This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: ensurepip bootstrap breaks out of isolated environment
Type: behavior Stage: patch review
Components: Versions: Python 3.11, Python 3.10, Python 3.9, Python 3.8
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: cdce8p, dstufft, eric.araujo, eric.snow, gvanrossum, kcdodd, ncoghlan, pradyunsg
Priority: normal Keywords: patch

Created on 2021-12-29 23:24 by kcdodd, last changed 2022-04-11 14:59 by admin.

Pull Requests
URL Status Linked Edit
PR 30307 open kcdodd, 2021-12-30 20:31
Messages (2)
msg409334 - (view) Author: (kcdodd) * Date: 2021-12-29 23:24
A change in behavior was made to the `ensurepip` module in Python 3.8.7 that causes bootstrapping to break out of an isolated environment. This is relevant to the assumption made in the `venv` module, which ran ensurepip as a sub-process with the `-I` flag environment isolation to force installation in the virtual environment directory.

In Python <= 3.8.6, ensurepip ran the bootstrap within the current interpreter, so the environment remained isolated. But in Python >= 3.8.7 it creates a second subprocess without the `-I` flag, and the un-isolated environment appears to be restored for pip. This would then allow a search of any additional paths, and prevent installation of pip and setuptools from being installed in the venv environment directory if they are found somewhere else.
msg412408 - (view) Author: Éric Araujo (eric.araujo) * (Python committer) Date: 2022-02-03 00:17
Thanks for the report and PR.

The workflow would be to merge a fix to the main branch for 3.11, then there’s a bot that makes backports for active branches (3.10 and 3.9).

More info: https://devguide.python.org/
History
Date User Action Args
2022-04-11 14:59:54adminsetgithub: 90355
2022-03-29 20:57:30gvanrossumsetnosy: + gvanrossum, eric.snow
2022-02-03 00:17:26eric.araujosetnosy: + eric.araujo
messages: + msg412408
2022-01-01 01:16:06cdce8psetnosy: + cdce8p
2021-12-31 20:11:46ned.deilysetnosy: + ncoghlan, dstufft, pradyunsg
2021-12-30 20:31:13kcdoddsetkeywords: + patch
stage: patch review
pull_requests: + pull_request28520
2021-12-29 23:24:11kcdoddcreate