dateutil

Package archive misses permissions

Bug #1243202 reported by Bruno on 2013-10-22

This bug affects 2 people

Affects

Status

Importance

Assigned to

Milestone

dateutil

Fix Released

Undecided

Unassigned

You need to log in to change this bug's status.

Affecting:	dateutil
Filed here by:	Bruno
When:	2013-10-22
Confirmed:	2014-12-02
Started work:	2014-12-02
Completed:	2014-12-02

Target

Distribution
Package	(Find…)
Project	(Find…)

Status	Importance
	Undecided

Assigned to

	Nobody
	Me

Comment on this change (optional)

Email me about changes to this bug report

(?)

Bug Description

The distribution available on PyPI have all files permissions set to 600 and directories to 700.

Distributions patch this themselves when packaging python-dateutil:

https://projects.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/python-dateutil#n33

Modern installers normalize permissions (pip does) but easy_install or setup.py install doesn't. Meaning tools relying on easy_install or setup.py (such as FPM) may end up with insufficient permissions to run the code as a non-root user.

Would it be possible to have the correct permissions in the tarball directly? Adding a+r and g+r seems reasonable.

Add tags Tag help

Bruno (brutasse) wrote on 2013-10-22:

This only concerns non-python files:

$ find . ! -perm -a+r
./dateutil/zoneinfo/zoneinfo--latest.tar.gz
./python_dateutil-2.1.egg-info/not-zip-safe
./python_dateutil-2.1.egg-info/PKG-INFO
./python_dateutil-2.1.egg-info/top_level.txt
./python_dateutil-2.1.egg-info/SOURCES.txt
./python_dateutil-2.1.egg-info/dependency_links.txt
./python_dateutil-2.1.egg-info/requires.txt

But some of these are needed at runtime py pkg_resources it seems.

Colm Ragu (colmragu) wrote on 2013-11-23:

Download full text (3.1 KiB)

I had the same problem. I noticed it when deluge failed to start.

$ deluge
Traceback (most recent call last):
  File "/usr/bin/deluge", line 5, in <module>
    from pkg_resources import load_entry_point
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2823, in <module>
    add_activation_listener(lambda dist: dist.activate())
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 710, in subscribe
    callback(dist)
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2823, in <lambda>
    add_activation_listener(lambda dist: dist.activate())
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2255, in activate
    self.insert_on(path)
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2362, in insert_on
    self.check_version_conflict()
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2401, in check_version_conflict
    for modname in self._get_metadata('top_level.txt'):
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2249, in _get_metadata
    for line in self.get_metadata_lines(name):
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 1219, in get_metadata_lines
    return yield_lines(self.get_metadata(name))
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 1211, in get_metadata
    return self._get(self._fn(self.egg_info,name))
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 1326, in _get
    stream = open(path, 'rb')
IOError: [Errno 13] Permission denied: '/usr/local/lib/python2.7/dist-packages/python_dateutil-2.2-py2.7.egg/EGG-INFO/top_level.txt'

Checked permissions:
$la -lrt /usr/local/lib/python2.7/dist-packages/python_dateutil-2.2-py2.7.egg/*
/usr/local/lib/python2.7/dist-packages/python_dateutil-2.2-py2.7.egg/dateutil:
total 276
-rwxr-xr-x 1 root staff 32988 Nov 22 16:28 tz.py
-rwxr-xr-x 1 root staff 41036 Nov 22 16:28 rrule.py
-rwxr-xr-x 1 root staff 17224 Nov 22 16:28 relativedelta.py
-rwxr-xr-x 1 root staff 2578 Nov 22 16:28 easter.py
drwxr-sr-x 2 root staff 4096 Nov 22 16:28 zoneinfo
-rwxr-xr-x 1 root staff 5737 Nov 22 16:28 tzwin.py
-rwxr-xr-x 1 root staff 34280 Nov 22 16:28 parser.py
-rwxr-xr-x 1 root staff 278 Nov 22 16:28 __init__.py
-rw-r--r-- 1 root staff 27948 Nov 22 16:28 tz.pyc
-rw-r--r-- 1 root staff 14965 Nov 22 16:28 relativedelta.pyc
-rw-r--r-- 1 root staff 2445 Nov 22 16:28 easter.pyc
-rw-r--r-- 1 root staff 31098 Nov 22 16:28 rrule.pyc
-rw-r--r-- 1 root staff 482 Nov 22 16:28 __init__.pyc
-rw-r--r-- 1 root staff 7311 Nov 22 16:28 tzwin.pyc
-rw-r--r-- 1 root staff 24885 Nov 22 16:28 parser.pyc

/usr/local/lib/python2.7/dist-packages/python_dateutil-2.2-py2.7.egg/EGG-INFO:
total 24
-rw------- 1 root staff 9 Nov 22 16:28 top_level.txt
-rw------- 1 root staff 563 Nov 22 16:28 SOURCES.txt
-rw------- 1 root staff 3 Nov 22 16:28 requires.txt
-rw------- 1 root staff 970 Nov 22 16:28 PKG-INFO
-rw------- 1 root staff 1 Nov 22 16:28 not-zip-safe
-rw------- 1 root staff 1 Nov 22 16:28 dependency_links.txt

Solved it by changing the permissions. Now deluge is working fine.
sudo chmod a+r /usr/local/lib/python2.7/dist-packages/python_dateutil-2.2-py2.7.egg/EGG-I...

Other bug subscribers

Changed in dateutil:
status:	New → Fix Released