base: allow symlinks outside of the archive

no92 · no92 · commit 4b007b4840c7 · 2026-02-18T13:36:34.000+01:00
The default behavior was changed by python 3.14, so we pass the argument
to revert to the previous one.
diff --git a/xbstrap/base.py b/xbstrap/base.py
@@ -11,6 +11,7 @@
 import shutil
 import stat
 import subprocess
+import sys
 import tarfile
 import tempfile
 import urllib.request
@@ -3191,7 +3192,14 @@ def pull_archive(cfg, subject):
         os.mkdir(subject.prefix_dir)
         with tarfile.open(subject.archive_file, "r:gz") as tar:
             for info in tar:
-                tar.extract(info, subject.prefix_dir)
+                if sys.version_info >= (3, 12):
+                    # Maybe should have a more aggressive filter, but we have
+                    # legitimate "evil-looking" tool tars (specifically, GCC
+                    # tarballs link to the binutils directory, which is outside
+                    # of the root)
+                    tar.extract(info, subject.prefix_dir, filter="fully_trusted")
+                else:
+                    tar.extract(info, subject.prefix_dir)
     else:
         # TODO: Also support packages here.
         raise GenericError("Unexpected subject for pull-archive")
