1.0.1 fixes a false-positive path-traversal check in destinations.py:
the 1.0.0 code used Path.resolve() to validate that each installed file
stays within the --destdir, but Path.resolve() follows symlinks.
OpenWrt's staging dir and toolchain directories contain many symlinks,
so resolved paths could escape the destdir comparison and trigger:
ValueError: Attempting to write <file> outside of the target directory
1.0.1 replaces Path.resolve() with os.path.abspath(), which normalises
the path without following symlinks, eliminating the false positive.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Update package to 1.0.0. This is the first stable release.
Changes since 0.7.0:
- Dropped support for Python 3.7, 3.8, 3.9; added Python 3.13/3.14
- Added --overwrite-existing and --validate-record CLI options
- Support installing multiple wheels in a single invocation
- Security: fixed a path traversal bug
- Do not install __pycache__ directories from wheels
- Switch to stream-based validation instead of in-memory (lower memory)
- Sort entries before writing RECORD; fixed Windows relative path bug
- Complete type annotations with strict mypy enforcement
- API change: SchemeDictionaryDestination.overwrite_existing now defaults
to True (was False); update patch 001 accordingly
Remove patch 001-don-t-raise-error-if-file-exists.patch and
set '--overwrite-existing' in build scripts.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
As we're seeing in various test.sh scrip runs, importing 'email' fails
with not finding 'urllib' and vice-versa.
Then via a7e96ec91 ("python3-email: add python3-urllib as dependency")
I created a circular dependency.
So, might as well merge the two packages into one (named python3-urllib)
and updates all dependencies to pull python3-urllib.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
slide-switch is my software, I choose to continue to be sole maintainer.
(This was also the case in #28429.)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This seems to happen when re-triggering a build.
The destination path is already there, so this exception gets raised.
Another approach is to do 'make package/<python-package>/clean' and
re-trigger the build.
But that becomes annoying.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
From the README:
This is a low-level library for installing a Python package from a wheel
distribution. It provides basic functionality and abstractions for
handling wheels and installing packages from wheels.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Alexandru Ardelean