-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Isolating conda environments from ~/.local #7173
Comments
@mingwandroid What are your latest thoughts here? CPython has explicit cutouts and code paths to handle virtualenv. Maybe we should patch our cpython to basically always be in virtualenv mode? Of course, that's going to make people mad who are accustomed to the current behavior. Either way, I think there will be a portion of people unhappy. I'm not sure how to thread this needle. |
One way I figured out to create an isolated conda environment is to 1) Create a python virtualenv, which is isolated. 2) Then clone that python virtualenv using conda create --clone option. Clone option doesn't have this problem. |
Yeah the virtualenv you created is hooking into that hard-coded cpython behavior. I think the difference something related to |
https://github.com/pypa/pip/blob/master/src/pip/_internal/utils/misc.py#L283 is the line where pip has special condition for python virtual envs, which is not true for conda. In case that helps. |
@adyada, can we clarify a point here please, when you said:
Do you not mean that it inherited the packages from your system Python instead?
|
Yeah, I mean that the testenv conda environment inherited the packages from the system python. I didn't check for the base conda environment. |
@kalefranz, these deliberate exclusions are part of We could patch our pip to ignore Then there are those who say that conda should never ever look in Whatever happens it should be consistent when freezing as when running and I think that's an uncontroversial statement? |
I personally have a foot there too. And I'd go so far as saying this should be the default for any conda-installed python (given that any conda-install python will by definition always be in a conda environment). The environment variable I'd propose then would be to open up the interpreter to look in That's my personal opinion though, and why this issue is marked as a discussion topic. If we make any type of change here, we need to make sure it's thoroughly discussed and we have consensus on the behavior change. |
I think, including user_site packages also caused a bug for us, when some people tried installing and using some packages and got errors. That's how the bug was reported to me. I will reproduce that bug and post here by today or tomorrow. |
The error that I get when user_site packages are also included in an conda environment is that the import of some modules fail, even if that module shows up in pip freeze. The important lines are shown as bold lines. So, backports.tempfile shows up in pip freeze, but then its import fails. Apologies for pasting such a long output. Actually, I didn't install most of these packages in the conda environment, these were inherited from the user_site location, that is ~/.local/python2.7 I don't see this issue when I am able to create an isolated python environment using python virtual env So, I am also on the side that we should not be including user_site packages in a conda env. Probably, might be better to have the conda behavior same as the python virtual env behavior in terms of isolation of environments. (testenv) testuser@testVMadyada2: $ python -m pip freeze
|
Is |
yeah, conda list doesn't show those packages. This is the output of conda list. (testenv) testuser@testVMadyada2:~$ conda list packages in environment at /home/testuser/miniconda3/envs/testenv:Name Version Build Channelazureml-core 0.1.0.806005 |
I'd be in favor of by default putting the kibosh on all the .local stuff for any python in a conda environment (and, to reiterate, that's ALL conda-installed python), but I'm certain there'll be some vocal griping if we do. |
So, I could reproduce this behavior on windows too. I think, there could be some people who would be depending on user_site packages in a conda environment. So, a solution is to have an argument like "--no-user-site" in the conda create command, which then doesn't include user_site packages. This way conda won't break the behavior for existing users and there would "--no-user-site" argument to not include any user_site packages if someone wants it. |
The problem is interfacing this conda environment parameter to Python itself which is what is in control of whether |
How does the python executable know if it’s been called from a virtualenv? Maybe we should be flipping that switch for all conda envs too? But then I think that’s going to have other ramifications than just removing .local from sys.path. Definitely something we’d need to be extremely careful about. Actually should probably just reach out to some cpython core maintainers for their thoughts.
…Sent from my iPhone
On Apr 21, 2018, at 5:27 AM, Ray Donnelly ***@***.***> wrote:
think, there could be some people who would be depending on user_site packages in a conda environment. So, a solution is to have an argument like "--no-user-site" in the conda create command, which then doesn't include user_site packages.
The problem is interfacing this conda environment parameter to Python itself which is what is in control of whether ~/.local is added to the sys.path. Using an env. var is sub-optimal for external tooling that does not use the correct conda activate procedure. I guess we could put this in a file in the root of the environment and then modify our python executable to always look for this? Changing the behaviour of the python executable isn't something to do lightly though!
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
xref: pypa/pip#5060 |
I think we would like to be able to configure the root env to also not look in |
It looks like python virtualenv after changing the sys.prefix, sets a sys.base_prefix attribute, which is then used to determine in pip that there is a virtualenv active. |
Please don’t disable |
I'd support disabling user site packages for Python in conda. I always do this in my own conda environments, and I've certainly seen it cause confusion for users, e.g. when a package they just now conda-installed is shadowed by a version they installed with pip ages ago. User site packages is valuable when using system Python, to install packages without sudo, but conda is typically installed in your user account anyway, so it's just an extra complication. I would do this by setting https://github.com/python/cpython/blob/v3.6.5/Lib/site.py#L79-L81 I think that with this set, pip should refuse to do a Edit: My views on this got more complex, see my comment below. |
xref: #448 |
@less-and-less-bugs wrote:
This is exactly what we used to do: But then I figured out (spinalcordtoolbox/spinalcordtoolbox#3606) that this was a little more reliable: So maybe that'll help you. I still am surprised every time that conda doesn't do this by default, since it's main feature (at least, as seen by the zeitgeist) is to provide reproducibility. |
This creates issues when using |
@niander what is the problem exactly? Using |
No, they use regular pip install. From logs I can see that first However, when later I don't think it is script pointing to a different python issue because I can see that pytest and pip are executed from the same created conda environment. |
@niander Okay, makes sense. Have you tried including |
@mfansler I tried but then later I got an issue with calling pip install directly inside a toxenv (I do this to install a local package in dev mode). pip complains it can't find ssl library. Nonetheless, I am still failing to understand why when pytest executes it can't find |
I figured it out. It is because of the way The code in So, in this case, running inside tox, because the real user site-packages exists only inside What I am not sure is why then when Edit: Adding |
Hi there, thank you for your contribution! This issue has been automatically marked as stale because it has not had recent activity. It will be closed automatically if no further activity occurs. If you would like this issue to remain open please:
NOTE: If this issue was closed prematurely, please leave a comment. Thanks! |
So this issue has been ongoing for a long time, and github bot keeps closing issues that are not resolved:
Workarounds described include the conda-ecosystem-user-package-isolation package or setting A command line tool installed outside a conda environment, using New workaround. Although conda does not create a virtual environment, a
I don't know what other repercussions that has involving I strongly feel the conda dev team should provide the |
This sounds like an excellent solution. The code for that mechanism has been stable since Python v3.3. This could also be implemented as a Conda Forge package that literally just delivers a |
@itcarroll Please open a new ticket with your summary, it's no use piling on this 5-year-old ticket with yet more discussion where most of the current maintainers were not around. |
Full disclosure, I've opened conda/infrastructure#850 to lock older issue sooner, to make sure we're able to encourage actionable issues instead of reviving old ones. |
@jezdez Done! You never know whether maintainers are more averse to duplication or re-activation, so thank you for the clear guidance. |
I think, I am seeing a bug in conda create command where I am not able to create an isolated conda environment, which doesn't inherit packages from the base environment, in Ubuntu 16.04.
The reproducible steps for the bug are as follows.
Create a new Ubuntu 16.04 VM or any Ubuntu 16.04 machine.
Install azure-cli
pip install azure-cli
Let's assume the python version is 2.7 here, as that is the default python in Ubuntu 16.04
This command installs packages ~/.local/lib/python2.7
Install miniconda in Ubuntu 16.04
conda create -n testenv python=2.7
pip freeze
In pip freeze, I see the azure-cli packages from ~/.local/lib/python2.7 , which indicates to me that the testenv conda environment is not isolated, as it inherited the packages from the base environment.
I only checked this for azure-cli, but my guess is that it is true for other packages too.
For python virtual env, this is not an issue, I get an isolated python virtual environment. I also don't get this issue on windows. I only get this on Linux and Mac machines.
Please take a look at the issue and let me know if I am doing something wrong or it is a genuine bug.
Thanks
The text was updated successfully, but these errors were encountered: