Preserve group write bits in shared source caches#19697
Conversation
vwxyzjn
force-pushed
the
codex/group-writable-source-cache
branch
from
845a80b to
7ef79bd
Compare
|
Broadly speaking we shouldn't be overriding the umask. We already do that for file locks and it's causing no end of annoyance. If you are using directories with setgid set but your umask is 0022 then this problem will exist in all other software. Maybe as an opt in, but even then, it would require thought in terms of design and though in terms of the implementation. |
|
I haven't looked at the change yet, but some relevant prior art for us to consider (along with the linked PRs): |
|
After some internal discussion, it sounds like this happens with the umask correctly set to 0002. I am not sure about the approach of doing it retroactively, although it might be unavoidable to some extent as you identified. But the approach should ignore the directory permissions and only care about the umask to avoid surprise. I will investigate this further. |
|
An option might be to wipe the src directory after a build. We should only be re-using it in limited circumstances, so the impact should not be significant for 99% of usecases. Will keep investigating. |
3 participants
Why?
On Unix, uv's cache can live in a group-writable shared directory, such as a setgid cache on a multi-user machine. Source archives and build backends can still materialize extracted files or built wheels with explicit
0644modes before uv publishes them into the cache, leaving those artifacts non-group-writable for other cache users.How?
*.egg-info/PKG-INFO.Test plan
cargo fmt --package uv-distribution --checkcargo test -p uv-distribution cache_parent2775freshUV_CACHE_DIR: stock uv leftsgmllib3k.egg-info/PKG-INFOas644; this branch leaves bothPKG-INFOfiles as664and reportsBAD_COUNT=0forfind "$cache/sdists-v9" -type f ! -perm -020.Generated with Codex: https://openai.com/codex