π fix(seed): verify sha256 of bundled wheels on load#3119
Merged
Conversation
d031380 to
b0d0c9c
Compare
Bundled seed wheels were loaded straight from disk and handed to pip without any integrity check, so a corrupted or tampered wheel sitting next to ``embed/__init__.py`` would have been installed silently into every new environment. Record the sha256 of each wheel alongside ``BUNDLE_SUPPORT`` and verify it the first time a wheel is requested, failing loud on any mismatch. Generate the hash table from ``tasks/upgrade_wheels.py`` so future wheel bumps stay in sync, and add a ``--regen`` mode so the emitted module can be rewritten without re-downloading.
b0d0c9c to
3d84587
Compare
rahuldevikar
approved these changes
Apr 14, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Security hardening. Bundled seed wheels were loaded straight off disk and handed to pip without any integrity check. A corrupted or tampered wheel sitting next to
embed/__init__.pyβ whether from a botched upgrade, a filesystem error, or a supply-chain compromise β would have been silently installed into every new environment. πThe fix records the SHA-256 of every bundled wheel alongside
BUNDLE_SUPPORTin the generatedembed/__init__.py, and verifies each wheel the first time it is requested. Hashes are cached per wheel name so the happy path keeps a single file read per interpreter run, and a mismatch aborts with a clearRuntimeError. When virtualenv runs from a zipapp the bytes are read straight from the archive entry, so the check applies to both on-disk and zipapp layouts.The hash table is produced by
tasks/upgrade_wheels.pyso future wheel bumps stay in sync without manual bookkeeping. A new--regenmode lets the generator rewrite the module from the wheels currently on disk without re-downloading anything, which is how this PR produced the initial table.