[New-bugs-announce] [issue46197] ensurepip bootstrap breaks out of isolated environment
kcdodd
report at bugs.python.org
Wed Dec 29 18:24:11 EST 2021
New submission from kcdodd <carter.dodd at gmail.com>:
A change in behavior was made to the `ensurepip` module in Python 3.8.7 that causes bootstrapping to break out of an isolated environment. This is relevant to the assumption made in the `venv` module, which ran ensurepip as a sub-process with the `-I` flag environment isolation to force installation in the virtual environment directory.
In Python <= 3.8.6, ensurepip ran the bootstrap within the current interpreter, so the environment remained isolated. But in Python >= 3.8.7 it creates a second subprocess without the `-I` flag, and the un-isolated environment appears to be restored for pip. This would then allow a search of any additional paths, and prevent installation of pip and setuptools from being installed in the venv environment directory if they are found somewhere else.
----------
messages: 409334
nosy: kcdodd
priority: normal
severity: normal
status: open
title: ensurepip bootstrap breaks out of isolated environment
type: behavior
versions: Python 3.10, Python 3.11, Python 3.8, Python 3.9
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue46197>
_______________________________________
More information about the New-bugs-announce
mailing list