diff mbox series

[libgpiod] bindings: python: specify a tar extract filter

Message ID 20241107205001.574426-1-vfazio@xes-inc.com
State New
Headers show
Series [libgpiod] bindings: python: specify a tar extract filter | expand

Commit Message

Vincent Fazio Nov. 7, 2024, 8:50 p.m. UTC
Starting in Python 3.12, extracting files from tarballs without a filter
specified generates a DeprecationWarning [0].

For Python >= 3.12, specify the `fully_trusted_filter` filter which
replicates the behavior from previous versions.

This filter also makes sense as we should be able to trust the tarball
the maintainers generate after the hash has been verified.

[0]: https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter

Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
---
 bindings/python/setup.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Comments

Bartosz Golaszewski Nov. 12, 2024, 12:44 p.m. UTC | #1
From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>


On Thu, 07 Nov 2024 14:50:01 -0600, Vincent Fazio wrote:
> Starting in Python 3.12, extracting files from tarballs without a filter
> specified generates a DeprecationWarning [0].
> 
> For Python >= 3.12, specify the `fully_trusted_filter` filter which
> replicates the behavior from previous versions.
> 
> This filter also makes sense as we should be able to trust the tarball
> the maintainers generate after the hash has been verified.
> 
> [...]

Applied, thanks!

[1/1] bindings: python: specify a tar extract filter
      commit: b66ebbbcf96f104b5d1d8f66c272f737cd8eed90

Best regards,
diff mbox series

Patch

diff --git a/bindings/python/setup.py b/bindings/python/setup.py
index 1f04b99..7ab783f 100644
--- a/bindings/python/setup.py
+++ b/bindings/python/setup.py
@@ -70,6 +70,7 @@  def fetch_tarball(command):
     def wrapper(self):
         # Just-in-time import of tarfile and urllib.request so these are
         # not required for Yocto to build a vendored or linked package
+        import sys
         import tarfile
         from tempfile import TemporaryDirectory
         from urllib.request import urlretrieve
@@ -122,7 +123,10 @@  def fetch_tarball(command):
             # Unpack the downloaded tarball
             log.info(f"unpacking: {tarball_filename}")
             with tarfile.open(downloaded_tarball) as f:
-                f.extractall(temp_dir)
+                if sys.version_info < (3, 12):
+                    f.extractall(temp_dir)
+                else:
+                    f.extractall(temp_dir, filter=tarfile.fully_trusted_filter)
 
             # Copy the include and lib directories we need to build libgpiod
             base_dir = path.join(temp_dir, f"libgpiod-{LIBGPIOD_VERSION}")