From 55df84592223e6d08d96927cdfbfa150f0223e96 Mon Sep 17 00:00:00 2001
From: shikinamiasuka <67509746+yumeminami@users.noreply.github.com>
Date: Mon, 28 Jul 2025 21:56:08 +0800
Subject: [PATCH] Fix incorrect file permissions in wheel packages (#14930)

Fixes #14920

## Summary

Problem: When building wheel packages, metadata files (such as RECORD,
METADATA, WHEEL, and
license files) were being created with incorrect Unix permissions
(--w--wx---), lacking
  read permissions and having unexpected executable permissions.

Solution: The fix ensures that all metadata files in wheel packages are
created with proper
   644 (rw-r--r--) permissions by:
- Adding explicit unix_permissions(0o644) setting in the write_bytes
method for metadata
  files
  - Updating permission constants to use octal notation for clarity
  - Improving code comments to document the permission settings

Impact: This change ensures wheel packages created by uv have standard
file permissions
consistent with other Python build tools like setuptools, improving
compatibility and
  following Python packaging best practices.
---
 crates/uv-build-backend/src/lib.rs   | 2 +-
 crates/uv-build-backend/src/wheel.rs | 9 ++++++---
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/crates/uv-build-backend/src/lib.rs b/crates/uv-build-backend/src/lib.rs
index 5800d04d2..319925b6a 100644
--- a/crates/uv-build-backend/src/lib.rs
+++ b/crates/uv-build-backend/src/lib.rs
@@ -622,7 +622,7 @@ mod tests {
         // Check that the wheel is reproducible across platforms.
         assert_snapshot!(
             format!("{:x}", sha2::Sha256::digest(fs_err::read(&wheel_path).unwrap())),
-            @"ac3f68ac448023bca26de689d80401bff57f764396ae802bf4666234740ffbe3"
+            @"342bf60c8406144f459358cde92408686c1631fe22389d042ce80379e589d6ec"
         );
         assert_snapshot!(build.wheel_contents.join("\n"), @r"
         built_by_uv-0.1.0.data/data/
diff --git a/crates/uv-build-backend/src/wheel.rs b/crates/uv-build-backend/src/wheel.rs
index 6eeb899d0..4800bb435 100644
--- a/crates/uv-build-backend/src/wheel.rs
+++ b/crates/uv-build-backend/src/wheel.rs
@@ -621,8 +621,8 @@ impl ZipDirectoryWriter {
         path: &str,
         executable_bit: bool,
     ) -> Result<Box<dyn Write + 'slf>, Error> {
-        // 644 is the default of the zip crate.
-        let permissions = if executable_bit { 775 } else { 664 };
+        // Set file permissions: 644 (rw-r--r--) for regular files, 755 (rwxr-xr-x) for executables
+        let permissions = if executable_bit { 0o755 } else { 0o644 };
         let options = zip::write::SimpleFileOptions::default()
             .unix_permissions(permissions)
             .compression_method(self.compression);
@@ -634,7 +634,10 @@ impl ZipDirectoryWriter {
 impl DirectoryWriter for ZipDirectoryWriter {
     fn write_bytes(&mut self, path: &str, bytes: &[u8]) -> Result<(), Error> {
         trace!("Adding {}", path);
-        let options = zip::write::SimpleFileOptions::default().compression_method(self.compression);
+        // Set appropriate permissions for metadata files (644 = rw-r--r--)
+        let options = zip::write::SimpleFileOptions::default()
+            .unix_permissions(0o644)
+            .compression_method(self.compression);
         self.writer.start_file(path, options)?;
         self.writer.write_all(bytes)?;