Fix incorrect file permissions in wheel packages #14930
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Set proper Unix permissions (644) for metadata files in wheel packages created by the uv build backend. Previously, files like RECORD and LICENSE had incorrect permissions (--w--wx---) due to missing permission settings in the write_bytes method. This ensures wheel packages have standard file permissions consistent with other Python build tools. Fixes astral-sh#14920
The wheel file hash changed because the fix corrected file permissions from incorrect (--w--wx---) to proper (644) permissions, which is included in the ZIP file format and affects the overall file hash.
charliermarsh
approved these changes
Jul 28, 2025
|
Hi! Thank you for this fix! Would you be willing to do a minor release for this patch? Any packages built with this version of uv_build are problematic. I've just spent a few hours tracking this down from a stubs-only transitive dependency which happened to be on 0.8.3 -- it caused our CI to fail with a PermissionDenied error while inflating our built PEX files. |
Member
|
Do you mean a patch release? We're planning to release tomorrow as part of our regular cadence, but likely won't release tonight. |
|
@charliermarsh Ah perfect -- thanks for the quick response. I didn't realize your scheduled release is tomorrow -- that is great. Thanks for the work on this project! |
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Jul 31, 2025
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [astral-sh/uv](https://github.com/astral-sh/uv) | patch | `0.8.3` -> `0.8.4` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>astral-sh/uv (astral-sh/uv)</summary> ### [`v0.8.4`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#084) [Compare Source](astral-sh/uv@0.8.3...0.8.4) ##### Enhancements - Improve styling of warning cause chains ([#​14934](astral-sh/uv#14934)) - Extend wheel filtering to Android tags ([#​14977](astral-sh/uv#14977)) - Perform wheel lockfile filtering based on platform and OS intersection ([#​14976](astral-sh/uv#14976)) - Clarify messaging when a new resolution needs to be performed ([#​14938](astral-sh/uv#14938)) ##### Preview features - Add support for extending package's build dependencies with `extra-build-dependencies` ([#​14735](astral-sh/uv#14735)) - Split preview mode into separate feature flags ([#​14823](astral-sh/uv#14823)) ##### Configuration - Add support for package specific `exclude-newer` dates via `exclude-newer-package` ([#​14489](astral-sh/uv#14489)) ##### Bug fixes - Avoid invalidating lockfile when path or workspace dependencies define explicit indexes ([#​14876](astral-sh/uv#14876)) - Copy entrypoints that have a shebang that differs in `python` vs `python3` ([#​14970](astral-sh/uv#14970)) - Fix incorrect file permissions in wheel packages ([#​14930](astral-sh/uv#14930)) - Update validation for `environments` and `required-environments` in `uv.toml` ([#​14905](astral-sh/uv#14905)) ##### Documentation - Show `uv_build` in projects documentation ([#​14968](astral-sh/uv#14968)) - Add `UV_` prefix to installer environment variables ([#​14964](astral-sh/uv#14964)) - Un-hide `uv` from `--build-backend` options ([#​14939](astral-sh/uv#14939)) - Update documentation for preview flags ([#​14902](astral-sh/uv#14902)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS40NS4wIiwidXBkYXRlZEluVmVyIjoiNDEuNDUuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90Il19-->
|
Thanks for the swift resolution @yumeminami! Verified resolved in v0.8.4! 🙌 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #14920
Summary
Problem: When building wheel packages, metadata files (such as RECORD, METADATA, WHEEL, and
license files) were being created with incorrect Unix permissions (--w--wx---), lacking
read permissions and having unexpected executable permissions.
Solution: The fix ensures that all metadata files in wheel packages are created with proper
644 (rw-r--r--) permissions by:
files
Impact: This change ensures wheel packages created by uv have standard file permissions
consistent with other Python build tools like setuptools, improving compatibility and
following Python packaging best practices.