From 4f2b544238e48a714ce05b7dcf97e98a1b2b6acd Mon Sep 17 00:00:00 2001
From: Michael Vincent <377567+Vynce@users.noreply.github.com>
Date: Wed, 22 May 2024 12:59:47 -0500
Subject: [PATCH] gh-117505: Run ensurepip in isolated env in Windows installer
(GH-118257)
ensurepip forks a subprocess to run pip itself, but that subprocess only inherits a -I isolated mode flag (see _run_pip() in Lib/ensurepip/__init__.py), not the "-E -s" flags that the installer has been using. This means that parts of ensurepip don't actually run in an isolated environment and can make incorrect decisions based on packages installed in the user site-packages.
(cherry picked from commit c9073eb1a99606df1efeb8959e9f11a8ebc23ae2)
Co-authored-by: Michael Vincent <377567+Vynce@users.noreply.github.com>
---
.../Windows/2024-04-24-22-50-33.gh-issue-117505.gcTb_p.rst | 1 +
Tools/msi/pip/pip.wxs | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
create mode 100644 Misc/NEWS.d/next/Windows/2024-04-24-22-50-33.gh-issue-117505.gcTb_p.rst
diff --git a/Misc/NEWS.d/next/Windows/2024-04-24-22-50-33.gh-issue-117505.gcTb_p.rst b/Misc/NEWS.d/next/Windows/2024-04-24-22-50-33.gh-issue-117505.gcTb_p.rst
new file mode 100644
index 00000000000000..0931687ecc521c
--- /dev/null
+++ b/Misc/NEWS.d/next/Windows/2024-04-24-22-50-33.gh-issue-117505.gcTb_p.rst
@@ -0,0 +1 @@
+Fixes an issue with the Windows installer not running ensurepip in a fully isolated environment. This could cause unexpected interactions with the user site-packages.
diff --git a/Tools/msi/pip/pip.wxs b/Tools/msi/pip/pip.wxs
index 1d8083cad91a56..627c4710a9fdfa 100644
--- a/Tools/msi/pip/pip.wxs
+++ b/Tools/msi/pip/pip.wxs
@@ -25,8 +25,8 @@
-
-
+
+
(&DefaultFeature=3) AND NOT (!DefaultFeature=3)