Source tarballs use very large uids/gids

[legoktm]

Hi,

The source tarball for this package contains very large uids/gids for some reason.

# tar tvf idna-3.2.tar.gz
drwxr-xr-x kim.davies/ICANN\Domain Users 0 2021-05-29 16:50 idna-3.2/
...
# tar --numeric-owner -tvf idna-3.2.tar.gz
drwxr-xr-x 475842308/1205227579 0 2021-05-29 16:50 idna-3.2/
...

Notably, both of those are larger than an unsigned 32-bit integer, meaning trying to unpack and restore those ownership bits (e.g. for reproducibility) fails. In a plain Debian Bullseye container as root, you get errors like the following:

# tar xvf idna-3.2.tar.gz 
idna-3.2/
idna-3.2/HISTORY.rst
tar: idna-3.2/HISTORY.rst: Cannot change ownership to uid 475842308, gid 1205227579: Invalid argument
idna-3.2/LICENSE.md
tar: idna-3.2/LICENSE.md: Cannot change ownership to uid 475842308, gid 1205227579: Invalid argument
...

(The workaround for tar is to use --no-same-owner but that's not always feasible and can introduce its own issues).

Can future tarballs be built on a system or container that uses "normal" uids/gids? Thanks!

[sethmlarson]

Hey @legoktm! Thanks for reporting this. In the near future I'm planning on putting together a deployment pipeline for this package which will remove this issue as the package will be built in an automated fashion rather than manually.

[kjd]

I have my employer to thank for those astronomically high UID/GIDs, but we'll fix it one way or another for the next release which should be in a few weeks to align with the forthcoming Unicode 15 release. If Seth's work isn't baked then I'll make a point to set them to a sensible value.

[kjd]

v3.4 has been published that addresses this issue