-
Notifications
You must be signed in to change notification settings - Fork 614
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
new INSTALLER and REQUESTED files are chmod 600 #5435
Comments
Interesting, thanks. |
What operating system are you on? |
Interesting, ok, this changed because we initially create the file in a temporary directory, then move it over (to avoid partial writes), and by default that uses 600: https://docs.rs/tempfile/latest/tempfile/struct.Builder.html#method.permissions |
I'm surprised we don't see this in more places? |
Sorry, my OS is Rocky Linux 9.3. And I think what I'm doing should not happen often since reading all the files including these 2 files is not what python will typically do. This is probably why I'm the first to report this. |
No worries. You're right that the permissions should be changed. |
Since recently, I noticed that the
uv pip install
command will add 2 files in the metadata directory of an installed package:INSTALLER
andREQUESTED
.These files were not there in previous
uv
versions, I don't know however when it was introduced but I can tell that this was not the case in version0.2.2
.Now with the current version
0.2.28
these files are there. My problem is that their mod is 600 instead of a more usual 644 for other files in the same directory (likeMETADATA
orWHEEL
).This causes a problem on my stack since for other reasons I install the package with one user, and another user read the libs metadata for some checks.
edit: related commit: https://github.com/astral-sh/uv/pull/337/files#diff-c1686969b46b2c133e184a8c25069ada51363d91354e35fac208bb67239fcf2cL813
The text was updated successfully, but these errors were encountered: