incorrect permissions in the packaged tar #377

schwehr · 2013-09-02T17:31:11Z

All files and directories in the distribution tar should be group and world readable. By not doing this, an installed instance of scrapy that is first built as a user and then installed by root (this is what mac osx fink does) sets up scrapy such that it is not usable by non-root users.

I setup the fink package for scrapy like this to work around the issue:

CompileScript: <<
  #!/bin/bash -ev
  chmod 644 scrapy/{VERSION,mime.types}
  find . -name \*.tmpl -o -name \*.cfg -o -name \*.xml -o -name \*.tar | xargs chmod 644
  find . -name \*.zip -o -name \*.csv -o -name \*.html -o -name \*.egg | xargs chmod 644
  find . -name \*.gz -o -name \*.bz2 -o -name \*.bin -o -name \*.txt | xargs chmod 644
  python%type_raw[python] setup.py build
<<

How to see this issue:

wget https://pypi.python.org/packages/source/S/Scrapy/Scrapy-0.18.1.tar.gz#md5=63f84dd460cc3eb4f8c5b8bc907f6f39
tar xf Scrapy-0.18.1.tar.gz

find . | xargs ls -l | grep '\---' | wc -l
   871 
find . | xargs ls -l | grep '\---' | head

-rw-------  1 schwehr  5000   1273 Aug 27 14:46 ./AUTHORS
-rw-------  1 schwehr  5000    154 Aug 27 14:46 ./INSTALL
-rw-------  1 schwehr  5000   1521 Aug 27 14:46 ./LICENSE
-rw-------  1 schwehr  5000    385 Aug 27 14:46 ./MANIFEST.in
-rw-------  1 schwehr  5000   2671 Aug 27 14:49 ./PKG-INFO
-rw-------  1 schwehr  5000   1348 Aug 27 14:46 ./README.rst
-rw-------  1 schwehr  5000    114 Aug 27 14:46 ./bin/runtests.bat
-rwx------  1 schwehr  5000   1271 Aug 27 14:46 ./bin/runtests.sh
-rwx------  1 schwehr  5000     68 Aug 27 14:46 ./bin/scrapy
-rw-------  1 schwehr  5000   2225 Aug 27 14:46 ./docs/Makefile

The text was updated successfully, but these errors were encountered:

dangra · 2013-09-03T23:12:26Z

Tarballs are generated using standard python setup.py sdist upload command.

And locally files are world readable, not sure what change its permissions.

I think this problem should be common for other packages too, can you suggest a solution?

schwehr · 2013-09-04T01:39:31Z

Not sure what the best solution is. Asked here:

http://stackoverflow.com/questions/18604130/proper-permissions-for-python-packages

Please do check your tar and github checkout... the files are not world readable. Perhaps you are depending on the umask?

wget https://pypi.python.org/packages/source/S/Scrapy/Scrapy-0.18.2.tar.gz#md5=14f105e2fdb047c666b944990e691389

tar tfvv Scrapy-0.18.2.tar.gz | head
drwx------ buildbot/buildbot 0 2013-09-03 10:30 Scrapy-0.18.2/
-rw------- buildbot/buildbot 385 2013-09-03 10:27 Scrapy-0.18.2/MANIFEST.in
-rw------- buildbot/buildbot 140 2013-09-03 10:30 Scrapy-0.18.2/setup.cfg
drwx------ buildbot/buildbot 0 2013-09-03 10:30 Scrapy-0.18.2/bin/
-rw------- buildbot/buildbot 114 2013-09-03 10:27 Scrapy-0.18.2/bin/runtests.bat
-rwx------ buildbot/buildbot 1271 2013-09-03 10:27 Scrapy-0.18.2/bin/runtests.sh
-rwx------ buildbot/buildbot 68 2013-09-03 10:27 Scrapy-0.18.2/bin/scrapy
drwx------ buildbot/buildbot 0 2013-09-03 10:30 Scrapy-0.18.2/scrapy/
-rw------- buildbot/buildbot 2785 2013-09-03 10:27 Scrapy-0.18.2/scrapy/telnet.py
drwx------ buildbot/buildbot 0 2013-09-03 10:30 Scrapy-0.18.2/scrapy/commands/

dangra · 2013-09-04T01:44:21Z

Yes, that was it. The builder that uploads the distribution to pypi is
using a very restrictive umask.

On Tue, Sep 3, 2013 at 10:39 PM, Kurt Schwehr notifications@github.comwrote:

Not sure what the best solution is. Asked here:

http://stackoverflow.com/questions/18604130/proper-permissions-for-python-packages

Please do check your tar and github checkout... the files are not world
readable. Perhaps you are depending on the umask?

wget
https://pypi.python.org/packages/source/S/Scrapy/Scrapy-0.18.2.tar.gz#md5=14f105e2fdb047c666b944990e691389

tar tfvv Scrapy-0.18.2.tar.gz | head
drwx------ buildbot/buildbot 0 2013-09-03 10:30 Scrapy-0.18.2/
-rw------- buildbot/buildbot 385 2013-09-03 10:27 Scrapy-0.18.2/MANIFEST.in
-rw------- buildbot/buildbot 140 2013-09-03 10:30 Scrapy-0.18.2/setup.cfg
drwx------ buildbot/buildbot 0 2013-09-03 10:30 Scrapy-0.18.2/bin/
-rw------- buildbot/buildbot 114 2013-09-03 10:27
Scrapy-0.18.2/bin/runtests.bat
-rwx------ buildbot/buildbot 1271 2013-09-03 10:27
Scrapy-0.18.2/bin/runtests.sh
-rwx------ buildbot/buildbot 68 2013-09-03 10:27 Scrapy-0.18.2/bin/scrapy
drwx------ buildbot/buildbot 0 2013-09-03 10:30 Scrapy-0.18.2/scrapy/
-rw------- buildbot/buildbot 2785 2013-09-03 10:27
Scrapy-0.18.2/scrapy/telnet.py
drwx------ buildbot/buildbot 0 2013-09-03 10:30
Scrapy-0.18.2/scrapy/commands/

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/377#issuecomment-23760463
.

dangra · 2013-09-04T01:46:32Z

I think it is fixed for 0.18.2 release in pypi. can you double check?

dangra · 2013-09-04T02:31:11Z

fixed by 92d14d4

schwehr · 2013-09-04T13:56:52Z

Confirmed! Thanks much!

dangra closed this as completed Sep 4, 2013

icp1994 mentioned this issue Nov 10, 2022

Permission issue for system-wide installation via pypi source saulpw/visidata#1591

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

incorrect permissions in the packaged tar #377

incorrect permissions in the packaged tar #377

schwehr commented Sep 2, 2013

dangra commented Sep 3, 2013

schwehr commented Sep 4, 2013

dangra commented Sep 4, 2013

dangra commented Sep 4, 2013

dangra commented Sep 4, 2013

schwehr commented Sep 4, 2013

incorrect permissions in the packaged tar #377

incorrect permissions in the packaged tar #377

Comments

schwehr commented Sep 2, 2013

dangra commented Sep 3, 2013

schwehr commented Sep 4, 2013

dangra commented Sep 4, 2013

dangra commented Sep 4, 2013

dangra commented Sep 4, 2013

schwehr commented Sep 4, 2013