fix: avoid stage1 bootstrap stdlib shadowing#3854
Conversation
Remove the launcher directory from sys.path before the Python stage1 bootstrap imports stdlib modules. Generated target outputs can otherwise shadow stdlib modules such as shutil.py before the bootstrap re-execs into the configured runtime. Preserve sys.path when Python is already running in safe-path mode. Add a regression test that places generated shutil.py and types.py outputs beside a system_python bootstrap launcher.
There was a problem hiding this comment.
Code Review
This pull request prevents target output files from shadowing standard library modules during the stage 1 bootstrap process by removing the script's directory from sys.path when sys.flags.safe_path is false. It also adds a test case to verify this behavior. Feedback suggests also checking sys.flags.isolated before modifying sys.path to avoid removing critical system paths when Python is run in isolated mode.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
aignas
left a comment
There was a problem hiding this comment.
Please also add a news/3854.fixed.md file to describe the fix.
The stage 1 system-python bootstrap imports standard-library modules before it re-execs into the configured runtime. If the target output directory contains files named like standard-library modules, such as `shutil.py` or `types.py`, the bootstrap can import those files instead and fail before user code starts. This change removes Python's unsafe script-directory prepend before those early imports, while preserving `sys.path[0]` when Python has already suppressed that prepend through `-P`/`PYTHONSAFEPATH` or isolated mode. Stage 2 now uses the same isolated-mode guard when removing or recreating the main-directory path. It also pins the Windows venv entry point template to LF line endings so the compile-pip CI dirty-worktree check is stable across checkout settings. Before this change, a generated target output could shadow bootstrap stdlib imports, and isolated-mode runs on older Python versions could lose a required stdlib path. After this change, bootstrap stdlib imports resolve from the interpreter's standard library, isolated mode preserves the interpreter-provided path, and the line-ending-sensitive CI check stays clean. Tests: ```shell bazel test --config=fast-tests \ //tests/bootstrap_impls:stdlib_shadowing_system_python_test bazel test --config=fast-tests \ //tests/bootstrap_impls:stdlib_shadowing_system_python_test \ //tests/bootstrap_impls:interpreter_args_test \ //tests/bootstrap_impls:sys_path_order_bootstrap_script_test ``` (cherry picked from commit fbb2ccf)
The stage 1 system-python bootstrap imports standard-library modules before it re-execs into the configured runtime. If the target output directory contains files named like standard-library modules, such as `shutil.py` or `types.py`, the bootstrap can import those files instead and fail before user code starts. This change removes Python's unsafe script-directory prepend before those early imports, while preserving `sys.path[0]` when Python has already suppressed that prepend through `-P`/`PYTHONSAFEPATH` or isolated mode. Stage 2 now uses the same isolated-mode guard when removing or recreating the main-directory path. It also pins the Windows venv entry point template to LF line endings so the compile-pip CI dirty-worktree check is stable across checkout settings. Before this change, a generated target output could shadow bootstrap stdlib imports, and isolated-mode runs on older Python versions could lose a required stdlib path. After this change, bootstrap stdlib imports resolve from the interpreter's standard library, isolated mode preserves the interpreter-provided path, and the line-ending-sensitive CI check stays clean. Tests: ```shell bazel test --config=fast-tests \ //tests/bootstrap_impls:stdlib_shadowing_system_python_test bazel test --config=fast-tests \ //tests/bootstrap_impls:stdlib_shadowing_system_python_test \ //tests/bootstrap_impls:interpreter_args_test \ //tests/bootstrap_impls:sys_path_order_bootstrap_script_test ``` (cherry picked from commit fbb2ccf)
The stage 1 system-python bootstrap imports standard-library modules before it
re-execs into the configured runtime. If the target output directory contains
files named like standard-library modules, such as
shutil.pyortypes.py,the bootstrap can import those files instead and fail before user code starts.
This change removes Python's unsafe script-directory prepend before those early
imports, while preserving
sys.path[0]when Python has already suppressed thatprepend through
-P/PYTHONSAFEPATHor isolated mode. Stage 2 now uses the sameisolated-mode guard when removing or recreating the main-directory path.
It also pins the Windows venv entry point template to LF line endings so the
compile-pip CI dirty-worktree check is stable across checkout settings.
Before this change, a generated target output could shadow bootstrap stdlib
imports, and isolated-mode runs on older Python versions could lose a required
stdlib path.
After this change, bootstrap stdlib imports resolve from the interpreter's
standard library, isolated mode preserves the interpreter-provided path, and the
line-ending-sensitive CI check stays clean.
Tests: