On Fri, Jun 21, 2019 at 5:45 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > On Wed, Jun 19, 2019 at 12:04 PM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > On 6/19/19 10:40 AM, Paul Moore wrote: > > > On Wed, Jun 19, 2019 at 10:26 AM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > >> > > >> /usr/bin/python is no longer installed by default, so this test > > >> script fails on default installs. > > >> Best practice guidance appears to be to switch to using > > >> /usr/bin/python3 instead, per > > >> https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/ > > >> > > >> Fixes: #46 > > >> Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx> > > >> --- > > >> tests/overlay/access | 2 +- > > >> 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > I think it would be better to reference the Python upstream guidance > > > regarding "python3" instead of the Fedora packaging guidelines. > > > Keeping things distro agnostic is a good goal whenever possible. > > > > > > * https://www.python.org/dev/peps/pep-0394 > > > > When I looked for guidance in response to the github issue for > > selinux-testsuite [1], there seemed to be some ambiguity left by pep-0394: > > > > 1) It says "One exception to this is scripts that are deliberately > > written to be source compatible with both Python 2.x and 3.x. Such > > scripts may continue to use python on their shebang line.". This leaves > > open the possibility of staying with "/usr/bin/python" as far as the pep > > is concerned since the script itself is not version-specific in any way, > > but doing so is not permitted by the Fedora guidelines and breaks on > > default installs of Fedora. > > [SIDE NOTE: for some reason my mail is acting a bit odd - this got > buried in a folder and didn't bubble up like normal - my apologies on > the delay, I didn't see it until I was checking for patches today.] > > Yes, I saw that too but considering that we are about six months away > from python2 going EOL I think it is reasonable to ignore python2 for > upstream work at this point. > > > 2) It doesn't specify whether or not one should use "/usr/bin/env > > python3" or just "/usr/bin/python3". The github issue reported had > > originally suggested the former, but this is also prohibited by the > > Fedora guidelines. > > My initial reaction was that we should "/usr/bin/env" until I saw that > bit in the Fedora guidelines, which I honestly don't understand. Does > anyone with a better understanding of cross-distro userspace know why > "/usr/bin/env" is bad? Hello, As far as I understand, the choice of using /usr/bin/env or not in the shebang of a script depends on how you want your dependencies to load on a system: * Using "/usr/bin/env python3" (or with python or python2) allows using a virtualenv where all Python dependencies are installed. It makes it easier for two projects that require conflicting version of their dependencies to be used together on a system, and it makes it possible for an unprivileged user to use this script without requiring an administrator to install dependencies in system-wide directories (like /usr/lib/python3.7/site-packages/). * Using "/usr/bin/python3" makes sense when you want the script to use the dependencies that have been installed system-wide, for example using packages from your distribution. This way, you kind-of control which version of the dependencies are used: they are the one that are packaged by the distribution. This is why it makes sense for Fedora's guidelines to prefer this other /usr/bin/env. By the way, I just got back from some holidays and I am reading the messages from the mailing list after 1-2 months away. Therefore I might have missed some context in your question that would make my answer look like I am answering to something else. Sorry about that. Best, Nicolas