gtristan commented on PR #2039: URL: https://github.com/apache/buildstream/pull/2039#issuecomment-3095294554
Looking at https://github.com/python/cpython/pull/135037, it looks like cpython is messing with extracted links, calling `os.path.realpath()` (with a new *"allow missing"* flag)... for some purpose... perhaps for avoiding creating hardlinked files outside of the destination directory... Your commit itself looks sensible, and addresses the mentioned test case where we are testing tarball behavior - however the behavioral change in python is deep and a bit worrying. Now that I'm seeing these `os.path.realpath()` calls popping up in the CPython code around "links", I wonder if this might effect symbolic links ? Surely it would be an absurd python bug if relative symbolic link targets ended up becoming absolute paths when extracted by `TarFile`, but it also looks like we don't have much coverage around symbolic links in tarball extraction in `tests/sources/tar.py`, so I'm not sure we would notice if such an absurd bug occurred. @juergbi I think it is unlikely that python broke symlinks with this, I'll leave it up to you to decide whether you think we need to add more symlink coverage on our side, otherwise lets just go ahead with this merge. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
