From 63942dd599bbde5549fc71a993ae4247a5a7169f Mon Sep 17 00:00:00 2001 From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Date: Sun, 17 May 2026 15:30:36 +0300 Subject: [PATCH 1/3] Use Python os.chmod directly --- add_to_pydotorg.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/add_to_pydotorg.py b/add_to_pydotorg.py index 9c6e0c49..046d3628 100755 --- a/add_to_pydotorg.py +++ b/add_to_pydotorg.py @@ -366,9 +366,9 @@ def has_sigstore_signature(filename: str) -> bool: ] ) - run_cmd(["chmod", "644", sig_file]) - run_cmd(["chmod", "644", cert_file]) - run_cmd(["chmod", "644", bundle_file]) + os.chmod(sig_file, 0o644) + os.chmod(cert_file, 0o644) + os.chmod(bundle_file, 0o644) else: print("All release files already signed with Sigstore") From 971ce475d75343ba9692a6eab59d6636cb511a28 Mon Sep 17 00:00:00 2001 From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Date: Sun, 17 May 2026 15:39:20 +0300 Subject: [PATCH 2/3] Refactor duplicate code --- run_release.py | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/run_release.py b/run_release.py index 99bd81f4..93b56ba1 100755 --- a/run_release.py +++ b/run_release.py @@ -809,25 +809,23 @@ def execute_command(command: str) -> None: if channel.recv_exit_status() != 0: raise ReleaseException(channel.recv_stderr(1000)) - execute_command(f"mkdir -p {destination}") - execute_command(f"cp {source}/downloads/* {destination}") - execute_command(f"chgrp downloads {destination}") - execute_command(f"chmod 775 {destination}") - execute_command(f"find {destination} -type f -exec chmod 664 {{}} \\;") - - # Docs - - release_tag = db["release"] - if release_tag.is_final or release_tag.is_release_candidate: - source = f"/home/psf-users/{db['ssh_user']}/{db['release']}" - destination = f"/srv/www.python.org/ftp/python/doc/{release_tag}" - + def copy_and_set_permissions(source_glob: str, destination: str) -> None: execute_command(f"mkdir -p {destination}") - execute_command(f"cp {source}/docs/* {destination}") + execute_command(f"cp {source_glob} {destination}") execute_command(f"chgrp downloads {destination}") execute_command(f"chmod 775 {destination}") execute_command(f"find {destination} -type f -exec chmod 664 {{}} \\;") + copy_and_set_permissions(f"{source}/downloads/*", destination) + + # Docs + release_tag = db["release"] + if release_tag.is_final or release_tag.is_release_candidate: + copy_and_set_permissions( + f"{source}/docs/*", + f"/srv/www.python.org/ftp/python/doc/{release_tag}", + ) + def upload_docs_to_the_docs_server(db: ReleaseShelf) -> None: release_tag: release_mod.Tag = db["release"] From cc59923c757e2264a2355d0dfdc6ab13b1efb664 Mon Sep 17 00:00:00 2001 From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Date: Sun, 17 May 2026 16:18:24 +0300 Subject: [PATCH 3/3] Only attempt chgrp/chmod if necessary --- run_release.py | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/run_release.py b/run_release.py index 93b56ba1..0cf8e33b 100755 --- a/run_release.py +++ b/run_release.py @@ -812,9 +812,18 @@ def execute_command(command: str) -> None: def copy_and_set_permissions(source_glob: str, destination: str) -> None: execute_command(f"mkdir -p {destination}") execute_command(f"cp {source_glob} {destination}") - execute_command(f"chgrp downloads {destination}") - execute_command(f"chmod 775 {destination}") - execute_command(f"find {destination} -type f -exec chmod 664 {{}} \\;") + # Skip chgrp/chmod if already correct: another RM may have created + # the directory, and only the owner can change group or permissions. + execute_command( + f"find {destination} -maxdepth 0 ! -group downloads " + f"-exec chgrp downloads {{}} +" + ) + execute_command( + f"find {destination} -maxdepth 0 ! -perm 775 -exec chmod 775 {{}} +" + ) + execute_command( + f"find {destination} -type f ! -perm 664 -exec chmod 664 {{}} +" + ) copy_and_set_permissions(f"{source}/downloads/*", destination)