Unsign wheel when repairing

If the input wheel is signed, then remove the signature instead of outputting a wheel with an invalid signature.
adang1345 · Nov 19, 2024 · fd7fd93 · fd7fd93
1 parent 9c6cb0d
commit fd7fd93
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 0 deletions.
diff --git a/delvewheel/_wheel_repair.py b/delvewheel/_wheel_repair.py
@@ -1010,6 +1010,16 @@ def repair(
                 file.write(f'Arguments: {sys.argv}\n')
 
         # update record file, which tracks wheel contents and their checksums
+        try:
+            # remove JSON web signature
+            os.remove(os.path.join(self._extract_dir, dist_info_foldername, 'RECORD.jws'))
+        except FileNotFoundError:
+            pass
+        try:
+            # remove S/MIME signature
+            os.remove(os.path.join(self._extract_dir, dist_info_foldername, 'RECORD.p7s'))
+        except FileNotFoundError:
+            pass
         record_filepath = os.path.join(self._extract_dir, dist_info_foldername, 'RECORD')
         if self._verbose >= 1:
             print(f'updating {os.path.join(dist_info_foldername, "RECORD")}')

diff --git a/tests/run_tests.py b/tests/run_tests.py
@@ -1266,6 +1266,18 @@ def test_custom(self):
         self.assertEqual(8, p.stdout.count('patching '))
         self.assertEqual(1, p.stdout.count(' (count 2)'))
 
+    def test_remove_signature_jws(self):
+        """Remove RECORD.jws signature file"""
+        check_call(['delvewheel', 'repair', '--add-path', 'simpleext/x64', 'simpleext/simpleext-0.0.1-1sign-cp312-cp312-win_amd64.whl'])
+        with zipfile.ZipFile('wheelhouse/simpleext-0.0.1-1sign-cp312-cp312-win_amd64.whl') as whl_file:
+            self.assertRaises(KeyError, whl_file.getinfo, 'simpleext-0.0.1.dist-info/RECORD.jws')
+
+    def test_remove_signature_p7s(self):
+        """Remove RECORD.p7s signature file"""
+        check_call(['delvewheel', 'repair', '--add-path', 'simpleext/x64', 'simpleext/simpleext-0.0.1-2sign-cp312-cp312-win_amd64.whl'])
+        with zipfile.ZipFile('wheelhouse/simpleext-0.0.1-2sign-cp312-cp312-win_amd64.whl') as whl_file:
+            self.assertRaises(KeyError, whl_file.getinfo, 'simpleext-0.0.1.dist-info/RECORD.p7s')
+
 
 class NeededTestCase(TestCase):
     """Tests for delvewheel needed"""

diff --git a/tests/simpleext/simpleext-0.0.1-1sign-cp312-cp312-win_amd64.whl b/tests/simpleext/simpleext-0.0.1-1sign-cp312-cp312-win_amd64.whl
diff --git a/tests/simpleext/simpleext-0.0.1-2sign-cp312-cp312-win_amd64.whl b/tests/simpleext/simpleext-0.0.1-2sign-cp312-cp312-win_amd64.whl