Important
This PEP is a historical document. The up-to-date, canonical spec,Source distribution archive features, is maintained on thePyPA specs page.
×
See thePyPA specification update process for how to propose changes.
Extracting a source distribution archive should normally use thedatafilter added inPEP 706.We clarify details, and specify the behaviour for tools that cannot use thefilter directly.
Thesource distributionsdist is defined as a tar archive.
Thetar format is designed to capture all metadata of Unix-like files.Some of these are dangerous, unnecessary for source code, and/orplatform-dependent.As explained inPEP 706, when extracting a tarball, one should always eitherlimit the allowed features, or explicitly give the tarball total control.
For source distributions, thedata filter introduced inPEP 706is enough. It allows slightly more features thangit andzip (bothcommonly used in packaging workflows).
However, not all tools can use thedata filter,so this PEP specifies an explicit set of expectations.The aim is that the current behaviour ofpipdownloadandsetuptools.archive_util.unpack_tarfile is valid,except cases deemed too dangerous to allow.Another consideration is ease of implementation for non-Python tools.
Tools are allowed to ignore this PEP when running on Python without tarfilefilters.
The feature has been backported to all versions of Python supported bypython.org. Vendoring it in third-party libraries is tricky,and we should not force all tools to do so.This shifts the responsibility to keep up with security updates from the toolsto the users.
Common tools (git,zip) don’t preserve Unix permissions (mode bits).Telling users to not rely on them insdists, and allowing tools to handlethem relatively freely, seems fair.
The only exception is theexecutable permission.We recommend, but not require, that tools preserve it.Given that scripts are generally platform-specific, it seems fitting tosay that keeping them executable is tool-specific behaviour.
Note that whilegit preserves executability,zip (and thuswheel)doesn’t do it natively. (It is possible to encode it in “external attributes”,but Python’sZipFile.extract does not honour that.)
The following will be added tothe PyPA source distribution format specunder a new heading, “Source distribution archive features”:
Because extracting tar files as-is is dangerous, and the results areplatform-specific, archive features of source distributions are limited.
When extracting a source distribution, tools MUST either usetarfile.data_filter (e.g.TarFile.extractall(...,filter='data')), ORfollow theUnpacking without the data filter section below.
As an exception, on Python interpreters withouthasattr(tarfile,'data_filter')(PEP 706), tools that normally use that filter (directly on indirectly)MAY warn the user and ignore this specification.The trade-off between usability (e.g. fully trusting the archive) andsecurity (e.g. refusing to unpack) is left up to the tool in this case.
Tools that do not use thedata filter directly (e.g. for backwardscompatibility, allowing additional features, or not using Python) MUST followthis section.(At the time of this writing, thedata filter also follows this section,but it may get out of sync in the future.)
The following files are invalid in ansdist archive.Upon encountering such an entry, tools SHOULD notify the user,MUST NOT unpack the entry, and MAY abort with a failure:
The following are also invalid. Tools MAY treat them as above,but are NOT REQUIRED to do so:
.. component in the filename or link target.Tools MAY unpack links (symbolic or hard) as regular files,using content from the archive.
When extractingsdist archives:
tar unpacking.)mode (Unix permission) bit, tools MUST either:rw-r--r-- (0o644) for non-executable files orrwxr-xr-x (0o755) for executable files and directories.mode bits (setuid, setgid, sticky) MUST be cleared.Tool authors are encouraged to consider howhints for furtherverification intarfile documentation apply for their tool.
The existing behaviour is unspecified, and treated differently by differenttools.This PEP makes the expectations explicit.
There is no known case of backwards incompatibility, but some project out thereprobably does rely on details that aren’t guaranteed.This PEP bans the most dangerous of those features, and the rest ismade tool-specific.
The recommendeddata filter is believed safe against common exploits,and is a single place to amend if flaws are found in the future.
The explicit specification includes protections from thedata filter.
The PEP is aimed at authors of packaging tools, who should be fine witha PEP and an updated packaging spec.
TBD
None yet.
None yet.
This document is placed in the public domain or under theCC0-1.0-Universal license, whichever is more permissive.
Source:https://github.com/python/peps/blob/main/peps/pep-0721.rst
Last modified:2025-02-01 08:55:40 GMT