Force rctx.{download_and,}extract to create user-readable files

Archives in the wild do sometimes contain non-readable files, but other tools work around this and thus mask their brokenness.

Author: fmeum

src/main/java/com/google/devtools/build/lib/bazel/repository/decompressor/ArFunction.java

@@ -75,7 +75,9 @@ public Path decompress(DecompressorDescriptor descriptor)
           try (OutputStream out = filePath.getOutputStream()) {
             ByteStreams.copy(arStream, out);
           }
-          filePath.chmod(entry.getMode());
+          // Ensure that all files are at least user-readable. Some archives contain files that
+          // are not, but many other tools are working around this and thus mask these issues.
+          filePath.chmod(entry.getMode() | 0400);
           // entry.getLastModified() appears to be in seconds, so we need to convert
           // it into milliseconds for setLastModifiedTime
           filePath.setLastModifiedTime(entry.getLastModified() * 1000L);

src/main/java/com/google/devtools/build/lib/bazel/repository/decompressor/CompressedTarFunction.java

@@ -164,7 +164,9 @@ public Path decompress(DecompressorDescriptor descriptor)
             try (OutputStream out = filePath.getOutputStream()) {
               ByteStreams.copy(tarStream, out);
             }
-            filePath.chmod(entry.getMode());
+            // Ensure that all files are at least user-readable. Some archives contain files that
+            // are not, but many other tools are working around this and thus mask these issues.
+            filePath.chmod(entry.getMode() | 0400);
 
             // This can only be done on real files, not links, or it will skip the reader to
             // the next "real" file to try to find the mod time info.

src/main/java/com/google/devtools/build/lib/bazel/repository/decompressor/ZipDecompressor.java

@@ -172,7 +172,9 @@ private static void extractZipEntry(
           throw new InterruptedException();
         }
       }
-      outputPath.chmod(permissions);
+      // Ensure that all files are at least user-readable. Some archives contain files that
+      // are not, but many other tools are working around this and thus mask these issues.
+      outputPath.chmod(permissions | 0400);
       outputPath.setLastModifiedTime(entry.getTime());
     }
   }

src/test/shell/bazel/starlark_repository_test.sh

@@ -3646,10 +3646,11 @@ function test_extract_non_readable_file_zip() {
   echo "secret zip content" > non_readable_zip_dir/non_readable.txt
   python3 -c "
 import zipfile
-import os
 with zipfile.ZipFile('non_readable.zip', 'w') as zf:
     info = zipfile.ZipInfo('non_readable_zip_dir/non_readable.txt')
-    info.external_attr = 0o000 << 16  # No permissions
+    # S_IFREG (0o100000) marks it as a regular file, but with no permission bits.
+    # This ensures getPermissions() returns the actual mode rather than defaulting to 0755.
+    info.external_attr = 0o100000 << 16
     zf.writestr(info, 'secret zip content')
 "
   popd