From fd1c01184ed0bf83f0c967f2e2001666f6c42794 Mon Sep 17 00:00:00 2001 From: Ted Kaplan Date: Fri, 30 Jan 2026 10:57:43 -0800 Subject: [PATCH 1/7] Set permissions when extracting wheels --- python/private/pypi/whl_extract.bzl | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/python/private/pypi/whl_extract.bzl b/python/private/pypi/whl_extract.bzl index 75c5686cb8..e6a85f0adc 100644 --- a/python/private/pypi/whl_extract.bzl +++ b/python/private/pypi/whl_extract.bzl @@ -19,6 +19,16 @@ def whl_extract(rctx, *, whl_path, logger): output = install_dir_path, supports_whl_extraction = rp_config.supports_whl_extraction, ) + + # Fix permissions on extracted files. Some wheels have files without read permissions set, + # which causes errors when trying to read them later. + os_name = repo_utils.get_platforms_os_name(rctx) + if "windows" not in os_name: + # On Unix-like systems, recursively add read permissions to all files + # and ensure directories are traversable (need execute permission) + result = rctx.execute(["chmod", "-R", "u+rX,go+rX", str(install_dir_path)]) + if result.return_code != 0: + logger.warn(lambda: "Failed to fix file permissions: {}".format(result.stderr)) metadata_file = find_whl_metadata( install_dir = install_dir_path, logger = logger, From d4e4d5124180d521eb218d000f9b8e32ff8c3c86 Mon Sep 17 00:00:00 2001 From: Ted Kaplan Date: Fri, 30 Jan 2026 11:19:19 -0800 Subject: [PATCH 2/7] Update python/private/pypi/whl_extract.bzl Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- python/private/pypi/whl_extract.bzl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/private/pypi/whl_extract.bzl b/python/private/pypi/whl_extract.bzl index e6a85f0adc..7e113f9da1 100644 --- a/python/private/pypi/whl_extract.bzl +++ b/python/private/pypi/whl_extract.bzl @@ -23,7 +23,7 @@ def whl_extract(rctx, *, whl_path, logger): # Fix permissions on extracted files. Some wheels have files without read permissions set, # which causes errors when trying to read them later. os_name = repo_utils.get_platforms_os_name(rctx) - if "windows" not in os_name: + if os_name != "windows": # On Unix-like systems, recursively add read permissions to all files # and ensure directories are traversable (need execute permission) result = rctx.execute(["chmod", "-R", "u+rX,go+rX", str(install_dir_path)]) From aee9345879f0fbb06a3d7dacf3114e2df9c77640 Mon Sep 17 00:00:00 2001 From: Ted Kaplan Date: Fri, 30 Jan 2026 11:19:32 -0800 Subject: [PATCH 3/7] Update python/private/pypi/whl_extract.bzl Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- python/private/pypi/whl_extract.bzl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/private/pypi/whl_extract.bzl b/python/private/pypi/whl_extract.bzl index 7e113f9da1..d449112ac9 100644 --- a/python/private/pypi/whl_extract.bzl +++ b/python/private/pypi/whl_extract.bzl @@ -26,7 +26,7 @@ def whl_extract(rctx, *, whl_path, logger): if os_name != "windows": # On Unix-like systems, recursively add read permissions to all files # and ensure directories are traversable (need execute permission) - result = rctx.execute(["chmod", "-R", "u+rX,go+rX", str(install_dir_path)]) + result = rctx.execute(["chmod", "-R", "a+rX", str(install_dir_path)]) if result.return_code != 0: logger.warn(lambda: "Failed to fix file permissions: {}".format(result.stderr)) metadata_file = find_whl_metadata( From 98bd68499e8afe0292d650c909a943ac7f5d38de Mon Sep 17 00:00:00 2001 From: Ted Kaplan Date: Fri, 30 Jan 2026 11:35:46 -0800 Subject: [PATCH 4/7] Add integration test --- MODULE.bazel | 1 + python/private/internal_dev_deps.bzl | 8 +++ tests/pypi/whl_permissions/BUILD.bazel | 25 +++++++ tests/pypi/whl_permissions/README.md | 41 +++++++++++ .../bad_perms_pkg-1.0-py3-none-any.whl | Bin 0 -> 1123 bytes .../pypi/whl_permissions/build_test_wheel.py | 64 ++++++++++++++++++ .../whl_permissions/whl_permissions_test.py | 31 +++++++++ 7 files changed, 170 insertions(+) create mode 100644 tests/pypi/whl_permissions/BUILD.bazel create mode 100644 tests/pypi/whl_permissions/README.md create mode 100644 tests/pypi/whl_permissions/bad_perms_pkg-1.0-py3-none-any.whl create mode 100644 tests/pypi/whl_permissions/build_test_wheel.py create mode 100644 tests/pypi/whl_permissions/whl_permissions_test.py diff --git a/MODULE.bazel b/MODULE.bazel index 6486634370..b98623f3a5 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -243,6 +243,7 @@ use_repo( "rules_python_runtime_env_tc_info", "somepkg_with_build_files", "whl_library_extras_direct_dep", + "whl_perms_bad_perms_pkg", "whl_with_build_files", ) diff --git a/python/private/internal_dev_deps.bzl b/python/private/internal_dev_deps.bzl index fbdd5711b1..25b4263aa6 100644 --- a/python/private/internal_dev_deps.bzl +++ b/python/private/internal_dev_deps.bzl @@ -109,6 +109,14 @@ def _internal_dev_deps_impl(mctx): config_load = "@rules_python//tests/pypi/whl_library/testdata:packages.bzl", ) + # Setup for //tests/pypi/whl_permissions + # Test that wheels with bad file permissions can be extracted + whl_library( + name = "whl_perms_bad_perms_pkg", + whl_file = "//tests/pypi/whl_permissions:bad_perms_pkg-1.0-py3-none-any.whl", + requirement = "bad-perms-pkg==1.0", + ) + def _whl_library_from_dir(*, name, output, root, **kwargs): whl_from_dir_repo( name = "{}_whl".format(name), diff --git a/tests/pypi/whl_permissions/BUILD.bazel b/tests/pypi/whl_permissions/BUILD.bazel new file mode 100644 index 0000000000..ac754b93f3 --- /dev/null +++ b/tests/pypi/whl_permissions/BUILD.bazel @@ -0,0 +1,25 @@ +load("//python:defs.bzl", "py_binary") +load("//python:py_test.bzl", "py_test") +load("//tests/support:support.bzl", "SUPPORTS_BZLMOD_UNIXY") + +# Tool to generate test wheels with bad permissions +py_binary( + name = "build_test_wheel", + srcs = ["build_test_wheel.py"], +) + +# Pre-built test wheel with files that have no read permissions. +# This wheel is created by build_test_wheel.py and checked into the repo. +# The files inside have mode 000 (no permissions), which tests that +# whl_extract.bzl correctly fixes permissions after extraction. +exports_files(["bad_perms_pkg-1.0-py3-none-any.whl"]) + +# Test that we can use a wheel with bad file permissions +py_test( + name = "whl_permissions_test", + srcs = ["whl_permissions_test.py"], + target_compatible_with = SUPPORTS_BZLMOD_UNIXY, + deps = [ + "@whl_perms_bad_perms_pkg//:pkg", + ], +) diff --git a/tests/pypi/whl_permissions/README.md b/tests/pypi/whl_permissions/README.md new file mode 100644 index 0000000000..07e49e6703 --- /dev/null +++ b/tests/pypi/whl_permissions/README.md @@ -0,0 +1,41 @@ +# Wheel Permissions Test + +This test verifies that `rules_python` can correctly handle Python wheels that contain files without read permissions. + +## Background + +Some wheels are created with files that have incorrect permissions (e.g., mode `000`). When these wheels are extracted by Bazel's `rctx.extract()`, the file permissions are preserved from the zip file. This causes failures when subsequent operations try to read these files, such as: + +- Reading `__init__.py` files during namespace package detection +- Reading metadata files +- Importing Python modules + +## Test Setup + +### Files + +- **`bad_perms_pkg-1.0-py3-none-any.whl`**: A pre-built test wheel with files that have mode `000` (no permissions) +- **`build_test_wheel.py`**: Script used to generate the test wheel (for reference/regeneration) +- **`whl_permissions_test.py`**: Integration test that verifies the wheel can be extracted and used + +## Regenerating the Test Wheel + +If you need to regenerate the test wheel: + +```bash +bazel run //tests/pypi/whl_permissions:build_test_wheel -- \ + $(pwd)/tests/pypi/whl_permissions/bad_perms_pkg-1.0-py3-none-any.whl +``` + +Verify the permissions are set correctly: +```bash +zipinfo -l tests/pypi/whl_permissions/bad_perms_pkg-1.0-py3-none-any.whl +``` + +You should see entries like: +``` +?rw------- 2.0 unx bad_perms_pkg/__init__.py +?rw------- 2.0 unx bad_perms_pkg-1.0.dist-info/METADATA +``` + +The `?rw-------` indicates mode `000` for those files. diff --git a/tests/pypi/whl_permissions/bad_perms_pkg-1.0-py3-none-any.whl b/tests/pypi/whl_permissions/bad_perms_pkg-1.0-py3-none-any.whl new file mode 100644 index 0000000000000000000000000000000000000000..51d020e401cf834a94c1e40a0ed49fcc1447f873 GIT binary patch literal 1123 zcmaiy&ui2`6vwmuAvnDj#FOLFgF7L6 z6CQ;*sI&<4v(Z)<3Mq6Lw(@ZVL#mbXC22E;B*~g2s8NSEhhhzBCLY|O zrdd=bfXso{J@V-by3@AwKX!iZenOpz4O`E)ThCgNC^Qptm~9>SeQ(d}dk3I-#5HFF zP=&~(OWUn&@`k72Qgp>8t{A!^(*y*Ow`H1gHFjwq&C#5np79aT4?@RAMTa5*YNVnt z(1LiSjx$xIldd=gS>OR43S(ex1lBuo_506d2OXHeZrA&3IXQmi``zOhAenhECGLX+ z#kD!r+yLoinP#sG7L*DSae`k}38c?QF3rc!nam_GF2`0SpYIR8e8&n*G#6CT^IsnJ z_U6vQ<|e8Co8GAX$8vakR}0c6jaZOVm550}r?IrYJb$9m>SUca%&T7afAei)>=CXY zj&t4^+`&xk+Yoz>XOIgUGN)5E(VnMU; MiqA(>{8}=*f4br#y8r+H literal 0 HcmV?d00001 diff --git a/tests/pypi/whl_permissions/build_test_wheel.py b/tests/pypi/whl_permissions/build_test_wheel.py new file mode 100644 index 0000000000..54fd07ecbe --- /dev/null +++ b/tests/pypi/whl_permissions/build_test_wheel.py @@ -0,0 +1,64 @@ +#!/usr/bin/env python3 +"""Build a test wheel with files that have no read permissions. + +This simulates wheels that are created with incorrect file permissions, +which can cause extraction failures when Bazel tries to read the files. +""" + +import sys +import zipfile +from pathlib import Path + + +def create_bad_perms_wheel(output_path: str): + """Create a wheel file with files that have no read permissions.""" + with zipfile.ZipFile(output_path, 'w', zipfile.ZIP_DEFLATED) as whl: + # Add __init__.py with no read permissions (mode 000) + info = zipfile.ZipInfo('bad_perms_pkg/__init__.py') + info.external_attr = 0o000 << 16 # No permissions + whl.writestr(info, 'def test():\n return "hello"\n') + + # Add a module file with no read permissions + module_info = zipfile.ZipInfo('bad_perms_pkg/module.py') + module_info.external_attr = 0o000 << 16 # No permissions + whl.writestr(module_info, 'VALUE = 42\n') + + # Add METADATA with no read permissions + metadata = zipfile.ZipInfo('bad_perms_pkg-1.0.dist-info/METADATA') + metadata.external_attr = 0o000 << 16 # No permissions + whl.writestr(metadata, '''Metadata-Version: 2.1 +Name: bad-perms-pkg +Version: 1.0 +Summary: Test package with bad file permissions +Author: Test +License: Apache-2.0 +''') + + # Add WHEEL with normal permissions (so the wheel can be opened) + wheel_info = zipfile.ZipInfo('bad_perms_pkg-1.0.dist-info/WHEEL') + wheel_info.external_attr = 0o644 << 16 + whl.writestr(wheel_info, '''Wheel-Version: 1.0 +Generator: test +Root-Is-Purelib: true +Tag: py3-none-any +''') + + # Add RECORD with normal permissions + record = zipfile.ZipInfo('bad_perms_pkg-1.0.dist-info/RECORD') + record.external_attr = 0o644 << 16 + whl.writestr(record, '''bad_perms_pkg/__init__.py,, +bad_perms_pkg/module.py,, +bad_perms_pkg-1.0.dist-info/METADATA,, +bad_perms_pkg-1.0.dist-info/WHEEL,, +bad_perms_pkg-1.0.dist-info/RECORD,, +''') + + +if __name__ == '__main__': + if len(sys.argv) != 2: + print(f"Usage: {sys.argv[0]} ", file=sys.stderr) + sys.exit(1) + + output_path = sys.argv[1] + create_bad_perms_wheel(output_path) + print(f"Created wheel with bad permissions: {output_path}") diff --git a/tests/pypi/whl_permissions/whl_permissions_test.py b/tests/pypi/whl_permissions/whl_permissions_test.py new file mode 100644 index 0000000000..2b2cbe5e72 --- /dev/null +++ b/tests/pypi/whl_permissions/whl_permissions_test.py @@ -0,0 +1,31 @@ +"""Test that wheels with incorrect file permissions can be extracted and used. + +Some wheels have files without read permissions set, which causes errors +when Bazel tries to read them during extraction. This test verifies that +the permission-fixing logic in whl_extract.bzl handles these cases correctly. +""" + +import unittest + + +class WhlPermissionsTest(unittest.TestCase): + def test_can_import_from_bad_perms_wheel(self): + """Test that we can import and use code from a wheel with bad permissions.""" + # If the permissions weren't fixed, the whl_library rule would have + # failed when trying to read __init__.py during namespace package detection. + import bad_perms_pkg + + # Verify we can call functions from the module + result = bad_perms_pkg.test() + self.assertEqual(result, "hello") + + def test_can_import_module_from_bad_perms_wheel(self): + """Test that we can import submodules from a wheel with bad permissions.""" + from bad_perms_pkg import module + + # Verify we can access module contents + self.assertEqual(module.VALUE, 42) + + +if __name__ == '__main__': + unittest.main() From a2d52cb42d8dd831186b4f8b7bfdfa1459454ed3 Mon Sep 17 00:00:00 2001 From: Richard Levasseur Date: Sat, 31 Jan 2026 18:17:19 -0800 Subject: [PATCH 5/7] use repo_utils instead of direct rctx.execute --- python/private/pypi/whl_extract.bzl | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/python/private/pypi/whl_extract.bzl b/python/private/pypi/whl_extract.bzl index d449112ac9..506be05481 100644 --- a/python/private/pypi/whl_extract.bzl +++ b/python/private/pypi/whl_extract.bzl @@ -26,8 +26,15 @@ def whl_extract(rctx, *, whl_path, logger): if os_name != "windows": # On Unix-like systems, recursively add read permissions to all files # and ensure directories are traversable (need execute permission) - result = rctx.execute(["chmod", "-R", "a+rX", str(install_dir_path)]) + result = repo_utils.execute_unchecked( + rctx, + op = "Fixing wheel permissions {}".format(whl_path), + arguments = ["chmod", "-R", "a+rX", str(install_dir_path)], + logger = logger, + ) if result.return_code != 0: + # It's possible chmod is not available or the filesystem doesn't support it. + # This is fine, we just want to try to fix permissions if possible. logger.warn(lambda: "Failed to fix file permissions: {}".format(result.stderr)) metadata_file = find_whl_metadata( install_dir = install_dir_path, From dcd0a6619e7d9ae97a50f544301c54d22bcf4f50 Mon Sep 17 00:00:00 2001 From: Richard Levasseur Date: Sun, 1 Feb 2026 11:50:50 -0800 Subject: [PATCH 6/7] remove tests --- python/private/internal_dev_deps.bzl | 8 --- tests/pypi/whl_permissions/BUILD.bazel | 25 ------- tests/pypi/whl_permissions/README.md | 41 ----------- .../bad_perms_pkg-1.0-py3-none-any.whl | Bin 1123 -> 0 bytes .../pypi/whl_permissions/build_test_wheel.py | 64 ------------------ .../whl_permissions/whl_permissions_test.py | 31 --------- 6 files changed, 169 deletions(-) delete mode 100644 tests/pypi/whl_permissions/BUILD.bazel delete mode 100644 tests/pypi/whl_permissions/README.md delete mode 100644 tests/pypi/whl_permissions/bad_perms_pkg-1.0-py3-none-any.whl delete mode 100644 tests/pypi/whl_permissions/build_test_wheel.py delete mode 100644 tests/pypi/whl_permissions/whl_permissions_test.py diff --git a/python/private/internal_dev_deps.bzl b/python/private/internal_dev_deps.bzl index 25b4263aa6..fbdd5711b1 100644 --- a/python/private/internal_dev_deps.bzl +++ b/python/private/internal_dev_deps.bzl @@ -109,14 +109,6 @@ def _internal_dev_deps_impl(mctx): config_load = "@rules_python//tests/pypi/whl_library/testdata:packages.bzl", ) - # Setup for //tests/pypi/whl_permissions - # Test that wheels with bad file permissions can be extracted - whl_library( - name = "whl_perms_bad_perms_pkg", - whl_file = "//tests/pypi/whl_permissions:bad_perms_pkg-1.0-py3-none-any.whl", - requirement = "bad-perms-pkg==1.0", - ) - def _whl_library_from_dir(*, name, output, root, **kwargs): whl_from_dir_repo( name = "{}_whl".format(name), diff --git a/tests/pypi/whl_permissions/BUILD.bazel b/tests/pypi/whl_permissions/BUILD.bazel deleted file mode 100644 index ac754b93f3..0000000000 --- a/tests/pypi/whl_permissions/BUILD.bazel +++ /dev/null @@ -1,25 +0,0 @@ -load("//python:defs.bzl", "py_binary") -load("//python:py_test.bzl", "py_test") -load("//tests/support:support.bzl", "SUPPORTS_BZLMOD_UNIXY") - -# Tool to generate test wheels with bad permissions -py_binary( - name = "build_test_wheel", - srcs = ["build_test_wheel.py"], -) - -# Pre-built test wheel with files that have no read permissions. -# This wheel is created by build_test_wheel.py and checked into the repo. -# The files inside have mode 000 (no permissions), which tests that -# whl_extract.bzl correctly fixes permissions after extraction. -exports_files(["bad_perms_pkg-1.0-py3-none-any.whl"]) - -# Test that we can use a wheel with bad file permissions -py_test( - name = "whl_permissions_test", - srcs = ["whl_permissions_test.py"], - target_compatible_with = SUPPORTS_BZLMOD_UNIXY, - deps = [ - "@whl_perms_bad_perms_pkg//:pkg", - ], -) diff --git a/tests/pypi/whl_permissions/README.md b/tests/pypi/whl_permissions/README.md deleted file mode 100644 index 07e49e6703..0000000000 --- a/tests/pypi/whl_permissions/README.md +++ /dev/null @@ -1,41 +0,0 @@ -# Wheel Permissions Test - -This test verifies that `rules_python` can correctly handle Python wheels that contain files without read permissions. - -## Background - -Some wheels are created with files that have incorrect permissions (e.g., mode `000`). When these wheels are extracted by Bazel's `rctx.extract()`, the file permissions are preserved from the zip file. This causes failures when subsequent operations try to read these files, such as: - -- Reading `__init__.py` files during namespace package detection -- Reading metadata files -- Importing Python modules - -## Test Setup - -### Files - -- **`bad_perms_pkg-1.0-py3-none-any.whl`**: A pre-built test wheel with files that have mode `000` (no permissions) -- **`build_test_wheel.py`**: Script used to generate the test wheel (for reference/regeneration) -- **`whl_permissions_test.py`**: Integration test that verifies the wheel can be extracted and used - -## Regenerating the Test Wheel - -If you need to regenerate the test wheel: - -```bash -bazel run //tests/pypi/whl_permissions:build_test_wheel -- \ - $(pwd)/tests/pypi/whl_permissions/bad_perms_pkg-1.0-py3-none-any.whl -``` - -Verify the permissions are set correctly: -```bash -zipinfo -l tests/pypi/whl_permissions/bad_perms_pkg-1.0-py3-none-any.whl -``` - -You should see entries like: -``` -?rw------- 2.0 unx bad_perms_pkg/__init__.py -?rw------- 2.0 unx bad_perms_pkg-1.0.dist-info/METADATA -``` - -The `?rw-------` indicates mode `000` for those files. diff --git a/tests/pypi/whl_permissions/bad_perms_pkg-1.0-py3-none-any.whl b/tests/pypi/whl_permissions/bad_perms_pkg-1.0-py3-none-any.whl deleted file mode 100644 index 51d020e401cf834a94c1e40a0ed49fcc1447f873..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1123 zcmaiy&ui2`6vwmuAvnDj#FOLFgF7L6 z6CQ;*sI&<4v(Z)<3Mq6Lw(@ZVL#mbXC22E;B*~g2s8NSEhhhzBCLY|O zrdd=bfXso{J@V-by3@AwKX!iZenOpz4O`E)ThCgNC^Qptm~9>SeQ(d}dk3I-#5HFF zP=&~(OWUn&@`k72Qgp>8t{A!^(*y*Ow`H1gHFjwq&C#5np79aT4?@RAMTa5*YNVnt z(1LiSjx$xIldd=gS>OR43S(ex1lBuo_506d2OXHeZrA&3IXQmi``zOhAenhECGLX+ z#kD!r+yLoinP#sG7L*DSae`k}38c?QF3rc!nam_GF2`0SpYIR8e8&n*G#6CT^IsnJ z_U6vQ<|e8Co8GAX$8vakR}0c6jaZOVm550}r?IrYJb$9m>SUca%&T7afAei)>=CXY zj&t4^+`&xk+Yoz>XOIgUGN)5E(VnMU; MiqA(>{8}=*f4br#y8r+H diff --git a/tests/pypi/whl_permissions/build_test_wheel.py b/tests/pypi/whl_permissions/build_test_wheel.py deleted file mode 100644 index 54fd07ecbe..0000000000 --- a/tests/pypi/whl_permissions/build_test_wheel.py +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/bin/env python3 -"""Build a test wheel with files that have no read permissions. - -This simulates wheels that are created with incorrect file permissions, -which can cause extraction failures when Bazel tries to read the files. -""" - -import sys -import zipfile -from pathlib import Path - - -def create_bad_perms_wheel(output_path: str): - """Create a wheel file with files that have no read permissions.""" - with zipfile.ZipFile(output_path, 'w', zipfile.ZIP_DEFLATED) as whl: - # Add __init__.py with no read permissions (mode 000) - info = zipfile.ZipInfo('bad_perms_pkg/__init__.py') - info.external_attr = 0o000 << 16 # No permissions - whl.writestr(info, 'def test():\n return "hello"\n') - - # Add a module file with no read permissions - module_info = zipfile.ZipInfo('bad_perms_pkg/module.py') - module_info.external_attr = 0o000 << 16 # No permissions - whl.writestr(module_info, 'VALUE = 42\n') - - # Add METADATA with no read permissions - metadata = zipfile.ZipInfo('bad_perms_pkg-1.0.dist-info/METADATA') - metadata.external_attr = 0o000 << 16 # No permissions - whl.writestr(metadata, '''Metadata-Version: 2.1 -Name: bad-perms-pkg -Version: 1.0 -Summary: Test package with bad file permissions -Author: Test -License: Apache-2.0 -''') - - # Add WHEEL with normal permissions (so the wheel can be opened) - wheel_info = zipfile.ZipInfo('bad_perms_pkg-1.0.dist-info/WHEEL') - wheel_info.external_attr = 0o644 << 16 - whl.writestr(wheel_info, '''Wheel-Version: 1.0 -Generator: test -Root-Is-Purelib: true -Tag: py3-none-any -''') - - # Add RECORD with normal permissions - record = zipfile.ZipInfo('bad_perms_pkg-1.0.dist-info/RECORD') - record.external_attr = 0o644 << 16 - whl.writestr(record, '''bad_perms_pkg/__init__.py,, -bad_perms_pkg/module.py,, -bad_perms_pkg-1.0.dist-info/METADATA,, -bad_perms_pkg-1.0.dist-info/WHEEL,, -bad_perms_pkg-1.0.dist-info/RECORD,, -''') - - -if __name__ == '__main__': - if len(sys.argv) != 2: - print(f"Usage: {sys.argv[0]} ", file=sys.stderr) - sys.exit(1) - - output_path = sys.argv[1] - create_bad_perms_wheel(output_path) - print(f"Created wheel with bad permissions: {output_path}") diff --git a/tests/pypi/whl_permissions/whl_permissions_test.py b/tests/pypi/whl_permissions/whl_permissions_test.py deleted file mode 100644 index 2b2cbe5e72..0000000000 --- a/tests/pypi/whl_permissions/whl_permissions_test.py +++ /dev/null @@ -1,31 +0,0 @@ -"""Test that wheels with incorrect file permissions can be extracted and used. - -Some wheels have files without read permissions set, which causes errors -when Bazel tries to read them during extraction. This test verifies that -the permission-fixing logic in whl_extract.bzl handles these cases correctly. -""" - -import unittest - - -class WhlPermissionsTest(unittest.TestCase): - def test_can_import_from_bad_perms_wheel(self): - """Test that we can import and use code from a wheel with bad permissions.""" - # If the permissions weren't fixed, the whl_library rule would have - # failed when trying to read __init__.py during namespace package detection. - import bad_perms_pkg - - # Verify we can call functions from the module - result = bad_perms_pkg.test() - self.assertEqual(result, "hello") - - def test_can_import_module_from_bad_perms_wheel(self): - """Test that we can import submodules from a wheel with bad permissions.""" - from bad_perms_pkg import module - - # Verify we can access module contents - self.assertEqual(module.VALUE, 42) - - -if __name__ == '__main__': - unittest.main() From 5e76f916494443a237f4437eb7ecacd51d7a5bef Mon Sep 17 00:00:00 2001 From: Richard Levasseur Date: Sun, 1 Feb 2026 11:52:07 -0800 Subject: [PATCH 7/7] remove defunct repo mention in MODULE.bazel --- MODULE.bazel | 1 - 1 file changed, 1 deletion(-) diff --git a/MODULE.bazel b/MODULE.bazel index b98623f3a5..6486634370 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -243,7 +243,6 @@ use_repo( "rules_python_runtime_env_tc_info", "somepkg_with_build_files", "whl_library_extras_direct_dep", - "whl_perms_bad_perms_pkg", "whl_with_build_files", )