-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Some packages source installation break in 1.7 due to tar extraction (LinkOutsideDestinationError) #8645
Comments
that's what poetry is supposed to do, per https://packaging.python.org/en/latest/specifications/source-distribution-format/#unpacking-with-the-data-filter you'll want to raise this with idna - or use their wheel distribution |
@dimbleby, since PEP-721 is only a few months old, can we get some grace time (at least with some configuration option)? If this is acceptable, I can create a PR for this configuration flag. |
I'd be against that but others might feel differently and their vote counts more. The wheel installs fine, so you're not blocked (and I expect that's how almost everyone is installing idna anyway). kjd/idna#129 (comment) suggests that there might be a new idna release in the not-too-distant future: so you're likely just as well off instead submitting a merge request there, to fix their sdist. |
Personally, I am against it. I don't like the idea of backing out of the already implemented way. The more "switches" and "toggles" we add, the more people will abuse this, and packages that don't comply with modern standards won't get fixed (and then break anyway once the grace period ends). |
Also experiencing this with
running in |
Please report it to |
However I suspect the real issue is that python is wrong... python/cpython#107845 Probably something like pypa/build#675 (comment) would be accepted. |
Also experiencing this with |
you are not using the latest poetry and you have not read the conclusion to the thread |
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
poetry.toml:
-vvv
option) and have included the output below.Issue
This seems to stem from a change #8544, while fixing deprecation there's a new added filter to tar extract that wasn't used before: https://github.com/python-poetry/poetry/pull/8544/files#diff-26f39fd2c1c2ff93b4e043ed53d6c9be8dd7c44328e15d0d238a068da199e171R281.
I've also verified its possible to install the same source package with pip on the same virtualenv:
The text was updated successfully, but these errors were encountered: