface_no_lo: true exec_bin { path: "/usr/local/bin/python" - arg: "-Iqu" + arg: "-Squ" } diff --git a/scripts/.profile b/scripts/.profile index 9bf8e09..11c8d78 100644 --- a/scripts/.profile +++ b/scripts/.profile @@ -17,5 +17,5 @@ nsjpy() { nsjail \ --config "${NSJAIL_CFG:-/snekbox/config/snekbox.cfg}" \ $nsj_args -- \ - /usr/local/bin/python -Iqu -c "$@" + /usr/local/bin/python -Squ -c "$@" } diff --git a/snekbox/nsjail.py b/snekbox/nsjail.py index cc1f682..2e38db1 100644 --- a/snekbox/nsjail.py +++ b/snekbox/nsjail.py @@ -152,7 +152,7 @@ class NsJail: "--cgroup_pids_mount", str(CGROUP_PIDS_PARENT.parent), "--cgroup_pids_parent", CGROUP_PIDS_PARENT.name, "--", - self.python_binary, "-Iqu", "-c", code + self.python_binary, "-Squ", "-c", code ) msg = "Executing code..." |