On BSD systems, pip warns about being executed as root, even though it is not being executed as root #10565

n1000 · 2021-10-10T02:53:33Z

Description

On BSD systems, pip warns about being executed as root, even though it is not being executed as root.

For example:

$ id
uid=1000(nathan) gid=1000(nathan) groups=1000(nathan), 0(wheel), 9(wsrc), 21(wobj)
$ pip install youtube-dl --upgrade --user
Requirement already satisfied: youtube-dl in ./.local/lib/python3.8/site-packages (2021.6.6)
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv

Expected behavior

Only warn about executing pip as root if root is in use.

pip version

21.2.4

Python version

3.8.12

OS

OpenBSD 6.9

How to Reproduce

Run a pip install command on OpenBSD, NetBSD, or FreeBSD.

Output

$ pip install pip --upgrade --user
Requirement already satisfied: pip in ./.local/lib/python3.8/site-packages (21.2.4)
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv

Code of Conduct

I agree to follow the PSF Code of Conduct.

n1000 · 2021-10-10T02:53:54Z

I have a small pull request to correct this, I will reference it here shortly.

n1000 · 2021-10-14T20:51:14Z

Fixed by pull request #10566.

Bumps [pip](https://github.com/pypa/pip) from 21.3 to 21.3.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>21.3.1 (2021-10-22)</h1> <h2>Bug Fixes</h2> <ul> <li>Always refuse installing or building projects that have no <code>pyproject.toml</code> nor <code>setup.py</code>. (<code>[#10531](pypa/pip#10531) <https://github.com/pypa/pip/issues/10531></code>_)</li> <li>Tweak running-as-root detection, to check <code>os.getuid</code> if it exists, on Unix-y and non-Linux/non-MacOS machines. (<code>[#10565](pypa/pip#10565) <https://github.com/pypa/pip/issues/10565></code>_)</li> <li>When installing projects with a <code>pyproject.toml</code> in editable mode, and the build backend does not support :pep:<code>660</code>, prepare metadata using <code>prepare_metadata_for_build_wheel</code> instead of <code>setup.py egg_info</code>. Also, refuse installing projects that only have a <code>setup.cfg</code> and no <code>setup.py</code> nor <code>pyproject.toml</code>. These restore the pre-21.3 behaviour. (<code>[#10573](pypa/pip#10573) <https://github.com/pypa/pip/issues/10573></code>_)</li> <li>Restore compatibility of where configuration files are loaded from on MacOS (back to <code>Library/Application Support/pip</code>, instead of <code>Preferences/pip</code>). (<code>[#10585](pypa/pip#10585) <https://github.com/pypa/pip/issues/10585></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade pep517 to 0.12.0</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/f9914f3ebe223004b1d439a2b1980bd132d14f27"><code>f9914f3</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/f9f2db248fc04b46bd0149eba92882e4932c627e"><code>f9f2db2</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/f2d776be2adffee700ef4563893dc01dc231125c"><code>f2d776b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/10607">#10607</a> from pradyunsg/fix-docs-builds</li> <li><a href="https://github.com/pypa/pip/commit/4a4b613a7ccdf4c4aab8f223f9b97f413b8b3056"><code>4a4b613</code></a> Merge PR <a href="https://github-redirect.dependabot.com/pypa/pip/issues/10577">#10577</a> from sbidoul/fix-pep660-metadata-preparation-fallback</li> <li><a href="https://github.com/pypa/pip/commit/f4d67ba0c091c5b02096ddb211c7602bf0d95580"><code>f4d67ba</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/10592">#10592</a> from pradyunsg/update-ewdurbin-name</li> <li><a href="https://github.com/pypa/pip/commit/37aef106a325ed7b1115f04028360e03dbfe7ee8"><code>37aef10</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/10536">#10536</a> from pradyunsg/docs/fix-wordin</li> <li><a href="https://github.com/pypa/pip/commit/457564cf38ad5da75672d4de119e4c5ae19fbd56"><code>457564c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/10585">#10585</a> from pradyunsg/fix-config-paths</li> <li><a href="https://github.com/pypa/pip/commit/8c1f333ba5cb0a8c2cc4c775355bdde4ae06e50f"><code>8c1f333</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/10580">#10580</a> from pradyunsg/better-towncrier-template</li> <li><a href="https://github.com/pypa/pip/commit/cc559ed6237f7461c919d403c93fbc2ac82abe09"><code>cc559ed</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/10583">#10583</a> from pradyunsg/fix-vendoring</li> <li><a href="https://github.com/pypa/pip/commit/0c2574b7ef78791dd98822bca038b6d839b5378c"><code>0c2574b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/10566">#10566</a> from n1000/dont_warn_on_bsd</li> <li>See full diff in <a href="https://github.com/pypa/pip/compare/21.3...21.3.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=21.3&new-version=21.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [pip](https://github.com/pypa/pip) from 21.0.1 to 21.3.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>21.3.1 (2021-10-22)</h1> <h2>Bug Fixes</h2> <ul> <li>Always refuse installing or building projects that have no <code>pyproject.toml</code> nor <code>setup.py</code>. (<code>[#10531](pypa/pip#10531) <https://github.com/pypa/pip/issues/10531></code>_)</li> <li>Tweak running-as-root detection, to check <code>os.getuid</code> if it exists, on Unix-y and non-Linux/non-MacOS machines. (<code>[#10565](pypa/pip#10565) <https://github.com/pypa/pip/issues/10565></code>_)</li> <li>When installing projects with a <code>pyproject.toml</code> in editable mode, and the build backend does not support :pep:<code>660</code>, prepare metadata using <code>prepare_metadata_for_build_wheel</code> instead of <code>setup.py egg_info</code>. Also, refuse installing projects that only have a <code>setup.cfg</code> and no <code>setup.py</code> nor <code>pyproject.toml</code>. These restore the pre-21.3 behaviour. (<code>[#10573](pypa/pip#10573) <https://github.com/pypa/pip/issues/10573></code>_)</li> <li>Restore compatibility of where configuration files are loaded from on MacOS (back to <code>Library/Application Support/pip</code>, instead of <code>Preferences/pip</code>). (<code>[#10585](pypa/pip#10585) <https://github.com/pypa/pip/issues/10585></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade pep517 to 0.12.0</li> </ul> <h1>21.3 (2021-10-11)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Improve deprecation warning regarding the copying of source trees when installing from a local directory. (<code>[#10128](pypa/pip#10128) <https://github.com/pypa/pip/issues/10128></code>_)</li> <li>Suppress location mismatch warnings when pip is invoked from a Python source tree, so <code>ensurepip</code> does not emit warnings on CPython <code>make install</code>. (<code>[#10270](pypa/pip#10270) <https://github.com/pypa/pip/issues/10270></code>_)</li> <li>On Python 3.10 or later, the installation scheme backend has been changed to use <code>sysconfig</code>. This is to anticipate the deprecation of <code>distutils</code> in Python 3.10, and its scheduled removal in 3.12. For compatibility considerations, pip installations running on Python 3.9 or lower will continue to use <code>distutils</code>. (<code>[#10358](pypa/pip#10358) <https://github.com/pypa/pip/issues/10358></code>_)</li> <li>Remove the <code>--build-dir</code> option and aliases, one last time. (<code>[#10485](pypa/pip#10485) <https://github.com/pypa/pip/issues/10485></code>_)</li> <li>In-tree builds are now the default. <code>--use-feature=in-tree-build</code> is now ignored. <code>--use-deprecated=out-of-tree-build</code> may be used temporarily to ease the transition. (<code>[#10495](pypa/pip#10495) <https://github.com/pypa/pip/issues/10495></code>_)</li> <li>Un-deprecate source distribution re-installation behaviour. (<code>[#8711](pypa/pip#8711) <https://github.com/pypa/pip/issues/8711></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Replace vendored appdirs with platformdirs. (<code>[#10202](pypa/pip#10202) <https://github.com/pypa/pip/issues/10202></code>_)</li> <li>Support <code>PEP 610 <https://www.python.org/dev/peps/pep-0610/></code>_ to detect editable installs in <code>pip freeze</code> and <code>pip list</code>. The <code>pip list</code> column output</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/f9914f3ebe223004b1d439a2b1980bd132d14f27"><code>f9914f3</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/f9f2db248fc04b46bd0149eba92882e4932c627e"><code>f9f2db2</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/f2d776be2adffee700ef4563893dc01dc231125c"><code>f2d776b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/10607">#10607</a> from pradyunsg/fix-docs-builds</li> <li><a href="https://github.com/pypa/pip/commit/4a4b613a7ccdf4c4aab8f223f9b97f413b8b3056"><code>4a4b613</code></a> Merge PR <a href="https://github-redirect.dependabot.com/pypa/pip/issues/10577">#10577</a> from sbidoul/fix-pep660-metadata-preparation-fallback</li> <li><a href="https://github.com/pypa/pip/commit/f4d67ba0c091c5b02096ddb211c7602bf0d95580"><code>f4d67ba</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/10592">#10592</a> from pradyunsg/update-ewdurbin-name</li> <li><a href="https://github.com/pypa/pip/commit/37aef106a325ed7b1115f04028360e03dbfe7ee8"><code>37aef10</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/10536">#10536</a> from pradyunsg/docs/fix-wordin</li> <li><a href="https://github.com/pypa/pip/commit/457564cf38ad5da75672d4de119e4c5ae19fbd56"><code>457564c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/10585">#10585</a> from pradyunsg/fix-config-paths</li> <li><a href="https://github.com/pypa/pip/commit/8c1f333ba5cb0a8c2cc4c775355bdde4ae06e50f"><code>8c1f333</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/10580">#10580</a> from pradyunsg/better-towncrier-template</li> <li><a href="https://github.com/pypa/pip/commit/cc559ed6237f7461c919d403c93fbc2ac82abe09"><code>cc559ed</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/10583">#10583</a> from pradyunsg/fix-vendoring</li> <li><a href="https://github.com/pypa/pip/commit/0c2574b7ef78791dd98822bca038b6d839b5378c"><code>0c2574b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/10566">#10566</a> from n1000/dont_warn_on_bsd</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/21.0.1...21.3.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=21.0.1&new-version=21.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

n1000 added S: needs triage Issues/PRs that need to be triaged type: bug A confirmed bug or unintended behavior labels Oct 10, 2021

n1000 mentioned this issue Oct 10, 2021

Check UID unconditionally on non-Windows platforms, if os.getuid is available #10566

Merged

n1000 changed the title ~~On BSD systems, pip warns about executing it as root, even though it is not being executed as root~~ On BSD systems, pip warns about being executed as root, even though it is not being executed as root Oct 10, 2021

n1000 closed this as completed Oct 14, 2021

github-actions bot locked as resolved and limited conversation to collaborators Nov 14, 2021

pradyunsg removed the S: needs triage Issues/PRs that need to be triaged label Mar 17, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

On BSD systems, pip warns about being executed as root, even though it is not being executed as root #10565

On BSD systems, pip warns about being executed as root, even though it is not being executed as root #10565

n1000 commented Oct 10, 2021 •

edited

Loading

n1000 commented Oct 10, 2021

n1000 commented Oct 14, 2021

On BSD systems, pip warns about being executed as root, even though it is not being executed as root #10565

On BSD systems, pip warns about being executed as root, even though it is not being executed as root #10565

Comments

n1000 commented Oct 10, 2021 • edited Loading

Description

Expected behavior

pip version

Python version

OS

How to Reproduce

Output

Code of Conduct

n1000 commented Oct 10, 2021

n1000 commented Oct 14, 2021

n1000 commented Oct 10, 2021 •

edited

Loading