Summary
finders.find_wheel() globs * in the directory and matches using startswith on the filename without filtering by .whl extension. If a non-wheel file (e.g., metadata file, directory, or malformed .whl) matches the prefix, it gets passed to wheels.extract_info_from_wheel_file() which calls parse_wheel_filename() and raises InvalidWheelFilename, crashing the bootstrap.
Where
src/fromager/finders.py:141 — downloads_dir.glob("*") with no extension filtersrc/fromager/bootstrapper.py:1084 — unguarded call to extract_info_from_wheel_file
Impact
Low. The wheels_build and wheels_downloads directories are managed by fromager and should normally only contain valid .whl files. However, leftover files or files from other tools could trigger this.
Possible fixes
- Filter by
.whl extension in find_wheel (fix at the source)
- Wrap
extract_info_from_wheel_file in a try/except InvalidWheelFilename in _look_for_existing_wheel and treat it as a cache miss (defensive fix)
- Both
Found via CodeRabbit review on #1047.
Summary
finders.find_wheel()globs*in the directory and matches usingstartswithon the filename without filtering by.whlextension. If a non-wheel file (e.g., metadata file, directory, or malformed.whl) matches the prefix, it gets passed towheels.extract_info_from_wheel_file()which callsparse_wheel_filename()and raisesInvalidWheelFilename, crashing the bootstrap.Where
src/fromager/finders.py:141—downloads_dir.glob("*")with no extension filtersrc/fromager/bootstrapper.py:1084— unguarded call toextract_info_from_wheel_fileImpact
Low. The
wheels_buildandwheels_downloadsdirectories are managed by fromager and should normally only contain valid.whlfiles. However, leftover files or files from other tools could trigger this.Possible fixes
.whlextension infind_wheel(fix at the source)extract_info_from_wheel_filein atry/except InvalidWheelFilenamein_look_for_existing_wheeland treat it as a cache miss (defensive fix)Found via CodeRabbit review on #1047.