Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
proton-0.11.1, proton-0.12.2, proton-0.13.0
-
None
-
python distutils
Description
Attempting to use a package dependency on python-qpid-proton from within a setup.py will fail. This prevents pyngus from using any version of proton > 11.0.
This is due to a soft link in the .tar distribution that attempts to reference files outside of the sandbox used by distutils.
To reproduce:
1) clone https://github.com/kgiusti/pyngus
2) modify the setup.py file in the top directory:
— a/setup.py
+++ b/setup.py
@@ -33,7 +33,7 @@ try:
except ImportError:
- this version of proton will download and install the proton shared
- library as well:
- _dependencies = ['python-qpid-proton>=0.9,<0.11']
+ _dependencies = ['python-qpid-proton>=0.9,<0.12']
3) create a virtual env:
$ virtualenv PY27; source PY27/bin/activate
4) attempt to install pyngus
$ python setup.py build install
The last step will fail at the point where it unpacks the proton source tarball.
After a bit of debugging, I've root caused the issue:
fetching http://www.apache.org/dist/qpid/proton/0.11.1/qpid-proton-0.11.1.tar.gz into build/bundled
SandboxViolation: symlink('../../../../../../tests/interop', 'build/bundled/qpid-proton-0.11.1/proton-c/bindings/go/src/qpid.apache.org/amqp/interop') {}
The package setup script has attempted to modify files on your system
that are not within the EasyInstall build area, and has been aborted.
The link does point at the top of the unpacked tar, but for some reason EasyInstall thinks it is outside the build tree.
Attachments
Issue Links
- relates to
-
-
- Closed
-