----------------------------------------
python virtualenv invoking without activate
April 26th, 2021
----------------------------------------
I like python. I do not like python packaging. I run into the same
problem again and again: I want to make a useful tool like
'burrow' that can be distributed and used by others (or myself on
other systems). Inevitably I'll need to use other packages,
though, so I'll need to pip-install those. I don't want to pollute
the system, though, so I'd better create a virtual environment and
install those there. So now I have my requirements.txt file and
can do things inside this little container, but now what?
Do I bundle this thing and put it in pip? Am I now expecting
someone else will pip install it globally to run it on their
system? Of course not, because everything python should be safely
stored away in a virtual environment. But I don't want them to
write a program that uses my program as a library. I just want to
invoke it? Does that change the rules? Will my app's dependencies
then pollute their system?
And then I throw my hands in the air and give up and do something
else.
Well, recently I decided I wanted to work on a side-project on
cosmic that khuxkm started in python: an anonymous remailer that
actually works over email. We'd gone down this path in the past
and it almost worked. I had motivation and wanted to see it
through. Immediately I knew I was about to hit that problem from
above, though. In fact, I was going to hit it with even more
complications.
See, in order to handle incoming mail and pass it off to a script
I was using a feature of ~/.forward that lets you do that. The
.forward file works just like the aliases system file, but only on
the right-hand side of an alias definition. That means you can do
more than just specify an email or emails to deliver the mail to,
you can pipe it to a script like so:
|/home/anonhmmst/mailhandler/parse_email.py
That leading pipe is important. It's also important to know that
scripts invoked this way are passed the contents of the incoming
mail, but invoked by the 'nobody' user. That's a security thing
and for the best, but it complicated my script running.
If I used the anonhmmst user and installed python packages for
this parse_email.py script at the user-level they wouldn't work
when invoked by nobody. I needed to set up a virtual environment
to get everything bundled, but I also needed a way to invoke it
without having to manually activate the virtual environment first.
The solution turned out to be pretty simple:
- make the python script executable
- point the hashbang at the virtual environment python binary
In my case:
#!/home/anonhmmst/mailhandler/env/bin/python3
I had to do a bit more work on cosmic with the sudoers file to
enable the nobody user to run some cosmic-specific scripts, but
the virtual-environment setup was the big take-away. It doesn't
solve all my python packaging woes, but it fixed this one nicely.
What about you? What do you do in these situations? Do you pip
install binaries as your user without virtual environments for
utilities or do you wrap them in a virtual environment somehow?
How do you distribute your own projects?