Sanitize process.env for spawned processes to remove external PYTHONH…

…OME (chaiNNer-org#619)
yamisora-sys · Jul 24, 2022 · 6abdd48 · 6abdd48
1 parent 862347e
commit 6abdd48
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 17 deletions.
diff --git a/scripts/install-required-deps.ts b/scripts/install-required-deps.ts
@@ -1,17 +1,24 @@
 /* eslint-disable no-console */
 import { spawn } from 'child_process';
 import { requiredDependencies } from '../src/common/dependencies';
+import { sanitizedEnv } from '../src/common/env';
 
 try {
-    const command = spawn('python', [
-        '-m',
-        'pip',
-        'install',
-        ...requiredDependencies
-            .map((d) => d.packages.map((p) => `${p.packageName}==${p.version}`))
-            .flat(),
-        '--disable-pip-version-check',
-    ]);
+    const command = spawn(
+        'python',
+        [
+            '-m',
+            'pip',
+            'install',
+            ...requiredDependencies
+                .map((d) => d.packages.map((p) => `${p.packageName}==${p.version}`))
+                .flat(),
+            '--disable-pip-version-check',
+        ],
+        {
+            env: sanitizedEnv,
+        }
+    );
 
     command.stdout.on('data', (data: unknown) => {
         console.log(String(data));

diff --git a/src/common/env.ts b/src/common/env.ts
@@ -4,3 +4,7 @@ export const isMac = process.platform === 'darwin';
 export const isM1 = isMac && (os.cpus()[0]?.model.includes('Apple M1') ?? false);
 
 export const isRenderer = typeof process !== 'undefined' && process.type === 'renderer';
+
+const env = { ...process.env };
+delete env.PYTHONHOME;
+export const sanitizedEnv = env;
diff --git a/src/common/pip.ts b/src/common/pip.ts
@@ -2,6 +2,7 @@
 import { spawn } from 'child_process';
 import log from 'electron-log';
 import { Dependency } from './dependencies';
+import { sanitizedEnv } from './env';
 import { pipInstallWithProgress } from './pipInstallWithProgress';
 import { getPythonInfo } from './python';
 import { noop } from './util';
@@ -23,7 +24,9 @@ export const runPip = async (args: readonly string[], onStdio: OnStdio = {}): Pr
         log.info(`Python executable: ${python}`);
         log.info(`Running pip command: ${args.slice(1).join(' ')}`);
 
-        const child = spawn(python, args);
+        const child = spawn(python, args, {
+            env: sanitizedEnv,
+        });
 
         let stdout = '';
 

diff --git a/src/common/pipInstallWithProgress.ts b/src/common/pipInstallWithProgress.ts
@@ -7,6 +7,7 @@ import os from 'os';
 import path from 'path';
 import { URL } from 'url';
 import { PyPiPackage } from './dependencies';
+import { sanitizedEnv } from './env';
 import { noop } from './util';
 
 export interface OnStdio {
@@ -55,12 +56,11 @@ const downloadWheelAndInstall = async (
             downloader.download().then(() => {
                 onProgress?.(98);
                 onStdout('Installing package from whl...\n');
-                const installProcess = spawn(pythonPath, [
-                    '-m',
-                    'pip',
-                    'install',
-                    path.join(tempDir, fileName),
-                ]);
+                const installProcess = spawn(
+                    pythonPath,
+                    ['-m', 'pip', 'install', path.join(tempDir, fileName)],
+                    { env: sanitizedEnv }
+                );
                 installProcess.stdout.on('data', (data) => {
                     onStdout(String(data));
                 });

diff --git a/src/main/main.ts b/src/main/main.ts
@@ -12,6 +12,7 @@ import semver from 'semver';
 import util from 'util';
 import { PythonInfo, WindowSize } from '../common/common-types';
 import { requiredDependencies } from '../common/dependencies';
+import { sanitizedEnv } from '../common/env';
 import { runPipInstall, runPipList } from '../common/pip';
 import { getPythonInfo, setPythonInfo } from '../common/python';
 import { BrowserWindowWithSafeIpc, ipcMain } from '../common/safeIpc';
@@ -391,7 +392,9 @@ const spawnBackend = async (port: number) => {
         const backendPath = app.isPackaged
             ? path.join(process.resourcesPath, 'src', 'run.py')
             : './backend/src/run.py';
-        const backend = spawn((await getPythonInfo()).python, [backendPath, String(port)]);
+        const backend = spawn((await getPythonInfo()).python, [backendPath, String(port)], {
+            env: sanitizedEnv,
+        });
         backend.stdout.on('data', (data) => {
             const dataString = String(data);
             // Remove unneeded timestamp