From 2a14edf75c56fc7372a9ab9aa346dd217cab3e3f Mon Sep 17 00:00:00 2001 From: Charlie Marsh Date: Wed, 17 Sep 2025 10:34:49 -0400 Subject: [PATCH] Respect `UV_INSECURE_NO_ZIP_VALIDATION=1` in duplicate header errors (#15912) ## Summary This was just an oversight on these specific returns. Closes https://github.com/astral-sh/uv/issues/15871. --- crates/uv-extract/src/stream.rs | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/crates/uv-extract/src/stream.rs b/crates/uv-extract/src/stream.rs index 2c4a9131c..5ab7e3d3e 100644 --- a/crates/uv-extract/src/stream.rs +++ b/crates/uv-extract/src/stream.rs @@ -206,9 +206,11 @@ pub async fn unzip( // Verify that the existing file contents match the expected contents. if existing_contents != expected_contents { - return Err(Error::DuplicateLocalFileHeader { - path: relpath.clone(), - }); + if !skip_validation { + return Err(Error::DuplicateLocalFileHeader { + path: relpath.clone(), + }); + } } (bytes_read as u64, entry_reader) @@ -455,9 +457,11 @@ pub async fn unzip( } std::collections::hash_map::Entry::Occupied(entry) => { if mode != *entry.get() { - return Err(Error::DuplicateExecutableFileHeader { - path: relpath.clone(), - }); + if !skip_validation { + return Err(Error::DuplicateExecutableFileHeader { + path: relpath.clone(), + }); + } } } }