'sdist' produces tar.gz containing local path on windows

[Kaiser1989]

Building a project with setuptools and a setup.py with:

python setup.py sdist --dist-dir C://local/path/to/my/dist/folder

creates a tar.gz. When unpacking this tar.gz on Windows, it contains the complete local path to this distribution folder. This can't be correct.

The same problem is also reported in #1185, but was closed, as it couldn't be reproduced.

Do NOT test the tar.gz with "python -m tarfile", as this unpacks the tar.gz at once, and therefore showing the correct content. To reproduce, unpack the tar.gz file with 7zip. The "tar" archive contains the correct content. But the "gz" archive provides the full local path.

If you use a relative path, just this relative path is set into the "gz" archive:
python sdist --dist-dir ./dist/folder

Long term short: Whatever is put as dist-dir, the complete path is saved in the tar.gz file.

Expected:

• We should not provide local data in distributions
• There shouldn't be any pathes, the 'gz' should only contain the 'tar' file

Environment Details

• Windows 10 64bit
• Python 3.8.2
• Setuptools 46.4.0

[jaraco]

Do I understand correctly that there is no undesirable user-facing behavior, that the only problem is the leaking of local paths in the gzip file? I do agree it would be nice not to leak that information.

[jaraco]

I don't see anything in setuptools that enacts the undesirable behavior. Probably the .tar.gz is created in distutils, so it may not be worth trying to tackle this until distutils is incorporated.

[jaraco]

This is a duplicate of #1185.

[jaraco]

Closing in favor of the earlier issue.