#442: Hardcode Python path
Reporter: robin | Owner: jsiwek
Type: Problem | Status: new
Priority: Normal | Milestone: Bro1.6
Component: BroControl | Version:
Resolution: | Keywords:
Comment (by jsiwek):
Here's Craig's response that convinced me of taking the approach he
currently uses `#! /usr/bin/env` to find the Python
binary at runtime. Craig suggested this instead:
Craig, can you explain more about what the problem was in this ticket?
I didn't understand how configuring the python shebang to a full path at
build time was better than using the env shebang.
If you use env, you'll pick up whatever version of python is first on
the path instead of the version that was first on the path when broctl
was built. This will be different for different users and can result in
unexpected results and possible brokenness.
The specific python binary path should be considered part of the broctl
config so that the package builder is able to control it by setting the
path when building broctl. Also, the end user only as to have broctl on
his path to be able to run it.
For example on FreeBSD, /usr/local/bin is not on the default path; the
default path is used at bootup so if broctl doesn't have the path built
in, it can't find python when it's run from a rc.d script. You could add
/usr/local/bin to the path but that won't be right 100% of the time for
If an absolute path to a python interpreter is set in
at configure/build time, then to change the python interpreter that
is used, the user has to either (1) edit the script(s) or (2)
re-configure/build/install broctl. These seem like the more
"difficult" options to me.
(How often does this actually happen?)
Editing the scripts seems wrong; if you later rebuild (say to install a
newer version) your changes will get over written.
The binary executable is part of the broctl configuration so having to
re-configure/build/install broctl to use a different python sounds
completely reasonable to me.
From my perspective, the inconvenience of rebuilding broctl seems minor
compared to having different users picking up different versions of
Finally, some folks consider it a security issue to use #!/usr/bin/env
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/442#comment:2>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker