Force rctx.{download_and,}extract to create user-readable files#28531
Closed
fmeum wants to merge 2 commits intobazelbuild:masterfrom
Closed
Force rctx.{download_and,}extract to create user-readable files#28531fmeum wants to merge 2 commits intobazelbuild:masterfrom
rctx.{download_and,}extract to create user-readable files#28531fmeum wants to merge 2 commits intobazelbuild:masterfrom
Conversation
Collaborator
Author
|
@bazel-io fork 9.1.0 |
github-actions
bot
added
team-ExternalDeps
Collaborator
Author
|
@bazel-io fork 8.6.0 |
This was referenced Feb 5, 2026
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request correctly ensures that files extracted from archives are at least user-readable by adding the 0400 permission bit. The changes are consistently applied across ar, tar, and zip decompressors. The accompanying tests are thorough and validate the new behavior for each archive type. I've included one suggestion to refactor the new tests to reduce code duplication and improve maintainability.
There was a problem hiding this comment.
Pull request overview
This PR ensures that files extracted from archives (tar, zip, and ar) are always user-readable, even if the archive contains files with no read permissions. This addresses a real-world issue where some archives contain non-readable files, but other tools work around this and mask the problem.
Changes:
- Modified three decompressor implementations to force user-readable permissions (0400 bit) on extracted files
- Added integration tests for tar.gz, zip, and ar archives with non-readable files
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| src/main/java/com/google/devtools/build/lib/bazel/repository/decompressor/ZipDecompressor.java | Added bitwise OR with 0400 to ensure extracted files have user-read permission |
| src/main/java/com/google/devtools/build/lib/bazel/repository/decompressor/CompressedTarFunction.java | Added bitwise OR with 0400 to ensure extracted tar files have user-read permission |
| src/main/java/com/google/devtools/build/lib/bazel/repository/decompressor/ArFunction.java | Added bitwise OR with 0400 to ensure extracted ar files have user-read permission |
| src/test/shell/bazel/starlark_repository_test.sh | Added three test functions that verify files with 0o000 permissions can be read after extraction |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
meteorcloudy
approved these changes
Feb 5, 2026
fmeum
force-pushed
the
extract-readable
branch
from
86e526d to
6715aa8
Compare
Archives in the wild do sometimes contain non-readable files, but other tools work around this and thus mask their brokenness.
fmeum
force-pushed
the
extract-readable
branch
from
6715aa8 to
5a1b258
Compare
meteorcloudy
approved these changes
Feb 5, 2026
meteorcloudy
added
awaiting-PR-merge
github-actions
bot
removed
the
awaiting-PR-merge
bazel-io
pushed a commit
to bazel-io/bazel
that referenced
this pull request
Feb 5, 2026
…zelbuild#28531) Archives in the wild do sometimes contain non-readable files, but other tools work around this and thus mask their brokenness. Context: https://bazelbuild.slack.com/archives/CDCMRLS23/p1770213515354229 Closes bazelbuild#28531. PiperOrigin-RevId: 865960367 Change-Id: I7273eb983d63d6960d184764cec5040bba77b2c2
iancha1992
pushed a commit
to iancha1992/bazel
that referenced
this pull request
Feb 5, 2026
…zelbuild#28531) Archives in the wild do sometimes contain non-readable files, but other tools work around this and thus mask their brokenness. Context: https://bazelbuild.slack.com/archives/CDCMRLS23/p1770213515354229 Closes bazelbuild#28531. PiperOrigin-RevId: 865960367 Change-Id: I7273eb983d63d6960d184764cec5040bba77b2c2
github-merge-queue bot
pushed a commit
that referenced
this pull request
Feb 6, 2026
…iles (#28531) (#28547) Archives in the wild do sometimes contain non-readable files, but other tools work around this and thus mask their brokenness. Context: https://bazelbuild.slack.com/archives/CDCMRLS23/p1770213515354229 Closes #28531. PiperOrigin-RevId: 865960367 Change-Id: I7273eb983d63d6960d184764cec5040bba77b2c2 Commit 0bb7836 Co-authored-by: Fabian Meumertzheim <fabian@meumertzhe.im>
github-merge-queue bot
pushed a commit
that referenced
this pull request
Feb 10, 2026
…iles (ht… (#28551) …tps://github.com//pull/28531) Archives in the wild do sometimes contain non-readable files, but other tools work around this and thus mask their brokenness. Context: https://bazelbuild.slack.com/archives/CDCMRLS23/p1770213515354229 Closes #28531. PiperOrigin-RevId: 865960367 Change-Id: I7273eb983d63d6960d184764cec5040bba77b2c2 Commit 0bb7836 Co-authored-by: Fabian Meumertzheim <fabian@meumertzhe.im>
Collaborator
Author
|
@bazel-io fork 9.0.1 |
bazel-io
pushed a commit
to bazel-io/bazel
that referenced
this pull request
Feb 12, 2026
…zelbuild#28531) Archives in the wild do sometimes contain non-readable files, but other tools work around this and thus mask their brokenness. Context: https://bazelbuild.slack.com/archives/CDCMRLS23/p1770213515354229 Closes bazelbuild#28531. PiperOrigin-RevId: 865960367 Change-Id: I7273eb983d63d6960d184764cec5040bba77b2c2
github-merge-queue bot
pushed a commit
that referenced
this pull request
Feb 16, 2026
…iles (#28531) (#28649) Archives in the wild do sometimes contain non-readable files, but other tools work around this and thus mask their brokenness. Context: https://bazelbuild.slack.com/archives/CDCMRLS23/p1770213515354229 Closes #28531. PiperOrigin-RevId: 865960367 Change-Id: I7273eb983d63d6960d184764cec5040bba77b2c2 Commit 0bb7836 Co-authored-by: Fabian Meumertzheim <fabian@meumertzhe.im>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Archives in the wild do sometimes contain non-readable files, but other tools work around this and thus mask their brokenness.
Context: https://bazelbuild.slack.com/archives/CDCMRLS23/p1770213515354229
In the wild example: https://pypi.org/project/ag-ui-adk/#ag_ui_adk-0.4.2-py3-none-any.whl