Respect `UV_INSECURE_NO_ZIP_VALIDATION=1` in duplicate header errors (#15912)

## Summary This was just an oversight on these specific returns. Closes https://github.com/astral-sh/uv/issues/15871.
2025-09-17 10:34:49 -04:00 · 2025-09-17 10:34:49 -04:00 · 2a14edf75c
parent dea1700945
commit 2a14edf75c
1 changed files with 10 additions and 6 deletions
--- a/crates/uv-extract/src/stream.rs
+++ b/crates/uv-extract/src/stream.rs
@ -206,10 +206,12 @@ pub async fn unzip<R: tokio::io::AsyncRead + Unpin>(

                    // Verify that the existing file contents match the expected contents.
                    if existing_contents != expected_contents {
+                        if !skip_validation {
                            return Err(Error::DuplicateLocalFileHeader {
                                path: relpath.clone(),
                            });
                        }
+                    }

                    (bytes_read as u64, entry_reader)
                }
@ -455,12 +457,14 @@ pub async fn unzip<R: tokio::io::AsyncRead + Unpin>(
                        }
                        std::collections::hash_map::Entry::Occupied(entry) => {
                            if mode != *entry.get() {
+                                if !skip_validation {
                                    return Err(Error::DuplicateExecutableFileHeader {
                                        path: relpath.clone(),
                                    });
                                }
                            }
                        }
+                    }

                    // The executable bit is the only permission we preserve, otherwise we use the OS defaults.
                    // https://github.com/pypa/pip/blob/3898741e29b7279e7bffe044ecfbe20f6a438b1e/src/pip/_internal/utils/unpacking.py#L88-L100