Real script directory leaks to `sys.path` and breaks hermeticity.
Opened this issue · 1 comments
Problem
In short, we (in the end) run a script with the command
Line 13 in 538f6cf
But python prepends the real script directory to sys.path:
python script.py command line: prepend the script’s directory. If it’s a symbolic link, resolve symbolic links.
which exposes many local files and overrides runfiles, especially when the script is under the workspace root.
Solution
I plan to either require python to not prepend them and add the script (symbolic link) directory to PYTHONPATH, or just setup the PYTHONSAFEPATH in pywrapper.sh.
I was experimenting with building python modules with C/C++ extensions in Bazel. Although the Bazel runtime environment/runfiles looks all right, the script just can not find the built dynamic libraries because the very first search path in sys.path is the real bare root directory.
Unfortunately both solutions are introduced in 3.11, which is not ready for us. I will try to just remove the symbolic link and copy the script.