Skip to content

Comments

Fix incorrect file permissions in wheel packages#14930

Merged
konstin merged 2 commits intoastral-sh:mainfrom
yumeminami:fix-wheel-file-permissions
Jul 28, 2025
Merged

Fix incorrect file permissions in wheel packages#14930
konstin merged 2 commits intoastral-sh:mainfrom
yumeminami:fix-wheel-file-permissions

Conversation

@yumeminami
Copy link
Contributor

@yumeminami yumeminami commented Jul 28, 2025

Fixes #14920

Summary

Problem: When building wheel packages, metadata files (such as RECORD, METADATA, WHEEL, and
license files) were being created with incorrect Unix permissions (--w--wx---), lacking
read permissions and having unexpected executable permissions.

Solution: The fix ensures that all metadata files in wheel packages are created with proper
644 (rw-r--r--) permissions by:

  • Adding explicit unix_permissions(0o644) setting in the write_bytes method for metadata
    files
  • Updating permission constants to use octal notation for clarity
  • Improving code comments to document the permission settings

Impact: This change ensures wheel packages created by uv have standard file permissions
consistent with other Python build tools like setuptools, improving compatibility and
following Python packaging best practices.

@yumeminami
Fix incorrect file permissions in wheel packages
1fe43ee 
Set proper Unix permissions (644) for metadata files in wheel packages created by the uv build backend. Previously, files like RECORD and LICENSE had incorrect permissions (--w--wx---) due to missing permission settings in the write_bytes method.

This ensures wheel packages have standard file permissions consistent with other Python build tools.

Fixes astral-sh#14920
@yumeminami
Update wheel hash snapshot after fixing file permissions
d3ff89c 
The wheel file hash changed because the fix corrected file permissions
from incorrect (--w--wx---) to proper (644) permissions, which is
included in the ZIP file format and affects the overall file hash.
@charliermarsh charliermarsh requested a review from konstin July 28, 2025 13:18
konstin
konstin approved these changes Jul 28, 2025
View reviewed changes
Copy link
Member

@konstin konstin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@konstin konstin merged commit 55df845 into astral-sh:main Jul 28, 2025
92 checks passed
@konstin konstin added the bug Something isn't working label Jul 28, 2025
@zaporter-work
Copy link

zaporter-work commented Jul 30, 2025

Hi! Thank you for this fix!

Would you be willing to do a minor release for this patch? Any packages built with this version of uv_build are problematic. I've just spent a few hours tracking this down from a stubs-only transitive dependency which happened to be on 0.8.3 -- it caused our CI to fail with a PermissionDenied error while inflating our built PEX files.

@charliermarsh
Copy link
Member

charliermarsh commented Jul 30, 2025

Do you mean a patch release? We're planning to release tomorrow as part of our regular cadence, but likely won't release tonight.

@zaporter-work
Copy link

zaporter-work commented Jul 30, 2025
edited
Loading

@charliermarsh Ah perfect -- thanks for the quick response. I didn't realize your scheduled release is tomorrow -- that is great. Thanks for the work on this project!

@BrewTestBot BrewTestBot mentioned this pull request Jul 30, 2025
Merged
tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request Jul 31, 2025
@tmeijn
build(deps): update astral-sh/uv to v0.8.4
505b59b 
This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [astral-sh/uv](https://github.com/astral-sh/uv) | patch | `0.8.3` -> `0.8.4` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>astral-sh/uv (astral-sh/uv)</summary>

### [`v0.8.4`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#084)

[Compare Source](astral-sh/uv@0.8.3...0.8.4)

##### Enhancements

- Improve styling of warning cause chains  ([#&#8203;14934](astral-sh/uv#14934))
- Extend wheel filtering to Android tags ([#&#8203;14977](astral-sh/uv#14977))
- Perform wheel lockfile filtering based on platform and OS intersection ([#&#8203;14976](astral-sh/uv#14976))
- Clarify messaging when a new resolution needs to be performed ([#&#8203;14938](astral-sh/uv#14938))

##### Preview features

- Add support for extending package's build dependencies with `extra-build-dependencies` ([#&#8203;14735](astral-sh/uv#14735))
- Split preview mode into separate feature flags ([#&#8203;14823](astral-sh/uv#14823))

##### Configuration

- Add support for package specific `exclude-newer` dates via `exclude-newer-package` ([#&#8203;14489](astral-sh/uv#14489))

##### Bug fixes

- Avoid invalidating lockfile when path or workspace dependencies define explicit indexes ([#&#8203;14876](astral-sh/uv#14876))
- Copy entrypoints that have a shebang that differs in `python` vs `python3` ([#&#8203;14970](astral-sh/uv#14970))
- Fix incorrect file permissions in wheel packages ([#&#8203;14930](astral-sh/uv#14930))
- Update validation for `environments` and `required-environments` in `uv.toml` ([#&#8203;14905](astral-sh/uv#14905))

##### Documentation

- Show `uv_build` in projects documentation ([#&#8203;14968](astral-sh/uv#14968))
- Add `UV_` prefix to installer environment variables ([#&#8203;14964](astral-sh/uv#14964))
- Un-hide `uv` from `--build-backend` options ([#&#8203;14939](astral-sh/uv#14939))
- Update documentation for preview flags ([#&#8203;14902](astral-sh/uv#14902))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS40NS4wIiwidXBkYXRlZEluVmVyIjoiNDEuNDUuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90Il19-->
@kieran-ryan
Copy link
Contributor

kieran-ryan commented Aug 5, 2025

Thanks for the swift resolution @yumeminami! Verified resolved in v0.8.4! 🙌

@jsirois jsirois mentioned this pull request Aug 13, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@charliermarsh charliermarsh charliermarsh approved these changes

@konstin konstin konstin approved these changes

Assignees

@konstin konstin

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Missing read file permissions in wheel for license files and record with uv_build backend

5 participants

@yumeminami @zaporter-work @charliermarsh @kieran-ryan @konstin