Pub: 7za might not extract newly published packages correctly

Created on 19 May 2021  路  7Comments  路  Source: dart-lang/pub

From https://github.com/flutter/flutter/issues/82803 it looks like webview_flutter-2.0.6.tar.gz cannot be correctly extracted with 7za.exe as used by Dart < 2.14.x on Windows.

It's very likely that webview_flutter-2.0.6.tar.gz was published using Flutter master which likely feature Dart 2.14.x which uses package:tar.

Theory is that archives with long file names created by package:tar are not correctly extracted by 7za.exe on Windows, and thus, cannot be used by stable Dart / Flutter SDKs.

I guess we'll have to investigate this. It could be something weird in the tar format. It's possible that we could workaround this server side, but it might be better to fix the issue and not many packages have been published using Flutter master yet.

cc @simolus3, @stuartmorgan

bug

Most helpful comment

@jonasfj package:tar generates pax headers for file names longer than 99 chars, it looks like 7zip only supports GNU-Style long name entries which are another convention to write long names in archive files.

I can add an option in package:tar to use the other convention when writing files.

All 7 comments

It would be useful to know ASAP what the limit is relative to. I assume it's probably not the basename; is it the path relative to the root of the package? The full on-disk path of the machine it's published from? Something else?

is it the path relative to the root of the package?

Yes, we use this name here.

package:tar writes long names as pax extended headers, I'll take a look at how that fails with 7zip.

@jonasfj package:tar generates pax headers for file names longer than 99 chars, it looks like 7zip only supports GNU-Style long name entries which are another convention to write long names in archive files.

I can add an option in package:tar to use the other convention when writing files.

yeah, I guess we would be happy to use GNU-style long name entries.

Is there a workflow I can easily follow to validate this with webview_flutter without actually publishing, to make absolutely sure it's working for us?

Summary: A few package versions with filenames longer than 99 characters, published using Dart/Flutter master might not extract correctly on Windows with Dart SDK < 2.14.

This should be fixed in Dart SDK as of sdk/+/201260 (just landed).


I was able to reproduce the issue with 7za on Linux:

cd $(mktemp -d)
wget https://storage.googleapis.com/pub-packages/packages/webview_flutter-2.0.6.tar.gz
7za x webview_flutter-2.0.6.tar.gz
7za x webview_flutter-2.0.6.tar
ls android/src/main/java/io/flutter/plugins/webviewflutter/T*

# Prints:
android/src/main/java/io/flutter/plugins/webviewflutter/ThreadedInputConnectionProxyAdapterView.jav

While the issue is fixed with 2.0.7:

cd $(mktemp -d)
wget https://storage.googleapis.com/pub-packages/packages/webview_flutter-2.0.7.tar.gz
7za x webview_flutter-2.0.7.tar.gz
7za x webview_flutter-2.0.7.tar
ls android/src/main/java/io/flutter/plugins/webviewflutter/T*

# Prints:
android/src/main/java/io/flutter/plugins/webviewflutter/ThreadedInputConnectionProxyAdapterView.java

Using package:tar I identified all package versions that:

  • Were published since 2021-05-10 (https://github.com/dart-lang/sdk/commit/53448def7325b79e22f27438c7e57881ccf897a6),
  • Using filenames longer than 99 characters, and,
  • Encoded using TAR PAX headers.

The following package versions are likely broken as a result of this:

  • Package webview_flutter/2.0.6 (2.0.7 is not affected)
  • Package dart_code_metrics/3.2.3 (latest version 3.3.0 is not affected, package author contacted)
  • Package firestore_ref/0.12.0 (latest version is affected, package author contacted)

Following packages are likely affected, but file paths affected all looks to be test/ or example/ files:

  • Package espresso/0.1.0+1
  • Package google_sign_in/5.0.3
  • Package image_picker/0.7.5+1
  • Package image_picker/0.7.5+2
  • Package in_app_purchase/0.6.0+1
  • Package nhost_sdk/1.0.3-dev.0
  • Package nhost_sdk/1.0.3-dev.2
  • Package nhost_sdk/1.0.3-dev.1
  • Package nhost_sdk/1.0.3

Issue is fixed, and I haven't any new packages published with this issue.

Was this page helpful?
0 / 5 - 0 ratings