-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incorrect file permissions in dist-info directory after installing a package #8164
Comments
Indeed |
We also use pip/src/pip/_internal/utils/unpacking.py Line 148 in 43426ee
and pip/src/pip/_internal/utils/unpacking.py Line 232 in 43426ee
Do we need to fix those as well? |
@deveshks these were the source of bad inspiration that led to this bug indeed. |
>>> oct(0o777 - 0o027 | 0o111)
'0o751'
>>> oct(0o666 & ~0o027)
'0o640' IIUC, the |
Oh wait, I don't understand correctly. The order of the bits is rwx, not xwr. Those other locations are for setting permissions on executable scripts, and don't actually do the right things as OP (and @sbidoul) have pointed out. Hah. |
So do we only move these two |
Nah, not now -- let's get the specific bugfix merged and then think about the broader fixes. :) |
Agreed, I will create another issue about fixing them and we can discuss there. BTW I have addressed the review comments, and I think that PR is ready to be approved/merged 😊 |
Filed #8179 for fixing file permission in |
126: Update pip to 20.1.1 r=duckinator a=pyup-bot This PR updates [pip](https://pypi.org/project/pip) from **20.1** to **20.1.1**. <details> <summary>Changelog</summary> ### 20.1.1 ``` =================== Deprecations and Removals ------------------------- - Revert building of local directories in place, restoring the pre-20.1 behaviour of copying to a temporary directory. (`7555 <https://github.com/pypa/pip/issues/7555>`_) - Drop parallelization from ``pip list --outdated``. (`8167 <https://github.com/pypa/pip/issues/8167>`_) Bug Fixes --------- - Fix metadata permission issues when umask has the executable bit set. (`8164 <https://github.com/pypa/pip/issues/8164>`_) - Avoid unnecessary message about the wheel package not being installed when a wheel would not have been built. Additionally, clarify the message. (`8178 <https://github.com/pypa/pip/issues/8178>`_) ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/pip - Changelog: https://pyup.io/changelogs/pip/ - Homepage: https://pip.pypa.io/ </details> Co-authored-by: pyup-bot <github-bot@pyup.io>
Environment
Description
After a pip install with umask set to 027, files in the environment have incorrect permissions.
I expected the files to have permissions 640, but they ended up as 637. This is both too restrictive at the group level and too permissive at the world level.
Expected behavior
Correct file permissions.
I think the cause is this fix:
https://github.com/pypa/pip/pull/8144/files#diff-81eaeaa2196a8c5382958f2d9f22b593R570
I'd have expected a bitwise AND so the result would be 0640.
How to Reproduce
virtualenv ./env
source env/bin/activate
umask 027
pip install six
ls -lR env/lib/python3.8/site-packages/six-1.14.0.dist-info/
Output
The text was updated successfully, but these errors were encountered: