Reject known problematic env vars #308
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We expose all env vars by default to subprocesses to allow for customisation of package manager behaviour - such as custom indexes, authentication and requirements file env var interpolation. (An allow-list approach wouldn't work with all use-cases, plus wouldn't help the app at run-time.) To improve the error UX (particularly during initial buildpack bootstrap, where failures would otherwise look like a problem with the buildpack and not the user inputs), the buildpack now rejects known problematic env vars that may break the build / the app. The list of env vars was based on the env vars this buildpack sets, plus an audit of: - https://docs.python.org/3/using/cmdline.html#environment-variables - https://pip.pypa.io/en/stable/cli/pip/#general-options - https://pip.pypa.io/en/stable/cli/pip_install/#options This also unblocks #265. GUS-W-17454486.
Malax
approved these changes
Dec 17, 2024
heroku-linguist bot
added a commit
that referenced
this pull request
Dec 18, 2024
## heroku/python ### Changed - The build now fails early if known problematic Python and pip-related env vars have been set by the user or earlier buildpacks. ([#308](#308)) - The `PIP_PYTHON` env var is now only set at build time. ([#307](#307)) ### Removed - Stopped setting the `LANG` env var. ([#306](#306)) - Stopped setting the `PYTHONHOME` env var. ([#309](#309))
Merged
heroku-linguist bot
added a commit
to heroku/cnb-builder-images
that referenced
this pull request
Dec 18, 2024
## heroku/python ### Changed - The build now fails early if known problematic Python and pip-related env vars have been set by the user or earlier buildpacks. ([#308](heroku/buildpacks-python#308)) - The `PIP_PYTHON` env var is now only set at build time. ([#307](heroku/buildpacks-python#307)) ### Removed - Stopped setting the `LANG` env var. ([#306](heroku/buildpacks-python#306)) - Stopped setting the `PYTHONHOME` env var. ([#309](heroku/buildpacks-python#309))
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We expose all env vars by default to subprocesses to allow for customisation of package manager behaviour - such as custom indexes, authentication and requirements file env var interpolation.
(An allow-list approach wouldn't work with all use-cases, plus wouldn't help the app at run-time.)
To improve the error UX (particularly during initial buildpack bootstrap, where failures would otherwise look like a problem with the buildpack and not the user inputs), the buildpack now rejects known problematic env vars that may break the build / the app.
The list of env vars was based on the env vars this buildpack sets, plus an audit of:
This also unblocks #265.
GUS-W-17454486.