diff options
| -rw-r--r-- | Dockerfile | 17 | ||||
| -rw-r--r-- | README.md | 10 | ||||
| -rw-r--r-- | deployment.yaml | 3 |
3 files changed, 14 insertions, 16 deletions
@@ -21,11 +21,15 @@ RUN make # ------------------------------------------------------------------------------ FROM python:3.9-slim-buster as base -ENV PIP_NO_CACHE_DIR=false \ + +# Everything will be a user install to allow snekbox's dependencies to be kept +# separate from the packages exposed during eval. +ENV PATH=/root/.local/bin:$PATH \ + PIP_NO_CACHE_DIR=false \ + PIP_USER=1 \ PIPENV_DONT_USE_PYENV=1 \ PIPENV_HIDE_EMOJIS=1 \ - PIPENV_NOSPIN=1 \ - PYTHONUSERBASE=/snekbox/user_base + PIPENV_NOSPIN=1 RUN apt-get -y update \ && apt-get install -y \ @@ -42,15 +46,10 @@ RUN chmod +x /usr/sbin/nsjail FROM base as venv ARG DEV -ENV PIP_NO_CACHE_DIR=false \ - PIPENV_DONT_USE_PYENV=1 \ - PIPENV_HIDE_EMOJIS=1 \ - PIPENV_NOSPIN=1 \ - PYTHONUSERBASE=/snekbox/user_base - COPY Pipfile Pipfile.lock /snekbox/ WORKDIR /snekbox +# Install to the default user site since PIP_USER is set. RUN pipenv install --deploy --system ${DEV:+--dev} # At the end to avoid re-installing dependencies when only a config changes. @@ -50,19 +50,17 @@ By default, the Python interpreter has no access to any packages besides the standard library. Even snekbox's own dependencies like Falcon and Gunicorn are not exposed. -To expose third-party Python packages during evaluation, install them to the user site: +To expose third-party Python packages during evaluation, install them to a custom user site: ```sh -docker exec snekbox /bin/sh -c 'pip install --ignore-installed --user numpy' +docker exec snekbox /bin/sh -c 'PYTHONUSERBASE=/snekbox/user_base pip install numpy' ``` In the above command, `snekbox` is the name of the running container. The name may be different and can be checked with `docker ps`. -It's important to use `--user` to install them to the user site, whose base is located at `/snekbox/user_base` within the Docker container. To persist the installed packages, a volume for the directory can be created with Docker. For an example, see [`docker-compose.yml`]. +The packages will be installed to the user site within `/snekbox/user_base`. To persist the installed packages, a volume for the directory can be created with Docker. For an example, see [`docker-compose.yml`]. -`--ignore-installed` is only necessary if installing a package that happens to -be a dependency of snekbox. Normally, pip would reject the installation because -it doesn't make a distinction here between the global and user sites. +If `pip`, `setuptools`, or `wheel` are dependencies or need to be exposed, then use the `--ignore-installed` option with pip. However, note that this will also re-install packages present in the custom user site, effectively making caching it futile. Current limitations of pip don't allow it to ignore packages extant outside the installation destination. ## Development Environment diff --git a/deployment.yaml b/deployment.yaml index 988394f..0b294d2 100644 --- a/deployment.yaml +++ b/deployment.yaml @@ -30,7 +30,8 @@ spec: - "/bin/sh" - "-c" - >- - pip install --user --ignore-installed + PYTHONUSERBASE=/snekbox/user_base + pip install --user arrow~=0.17 attrs~=20.3 beautifulsoup4~=4.9 |