Portage emits this DeprecationWarning during gpkg extraction: /usr/lib/python3.13/site-packages/portage/gpkg.py:675: DeprecationWarning: Python 3.14 will, by default, filter extracted tar archives and reject files or modify their metadata. Use the filter argument to control this behavior. It looks like we should probably use filter="fully_trusted" and it's been backported to python 3.8.17: https://docs.python.org/3.8/library/tarfile.html#tarfile-extraction-filter
It looks like overriding the default extraction_filter is probably convenient: https://docs.python.org/3.8/library/tarfile.html#tarfile.TarFile.extraction_filter
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/portage.git/commit/?id=f620a0769a509966295954c2b0c76e46e8fb4289 commit f620a0769a509966295954c2b0c76e46e8fb4289 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2024-06-02 21:53:04 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2024-06-09 17:53:31 +0000 tar_safe_extract: Use tarfile.fully_trusted_filter This suppresses a DeprecationWarning triggered because the tarfile.data_filter will become the new default in python3.14. The fully_trusted filter should be suitable here because tar_safe_extract already performs security validation on tar members prior to extraction. Bug: https://bugs.gentoo.org/933433 Signed-off-by: Zac Medico <zmedico@gentoo.org> lib/portage/gpkg.py | 9 +++++++++ 1 file changed, 9 insertions(+)
