From 5367058730e46716109b80955d7f4157e2667ee4 Mon Sep 17 00:00:00 2001 From: jaimergp Date: Tue, 19 Nov 2024 18:42:15 +0100 Subject: [PATCH 1/2] Add CEP for frozen environments --- cep-00??.md | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 cep-00??.md diff --git a/cep-00??.md b/cep-00??.md new file mode 100644 index 0000000..ef2676a --- /dev/null +++ b/cep-00??.md @@ -0,0 +1,66 @@ +# CEP ?? - Frozen environments + + + + + + + + + +
Title Frozen environments
Status Draft
Author(s) Jaime Rodríguez-Guerra <jaime.rogue@gmail.com>
Created Nov 19, 2024
Updated Nov 19, 2024
Discussion NA
Implementation NA
+ +## Abstract + +Given a `$CONDA_PREFIX/conda-meta/frozen` marker file, tools will prevent modifications in `$CONDA_PREFIX` unless a special override flag is passed. + +> The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", + "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as + described in [RFC2119][RFC2119] when, and only when, they appear in all capitals, as shown here. + +## Motivation + +This CEP is inspired by [PEP 668][PEP-668], which defines the `EXTERNALLY-MANAGED` marker file for Python virtual environments. The conda ecosystem could benefit from a similar file for conda environments. Some examples include: + +- Protecting modifications of the `base` environment in `conda` installations. +- Protecting external management of `.pixi/envs/*` environments by other tools. +- Reproducibility of the build and host environments in conda package building tools. + +## Specification + +- The marker file path MUST be `$CONDA_PREFIX/conda-meta/frozen`. This is case-sensitive. +- The marker file can be empty. It can optionally contain a JSON document with the schema described with a single key `message`. The value MUST be a non-empty string. +- Tools MUST respect the presence of `frozen` in the environment and error out with: + - A message chosen by the tool, if `frozen` is empty. + - The message included in the `message` key, if `frozen` is not empty. + - A help message explaining how to override the check, if available. +- Tools SHOULD offer a way to override the presence of `frozen`, but never by default. For example, `--override-frozen-env`. + +## Example + +An example `frozen` file can be: + +```json +{ + "message": "This environment is running a production service.\nIt is marked as read-only and MUST not be modified." +} +``` + +A hypothetical tool finding this file in the environment to be modified would output something like: + +``` +Could not modify environment. The environment has been marked as frozen. Reason: + + This environment is running a production service. + It is marked as read-only and MUST not be modified. + +You can bypass this check by using the `--override-frozen-env-checks` flag, at your own risk. +``` + +## Copyright + +All CEPs are explicitly [CC0 1.0 Universal](https://creativecommons.org/publicdomain/zero/1.0/). + + + +[PEP-668]: https://peps.python.org/pep-0668/ From 1caa6a7efd8ea39c96186f52355430cb9e5a9c9a Mon Sep 17 00:00:00 2001 From: jaimergp Date: Tue, 19 Nov 2024 18:47:28 +0100 Subject: [PATCH 2/2] add discussion link --- cep-00??.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cep-00??.md b/cep-00??.md index ef2676a..2aa7a30 100644 --- a/cep-00??.md +++ b/cep-00??.md @@ -6,7 +6,7 @@ Author(s) Jaime Rodríguez-Guerra <jaime.rogue@gmail.com> Created Nov 19, 2024 Updated Nov 19, 2024 - Discussion NA + Discussion https://github.com/conda/ceps/pull/99 Implementation NA