Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix/deprecation extractall #16918

Merged
merged 8 commits into from
Sep 26, 2024

Conversation

memsharded
Copy link
Member

@memsharded memsharded commented Sep 1, 2024

Changelog: Feature: New tools.files.unzip:filter conf that allows to define data, tar and fully_trusted extraction policies for tgz files.
Changelog: Feature: get() and unzip() tools for source() learned a new extract_filter argument to define data, tar and fully_trusted extraction policies for tgz files.
Docs: conan-io/docs#3857

Close #16915

I have been investigating previous issues and the current proposal:

  • The level of risk is wildly different when downloading files from the internet in source() and when unzipping Conan internal tgz files.
  • Let's move the source() to enable the data filter asap, without necessarily breaking now Conan users that didn't update to Python 3.14 yet
  • Just keep the current and existing behavior for Conan internal .tgz files, just avoid the warnings and possible breaking behavior when Python 3.14 arrives.
  • Python 3.14 change of behavior default to "data" could break due to package artifacts losing execution permissions, or packages containing links to external files (not pretty, but I have seen users doing it)
  • For the sources download I am proposing moving with Python, and introduce now the tools.files.unzip:filter which we can activate in ConanCenter to learn the risks before Python 3.14 arrives
  • We can do the same in the future for Conan internal .tgz artifacts, but at the moment the priority is ensure nothing breaks for them.

@memsharded memsharded marked this pull request as ready for review September 15, 2024 00:52
@memsharded memsharded added this to the 2.8.0 milestone Sep 15, 2024
@memsharded
Copy link
Member Author

@czoido it is possible that CI is failing because Python version is 2.12.2 and not 2.12.3?
It works for my locally with 2.12.3

@czoido
Copy link
Contributor

czoido commented Sep 16, 2024

@czoido it is possible that CI is failing because Python version is 2.12.2 and not 2.12.3? It works for my locally with 2.12.3

Yes, it's probably that, I'll install 3.12.3

@czoido
Copy link
Contributor

czoido commented Sep 16, 2024

Looks like it also fails with 3.12.3 installed in the ci

@czoido czoido merged commit f5d6598 into conan-io:develop2 Sep 26, 2024
2 checks passed
@memsharded memsharded deleted the fix/deprecation_extractall branch September 26, 2024 08:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[bug] conan.tools.files.unzip() tries to keep files original owner/group and silently fail
3 participants