search

actions / setup-python

Set up your GitHub Actions workflow with a specific version of Python
MIT License
1.59k stars 505 forks source link

Non Portable binary, doesn't work with sudo or without LD_LIBRARY_PATH #871

Open jaswanthikolla opened 1 month ago

jaswanthikolla commented 1 month ago

Description: Python binary is compiled with rpath that's /opt/hostedtoolcache/Python. Now, latest github runners define RUNNER_TOOL_CACHE/AGENT_TOOLSDIRECTORY differently than /opt/hostedtoolcache and that installs python at /home/runner/_work/_tool/Python/. So, with this, there are 2 issues.

  1. sudo python --version doesn't work ( See Error section) because most systems's doesn't allow passing LD_LIBRARY_PATH due to security issues.
  2. python --version doesn't work without setting environment variable _LD_LIBRARYPATH

output of ldd : 

runner@arss-runner-xxxx-runner-5jvhz:~/_work/_tool/Python/3.12.3/x64/bin$ ldd python3
    linux-vdso.so.1 (0x00007ffceb776000)
    libpython3.12.so.1.0 => not found
    libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f7ccc75c000)
    /lib64/ld-linux-x86-64.so.2 (0x00007f7ccc991000)

Error:

python: error while loading shared libraries: libpython3.9.so.1.0: 
cannot open shared object file: No such file or directory

What could be the reason:

rpath is hardcoded to /opt/hostedtoolcache/Python. if we use $ORIGIN, binaries will be portable. Fix is raised here https://github.com/actions/python-versions/pull/275

Action version: v5.1.0

Platform:

Runner type:

Tools version: All versions of Python 3.9.x, 3.10.x, etc.

Repro steps:
You can easily reproduce using following steps. And also, you can unset LD_LIBRARY_PATH and just use without sudo

    steps:
      - uses: actions/setup-python@v5
        with:
          python-version: '3.12'
      - run: |
          sudo python --version

Expected behavior: There are times we need to use sudo python and Most system ( also not acceptable to pass) doesn't pass LD_LIBRARY_PATH as environment variable due to security issues.

Actual behavior: sudo python --version to work.

aparnajyothi-y commented 1 month ago

Hello @jaswanthikolla, Thank you for creating this issue and we will get back to you once we have some feedback on this :)

jaswanthikolla commented 1 month ago

@aparnajyothi-y I raised the issue just for documentation. PR is already raised to fix this issue, Can you review that.

navarro967 commented 4 weeks ago

@jaswanthikolla thank you for your efforts thus far, it's a shame there hasn't been more movement on this.

@aparnajyothi-y This is affecting certain ansible modules as well now. I am unable to run my checks now due to this.