Add integration test

Author: thirtyseven

MODULE.bazel

@@ -243,6 +243,7 @@ use_repo(
     "rules_python_runtime_env_tc_info",
     "somepkg_with_build_files",
     "whl_library_extras_direct_dep",
+    "whl_perms_bad_perms_pkg",
     "whl_with_build_files",
 )
 

python/private/internal_dev_deps.bzl

@@ -109,6 +109,14 @@ def _internal_dev_deps_impl(mctx):
         config_load = "@rules_python//tests/pypi/whl_library/testdata:packages.bzl",
     )
 
+    # Setup for //tests/pypi/whl_permissions
+    # Test that wheels with bad file permissions can be extracted
+    whl_library(
+        name = "whl_perms_bad_perms_pkg",
+        whl_file = "//tests/pypi/whl_permissions:bad_perms_pkg-1.0-py3-none-any.whl",
+        requirement = "bad-perms-pkg==1.0",
+    )
+
 def _whl_library_from_dir(*, name, output, root, **kwargs):
     whl_from_dir_repo(
         name = "{}_whl".format(name),

tests/pypi/whl_permissions/BUILD.bazel

@@ -0,0 +1,25 @@
+load("//python:defs.bzl", "py_binary")
+load("//python:py_test.bzl", "py_test")
+load("//tests/support:support.bzl", "SUPPORTS_BZLMOD_UNIXY")
+
+# Tool to generate test wheels with bad permissions
+py_binary(
+    name = "build_test_wheel",
+    srcs = ["build_test_wheel.py"],
+)
+
+# Pre-built test wheel with files that have no read permissions.
+# This wheel is created by build_test_wheel.py and checked into the repo.
+# The files inside have mode 000 (no permissions), which tests that
+# whl_extract.bzl correctly fixes permissions after extraction.
+exports_files(["bad_perms_pkg-1.0-py3-none-any.whl"])
+
+# Test that we can use a wheel with bad file permissions
+py_test(
+    name = "whl_permissions_test",
+    srcs = ["whl_permissions_test.py"],
+    target_compatible_with = SUPPORTS_BZLMOD_UNIXY,
+    deps = [
+        "@whl_perms_bad_perms_pkg//:pkg",
+    ],
+)

tests/pypi/whl_permissions/README.md

@@ -0,0 +1,41 @@
+# Wheel Permissions Test
+
+This test verifies that `rules_python` can correctly handle Python wheels that contain files without read permissions.
+
+## Background
+
+Some wheels are created with files that have incorrect permissions (e.g., mode `000`). When these wheels are extracted by Bazel's `rctx.extract()`, the file permissions are preserved from the zip file. This causes failures when subsequent operations try to read these files, such as:
+
+- Reading `__init__.py` files during namespace package detection
+- Reading metadata files
+- Importing Python modules
+
+## Test Setup
+
+### Files
+
+- **`bad_perms_pkg-1.0-py3-none-any.whl`**: A pre-built test wheel with files that have mode `000` (no permissions)
+- **`build_test_wheel.py`**: Script used to generate the test wheel (for reference/regeneration)
+- **`whl_permissions_test.py`**: Integration test that verifies the wheel can be extracted and used
+
+## Regenerating the Test Wheel
+
+If you need to regenerate the test wheel:
+
+```bash
+bazel run //tests/pypi/whl_permissions:build_test_wheel -- \
+  $(pwd)/tests/pypi/whl_permissions/bad_perms_pkg-1.0-py3-none-any.whl
+```
+
+Verify the permissions are set correctly:
+```bash
+zipinfo -l tests/pypi/whl_permissions/bad_perms_pkg-1.0-py3-none-any.whl
+```
+
+You should see entries like:
+```
+?rw-------  2.0 unx  bad_perms_pkg/__init__.py
+?rw-------  2.0 unx  bad_perms_pkg-1.0.dist-info/METADATA
+```
+
+The `?rw-------` indicates mode `000` for those files.

tests/pypi/whl_permissions/bad_perms_pkg-1.0-py3-none-any.whl

@@ -0,0 +1,64 @@
+#!/usr/bin/env python3
+"""Build a test wheel with files that have no read permissions.
+
+This simulates wheels that are created with incorrect file permissions,
+which can cause extraction failures when Bazel tries to read the files.
+"""
+
+import sys
+import zipfile
+from pathlib import Path
+
+
+def create_bad_perms_wheel(output_path: str):
+    """Create a wheel file with files that have no read permissions."""
+    with zipfile.ZipFile(output_path, 'w', zipfile.ZIP_DEFLATED) as whl:
+        # Add __init__.py with no read permissions (mode 000)
+        info = zipfile.ZipInfo('bad_perms_pkg/__init__.py')
+        info.external_attr = 0o000 << 16  # No permissions
+        whl.writestr(info, 'def test():\n    return "hello"\n')
+
+        # Add a module file with no read permissions
+        module_info = zipfile.ZipInfo('bad_perms_pkg/module.py')
+        module_info.external_attr = 0o000 << 16  # No permissions
+        whl.writestr(module_info, 'VALUE = 42\n')
+
+        # Add METADATA with no read permissions
+        metadata = zipfile.ZipInfo('bad_perms_pkg-1.0.dist-info/METADATA')
+        metadata.external_attr = 0o000 << 16  # No permissions
+        whl.writestr(metadata, '''Metadata-Version: 2.1
+Name: bad-perms-pkg
+Version: 1.0
+Summary: Test package with bad file permissions
+Author: Test
+License: Apache-2.0
+''')
+
+        # Add WHEEL with normal permissions (so the wheel can be opened)
+        wheel_info = zipfile.ZipInfo('bad_perms_pkg-1.0.dist-info/WHEEL')
+        wheel_info.external_attr = 0o644 << 16
+        whl.writestr(wheel_info, '''Wheel-Version: 1.0
+Generator: test
+Root-Is-Purelib: true
+Tag: py3-none-any
+''')
+
+        # Add RECORD with normal permissions
+        record = zipfile.ZipInfo('bad_perms_pkg-1.0.dist-info/RECORD')
+        record.external_attr = 0o644 << 16
+        whl.writestr(record, '''bad_perms_pkg/__init__.py,,
+bad_perms_pkg/module.py,,
+bad_perms_pkg-1.0.dist-info/METADATA,,
+bad_perms_pkg-1.0.dist-info/WHEEL,,
+bad_perms_pkg-1.0.dist-info/RECORD,,
+''')
+
+
+if __name__ == '__main__':
+    if len(sys.argv) != 2:
+        print(f"Usage: {sys.argv[0]} <output_wheel_path>", file=sys.stderr)
+        sys.exit(1)
+
+    output_path = sys.argv[1]
+    create_bad_perms_wheel(output_path)
+    print(f"Created wheel with bad permissions: {output_path}")

tests/pypi/whl_permissions/build_test_wheel.py

@@ -0,0 +1,31 @@
+"""Test that wheels with incorrect file permissions can be extracted and used.
+
+Some wheels have files without read permissions set, which causes errors
+when Bazel tries to read them during extraction. This test verifies that
+the permission-fixing logic in whl_extract.bzl handles these cases correctly.
+"""
+
+import unittest
+
+
+class WhlPermissionsTest(unittest.TestCase):
+    def test_can_import_from_bad_perms_wheel(self):
+        """Test that we can import and use code from a wheel with bad permissions."""
+        # If the permissions weren't fixed, the whl_library rule would have
+        # failed when trying to read __init__.py during namespace package detection.
+        import bad_perms_pkg
+
+        # Verify we can call functions from the module
+        result = bad_perms_pkg.test()
+        self.assertEqual(result, "hello")
+
+    def test_can_import_module_from_bad_perms_wheel(self):
+        """Test that we can import submodules from a wheel with bad permissions."""
+        from bad_perms_pkg import module
+
+        # Verify we can access module contents
+        self.assertEqual(module.VALUE, 42)
+
+
+if __name__ == '__main__':
+    unittest.main()