I am building a software image (.flatpak) with flatpak-builder and meson. It uses gnome Platform and Sdk and it runs an offline Gtk Python application. This sandbox-like software container has access to $HOME
as I have defined
"--filesystem=home"
in the finish-args of the application yaml. This is required for users to load and save local files from within the running software.
From my understanding, the Python command that is used to run the application is declared like this in the meson.build files:
python = import('python')
config = configuration_data()
config.set('PYTHON', python.find_installation('python3').path())
config.set('VERSION', meson.project_version())
config.set('localedir', join_paths(get_option('prefix'), get_option('localedir')))
config.set('pkgdatadir', pkgdatadir)
Now, I face the issue that when I later launch the installed flatpak application from somewhere within $HOME
, the current working directory will be appended to sys.path
of python which may result in the wrong package, module or script being executed if it resides in my cwd and shares names with a package/module installed in the site-packages.
Usually I can suppress such behaviour with python's command line option python -I ...
, but I have not found anything so far, how I can tell meson/flatpak to run python with that option.
How can I define python to run with the -I
option when I launch the flatpak image I installed?
I have not found any options how to do that, yet.
Edit 1: Replace '-s' by '-I' as that would lead to the desired behaviour.
If the python file is used as an executable file, a shebang line can help
#!/usr/bin/env -S python3 -P
The -S
allows the shebang line to have options and -P is an interpreter option to exclude the current working directory (pwd) from the sys.path
.
If the python file is called by a multiprocess, subprocess or similar, set the PYTHONSAFEPATH variable:
# bash / sh
export PYTHONSAFEPATH="not empty"
or
# python
os.environ["PYTHONSAFEPATH"] = "some arbitrary string"
# not-empty value disables inclusion of pwd in sys.path
and pass that to optional environment options in the calls that launch the process.