Skip to content

Comments

Make the uv_build build backend produce wheel and sdist files with 0o666 & !umask permissions on unix platforms again#18020

Merged
EliteTK merged 1 commit intomainfrom
tk/fix-dist-file-perms
Feb 16, 2026
Merged

Make the uv_build build backend produce wheel and sdist files with 0o666 & !umask permissions on unix platforms again#18020
EliteTK merged 1 commit intomainfrom
tk/fix-dist-file-perms

Conversation

@EliteTK
Copy link
Contributor

@EliteTK EliteTK commented Feb 15, 2026

Summary

Fix #18004.

#17276 introduced a regression since NamedTempFile::new_in defaults to 0o600 permissions. Fortunately uv_fs already has a wrapper for a new_in with "normal" permissions this so this PR uses that.

Test Plan

Reliable testing would require us to support setting a umask for a test context process which we currently don't have support for and implementing it is not trivial so for now I just tested this manually.

To test, you can just use:

#!/usr/bin/env bash

set -e

tempdir=$(mktemp -d)
trap 'rm -rf "$tempdir"' EXIT
uv init --lib "$tempdir"
cd "$tempdir"
uv build
umask
ls -al dist/

@EliteTK EliteTK added the bug Something isn't working label Feb 15, 2026
@EliteTK EliteTK requested a review from konstin February 16, 2026 10:59
@EliteTK
Use uv_fs::tempfile_in to avoid permission issues
a4c64e9 
`NamedTempFile::new_in` uses 0o600 permissions which are not what we
want for wheels and sdists.
@EliteTK EliteTK force-pushed the tk/fix-dist-file-perms branch from e1e1cc8 to a4c64e9 Compare February 16, 2026 11:00
@konstin
Copy link
Member

konstin commented Feb 16, 2026
edited
Loading

When testing this locally, I get 0o644 for a hatchling build backend, When using the uv build fast path, I get 0o664 and when using --force-pep517 with the uv build backend, I get 0o600.

I'm using Ubuntu 24.04 defaults:

$ umask
0002
$ umask -S 
u=rwx,g=rwx,o=rx

@EliteTK EliteTK changed the title Make uv build produce wheel and sdist files with 0o666 permissions on unix platforms again Make the uv_build build backend produce wheel and sdist files with 0o666 permissions on unix platforms again Feb 16, 2026
@EliteTK EliteTK changed the title Make the uv_build build backend produce wheel and sdist files with 0o666 permissions on unix platforms again Make the uv_build build backend produce wheel and sdist files with 0o666 & !umask permissions on unix platforms again Feb 16, 2026
@EliteTK
Copy link
Contributor Author

EliteTK commented Feb 16, 2026

I've adjusted the title to clarify, it's just build backend specific. Hatchling presumably requests 0o644 & !umask but we have historically used 0o666 & !umask. The behaviour without --force-pep517 is what we would do previously, and with --force-pep517 is what we do currently (since we won't use our built in uv_build for that case, we'll use the broken one we currently ship).

@EliteTK EliteTK merged commit 12e27f7 into main Feb 16, 2026
53 checks passed
@EliteTK EliteTK deleted the tk/fix-dist-file-perms branch February 16, 2026 12:14
@BrewTestBot BrewTestBot mentioned this pull request Feb 17, 2026
Merged
tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request Feb 18, 2026
@tmeijn
build(deps): update uv to v0.10.4
fc0307f 
This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [uv](https://github.com/astral-sh/uv) | patch | `0.10.3` → `0.10.4` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>astral-sh/uv (uv)</summary>

### [`v0.10.4`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0104)

[Compare Source](astral-sh/uv@0.10.3...0.10.4)

Released on 2026-02-17.

##### Enhancements

- Remove duplicate references to the affected paths when showing `uv python` errors ([#&#8203;18008](astral-sh/uv#18008))
- Skip discovery of workspace members that contain only git-ignored files, including in sub-directories ([#&#8203;18051](astral-sh/uv#18051))

##### Bug fixes

- Don't panic when initialising a package at the filesystem root (e.g. `uv init / --name foo`) ([#&#8203;17983](astral-sh/uv#17983))
- Fix permissions on `wheel` and `sdist` files produced by the `uv_build` build backend ([#&#8203;18020](astral-sh/uv#18020))
- Revert locked file change to fix locked files on NFS mounts ([#&#8203;18071](astral-sh/uv#18071))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOS4yIiwidXBkYXRlZEluVmVyIjoiNDMuMTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90IiwiYXV0b21hdGlvbjpib3QtYXV0aG9yZWQiLCJkZXBlbmRlbmN5LXR5cGU6OnBhdGNoIl19-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@konstin konstin konstin approved these changes

Assignees

No one assigned

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Dist files have mod 600 since v0.9.23

2 participants

@EliteTK @konstin