The python-build-standalone CPython runtime tarballs are currently being unpacked in "fully trusted" mode (the tarfile module's default in Python 3.13 and earlier).
To avoid a Python 3.14 compatibility issue (where the default is changing to data_filter mode), I attempted to enable the tar_filter mode which prevents the potential security issues with fully trusted tarballs, but still allows full use of various tarfile features that are needed when shipping a CPython runtime archive.
This change revealed that the python-build-standalone archives are enabling group write permissions on many of the files in the runtime bundles (https://github.com/indygreg/python-build-standalone/issues/349), so enabling tar_filter means changing the expected hashes of the CPython runtimes (since it clears those group write permission flags).
To avoid introducing a discrepancy between Python 3.12+ and Python 3.11 (which doesn't support tar extraction filters), the change to clear the group and world write permissions on files in published archives also needs to be enforced by venvstacks itself (so even if the runtime files get unpacked into the build folder with 0o664 permissions, they'll still be set to 0o644 in the layer archive)
The
python-build-standalone
CPython runtime tarballs are currently being unpacked in "fully trusted" mode (thetarfile
module's default in Python 3.13 and earlier).To avoid a Python 3.14 compatibility issue (where the default is changing to
data_filter
mode), I attempted to enable thetar_filter
mode which prevents the potential security issues with fully trusted tarballs, but still allows full use of various tarfile features that are needed when shipping a CPython runtime archive.This change revealed that the python-build-standalone archives are enabling group write permissions on many of the files in the runtime bundles (https://github.com/indygreg/python-build-standalone/issues/349), so enabling
tar_filter
means changing the expected hashes of the CPython runtimes (since it clears those group write permission flags).To avoid introducing a discrepancy between Python 3.12+ and Python 3.11 (which doesn't support tar extraction filters), the change to clear the group and world write permissions on files in published archives also needs to be enforced by
venvstacks
itself (so even if the runtime files get unpacked into the build folder with0o664
permissions, they'll still be set to0o644
in the layer archive)