Add CRC mode to make CRC checks opt-in by default

Author: samypr100

Cargo.lock

@@ -21,6 +21,7 @@ uv-normalize = { workspace = true }
 uv-pep440 = { workspace = true }
 uv-platform-tags = { workspace = true }
 uv-small-str = { workspace = true }
+uv-static = { workspace = true }
 
 memchr = { workspace = true }
 rkyv = { workspace = true, features = ["smallvec-1"] }

crates/uv-distribution-filename/Cargo.toml

@@ -0,0 +1,21 @@
+use std::sync::LazyLock;
+
+use uv_static::EnvVars;
+
+#[derive(Debug)]
+pub enum CRCMode {
+    /// Fail on CRC mismatch.
+    Enforce,
+    /// Warn on CRC mismatch, but continue.
+    Lax,
+    /// Skip CRC checks.
+    None,
+}
+
+/// Lazily initialize CRC mode from `UV_CRC_MODE`.
+pub static CURRENT_CRC_MODE: LazyLock<CRCMode> =
+    LazyLock::new(|| match std::env::var(EnvVars::UV_CRC_MODE).as_deref() {
+        Ok("enforce") => CRCMode::Enforce,
+        Ok("lax") => CRCMode::Lax,
+        _ => CRCMode::None,
+    });

crates/uv-distribution-filename/src/crc.rs

@@ -4,12 +4,14 @@ use uv_normalize::PackageName;
 use uv_pep440::Version;
 
 pub use build_tag::{BuildTag, BuildTagError};
+pub use crc::{CRCMode, CURRENT_CRC_MODE};
 pub use egg::{EggInfoFilename, EggInfoFilenameError};
 pub use extension::{DistExtension, ExtensionError, SourceDistExtension};
 pub use source_dist::{SourceDistFilename, SourceDistFilenameError};
 pub use wheel::{WheelFilename, WheelFilenameError};
 
 mod build_tag;
+mod crc;
 mod egg;
 mod extension;
 mod source_dist;

crates/uv-distribution-filename/src/lib.rs

@@ -7,6 +7,7 @@ use tokio_util::compat::{FuturesAsyncReadCompatExt, TokioAsyncReadCompatExt};
 use tracing::warn;
 
 use uv_distribution_filename::SourceDistExtension;
+use uv_distribution_filename::{CRCMode, CURRENT_CRC_MODE};
 
 use crate::Error;
 
@@ -86,17 +87,26 @@ pub async fn unzip<R: tokio::io::AsyncRead + Unpin>(
             let mut reader = entry.reader_mut().compat();
             tokio::io::copy(&mut reader, &mut writer).await?;
 
-            // Validate the CRC of any file we unpack
-            // (It would be nice if async_zip made it harder to Not do this...)
-            let reader = reader.into_inner();
-            let computed = reader.compute_hash();
-            let expected = reader.entry().crc32();
-            if computed != expected {
-                return Err(Error::BadCrc32 {
-                    path: relpath,
-                    computed,
-                    expected,
-                });
+            if matches!(*CURRENT_CRC_MODE, CRCMode::Enforce | CRCMode::Lax) {
+                // Validate the CRC of any file we unpack
+                // (It would be nice if async_zip made it harder to Not do this...)
+                let reader = reader.into_inner();
+                let computed = reader.compute_hash();
+                let expected = reader.entry().crc32();
+
+                if computed != expected {
+                    if let CRCMode::Enforce = *CURRENT_CRC_MODE {
+                        return Err(Error::BadCrc32 {
+                            path: relpath,
+                            computed,
+                            expected,
+                        });
+                    }
+                    warn!(
+                        "Bad CRC (got {computed:08x}, expected {expected:08x}) for file: {}",
+                        relpath.display()
+                    );
+                }
             }
         }
 

crates/uv-extract/src/stream.rs

@@ -23,6 +23,7 @@ futures = { workspace = true }
 thiserror = { workspace = true }
 tokio = { workspace = true }
 tokio-util = { workspace = true }
+tracing = { workspace = true }
 zip = { workspace = true }
 
 [lints]

crates/uv-metadata/Cargo.toml

@@ -9,10 +9,13 @@ use std::path::Path;
 use thiserror::Error;
 use tokio::io::AsyncReadExt;
 use tokio_util::compat::{FuturesAsyncReadCompatExt, TokioAsyncReadCompatExt};
+use tracing::warn;
+use zip::ZipArchive;
+
 use uv_distribution_filename::WheelFilename;
+use uv_distribution_filename::{CRCMode, CURRENT_CRC_MODE};
 use uv_normalize::{DistInfoName, InvalidNameError};
 use uv_pypi_types::ResolutionMetadata;
-use zip::ZipArchive;
 
 /// The caller is responsible for attaching the path or url we failed to read.
 #[derive(Debug, Error)]
@@ -252,17 +255,23 @@ pub async fn read_metadata_async_stream<R: futures::AsyncRead + Unpin>(
             let mut contents = Vec::new();
             reader.read_to_end(&mut contents).await.unwrap();
 
-            // Validate the CRC of any file we unpack
-            // (It would be nice if async_zip made it harder to Not do this...)
-            let reader = reader.into_inner();
-            let computed = reader.compute_hash();
-            let expected = reader.entry().crc32();
-            if computed != expected {
-                return Err(Error::BadCrc32 {
-                    path,
-                    computed,
-                    expected,
-                });
+            if matches!(*CURRENT_CRC_MODE, CRCMode::Enforce | CRCMode::Lax) {
+                // Validate the CRC of any file we unpack
+                // (It would be nice if async_zip made it harder to Not do this...)
+                let reader = reader.into_inner();
+                let computed = reader.compute_hash();
+                let expected = reader.entry().crc32();
+
+                if computed != expected {
+                    if let CRCMode::Enforce = *CURRENT_CRC_MODE {
+                        return Err(Error::BadCrc32 {
+                            path,
+                            computed,
+                            expected,
+                        });
+                    }
+                    warn!("Bad CRC (got {computed:08x}, expected {expected:08x}) for file: {path}");
+                }
             }
 
             let metadata = ResolutionMetadata::parse_metadata(&contents)

crates/uv-metadata/src/lib.rs

@@ -257,6 +257,11 @@ impl EnvVars {
     /// Specifies the directory for storing managed Python installations.
     pub const UV_PYTHON_INSTALL_DIR: &'static str = "UV_PYTHON_INSTALL_DIR";
 
+    /// Specifies how CRC validation is performed during unzipping a download stream.
+    ///
+    /// Possible values are `enforce`, `lax`, and `none` (default).
+    pub const UV_CRC_MODE: &'static str = "UV_CRC_MODE";
+
     /// Managed Python installations are downloaded from the Astral
     /// [`python-build-standalone`](https://github.com/astral-sh/python-build-standalone) project.
     ///

crates/uv-static/src/env_vars.rs

@@ -8913,27 +8913,61 @@ fn missing_subdirectory_url() -> Result<()> {
 // This wheel was uploaded with a bad crc32 and we weren't detecting that
 // (Could be replaced with a checked-in hand-crafted corrupt wheel?)
 #[test]
-fn bad_crc32() -> Result<()> {
-    let context = TestContext::new("3.11");
-    let requirements_txt = context.temp_dir.child("requirements.txt");
-    requirements_txt.touch()?;
+fn bad_crc32() {
+    let context = TestContext::new("3.11").with_filtered_counts();
 
-    uv_snapshot!(context.pip_install()
+    uv_snapshot!(context.filters(), context.pip_install()
+        .env(EnvVars::UV_CRC_MODE, "enforce")
         .arg("--python-platform").arg("linux")
-        .arg("osqp @ https://files.pythonhosted.org/packages/00/04/5959347582ab970e9b922f27585d34f7c794ed01125dac26fb4e7dd80205/osqp-1.0.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl"), @r"
+        .arg("osqp @ https://files.pythonhosted.org/packages/00/04/5959347582ab970e9b922f27585d34f7c794ed01125dac26fb4e7dd80205/osqp-1.0.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl"), @r###"
     success: false
     exit_code: 1
     ----- stdout -----
 
     ----- stderr -----
-    Resolved 7 packages in [TIME]
+    Resolved [N] packages in [TIME]
       × Failed to download `osqp @ https://files.pythonhosted.org/packages/00/04/5959347582ab970e9b922f27585d34f7c794ed01125dac26fb4e7dd80205/osqp-1.0.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl`
       ├─▶ Failed to extract archive: osqp-1.0.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
       ╰─▶ Bad CRC (got ca5f1131, expected d5c95dfa) for file: osqp/ext_builtin.cpython-311-x86_64-linux-gnu.so
-    "
+    "###
     );
 
-    Ok(())
+    // When using --verbose, we should see
+    // WARN Bad CRC (got ca5f1131, expected d5c95dfa) for file: osqp/ext_builtin.cpython-311-x86_64-linux-gnu.so
+    uv_snapshot!(context.filters(), context.pip_install()
+        .env(EnvVars::UV_CRC_MODE, "lax")
+        .arg("--python-platform").arg("linux")
+        .arg("osqp @ https://files.pythonhosted.org/packages/00/04/5959347582ab970e9b922f27585d34f7c794ed01125dac26fb4e7dd80205/osqp-1.0.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl"), @r###"
+    success: true
+    exit_code: 0
+    ----- stdout -----
+
+    ----- stderr -----
+    Resolved [N] packages in [TIME]
+    Prepared [N] packages in [TIME]
+    Installed [N] packages in [TIME]
+     + jinja2==3.1.3
+     + joblib==1.3.2
+     + markupsafe==2.1.5
+     + numpy==1.26.4
+     + osqp==1.0.2 (from https://files.pythonhosted.org/packages/00/04/5959347582ab970e9b922f27585d34f7c794ed01125dac26fb4e7dd80205/osqp-1.0.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl)
+     + scipy==1.12.0
+     + setuptools==69.2.0
+    "###
+    );
+
+    uv_snapshot!(context.filters(), context.pip_install()
+        .env(EnvVars::UV_CRC_MODE, "none")
+        .arg("--python-platform").arg("linux")
+        .arg("osqp @ https://files.pythonhosted.org/packages/00/04/5959347582ab970e9b922f27585d34f7c794ed01125dac26fb4e7dd80205/osqp-1.0.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl"), @r###"
+    success: true
+    exit_code: 0
+    ----- stdout -----
+
+    ----- stderr -----
+    Audited [N] packages in [TIME]
+    "###
+    );
 }
 
 #[test]

crates/uv/tests/it/pip_install.rs

@@ -51,6 +51,12 @@ local `uv.toml` file to use as the configuration file.
 Equivalent to the `--constraint` command-line argument. If set, uv will use this
 file as the constraints file. Uses space-separated list of files.
 
+### `UV_CRC_MODE`
+
+Specifies how CRC validation is performed during unzipping a download stream.
+
+Possible values are `enforce`, `lax`, and `none` (default).
+
 ### `UV_CUSTOM_COMPILE_COMMAND`
 
 Equivalent to the `--custom-compile-command` command-line argument.