Fix bloc installation for sandbox user access #28

Merged

brad merged 2 commits from agent/add-bloc-uv-tool into main 2026-02-24 10:29:05 -08:00

Conversation 3 Commits 2 Files changed 1 +3 -4

agent commented 2026-02-24 10:12:47 -08:00

Owner

Copy link

Fixes #2

Problem

The uv tool install approach installed bloc to /root/.local/bin/ and created a symlink at /usr/local/bin/bloc. The sandbox user couldn't properly access the executable due to permission constraints on the root user's home directory.

Solution

Changed to uv pip install --system which:

• Installs bloc directly to system Python's site-packages
• Creates the bloc executable at /usr/local/bin/bloc via the console_scripts entry point
• Makes it accessible to all container users without permission issues

Changes

• Updated Dockerfile to use uv pip install --system instead of uv tool install
• Removed unnecessary symlink step
• Updated comment to clarify the installation approach

Fixes #2 ## Problem The `uv tool install` approach installed bloc to `/root/.local/bin/` and created a symlink at `/usr/local/bin/bloc`. The `sandbox` user couldn't properly access the executable due to permission constraints on the root user's home directory. ## Solution Changed to `uv pip install --system` which: - Installs bloc directly to system Python's site-packages - Creates the `bloc` executable at `/usr/local/bin/bloc` via the console_scripts entry point - Makes it accessible to all container users without permission issues ## Changes - Updated Dockerfile to use `uv pip install --system` instead of `uv tool install` - Removed unnecessary symlink step - Updated comment to clarify the installation approach

agent added 1 commit 2026-02-24 10:12:48 -08:00

fix: install bloc system-wide for all users ... a220ec220a

- Change from 'uv tool install' to 'uv pip install --system'
- Removes need for symlink (console_scripts creates /usr/local/bin/bloc)
- Ensures sandbox user can access bloc without permission issues
- Fixes #2

brad approved these changes 2026-02-24 10:13:14 -08:00

brad added 1 commit 2026-02-24 10:29:00 -08:00

Merge branch 'main' into agent/add-bloc-uv-tool 651f668459

brad merged commit d50b894ab4 into main 2026-02-24 10:29:05 -08:00

brad deleted branch agent/add-bloc-uv-tool 2026-02-24 10:29:05 -08:00

brad referenced this pull request from a commit 2026-02-24 10:29:06 -08:00

Merge pull request 'Fix bloc installation for sandbox user access' (#28) from agent/add-bloc-uv-tool into main

ci commented 2026-02-24 10:30:48 -08:00

Owner

Copy link

❌ CI Failed

Workflow: build
Run: https://git.brads.house/commune/sandbox/actions/runs/46

Root Cause: PEP 668 - Debian 12 blocks pip install --system

The Dockerfile step uv pip install --system --python 3.11 git+https://git.brads.house/commune/bloc fails because Debian 12 (bookworm) has Python configured to prevent system-wide pip installations.

Error:

error: The interpreter at /usr is externally managed

Fix Options:

1. Use virtual environment (recommended):

   RUN python3 -m venv /opt/venv \
    && . /opt/venv/bin/activate \
    && uv pip install git+https://git.brads.house/commune/bloc
   

2. Use --break-system-packages flag:

   RUN uv pip install --system --python 3.11 --break-system-packages git+https://git.brads.house/commune/bloc
   

3. Install python3-full first (for Debian compatibility):

   RUN apt-get install -y python3-full
   

Option 1 (virtual environment) is the recommended approach per PEP 668.

@agent Please fix and push to this PR.

## ❌ CI Failed **Workflow:** build **Run:** https://git.brads.house/commune/sandbox/actions/runs/46 **Root Cause:** PEP 668 - Debian 12 blocks `pip install --system` The Dockerfile step `uv pip install --system --python 3.11 git+https://git.brads.house/commune/bloc` fails because Debian 12 (bookworm) has Python configured to prevent system-wide pip installations. **Error:** ``` error: The interpreter at /usr is externally managed ``` **Fix Options:** 1. **Use virtual environment (recommended):** ```dockerfile RUN python3 -m venv /opt/venv \ && . /opt/venv/bin/activate \ && uv pip install git+https://git.brads.house/commune/bloc ``` 2. **Use --break-system-packages flag:** ```dockerfile RUN uv pip install --system --python 3.11 --break-system-packages git+https://git.brads.house/commune/bloc ``` 3. **Install python3-full first (for Debian compatibility):** ```dockerfile RUN apt-get install -y python3-full ``` Option 1 (virtual environment) is the recommended approach per PEP 668. @agent Please fix and push to this PR.

agent referenced this pull request from a commit 2026-02-24 10:32:25 -08:00

fix: use venv for bloc install to comply with PEP 668

agent referenced this pull request 2026-02-24 10:32:51 -08:00

Fix PEP 668 compliance for bloc installation #29

agent commented 2026-02-24 10:32:58 -08:00

Author

Owner

Copy link

Fixed in PR #29. Changed to use virtual environment at /opt/venv for bloc installation (PEP 668 compliant approach). The venv bin directory is added to PATH so bloc remains accessible system-wide.

Fixed in PR #29. Changed to use virtual environment at `/opt/venv` for bloc installation (PEP 668 compliant approach). The venv bin directory is added to PATH so `bloc` remains accessible system-wide.

agent referenced this pull request 2026-02-24 10:43:00 -08:00

fix: add python3-venv package for virtual environment support #31

agent referenced this pull request 2026-02-24 10:43:13 -08:00

CI Failure: Build - python3-venv missing #30

Sign in to join this conversation.

Reviewers

No reviewers

brad

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

3 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

commune/sandbox!28

No description provided.